Kyndryl, Inc. successfully sought the transfer of three domains, including kyndrylfoundation.com, which were registered just 17 days after the company announced its new foundation. The panel found the respondent acted in bad faith by using fake contact data and creating a high risk of email-based impersonation targeting employees and partners.
Case Snapshot
| Case Number | D2026-0535 |
|---|---|
| Complainant | Kyndryl, Inc. |
| Respondent | x x |
| Disputed Domain | kyndrylfoundation.comkyndrylfoundation.netkyndrylfoundation.org |
| Threat Tactic | Brand Plus Keyword |
| Decision Date | 2026-04-02 |
| Panelist | Harrie R. Samaras |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2026-0535 |
Exploitation of Corporate Philanthropy and Email-Based Fraud Risks
The registration of kyndrylfoundation.com, .net, and .org exactly 17 days after the launch of the Kyndryl Foundation indicates a targeted attempt to capture traffic associated with a specific corporate milestone. Because these domains perfectly mirror the name of the Complainant’s charitable arm, they create an immediate risk of implied affiliation. For customers, partners, and donors attempting to engage with Kyndryl’s social responsibility initiatives, these assets act as deceptive entry points. The use of the coined and highly distinctive KYNDRYL trademark ensures that any confusion is not a result of coincidence but a calculated effort to leverage corporate brand equity for commercial gain or third-party diversion.
Technical evidence revealing that the domains were configured with Sender Policy Framework (SPF) records elevates the threat from passive traffic diversion to active phishing and email-based fraud. This infrastructure allows a bad actor to send authenticated emails that appear to originate from an official foundation address. Such communications are particularly dangerous to employees, agencies, and business partners who may be expecting correspondence following a major foundation announcement. By exploiting the inherent trust associated with charitable entities, the respondent created a vector for data theft or fraudulent financial requests that could bypass standard security scrutiny and damage the organization’s professional relationships.
The respondent’s reliance on fraudulent registration data—including the use of ‘X’ in contact fields and fake postal codes—demonstrates a deliberate attempt to evade accountability while targeting a global enterprise with over 90,000 employees. This lack of transparency, combined with the use of a privacy service, forces brand owners to deploy significant legal and support resources to mitigate potential fraud. For customers and stakeholders, the existence of these identical domains undermines the integrity of the official foundation’s digital presence. This necessitates a proactive enforcement strategy to protect the trust required for legitimate corporate social responsibility initiatives to succeed without being overshadowed by deceptive third-party actors.
Legal Reasoning and Panel Findings
The Panel determined that the disputed domain names are confusingly similar to the KYNDRYL mark because they incorporate the distinctive, coined trademark in its entirety. The addition of the descriptive term ‘foundation’ does not mitigate the likelihood of confusion; rather, it exacerbates it by mirroring the specific name of the Complainant’s charitable entity, the Kyndryl Foundation. This straightforward comparison satisfies the standing requirement under the first element of the UDRP, as the trademark remains the most recognizable and dominant element within each of the three domain registrations.
Regarding rights or legitimate interests, the Panel found that the Respondent had no affiliation with Kyndryl, Inc. and was not authorized to use the mark. The domains were configured in a manner that falsely suggested an official connection to the Complainant’s philanthropic activities. Given the highly distinctive nature of the KYNDRYL brand, the Panel concluded there is no conceivable use for these domains that would not misleadingly suggest a sponsorship or endorsement by the Complainant. The Respondent’s failure to respond to the proceedings further supported the conclusion that no legitimate interest existed.
The finding of bad faith was heavily influenced by the opportunistic timing of the registrations. The domains were secured on October 5, 2023, just 17 days after the public announcement of the Kyndryl Foundation. This proximity indicates that the Respondent clearly had the Complainant in mind and intended to capitalize on the new corporate development. Furthermore, the Respondent’s use of ‘X’ in all contact fields and the provision of a fraudulent postal code and phone number demonstrated a deliberate attempt to evade identification, which is a recognized indicator of bad faith registration under UDRP precedents.
Finally, the Panel noted that the domains were configured with Sender Policy Framework (SPF) records, which are technical indicators used to facilitate email transmission. This preparation for email-based activity, combined with the use of a privacy service and a coined mark, created a credible threat of corporate impersonation. Even in the absence of a confirmed phishing attack, the technical setup suggested the domains were intended for deceptive communications targeting employees or partners, reinforcing the finding that the domains were registered and were being used in bad faith.
Strategic Use of Temporal Proximity and Technical Infrastructure Evidence
Kyndryl’s successful strategy rested on demonstrating a direct temporal link between its corporate expansion and the respondent’s activity. The registration of three foundation-specific domains occurred just 17 days after the official launch announcement of the Kyndryl Foundation. This narrow window, combined with the fact that KYNDRYL is a highly distinctive, coined mark derived from the words kin and tendril, made any claim of coincidental registration untenable. By highlighting that the domains were identical to the foundation’s name, the complainant successfully argued that the respondent specifically targeted a new philanthropic initiative to capitalize on the potential confusion of employees and business partners.
The evidentiary weight of the respondent’s technical and administrative choices proved decisive in establishing bad faith. The complainant provided proof that the respondent used fraudulent contact information—entering the letter X into every contact field and providing a fake postal code—while simultaneously employing a privacy service to evade accountability. Furthermore, the evidence showed that the domains were configured with Sender Policy Framework (SPF) records. This technical setup indicated a proactive intent to facilitate email-based activities, such as corporate impersonation or phishing, which posed a direct threat to the complainant’s global workforce of over 90,000 people and its reputation in more than 60 countries.
Practical Recommendations
- Execute defensive domain registrations for core brand plus descriptive keywords (e.g., [Brand]Foundation or [Brand]Charity) prior to publicizing new corporate social responsibility initiatives or subsidiary launches.
- Implement high-frequency domain monitoring immediately following major press releases or foundation announcements to identify bad-faith registrations within the critical 72-hour and 30-day post-launch windows.
- Monitor DNS records, specifically Sender Policy Framework (SPF) and Mail Exchange (MX) records, on suspicious domains to identify and prioritize enforcement against potential phishing and email impersonation infrastructure.
- Document and present fraudulent WHOIS contact data (such as the use of placeholder characters like ‘X’ or mismatched postal codes) in UDRP filings as evidence of the respondent’s lack of rights and bad-faith intent.
- Leverage the ‘coined’ or highly distinctive nature of a trademark in legal arguments to demonstrate that any third-party registration following a specific corporate event is targeted and lacks any plausible good-faith explanation.
Frequently Asked Questions (FAQ)
Why were the domains kyndrylfoundation.com, .net, and .org considered confusingly similar to the Kyndryl brand?
The panel found these domains to be confusingly similar because they incorporate the highly distinctive KYNDRYL trademark in its entirety. By combining the mark with the descriptive term ‘foundation,’ the domains created a false impression of an official affiliation with Kyndryl’s charitable entity.
What evidence established that the Respondent lacked rights or legitimate interests in these domains?
The Respondent provided fraudulent registration data—entering ‘X’ in every contact field and fabricating a postal code and phone number—and failed to respond to Kyndryl’s contentions. The panel concluded that no conceivable legitimate use exists for domains that impersonate a corporate foundation.
How was the Respondent’s bad faith proven during the UDRP proceedings?
Bad faith was demonstrated by the specific timing of the registrations, which occurred just 17 days after the public announcement of the Kyndryl Foundation. Additionally, the use of a privacy service to conceal identity and the configuration of SPF records, which facilitate email-based impersonation, solidified the finding of bad faith.
What are the primary business risks associated with this type of domain impersonation?
These domains posed a significant risk of ‘phishing’ and corporate impersonation. Because the domains matched the official foundation name, they could be used to send fraudulent emails to Kyndryl’s employees, business partners, or clients, potentially leading to financial fraud or the erosion of trust in the company’s charitable initiatives.
Is a brand-plus-keyword domain impersonating your organization?
This case highlights how descriptive terms like ‘foundation’ can be weaponized against your brand shortly after a public announcement. If you’ve identified domains leveraging your brand alongside project or initiative names, our experts can provide a confidential assessment of your eligibility for UDRP transfer proceedings.
This case note is for informational purposes only and is not legal advice.



