Dan Foam ApS secured the transfer of the domain tempurseally.com, which was being used in a supply chain phishing scheme. The respondent, phillip kyle, utilized a single-letter typo to impersonate the TEMPUR SEALY brand and target retail partners with fraudulent invoice requests. The WIPO panelist ruled the domain was registered and used in bad faith for the purpose of business disruption.
Case Snapshot
| Case Number | D2025-5001 |
|---|---|
| Complainant | Dan Foam ApS |
| Respondent | phillip kyle |
| Disputed Domain | tempurseally.com |
| Threat Tactic | Typo Domains |
| Decision Date | 2026-01-22 |
| Panelist | Mladen Vukmir |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-5001 |
Supply Chain Phishing and the Financial Risk of Targeted Typosquatting
The registration of tempurseally.com represents a targeted form of typosquatting designed to facilitate supply chain phishing rather than mere web traffic diversion. By adding a single letter ‘l’ to the Complainant’s established TEMPUR SEALY trademark, the Respondent created a deceptive platform for B2B impersonation. Evidence provided by a watch service revealed that the domain was utilized to contact retail partners with inquiries regarding open invoices and requests for past-due payments. These communications included instructions to change banking details and redirect funds to fraudulent accounts, demonstrating a sophisticated intent to interdict legitimate financial transactions within the Complainant’s distribution network.
The operational risks inherent in this tactic extend beyond immediate financial loss to the erosion of corporate trust and partner relationships. When bad actors successfully impersonate a brand to its vendors and retailers, the resulting disruption forces third-party partners to implement secondary verification hurdles, slowing down legitimate commerce. In this case, the Respondent’s efforts to manipulate remittance details presented a direct threat to the integrity of Dan Foam ApS’s supply chain. Such impersonation schemes often cause lasting reputational damage, as the burden of the fraud and the subsequent administrative remediation falls on the very retail partners the Complainant relies upon for market reach.
This dispute highlights the necessity of automated brand monitoring in identifying bad faith use before significant damage occurs. The disputed domain was registered on November 11, 2025, and flagged by a watch service as a phishing threat shortly thereafter, despite resolving to an inactive website at the time of the Panel’s decision. The ability to document specific phishing tactics—such as the solicitation of fraudulent invoice payments—allowed the Complainant to establish bad faith registration and use under the UDRP even without a public-facing website. For brand owners, this underscores that the lack of active web content does not mitigate the threat of a domain if it is being leveraged in a behind-the-scenes email fraud campaign.
Panel Reasoning: Typosquatting as a Tool for Supply Chain Disruption
The Panelist determined that tempurseally.com is confusingly similar to the Complainant’s registered TEMPUR SEALY trademark based on a classic typosquatting analysis. By adding a single letter ‘l’ to the word ‘sealy,’ the Respondent created a domain nearly identical to the Complainant’s protected mark. Given that the TEMPUR marks have achieved distinctiveness and are widely recognized source identifiers, the Panel concluded that this minor character addition fails to distinguish the domain from the protected brand. Furthermore, the addition of the generic Top-Level Domain ‘.com’ was disregarded as a distinguishing factor, adhering to established UDRP standards regarding technical suffixes.
Regarding rights or legitimate interests, Dan Foam ApS successfully established that no authorization or license was ever granted to the Respondent. The evidence shows that phillip kyle has no association with the Complainant and was not operating a legitimate business under the disputed name. Because the domain was flagged for involvement in supply chain phishing, the Respondent could not demonstrate any bona fide offering of goods or services. The Panel noted that a respondent would not legitimately choose such a specific, misspelled domain unless they were intentionally seeking to create a false association with the brand owner to facilitate fraud.
The bad faith determination was heavily influenced by the documented intent to disrupt the Complainant’s business through the defrauding of retail partners. Evidence from a watch service highlighted observed tactics including inquiries about open invoices and attempts to redirect funds to fraudulent accounts. The Panelist found that the Respondent registered the domain with actual or constructive knowledge of the TEMPUR marks, as the specific nature of the typosquatting makes it improbable that the name was selected for any reason other than targeting the Complainant’s supply chain. This intent to defraud third parties for financial gain constitutes clear bad faith under the Policy.
For IP professionals, this case illustrates the evidentiary value of identifying specific phishing behaviors during the UDRP process. By detailing the Respondent’s attempts to manipulate remittance details and impersonate corporate identity, the Complainant provided a factual basis for the Panel to find that the registration was designed for business disruption. The decision reinforces that when a domain is utilized for deceptive B2B communications and invoice fraud, Panels will look beyond the technical registration data to the underlying malicious use to establish both a lack of legitimate interests and the presence of bad faith.
Leveraging Automated Monitoring and Evidence of Supply Chain Interference
The Complainant’s strategy centered on the timely identification of the infringing registration via a dedicated watch service, which flagged the domain shortly after its November 11, 2025, registration. By submitting technical evidence that the domain was integrated into a supply chain phishing scheme, the Complainant successfully demonstrated that the registration was not merely a passive trademark infringement but an active tool for corporate impersonation. The inclusion of a single extra letter ‘l’ in the domain tempurseally.com served as a clear example of typosquatting, providing the Panel with evidence of the Respondent’s intent to mislead retail partners and intercept business communications.
Legal persuasiveness was achieved by documenting the specific fraudulent tactics observed, including the solicitation of payments for open invoices and requests to alter banking remittance details. The Panel accepted that such conduct constituted an attempt to disrupt the Complainant’s business and compromise trusted vendor relationships, even though the website appeared inactive during the proceedings. This evidence supported a finding of bad faith by showing that the Respondent sought to exploit the reputation of the famous TEMPUR SEALY marks to deceive third parties. The strategy effectively bridged the gap between a technical registration and a malicious business threat, ensuring a transfer despite the Respondent’s lack of participation.
Practical Recommendations
- Deploy automated domain watch services specifically configured to detect high-risk typosquatting variations, such as the addition or omission of a single character in core brand names.
- Include evidence of ‘observed tactics’ from threat intelligence reports in UDRP complaints to establish bad faith even when a domain resolves to an inactive website or appears as passive holding.
- Establish formal secondary verification protocols with retail and supply chain partners for any requests involving the modification of banking or remittance details to mitigate invoice fraud.
- Proactively register common typographical permutations of primary commercial domains used for B2B communications to pre-empt supply chain impersonation attempts.
- Integrate IP legal teams with cybersecurity monitoring to ensure that flagged phishing domains are immediately transitioned from technical blocking to UDRP recovery actions to prevent future re-registration.
Frequently Asked Questions (FAQ)
Why did the Panel determine that ‘tempurseally.com’ is confusingly similar to the Complainant’s brand?
The Panel found the domain nearly identical to the Complainant’s TEMPUR SEALY trademark, noting that the Respondent merely added an extra letter ‘l’ to the word ‘sealy’. This slight modification is a classic typosquatting tactic that does not sufficiently distinguish the domain from the protected mark.
What evidence established that the Respondent lacked legitimate rights or interests in the domain?
The Complainant provided evidence that they never authorized the Respondent to use the TEMPUR marks. Furthermore, the Respondent was not a licensee, had no association with Dan Foam ApS, and was not operating a legitimate business via the disputed domain, failing to meet any criteria for rights or legitimate interests.
How was bad faith demonstrated given that the domain resolved to an inactive website at the time of the decision?
The Panel inferred bad faith because the domain was identified by a brand watch service as part of an active supply chain phishing scheme. The Respondent’s intent to disrupt Dan Foam ApS’s business by impersonating the company to solicit fraudulent invoice payments and redirect funds provided sufficient proof of bad-faith registration and use.
What was the primary business risk identified in this case?
The primary risk was supply chain impersonation, where the Respondent targeted the Complainant’s retail partners with phishing communications. By attempting to manipulate banking details and request remittance for past-due payments, the threat compromised both the financial integrity of retail transactions and the trust in vendor-partner relationships.
Is a Look-Alike Domain Targeting Your Supply Chain?
Don’t wait for a supply chain attack to escalate. We help brands identify and recover typosquatted domains used in invoice fraud and partner impersonation schemes. Schedule a UDRP assessment to secure your digital perimeter.
This case note is for informational purposes only and is not legal advice.



