If the canonicalized URL you posted is correct, it looks like thiefdomain.com is a subdomain of ourdomain.com - in other words, it looks like you are actually hosting this, or are at least allowing them to host it because of the configuration of your DNS records.

You might try pinging your domain, and then the other domain to see if they resolve to the same IP address - in that case it really points to some DNS configuration issues.

If on the other hand you have mistyped the domain (it's really www.thiefdomain.com/irish.ourdomain.com.ph/ (notice the slash as opposed to the dot), I would try to round up the email address of the webmaster/legal department of theifdomain (if they are really that big), and send them a cease and desist letter, with links to your original page and their stolen one and see what type of response you get. Send the message with a read receipt requested, and ask them to reply to you when the content has been removed.

Yes, the url structure is correct - all dots, no slashes.

I've pinged both domains and they both resolve to the same IP address - ours. So it's probably a DNS issue.

I've queried our domain host about this - so far no reply. I've looked through the domain control panel, which lists our (known) sub-domains, allocated email addresses etc., and no sign of any "intruder." However, I'm not very good at this so maybe I don't know where to look.

It does occur to me that if somebody is using an email account address under the thiefdomain, which he is, then he/they know about it and know what they're doing - it's not some accidental DNS glitch. Am I on the right track here?

Thanks so far, I'm learning...

I've just looked at www.irish.ourdomain.com.ph (as per the above url and sub-domain structure) and sure enough, up comes our website again. Does this imply anything?