Not so punny! Understanding Punycode

  • Facebook has obtained the transfer of ‘’ from a cybersquatter
  • Punycode domains should be assessed using both their browser-translated appearance and the address itself
  • On this basis, the domain name was found to be confusingly similar to Facebook’s marks

Facebook was recently successful in obtaining the transfer of a ‘.com’ domain name, ‘’, from a cybersquatter (Facebook Inc v Registration Private, Domains By Proxy LLC/Wazny (WIPO Case No D2019-2984)).

It is interesting how WIPO arrived at its decision. It involved the analysis of Punycode and of how the domain name presents itself to the general public on devices.


‘Punycode’ is computer coding used to assist computers to recognise the use of special characters - that is, characters in other languages, umlauts and even emojis (eg, München, the German name for Munich, is encoded as ‘Mnchen-3ya’).

What makes this case interesting is that ‘’ as a domain name is displayed in your browser as ‘facẹ’. This looks almost identical to ‘’, as the only difference is that the ‘e’ has a diacritic mark on its bottom, shown more clearly by enlarging the character:


Applying the decision of Württembergische Versicherung AG v Ulu (WIPO Case No D2006-0278), it was affirmed that, in determining whether Punycode domains are similar to existing trademarks (or potentially infringe on IP rights of third parties), Punycode domains should be assessed using both their browser-translated appearance and the address itself.

On this basis, it was evident that the domain name was confusingly similar to Facebook’s trademarks. It was also held that, on the balance of probabilities, the cybersquatter had registered the domain name in bad faith: it was likely that the cybersquatter would have been aware of Facebook’s website and the cybersquatter had no legitimate interest in the name.

Key takeaways

  • You need to be vigilant in protecting your trademark rights;
  • There are relatively low-cost methods of enforcing your rights against cybersquatters (eg, through WIPO’s domain dispute regime) provided that you have a registered trademark;
  • There is a vast number of Punycode characters that are available;
  • The use of Punycode in email addresses can cause a loss of brand value where third parties attempt phishing by impersonating your business (ie, through utilising a similar domain to your genuine one); and
  • If you use an umlaut or other unique character in your brand, you should seek registration of at least two domains: one without the unique character (eg, ‘’), which redirects to the second Punycode domain (eg, ‘’, which appears as ‘lü’) that displays the character (in the example, the umlaut).

Get unlimited access to all WTR content