Domain Name Strategy to Protect Brand Identity

Eric Misterovich
Revision Legal, PLLC

It takes a couple of minutes to register a domain. But creating a comprehensive plan to fit domain names into your overall brand protection strategy, while maintaining organization and proactively combatting infringers, takes time. Brand protection professionals that understand the nuances governing the legal landscape regarding domain names will be able to utilize a proactive, thoughtful strategy that enhances brand identity. Those without a firm grasp on domain strategy can find themselves playing from behind and spending exponentially more money to regain control. Here are concrete steps to help build a domain registration plan that will protect your brand.

Understanding the difference between domain names and trademarks.

A surprising fact not understood by many brand owners — owning a trademark does not mean you automatically own the corresponding domain name. And vice versa. They are entirely separate matters. Trademark rights are created by using a mark in commerce as a source identifier for goods and/or services and can be registered in national trademark offices. On the other hand, domain names are registered through private companies called “registrars.” But, there is some overlap. For example, when exploring potential names for a new product or service, standard due diligence will likely uncover whether the corresponding domain name is available. Those domain names can provide important clues on the risk of trademark infringement regarding common law (or unregistered) trademark rights.

What do you have? What should you have? And what’s the plan moving forward?

Provided your company has instituted standard operating procedures (SOPs) regarding the registration of domain names, reviewing a consolidated list of exactly what domains are owned, through what registrar, and when they expire should be an easy task. But, we don’t live in a perfect world and you may find that, even with SOPs in place, employees and outside contractors have been registering domain names in a less than consistent manner. Devoting time to creating a real-time consolidated list of all active domain names is a critical step both economically and for protection of your brand.

Once your domain information is organized, auditing is the next step. One suggestion is to group domains into three main categories:

  • what can be left to expire,
  • what is missing, and
  • what to keep.

For example, certain brands, products, or slogans may have evolved over time such that a domain registration is no longer necessary. On the other hand, new product developments, changes in marketing copy, or changes in lexicon may expose holes in your domain portfolio that should be filled. Finally, for the domains to be owned for the foreseeable future, time should be spent to ensure the contact information is correct and consistent, that proxy services are enabled to shield registrant information from public WHOIS records, and to promptly calendar all renewal dates.

Auditing should not be a one-time event. Care should be taken to implement a regular and routine auditing of your domain portfolio. This should include input across departments to allow for the most comprehensive strategy to align your domain portfolio with the developments of your products, services and your overall brand position. Of particular importance, SOPs and multi-employee and supervisors controls should be instituted for registering, renewing and permitting domains to expire. Giving one person all the authority in this setting can lead to confusion if roles or positions change, and also may not give consideration to various priorities as noted above.

Defensive Registrations and Squatters

Defensive domain name registration refers to a strategy to acquire variants of your principal domain names to keep them out of third-parties’ hands. For example, registering several forms of your domain with intentional misspellings is a common defensive registration strategy. This can come in many forms such as intentionally omitting a letter (, a common misspelling (, the plural or singular form (, a different top-level domain (, or even adding generic words to the dominant portion of the domain (

A defensive registration strategy is not just about addressing potential mistakes to correct a quick typist to your website. There are much more serious brand protection issues at stake. When bad actors intentionally register domain variants it is called “typosquatting.” And often times, these bad actors use the underlying websites for nefarious purposes. For example, typosquatted domains could resolve to a website that looks substantially similar to your authentic website. This imitation website can then be used in connection with fraud or phishing attacks where an unsuspecting consumer may provide sensitive information believing the communication to be with a trusted company.

Further, these confusingly similar domain names can be used in email fraud. One common scheme is for bad actors to find your customers and email them, informing them of a new payment method. The customer does not closely analyze the sender’s email address, which transposes two letters in the email address but in a quick glance, looks authentic ( The customer makes payment to the bad actor, often located overseas and outside the reach of our judicial system.

Similar to your audit above, you should determine what typosquatting domains have already been registered and what ones you should defensively register. This requires a balance in determining the domains that have the best chance of protecting your brand while maintaining an eye on annual registration costs. While a single domain is relatively inexpensive, these costs can multiple as your brand expands.

Legal Options to Combat Infringers

The GDPR and general shielding of WHOIS records –publically available records regarding domain ownership– can make combatting infringers difficult. However, you have legal options to uncover hidden details regarding domain ownership and recover infringing domains. Registering a domain name is only possible after agreeing to a long and detailed registration agreement (that most people likely do not read). But, by agreeing to those terms, registrants also agree to be subject to the Uniform Domain Name Dispute Resolution Policy (the “UDRP”). The UDRP includes an arbitration proceeding where trademark holders can recover infringing domains. To prevail in a UDRP proceeding, the plaintiff must show (i) the domain name at issue is identical or confusing similar to a trademark in which the complainant has rights; (ii) the respondent has no rights or legitimate interests in the domain name at issue; and (iii) the domain name has been registered and is being used in bad faith. These proceedings are done through written papers only, with no live testimony or depositions. The only relief available is a transfer of the domain name to the complainant or cancellation of the domain name’s registration. No money damages are available. This process is favored for relatively straightforward cases because it can be completed in about 60 days. There is also an even more accelerated system called the Uniform Rapid Suspension (“URS”). This system generally requires a formal trademark registration and is subject to a heightened “clear and convincing evidence” burden of proof. This is only intended for “clear cases of trademark abuse.” This process involves lower filing fees and a potential decision in less than 20 days. However, the remedy is limited to suspension of the disputed domain name. In other words, the complainant cannot obtain possession of the domain like it can under the UDRP.

U.S. Federal law also provides an avenue for relief. The Anticybersquatting Consumer Protection Act (“ACPA”), 15 U.S.C.§ 1125(d) gives rightsholders a powerful enforcement mechanism best suited for particularly nefarious actions. To prevail in an ACPA action, the plaintiff must establish: (i) that it has a valid trademark entitled to protection; (ii) its mark is distinctive or famous; (iii) defendants’ domain names are identical or confusingly similar to, or in the case of famous marks, dilutive of, plaintiff’s mark; and (iv) defendants used, registered, or trafficked in the domain name (v) with a bad faith intent to profit. DaimlerChrysler v The Net Inc., 388 F.3d 201, 204 (6th Cir 2004)

 Successful plaintiffs can recover not only the infringing domain, but also actual damages or statutory damages of up to $100,000 per domain name. 15 U.S.C. § 1125(d)(1)(C); 15 U.S.C. section 117 (d). Given the costs associated with federal court litigation, ACPA actions are best reserved for true bad faith use of infringing domains.

A well-thought out and consistently followed domain name audit plan will provide real results. This plan will give companies a proactive roadmap to register and maintain important domains consistent with overall brand strategy. Further, rightsholders can mitigate against future bad actors by strategic, defensive registrations. And by understanding the legal process, companies can take quick, decisive action when necessary.