SODEXO successfully recovered the domain sorexo.shop following a WIPO UDRP proceeding against a respondent using a privacy service. The Panelist ruled that the typo-domain was registered in bad faith to target a well-known fanciful trademark, despite the site currently being inactive.
Case Snapshot
| Case Number | D2026-1666 |
|---|---|
| Complainant | SODEXO |
| Respondent | Michael London |
| Disputed Domain | sorexo.shop |
| Threat Tactic | Typo Domains |
| Decision Date | 2026-05-24 |
| Panelist | Xu Lin |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2026-1666 |
Exploitation of Fanciful Marks and Phishing Vulnerabilities
The registration of sorexo.shop presents a direct threat to customer trust by exploiting typographical vulnerabilities associated with the SODEXO trademark. The sign SOREXO is almost identical to the Complainant’s well-known mark, differing by only a single character. Because the SODEXO trademark is a purely fanciful term with no descriptive meaning, there is no legitimate reason for a third party to register a variant unless they intended to create an unauthorized association. For a global entity specialized in food services and facilities management, such a typo-domain creates a high probability of user error. Customers or employees seeking official portals may inadvertently navigate to the typo-domain, where they are susceptible to data harvesting or fraudulent messaging if the site were to be activated.
While the domain was in a state of passive holding at the time of the proceeding, the business risk remains acute due to the potential for mail exchange (MX) record activation. The Complainant specifically noted a fear of fraudulent phishing use, citing a background of recent cyberattacks targeting its operations. Even without an active website, a domain like sorexo.shop can be used to generate deceptive emails that appear to originate from a legitimate corporate source. This tactic is particularly dangerous in the facilities management and procurement sectors where SODEXO operates, as a single typo-domain can facilitate sophisticated business email compromise (BEC) schemes. The panel recognized that the passive holding of a highly distinctive and famous mark constitutes bad faith, acknowledging that the threat to the brand owner’s security infrastructure is persistent.
The use of the ‘Withheld for Privacy ehf’ service to mask the Respondent’s identity further indicates a calculated effort to evade enforcement and maintain a platform for potential fraud. By registering the domain through Spaceship, Inc. under a privacy shield, the Respondent created an administrative barrier that complicates immediate brand protection efforts. This lack of transparency, combined with the fanciful nature of the trademark, suggests that the domain was acquired specifically to exploit the reputation of SODEXO. For IP professionals, this case highlights that even in the absence of an active website or a specific ransom demand, the mere existence of a typo-domain targeting a well-known brand creates an unacceptable level of reputational and security risk that justifies immediate recovery via UDRP.
Panel Reasoning: Fanciful Trademarks and the Passive Holding Doctrine
The Panel’s finding on confusing similarity centered on the high degree of visual and phonetic resemblance between the SODEXO trademark and the disputed domain sorexo.shop. The trademark is characterized as a purely fanciful term with no descriptive meaning, which enhances its distinctiveness and the likelihood of consumer confusion. By substituting the letter ‘d’ with ‘r’, the Respondent engaged in classic typosquatting, a tactic that targets users making typographical errors when attempting to reach the official site. The Panel noted that the addition of the generic Top-Level Domain (gTLD) ‘.shop’ does not mitigate this confusion but instead suggests a commercial intent that leverages the Complainant’s established global reputation.
Regarding rights or legitimate interests, the Respondent failed to provide any evidence of a bona fide offering of goods or services. There was no authorization, license, or affiliation granted by SODEXO to use its intellectual property. The Panel observed that the Respondent is not commonly known by the name ‘Sorexo’ and originally used a privacy shield through ‘Withheld for Privacy ehf’ via the registrar Spaceship, Inc. to conceal their identity. In the absence of a substantive response or any demonstrative link to the term, the Panel concluded that the Respondent’s registration was intended solely to capitalize on the trademark’s goodwill rather than to establish an independent brand identity.
The determination of bad faith registration and use relied heavily on the fanciful nature of the SODEXO mark and the doctrine of passive holding. Given that the mark is widely recognized internationally, the Panel found it improbable that the Respondent registered the domain without prior knowledge of the Complainant’s rights. Although the domain did not resolve to an active website at the time of the proceeding, the Panel applied established UDRP precedent stating that the non-use of a domain name does not prevent a finding of bad faith when it targets a highly distinctive and famous mark. This passive holding represents a latent threat, particularly as the Complainant reported recent cyberattacks and expressed specific concerns regarding the potential for phishing and mail exchange record fraud.
Fanciful Trademark Distinctiveness and the Application of Passive Holding
The Complainant’s strategy successfully leveraged the fanciful nature of the SODEXO trademark to negate any possibility of legitimate interest or good faith registration. Because SODEXO is an invented term with no descriptive meaning, the Respondent could not credibly argue that the registration of sorexo.shop—which differs by only a single letter—was a coincidence. By presenting evidence of International and United States trademark registrations dating back to 2008, alongside a business history extending to 1966, the Complainant established that the mark was well-known long before the domain was registered in April 2026. This high level of brand distinctiveness effectively shifted the burden to the Respondent, who failed to provide any evidence of rights or authorization to use a sign almost identical to the Complainant’s established brand.
Furthermore, the Complainant effectively utilized the passive holding doctrine to establish bad faith despite the lack of an active website. The Panel found that the Respondent’s use of a privacy service to conceal their identity, combined with the targeting of a highly distinctive and famous mark, constituted bad faith use under the Policy. The Complainant reinforced this position by highlighting the technical risks of typosquatting, specifically expressing concerns regarding phishing and mail exchange (MX) record fraud. By documenting recent cyberattacks against the company, the Complainant provided the Panel with a specific business context for the threat of impersonation. This multi-layered approach—combining the legal status of fanciful marks with the procedural implications of respondent default and privacy service usage—was decisive in securing the transfer.
Practical Recommendations
- Prioritize UDRP actions against typo-variants of ‘fanciful’ trademarks, as Panels often find it improbable that a respondent coincidentally chose a near-identical sign without a dictionary meaning.
- Do not delay enforcement due to a website’s inactivity; use the ‘passive holding’ doctrine to argue bad faith when the domain targets a highly distinctive mark and the registrant uses a privacy shield.
- Monitor newly registered typo-domains for the activation of Mail Exchange (MX) records to preempt phishing campaigns, especially if the brand has a recent history of cyberattacks.
- Document and cite the use of registrar privacy services (e.g., ‘Withheld for Privacy ehf’) as supplemental evidence of the respondent’s intent to conceal their identity and impede legitimate brand protection efforts.
- Leverage the ‘technical breakdown’ of registrar verification responses during the UDRP process to unmask the true registrant and check for patterns of serial typosquatting across different TLDs.
Frequently Asked Questions (FAQ)
Why was the domain ‘sorexo.shop’ considered confusingly similar to the SODEXO trademark?
The Panelist found that the term ‘sorexo’ is nearly identical to the SODEXO trademark, differing by only one letter. As SODEXO is a fanciful and highly distinctive brand, this minor variation was deemed a classic act of typosquatting intended to mimic the Complainant’s identity.
How did the Complainant prove the Respondent had no rights or legitimate interests in the domain?
The Complainant demonstrated that the Respondent is not affiliated with, sponsored by, or authorized by SODEXO to use their trademarks. Furthermore, the Respondent failed to file a response to the complaint, offering no evidence of a legitimate business purpose or prior use of the term ‘sorexo’.
If the website was inactive, how did the panel establish bad faith?
Under the doctrine of passive holding, the Panel determined that the registration of a domain name that captures a well-known, fanciful mark—combined with the Respondent’s use of a privacy service to hide their identity—constitutes bad faith, particularly given the potential for the domain to be activated for phishing or fraud.
What is the tactical significance of this UDRP victory for SODEXO?
This transfer protects SODEXO from potential brand impersonation and the significant security risks associated with malicious email (MX) record fraud. By securing the domain, the company effectively mitigates the danger of cybercriminals leveraging this typo-domain to conduct phishing campaigns against its stakeholders.
Recovering a Look-Alike Domain
Typo-squatted domains like ‘sorexo.shop’ create immediate risks for brand trust and customer safety. If you have identified domains that mimic your brand, our team can help you assess your UDRP eligibility and defend against these impersonation attempts. Contact us for a strategic review of your portfolio.
This case note is for informational purposes only and is not legal advice.



