16 July, 2026

Trademark Infringement and Email Impersonation in valerousa.net Dispute

UDRP Cases

Valero Energy Corporation successfully moved to transfer the domain valerousa.net after evidence proved the Respondent used it to send fraudulent emails impersonating company employees. The WIPO panel ruled in favor of the Complainants, determining the domain was registered and used in bad faith.

Case Snapshot

Case Number D2026-1432
Complainant Valero Energy CorporationValero Marketing and Supply Company
Respondent charles william
Disputed Domain
valerousa.net
Threat Tactic Phishing and Email Fraud
Decision Date 2026-06-15
Panelist Jeffrey D. Steinhardt
OutcomeTransfer
Official Source https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2026-1432

Business Risks of Domain-Based Email Impersonation

The use of the domain valerousa.net in a targeted, fraudulent email scheme demonstrates a significant operational and reputational risk to Valero Energy Corporation. By weaponizing a domain name that incorporates the company’s trademark, the respondent bypassed traditional web-based detection methods, as the domain was utilized strictly for mail-server infrastructure rather than as a public-facing website. The impersonation of actual company employees in these communications creates a heightened risk of social engineering, potentially leading to unauthorized data access, financial loss, or the compromise of internal business processes by leveraging the perceived legitimacy of the sender’s identity.

Furthermore, the reliance on privacy protection services during the initial registration of the domain highlights the difficulty brand owners face in identifying bad actors behind deceptive domains. While the transfer of the domain ultimately mitigates the threat from this specific asset, the incident underscores a broader risk environment where attackers can utilize low-cost domain assets to facilitate sophisticated phishing campaigns. This necessitates that organizations maintain robust email authentication protocols and ongoing legal monitoring to detect similar infringing registrations that could compromise organizational security and stakeholder trust.

Strategic Leverage of Email Misuse in UDRP Proceedings

The Complainant’s strategy centered on documenting the specific nexus between the disputed domain and unauthorized, malicious activity, specifically the use of ‘valerousa.net’ to conduct business email impersonation. By providing concrete evidence that the domain was utilized to spoof the identities of actual Valero Energy employees, the Complainant effectively neutralized the ambiguity often associated with non-resolving domains. This evidence allowed the Panel to look beyond the lack of website content and focus on the affirmative act of email fraud as conclusive proof of registration and use in bad faith, rather than relying solely on the absence of commercial activity.

Furthermore, the Complainant successfully navigated the challenges posed by privacy protection services by leveraging the speed of the registrar verification process to expose the underlying respondent identity. The combination of demonstrating clear trademark rights in the VALERO mark and documenting the malicious misuse of those marks for corporate impersonation created a compelling prima facie case that the Respondent could not rebut. This approach demonstrates that in cases where a domain does not resolve to an active site, the most effective evidentiary tactic is to document the secondary, off-page infrastructure—in this instance, the mail-server configuration—to prove bad faith intent and secure a rapid transfer outcome.

Practical Recommendations

  • Secure evidence of email headers from spoofed communications immediately upon discovery to link the domain to the fraudulent activity, as this is critical for proving bad faith use.
  • Utilize WIPO’s registrar verification process early to identify the underlying registrant identity behind privacy protection services, which is necessary to effectively pursue UDRP actions.
  • Proactively monitor for domain registrations that incorporate brand terms with regional suffixes or variations, as these are high-risk vectors for B2B phishing campaigns.
  • Maintain a clear record of employee names and organizational structures to support claims of ‘impersonation’ when providing evidence of fraudulent intent to a panel.
  • Request expedited UDRP proceedings where possible if the domain is being actively used in an ongoing, documented fraud scheme that presents an immediate reputational or security risk.

Frequently Asked Questions (FAQ)

Why was the domain valerousa.net considered confusingly similar to the Valero trademark?

The panel determined that the disputed domain incorporates the well-known VALERO trademark in its entirety, which is sufficient to establish confusing similarity under UDRP standing requirements, regardless of the additional ‘usa’ suffix.

What evidence proved that the respondent lacked rights or legitimate interests in the domain?

The complainant established a prima facie case that the respondent had no rights or interests in the domain, which the respondent failed to rebut. The lack of any active website and the use of the domain for impersonation supported the panel’s finding.

How did the panel conclude that the domain was registered and used in bad faith?

The panel found bad faith because the respondent actively used the domain to send fraudulent emails that impersonated actual Valero Energy employees, clearly intending to deceive recipients for illegitimate purposes.

What was the tactical outcome of the proceedings regarding the privacy-protected domain?

The UDRP process enabled the complainants to uncover the underlying registrant details despite the use of a privacy service, ultimately resulting in the successful transfer of valerousa.net to Valero Energy Corporation.

Concerned about fake email or invoice fraud?

Your brand is at risk when bad actors register domains to impersonate your employees. See how Valero successfully secured a transfer of an abusive domain used for internal spoofing, and learn how to implement an effective monitoring and recovery strategy.

Request phishing analysis

Contact us
We will find the best solution for your business

    Thank you for your request!
    We will contact you within 5 hours!
    Image
    This site uses cookies to improve your experience. By continuing, you agree to our Privacy Policy.

    Privacy settings

    When you visit websites, they may store or retrieve data in your browser. This storage is often required for basic website functionality. Storage may be used for marketing, analytics and site personalization purposes, such as storing your preferences. Privacy is important to us, so you can disable certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may affect the performance of the website.

    Manage settings


    Necessary

    Always active

    These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually only set in response to actions you take that constitute a request for services, such as adjusting your privacy settings, logging in, or filling out forms. You can set your browser to block these cookies or notify you about them, but some parts of the site will not work. These cookies do not store any personal information.

    Marketing

    These elements are used to show you advertising that is more relevant to you and your interests. They can also be used to limit the number of ad views and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the permission of the site operator.

    Personalization

    These elements allow the website to remember your choices (such as your username, language or region you are in) and provide enhanced, more personalized features. For example, a website may provide you with local weather forecasts or traffic news by storing data about your current location.

    Analytics

    These elements help the website operator understand how their website works, how visitors interact with the site and whether there may be technical problems. This type of storage usually does not collect information that identifies the visitor.