The lawsuit is a result of Facebook’s crackdown on lookalike domains last year.

Proofpoint filed a lawsuit against Facebook this week to regain permission to use certain domain names. Facebook is trying to seize certain domain names, which Proofpoint uses for training purposes, to increase awareness about phishing.

The counterclaim to Facebook stems from the fact that on November 30, 2020, Facebook created a UDRP (Uniform Domain-Name Dispute-Resolution) request to force the domain name registrar Namecheap to transfer control over a number of domain names that imitated the brands Facebook and Instagram. These are domains such as facbook-login.com, facbook-login.net, instagrarn.ai, instagrarn.net and instagrarn.org.

Facebook: domains were registered “in bad faith”

Facebook argues that Proofpoint registered the domain names in bad faith and designed them to be confusingly similar to its brands. Proofpoint, however, argues that the domain names are not confusing.

Consumer confusion is unlikely, says Proofpoint, because they clearly display a disclaimer on each of the websites in question. The statement reads: “Hi! This web site belongs to Proofpoint Security Awareness Training. This domain is used to teach employees how to recognize and avoid phishing attacks.”

In addition, users who click on links from Proofpoint “phishing tests” are always notified that they took an unwanted action. They are also assured that their Facebook account credentials were not compromised.

Proofpoint: domains were registered “for legitimate reasons”

Proofpoint’s lawsuit states that the UDRP should not be applied to these domains. They maintain that they used the domains that mimic Facebook and Instagram “in good faith and for legitimate purposes.”

Information security experts write that phishing awareness tests are critical for the safety of the company’s customers and even for the safety of Facebook itself. This is because they teach users to recognize fake sites (including those imitating Facebook and Instagram). They also help defend against phishing attacks in general, which also indirectly benefits Facebook.