Brand Protection

Registering your brand name across the most common TLDs (.com, .net, .org and relevant ccTLDs for your markets) is a cost-effective way to prevent competitors or bad actors from squatting on similar names. At minimum, secure the .com version and the ccTLD of your primary market. You can redirect the additional domains to your main site without needing to maintain separate websites.

Cybersquatting is the practice of registering a domain name that matches a trademark or well-known brand name with the intent to profit from or harm the trademark holder. Victims can pursue the UDRP (Uniform Domain Name Dispute Resolution Policy) process through WIPO or another approved provider to recover the domain, or file a lawsuit under the US Anti-cybersquatting Consumer Protection Act (ACPA) if the registrant is in the US.

The UDRP (Uniform Domain Name Dispute Resolution Policy) is an ICANN-mandated process that allows trademark owners to challenge bad-faith domain registrations without going to court. A complainant files with an approved provider (such as WIPO or NAF), provides evidence of trademark rights and bad faith, and a panel of one or three arbitrators decides the outcome — typically within 60 days. The process can result in cancellation or transfer of the domain.

The Trademark Clearinghouse (TMCH) is a central database of verified trademarks maintained by ICANN. It gives trademark holders two key protections during new gTLD launches: a Sunrise period to register their mark before the general public, and Claims notifications that alert both the registrant and the trademark holder when someone tries to register a matching domain. Registration in the TMCH costs around $150 per mark per year.

Yes, if you hold a registered trademark you can file a UDRP complaint or, for .com/.net/.org domains, a URS (Uniform Rapid Suspension) complaint for faster resolution. If the domain was registered recently and the case is clear-cut, the UDRP process often takes about 60 days and costs less than litigation. Success requires proving: you have trademark rights, the domain is confusingly similar, and it was registered and is being used in bad faith.

Defensive domain registration is the practice of proactively securing domain names that could be used to impersonate, confuse, or harm your brand — even if you have no immediate plans to use those domains. This typically means registering common misspellings, hyphenated variants, and key ccTLDs alongside your primary domain. Redirecting these defensive registrations to your main site ensures visitors who mistype your URL still reach you, while keeping bad actors from exploiting the names.

Brand monitoring services such as MarkMonitor, CSC, and Corsearch continuously scan new domain registrations across hundreds of TLDs and alert you when names matching your trademark or brand keywords are registered. Many domain registrars also offer basic domain alert services. The Trademark Clearinghouse (TMCH) Claims service provides automatic notifications during new gTLD launches. Monitoring allows you to act quickly — either by contacting the registrant, filing a UDRP complaint, or taking legal action.

The Uniform Rapid Suspension (URS) is a streamlined dispute resolution process introduced with the new gTLD program that allows trademark holders to quickly suspend clear-cut cases of abusive domain registrations. Unlike the UDRP, the URS does not result in a transfer of the domain — it suspends the domain for the remainder of its registration term. The process is faster and cheaper than the UDRP (decisions within about 20 days), making it suited for slam-dunk cases where the bad faith is obvious.

Domain name watching services monitor registration databases — including WHOIS feeds, zone file data, and new gTLD zone additions — to detect registrations that match or closely resemble your brand, trademark, or key terms. Leading providers include MarkMonitor Domain Management, CSC Brand Shield, and Corsearch. Many services use fuzzy matching and homoglyph detection to catch typosquatting and homograph attacks in addition to exact matches. Alerts are typically delivered by email, dashboard, or API.

You cannot trademark a domain name as a domain name, but you can trademark the word or phrase that forms the domain if it functions as a brand identifier. For example, 'Amazon' is a registered trademark even though Amazon.com is a domain. The US Supreme Court ruled in USPTO v. Booking.com (2020) that adding '.com' to a generic term can create a protectable mark if consumers associate it with a single source. Consult a trademark attorney to assess whether your domain-based brand qualifies for trademark protection in your jurisdiction.

Reverse domain name hijacking (RDNH) occurs when a trademark owner files a UDRP complaint in bad faith — typically to wrest a legitimately registered domain away from its rightful owner. UDRP panels can make a finding of RDNH when the complainant knew it could not succeed on the merits, such as when the domain was registered before the trademark existed. RDNH findings carry reputational consequences but do not currently result in financial penalties or direct sanctions under the UDRP itself.

The primary tool for protecting your brand during new gTLD launches is the Trademark Clearinghouse (TMCH). Registering your mark in the TMCH gives you Sunrise period access — the right to register your exact trademark as a domain before the general public can. It also activates Claims notifications that warn potential registrants when they attempt to register a name matching your mark. For broad coverage, Domains Protected Marks List (DPML) blocks can also prevent your mark from being registered across hundreds of participating new gTLDs simultaneously.

DPML blocks are a blocking service operated by Donuts (now Identity Digital) that prevents a verified trademark from being registered as a second-level domain across the entire portfolio of participating new gTLDs. A single DPML subscription — linked to a TMCH-verified mark — blocks the exact match of your trademark across hundreds of extensions simultaneously, without requiring you to register each individually. This is especially cost-effective for brands facing high volumes of new gTLD squatting. The service does not cover typos or variations, only the exact mark string.

UDRP filing fees depend on the provider and the number of domain names in the complaint. At WIPO (the most commonly used provider), fees start at $1,500 for a one-member panel covering one domain and increase with additional domains or a three-member panel request (which costs around $4,000). NAF fees are broadly similar. Attorney fees for drafting a solid complaint add to the total, typically bringing all-in costs to $2,000–$5,000+ for a single-domain case. This is far cheaper than federal litigation, which can cost tens of thousands of dollars.

UDRP complainants historically win approximately 85–90% of decided cases where a panel issues a ruling — largely because most bad-faith cases are clear-cut and many respondents do not file a response. However, default by the respondent does not guarantee success; panels still require the complainant to prove all three elements (trademark rights, confusing similarity, and bad faith). Cases with a response filed have a lower complainant success rate, closer to 70%. WIPO publishes annual statistics on its dispute resolution database.

Domain name front-running is the alleged practice where a registrar uses information from a user's domain availability search to register the domain before the user can, then offers it for sale at a higher price. ICANN investigated and largely debunked systematic front-running at accredited registrars in 2008, but the practice remains a concern. To protect yourself, avoid searching for valuable domain names at multiple registrars before you are ready to register, and act quickly once you have decided on a domain.

ccTLD protection requires a market-by-market approach because each country-code TLD is governed by its own registry with distinct dispute resolution policies. Many ccTLDs have their own UDRP-equivalent processes — for example, Nominet's DRS for .uk or AFNIC's SYRELI for .fr. The first step is to register your brand name in the ccTLDs of your key markets preemptively. If a ccTLD does not have a dispute mechanism, national courts and trademark law may be your only recourse, which can be expensive and slow.

A cease and desist (C&D) letter is a formal legal notice sent by a trademark owner to the registrant of an infringing domain, demanding that they stop using the domain and transfer or delete it. C&D letters are often the first step before filing a UDRP complaint or lawsuit, as many squatters will comply — especially if they want to sell the domain — without the expense of formal proceedings. The letter should clearly identify the trademark rights, the infringing domain, and the demanded action, and should be drafted by a qualified attorney to carry legal weight.

Defamation alone is generally not grounds for a UDRP complaint, because the UDRP requires trademark rights and bad faith registration — not just harmful content. Complaint sites using 'brand-sucks.com' style domains typically fail the UDRP bad-faith test due to free speech protections recognized by many panels. For defamatory content, the more appropriate routes are a court order compelling the registrar or hosting provider to suspend the domain, or pursuing the domain owner directly through defamation litigation in the relevant jurisdiction.

The Lanham Act is the primary US federal trademark statute, and it provides two main avenues for addressing cybersquatting. First, Section 43(a) covers trademark infringement and false designation of origin, which can apply when a domain is used in commerce in a confusingly similar way. Second, the Anti-Cybersquatting Consumer Protection Act (ACPA), added to the Lanham Act in 1999, specifically targets bad-faith registration of domain names identical or confusingly similar to distinctive marks — allowing courts to award statutory damages of $1,000–$100,000 per domain.

Homograph (or homoglyph) attacks use characters that look visually identical or very similar to the letters in your domain name — for example, replacing the Latin 'a' with the Cyrillic 'а' — to create a domain that appears identical but resolves differently. These are especially dangerous for phishing. Defenses include registering the most common IDN (Internationalized Domain Name) lookalike variants of your domain, enabling DNSSEC to make DNS responses verifiable, and working with browsers and registrars that implement Unicode confusable blocking. Brand monitoring services with IDN detection are also essential.

Brand monitoring for domain names is the ongoing process of tracking new registrations, zone file additions, and WHOIS changes to detect names that could infringe on your trademark or harm your brand. Effective monitoring covers exact matches, phonetic variants, typosquats, hyphenated versions, and homoglyph variants across all relevant TLDs. Platforms like MarkMonitor, CSC, and DomainTools offer automated alerting so brand owners can respond quickly — within the Sunrise window if a new gTLD is launching — rather than discovering infringement months later.

Registering common misspellings is the most reliable way to protect them — it is far cheaper to register a handful of typo variants than to fight a UDRP case later. You can register misspelled domains and redirect them to your main site. UDRP panels do consider typosquatting — intentional registration of misspelled versions of trademarks — as evidence of bad faith, so you have legal recourse if a typo domain is registered by a third party and used to divert your traffic or deceive your customers.

When two parties both have legitimate trademark rights to the same or similar string, UDRP panels typically rule in favor of the respondent — because the complainant cannot prove the registration was in bad faith if the respondent has its own valid trademark rights. These cases are better resolved through negotiation, co-existence agreements, or litigation in the relevant jurisdiction. Courts can consider geographic scope, trademark priority dates, and the relative strength of each party's mark to determine who has the superior claim.

Proactive brand defense means anticipating and preventing domain-based threats rather than reacting to them after harm is done. It includes registering your mark in the Trademark Clearinghouse before new gTLD rounds, maintaining defensive registrations across key TLDs and markets, setting up domain monitoring alerts, and using DPML blocks for new gTLD portfolios. Large enterprises often partner with brand protection firms that combine domain registration, monitoring, enforcement, and legal action into a single managed service. The cost of prevention is almost always lower than the cost of recovery.