5 May, 2026

WIPO Orders Transfer of Typosquatted Domain arcelormittlal.com Mimicking ArcelorMittal

UDRP Cases

ArcelorMittal successfully recovered the typosquatted domain <arcelormittlal.com> through a WIPO UDRP proceeding. Although the domain did not resolve to an active website, its active Mail Exchange (MX) records indicated potential use for deceptive email communications and phishing. The sole panelist ordered the immediate transfer of the domain to the Complainant due to bad faith registration and lack of legitimate interest.

Case Snapshot

Case Number D2025-4653
Complainant Arcelormittal
Respondent Veronica Julius
Disputed Domain
arcelormittlal.com
Threat Tactic Typo Domains
Decision Date 2025-12-29
Panelist Eva Fiammenghi
OutcomeTransfer
Official Source https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-4653

Analyzing the Threat of Passive Typosquatting and Mail Exchange Configuration

The registration of the disputed domain name <arcelormittlal.com> by the Respondent in November 2025 illustrates a classic typosquatting tactic aimed at a globally recognized trademark. By adding a single letter ‘l’ to ArcelorMittal’s established trademark, registered internationally since 2007, the domain exploits common keystroke errors. Although the domain did not resolve to an active website and was passively held, it presented a severe latent commercial and reputational risk. Relying solely on public website monitoring would fail to detect the underlying threat posed by this registration, as there was no public-facing content to alert the trademark owner to the infringement.

The critical vector of risk in this dispute lies in the configuration of active Mail Exchange (MX) records on the disputed domain. By establishing active MX entries, the Respondent prepared the technical infrastructure required to send and receive electronic communications. This configuration strongly points to an intent to conduct corporate impersonation, phishing, or Business Email Compromise (BEC) schemes. Because the minor typographical variation is easily overlooked in an email address, deceptive communications originating from this domain could target ArcelorMittal’s global network of clients, suppliers, or vendors, potentially leading to unauthorized disclosures or fraudulent financial transactions. Although the record does not document actual financial loss or active phishing campaigns, the presence of these active records created an immediate security vulnerability.

From a brand protection standpoint, this case underscores the necessity of proactively monitoring DNS records rather than relying strictly on web-crawling technology. When bad actors combine passive holding with active MX records, they evade traditional trademark enforcement mechanisms that look only for active web content. Brand owners must treat active mail server configurations on typographical variants of their marks as high-risk events requiring rapid-response UDRP filings. The successful transfer ordered by the WIPO panelist demonstrates that UDRP proceedings can be effectively utilized to seize control of deceptive domains before active email fraud campaigns are initiated, thereby preventing reputational damage and financial harm.

Strategy Breakdown: Leveraging Trademark Fame and Technical Evidence

The Complainant’s successful strategy relied on demonstrating the international fame of the ARCELORMITTAL trademark, which has been registered globally since 2007. By establishing this long-standing reputation, the Complainant made the Respondent’s registration of the minor typographical variant <arcelormittlal.com> in November 2025 appear highly opportunistic and targeted. Proving that the addition of a single letter ‘l’ constituted a clear typosquatting attempt allowed the Complainant to easily satisfy the first element of the UDRP, leaving no plausible defense for the Respondent’s unauthorized registration.

Crucially, the Complainant did not wait for an active phishing campaign to materialize before taking action, addressing the threat vector while the domain was still passively held. By presenting technical evidence of active Mail Exchange (MX) records, the Complainant demonstrated that the domain was configured to facilitate email communications. This specific evidence was vital in proving bad faith registration and use under the Policy, as the setup of MX records on a typosquatted corporate domain strongly implies an intent to conduct deceptive corporate impersonation or business email compromise scams.

Practical Recommendations

  • Implement automated domain monitoring that specifically alerts on the configuration of Mail Exchange (MX) records for typosquatted variations of your brand, enabling immediate detection of email impersonation vectors before active phishing campaigns begin.
  • Execute defensive registration strategies for high-risk typographical variations (such as double-letter additions, common keyboard adjacent-key typos, or character omissions) of your primary corporate and transactional domains.
  • Utilize the WIPO UDRP process swiftly when encountering passively held typosquatted domains, and prioritize action against those with active MX records, as panels widely accept MX record configuration on typos as strong evidence of bad faith registration and use.
  • Deploy advanced email security gateways and update internal spam filters to actively flag or block inbound external emails originating from look-alike or typosquatted domains that closely mimic your corporate brand.

Frequently Asked Questions (FAQ)

Why was the domain <arcelormittlal.com> considered confusingly similar to ArcelorMittal’s trademark?

The WIPO panel found that the domain is a typosquatted variant that reproduces the ARCELORMITTAL trademark almost in its entirety, with the addition of only a single extra letter ‘l’, which does not eliminate the risk of consumer confusion.

How did the panel determine bad faith despite the domain lacking an active website?

Bad faith was established because the Respondent registered a domain mirroring a famous mark and, crucially, configured active Mail Exchange (MX) records, which the panel determined was a clear indicator of intent to facilitate fraudulent email communications or phishing.

What evidence confirmed the Respondent had no rights or legitimate interests in the disputed domain?

The panel noted that the Respondent, Veronica Julius, had no affiliation with ArcelorMittal, was never authorized to use the trademark, and provided no evidence of any bona fide offering of goods or services or legitimate noncommercial use.

What is the primary business risk associated with this type of typosquatting?

The primary risk is business email compromise (BEC) and corporate impersonation. Even without a live website, the presence of active MX records allows attackers to intercept or send deceptive emails, posing a significant threat to a company’s brand integrity and communications security.

Recovering Typosquatted Domains

Even without an active website, typosquatted domains with configured MX records pose a critical threat of corporate impersonation and email fraud. Secure your brand assets and neutralize impersonation risks today.

Start domain recovery

Contact us
We will find the best solution for your business

    Thank you for your request!
    We will contact you within 5 hours!
    Image
    This site uses cookies to improve your experience. By continuing, you agree to our Privacy Policy.

    Privacy settings

    When you visit websites, they may store or retrieve data in your browser. This storage is often required for basic website functionality. Storage may be used for marketing, analytics and site personalization purposes, such as storing your preferences. Privacy is important to us, so you can disable certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may affect the performance of the website.

    Manage settings


    Necessary

    Always active

    These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually only set in response to actions you take that constitute a request for services, such as adjusting your privacy settings, logging in, or filling out forms. You can set your browser to block these cookies or notify you about them, but some parts of the site will not work. These cookies do not store any personal information.

    Marketing

    These elements are used to show you advertising that is more relevant to you and your interests. They can also be used to limit the number of ad views and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the permission of the site operator.

    Personalization

    These elements allow the website to remember your choices (such as your username, language or region you are in) and provide enhanced, more personalized features. For example, a website may provide you with local weather forecasts or traffic news by storing data about your current location.

    Analytics

    These elements help the website operator understand how their website works, how visitors interact with the site and whether there may be technical problems. This type of storage usually does not collect information that identifies the visitor.