Six Continents Hotels (IHG) successfully secured the transfer of ihgproperty.com after proving it was used for phishing. Although the domain hosted no website, the respondent configured mail servers to impersonate IHG and contact its affiliates.
Case Snapshot
| Case Number | D2026-0590 |
|---|---|
| Complainant | Six Continents Hotels, Inc.Six Continents Limited |
| Respondent | Kaden Young |
| Disputed Domain | ihgproperty.com |
| Threat Tactic | Phishing and Email Fraud |
| Decision Date | 2026-03-20 |
| Panelist | William Lobelson |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2026-0590 |
Infrastructure-Level Fraud and the Erosion of B2B Affiliate Trust
The registration of ihgproperty.com illustrates a sophisticated threat where the absence of a public-facing website does not equate to a lack of commercial harm. By configuring Mail Exchange (MX) servers shortly after the domain’s registration on January 1, 2026, the respondent established a functional infrastructure for deception. This tactic effectively bypasses standard brand monitoring tools that rely primarily on web-crawling for visual trademark infringement. For IHG, which manages approximately 6,800 hotels globally, this infrastructure-level manipulation allowed the respondent to operate in the shadows of the email ecosystem while avoiding the scrutiny associated with a live, indexed web presence.
The deployment of phishing emails targeting IHG affiliates introduces acute risks to B2B trust and supply chain integrity. By utilizing a domain that incorporates the IHG trademark with the industry-relevant suffix ‘property,’ the respondent created a facade of corporate authority to facilitate impersonation. This activity aims to exploit existing business relationships, potentially leading to the compromise of sensitive corporate data or unauthorized financial transactions. For a global entity with a vast network of managed properties and third-party partners, such targeted fraud threatens the security of the broader hotel management ecosystem and can lead to operational disruptions that exceed the impact of traditional consumer-facing traffic diversion.
Incorporating descriptive industry terms like ‘property’ alongside a core trademark serves to validate fraudulent communications in the eyes of professional stakeholders. Because the complainant’s business model revolves around property management and hotel operations, the domain ihgproperty.com carries a high degree of inherent credibility. This deceptive alignment suggests that the sender is an internal corporate department, making it difficult for affiliates to distinguish between legitimate corporate directives and malicious phishing attempts. The abuse of IHG’s trademark rights, established through registrations dating back to 2006, underscores the necessity for brand owners to proactively monitor for industry-specific keyword combinations that are weaponized for corporate identity theft.
Legal Analysis: Infrastructure-Level Bad Faith and the ‘Property’ Suffix
The panel concluded that ihgproperty.com is confusingly similar to the IHG trademark, as it incorporates the protected mark in its entirety. The addition of the descriptive suffix ‘property’ fails to distinguish the domain from the complainant’s registered marks. In the hospitality sector, where Six Continents Hotels manages approximately 6,800 hotels, the term ‘property’ is closely associated with the complainant’s core business, thereby increasing the likelihood of confusion. IHG’s rights were substantiated by trademark registrations dating back to 2006, including International Registration No. 915655 and U.S. Registration No. 3544074, which long predate the January 1, 2026, registration of the disputed domain.
In assessing rights or legitimate interests, the panel found that the respondent had no authorization to use the IHG mark and was not commonly known by the disputed domain name. The complainant established a prima facie case that remained unrebutted by the respondent. The panel noted that the use of a domain for phishing and the impersonation of corporate affiliates is fundamentally inconsistent with a bona fide offering of goods or services. Consequently, the respondent’s use of the domain to deceive IHG’s business partners precluded any claim to a legitimate interest under paragraph 4(a)(ii) of the Policy.
The bad faith determination was driven by evidence of active mail server configuration rather than website content. Although ihgproperty.com did not resolve to an active webpage, the respondent configured Mail Exchange (MX) servers to send fraudulent emails. These communications targeted IHG affiliates by impersonating the complainant’s corporate identity for phishing purposes. The panel found that registering a domain specifically to facilitate business email fraud constitutes both registration and use in bad faith. This tactic demonstrates a clear intent to disrupt the complainant’s business and exploit the goodwill of the IHG mark by creating a likelihood of confusion among professional affiliates.
Strategic Identification of Infrastructure Abuse and Targeted Fraud
The complainant’s success hinged on its ability to look beyond surface-level web traffic and identify infrastructure-level threats. While the domain ihgproperty.com did not resolve to an active website, Six Continents Hotels provided decisive evidence that the respondent had configured Mail Exchange (MX) servers to facilitate phishing. This proactive identification of email server setup allowed the complainant to demonstrate that the domain was being actively used as a tool for fraud rather than merely sitting in passive holding. For IP professionals and brand owners, this highlights the necessity of monitoring DNS records and MX configurations alongside traditional website scrapers to detect impersonation campaigns that target internal stakeholders or business affiliates rather than general consumers.
Legally, the case was strengthened by connecting the brand-plus-keyword domain structure to the respondent’s specific pattern of targeting IHG affiliates. By incorporating the ‘property’ suffix alongside the IHG trademark, the respondent created a deceptive identity that appeared legitimate within the hospitality sector’s corporate context. The complainant effectively argued that such a targeted configuration served no purpose other than to exploit the brand’s established B2B trust and market expansion activities. The panel’s finding of bad faith confirms that evidence of active phishing—even in the absence of a public-facing landing page—is sufficient to overcome a respondent’s lack of rights, especially when the intent is to disrupt corporate communications and compromise supply chain security.
Practical Recommendations
- Expand domain monitoring beyond website resolution to include the detection of Mail Exchange (MX) record activation, as phishing infrastructure often lacks a public-facing web presence.
- Capture and preserve full email headers from phishing attempts reported by affiliates; this evidence is essential for proving bad faith use in UDRP cases where the domain appears ‘passive’ on the web.
- Issue security advisories to business partners and affiliates regarding ‘Brand + Keyword’ domain structures (e.g., [Brand]property.com) which are specifically designed to impersonate corporate departments.
- Prioritize UDRP filings against non-resolving domains that have active MX records, as this configuration provides a strong legal basis for establishing bad faith intent under Policy paragraph 4(a)(iii).
- Evaluate defensive registration gaps for high-risk industry suffixes used in B2B expansion, such as ‘property’, ‘management’, or ‘partners’, to prevent supply chain impersonation.
Frequently Asked Questions (FAQ)
Why was the domain ‘ihgproperty.com’ considered confusingly similar to IHG’s trademarks?
The WIPO panel found the domain name confusingly similar because it incorporates the protected ‘IHG’ trademark in its entirety, merely appending the descriptive term ‘property’, which creates a strong risk of consumer confusion regarding affiliation with the hotel group.
How did IHG prove the respondent lacked legitimate interests in the domain?
The complainant demonstrated that the respondent is not commonly known by the name ‘ihgproperty’ and holds no trademark rights or authorization to use the IHG mark, rendering the respondent’s registration purely unauthorized.
What evidence established the respondent’s bad faith given the domain did not host a website?
Although the domain did not resolve to a website, the respondent configured Mail Exchange (MX) servers specifically to facilitate phishing emails, which were used to impersonate IHG and target its business affiliates, satisfying the requirement for bad faith use under the UDRP.
What is the strategic takeaway from this case regarding infrastructure-level threats?
This case highlights that bad actors are shifting away from traditional website-based fraud toward infrastructure-level manipulation; even without a visible webpage, MX record configuration serves as a direct threat to B2B security and corporate identity, necessitating broader monitoring beyond just web content.
Concerned about fake email or invoice fraud?
Don’t wait for a domain-based impersonation attack to affect your business partners. Learn how to proactively detect and neutralize malicious MX configurations before they reach your affiliates.
This case note is for informational purposes only and is not legal advice.



