domain monitoring

Best practices for domain protection

Domain fraud is on the rise and brands need to protect themselves against it. Discover the best practices of domain registrars against domain fraud and find out what your brand can do to protect itself from copyright infringers and other fraudsters that harm your brand.

The Expert group “Cooperation with intermediaries” set up by the European Union Intellectual Property Office (EUIPO) released its first discussion paper about domain names.

The paper, titled Challenges and good practices from registrars and registries to prevent the misuse of domain names for IP infringement activities aims to provide information about domain names, their usage, and the developing best practices preventing their misuse for copyright infringement.

Although the paper’s main aim is to describe its findings about the current situation, it also lists suggestions on broadening the scope of good practices to reduce the spread of copyright infringing domains.

Types of copyright infringing domain misuses

The paper distinguishes two main types of domain misuses where a third party’s (usually a brand’s) copyright is damaged.

In the first case, the domain itself is infringing the copyright of a brand. This means that the brand name or a variation of it is used in the domain name with a slight difference in spelling or simply a different TLD.

Pie chart: 10 most widely used TLDs
Pie chart: 10 most widely used TLDs

For example, if your domain is yourbrand.com, fraudsters may use yourbrand.net, your-brand.com, or something similar. This is called cybersquatting, and the aim is either to get you to buy the domain from them (for much higher than market price), or to dupe the customer into thinking they landed on your website.

Infringers may even resort to typosquatting, which means that they register a domain using a common misspelling of your brand’s name (e.g. yourband.com). The goal of typosquatting is to lead customers to their site instead of yours. And this leads us to the second category of infringing domains.

Visualisation of yourbrand.com or yourband.com? A tiny change but what a huge difference
Visualisation of yourbrand.com or yourband.com? A tiny change but what a huge difference

In the second case, the fraudulent domain is used to direct customers to a website hosting content that infringes the copyright of a brand. This could be a site selling counterfeits, grey marketed products, or even a scam website impersonating the brand to steal customers’ confidential information.

The two categories are not mutually exclusive; in fact, it’s quite often that an infringing domain name leads to an active fraudulent website.

The report lists various challenges that protectors of copyright face, including the introduction of new gTLDs in 2012 and the EU GDPR regulation that makes it harder to access the whois data of a website.

Nevertheless, the paper identifies best practices for copyright protection that are implemented by registries and registrars throughout the entire domain name lifecycle.

Domain name lifecycle: pre-, during, and post registration

The report describes the phases of a domain registration and what can be done in each stage to protect the rights of copyright holders.

Pre-registration

Registering a domain name is easy. Although the process is different at each domain name registrar, people wishing to register a name have to provide some kind of personal and payment information.

Generally speaking, the more information a registrar asks for the better. While registrants may give false data, it’s easier to find a fraudulent user based on various contact details than a simple fake phone number.

Some registrars even go further and ask registrants to adhere to terms and conditions, including copyright protection. For example, Nominet in the UK forbids registrants to use .uk domains for copyright infringement or any other illegal activity.

Screenshot of nominent.uk, the registrar for .uk TLDs
Screenshot of nominent.uk, the registrar for .uk TLDs

While this practice is certainly welcome, it’s unfortunately not sufficient. After all, most registrars don’t monitor the content of a website so it’s usually the sole responsibility of domain name holders to ensure their content is in line with copyright protection policies. And if domain name holders created their website with the actual intent to infringe a brand’s copyright, well, we can’t exactly expect them to suddenly grow a conscience and report themselves.

Which is why your brand needs continuous domain monitoring to protect your copyrights.

During registration

There are registrars that upon receipt of the necessary information and payment immediately activate a domain name. Others, however, choose to do some checks before the activation, which is definitely preferable to the former process.

Visualisation of  electronic ID (eID)
Visualisation of electronic ID (eID)

These checks are commonly known as KYC, or “Know Your Customer,” and revolve around verifying the contact data given at registration. This is very effective, as fraudsters often give false data and this verification can ferret them out quickly and easily. Registrars in several countries like Denmark, Norway or Estonia demand an electronic ID (eID) from registrants to prove their identity.


Although this measure is quite effective for reducing domain fraud (or at least to force criminals to be honest about their identities), most countries and registrars are currently not equipped to process eIDs, and probably won’t be in the near future. While the rest of the world catches up, continuous domain monitoring is essential to protect your brand.

Post registration

Some registrars choose to check the whois data to filter out fraudulent registrations. This is very helpful, because it’s usually against the terms and conditions to provide false data, or not to update expired data.

The punishment for such an offence is often the termination of the domain name. Copyright infringers, obviously, tend to ignore this rule, and if the registrars don’t perform any checks, they can very well get away with providing false data.

The legal department of EURid, the body responsible for .eu domains carries out manual checks to detect fraudulent registrations. The registries for .it and .us, on the other hand, use machine learning and automated checks for the same purpose.

If the domain name is found to be fraudulent during the process (whether performed by the registrar or by online brand protection experts), the consequence is usually takedown.

Here is a very important distinction though. Automated takedowns are only initiated by registrars if the domain name itself is found to be fraudulent. If it’s “only” the content that violates a brand’s copyright, it’s quite likely that registrars won’t initiate a takedown procedure because infringing content is the responsibility of web hosting services and not registrars.

Visualisation of domain monitoring in online brand protection
Visualisation of domain monitoring in online brand protection

Luckily, online brand protection experts don’t make such a distinction. Whether domain name, content, or imagery, it’s our job to get the infringing items removed.

Domain monitoring for everyone

We at globaleyez welcome any effort to make the internet a safer space for brands. We are very glad the EUIPO Expert group has taken important steps towards our common goal and we’ll keep following their efforts in the future.

However, their activities can’t replace a continuous domain monitoring program for brands. In fact, authorities and brand protection experts should work hand in hand to diminish online copyright infringement that damages brands.

globaleyez does exactly that. Our brand protection experts work closely with registrars and other stakeholders to detect and eliminate domain fraud as quickly as possible. Our software tools, including traxster continuously check the internet, looking for domains that resemble your brand’s name. We take typos, abbreviations, added characters and much else into consideration to create a list of potentially infringing domains.

Visualisation of domain monitoring at globaleyez
Visualisation of domain monitoring at globaleyez

With powerful filters we separate the wheat from the chaff and quickly determine which domains to take action against. Thanks to our other services like marketplace and image monitoring and test purchases, we take both the domain name and the content of the website into consideration.

Our comprehensive approach to brand protection ensures a well rounded-out, full service that quickly detects and eliminates threats to a brand’s flawless online and marketplace presence.

Conclusion

Domain fraud is very common in our era. In fact, according to the 2019 Domain Fraud Report, fraudulent domain registrations have grown by 11% in the period examined. This means that the threats for brands are very real and unless you do something about them, they will only grow stronger.

Include continuous domain monitoring into your brand protection program to ensure that fraudsters who aim to hurt your brand are quickly detected and prevented from doing any further harm. Reach out to globaleyez and find out how we can help you protect your domain name - and your entire brand.

picture of author

Related news

The decline of Wish?

Wish has reported disappointing financial data for Q2 2021. Is this the end for…

discover more
Brand protection for geographically pr…

Discover what geographically protected products are, what kind of IP-threats th…

discover more
Popular online marketplaces from aroun…

Get to know exciting African marketplaces that you’ve never seen before, and ma…

discover more