Domain management: a best practice guide
The first step in an intelligent domain strategy is to look at trademark registration strategy. What has been registered and where? Is there a pattern of registration in the trademark system that can be duplicated in the domain name system? For example, is there a list of ‘crown jewel’ trademarks and priority jurisdictions?
Domain name registration strategy should mirror trademark registration strategy as closely as possible. This means considering registration in country-code top-level domain (ccTLD) registries:
- in key geographic locations where a company currently has offices, distributors, licensees or customers;
- in potential geographic locations of interest for commercial expansion;
- in jurisdictions where infringers are active (eg, because the local domain registry does not offer dispute resolution, the price of registration is low, loose formalities allow anyone to register anything and there is a culture of cybersquatting). One could presently characterise China and Russia as two jurisdictions where preventative registration makes sense; and
- in any ccTLD where registration is free (eg, ‘.tk’ (Tokelau), which is operated by Dutch entrepreneurs under licence from this Pacific island’s government).
The subsequent pattern of registration needs to be enhanced by ensuring that you have covered the unrestricted generic top-level domains (gTLDs) which are available to anyone, anywhere in the world. These include:
- all of the important legacy gTLD registries (eg, ‘.com’, ‘.net’ and ‘.org’);
- relevant new gTLD registries (eg, if you were in the real estate business you would look at cities and geographies where you trade, as well as ‘.apartments’, ‘.haus’, ‘.house’, ‘.property’, ‘.properties’, ‘.realtor’, ‘.realty’, ‘.reit’, ‘.rent’ and ‘.rentals’); and
- internationalised domain names. Whether in the gTLDs or the ccTLDs, it is important to consider registration in scripts other than Ascii (eg, Arabic, Chinese or Cyrillic), if this is how you communicate with customers or staff. Take care that the requested domain is in accordance with company trademark policy. Do not request a transliteration if you want a translation. Use your local legal experts to check your applications and registrations. Do not trust retail registrars, who have been known to use Google Translate to suggest a string, sometimes with disastrous consequences.
There can be benefits to registering misspellings, if such domains are redirected and drive traffic – but these should generally be avoided, as should compound words. In considering which misspellings to register, ask those responsible for search engine optimisation to provide a list of terms that customers commonly type into browsers.
If a mark features two or more words, then to maintain customer confidence you should consider registering a domain in key jurisdictions both with and without a hyphen.
All domains should be held in a secure database under the control of the in-house expert, preferably alongside trademark information.
It helps to justify a global portfolio of registrations if every domain name points to a web page with live content. This ensures that each domain pays its way, acting as a signpost to information that reflects well on the owner.
Pay attention to creating harmonised WHOIS records. WHOIS records are published on the Internet and help third parties to look up who owns a domain name. Therefore, uniform contact information that accurately reflects your ownership and identifies role contacts who can answer questions on a domain is desirable. Where possible, the registered owner of a domain should be the same as the owner of the corresponding trademark. If this entity is ‘John Doe (Europe) Holdings Limited’, do not settle for an abbreviation such as ‘John Doe Ltd’ – this may be challenged by the registry if you try to transfer the domain.
In jurisdictions where the registry formalities require a company to use a local presence, all domains featuring the local presence in the record of registration should be standardised. It is good practice for the ultimate owner of such a domain to have a beneficial ownership agreement with the local representative, defining the extent of the authority of the local agent.
Frequently, registries with local-presence requirements will also ask for information to support the application proving a connection to the jurisdiction. This could be a company formation, a local tax number or a trademark certificate. Prudent brand owners record which domain names are dependent on trademarks in case of disposals.
The process for requesting a new domain name registration must be clear in any corporation. Requestors from a business should have an understanding of who to ask for a new domain registration and who will pay for it (ie, whether the money comes from their budget, IP or legal or another pot). They should also be able to prioritise the registration and give clear instructions on where the domain should point.
Larger corporations frequently capture their domain name policy in a written document.
Renewal and lapsing strategies
Commerce-critical and ‘crown jewel’ domains should be registered for up to 10 years. Other domains should be registered for single-year periods, unless there is a price discount from the registrar for multiple years.
Generally, renewal reminders and invoices will be sent by a registry operator to the registrar, not to the registrant. Best-practice registrars will remind a registrant of a forthcoming renewal to a schedule that suits the client – frequently somewhere between 90 and 30 days in advance of a renewal date – setting out the date of renewal, the official registry fees and any other related fees (eg, those related to maintaining a local presence or the registrar’s service charge). All critical domains should be placed on auto-renew, meaning that the registrar has the authority to renew the domain name in advance unless told to lapse.
Allowing a domain name portfolio to roll over, year by year, without a review leads to an increase in low-value or time-limited domains. ‘MayDay2017.com’ is not very useful in May 2018.
From time to time – and no less frequently than once every three years – the in-house domain champion should review all domain names the company owns. The possibility of lapsing unused domains or domains that are no longer needed should be discussed.
During this process, the possibility of adding registry locks should be considered. Locking helps to prevent unauthorised or accidental modifications and transfers, because the registry will implement an instruction only after following a two or three-factor authorisation process, usually featuring an ‘out of band’ (ie, non-internet-enabled) step, such as telephoning a specified representative at the registrar, who must provide a password. Registry locks are not available from all registries, but should be considered for all critical domains, balancing the need for security against the need to respond quickly in the event of an emergency revision being required.
‘Super locks’ at the registrar level, which prevent any unauthorised person inside the registrar from making a change, are essential too.
No domain name should be deleted or disposed of without the prior approval of the in-house domain champion. It is good practice to remove any resource settings from a domain name well in advance of lapsing, so that it ceases to point to any website or carry any content. This means that the domain investors which monitor domains that are ‘dropping’ (ie, being made available for re-registration by registries) will not be attracted by a volume of legacy traffic which they can exploit by grabbing the domain and directing it to a ‘pay per click’ page.
Maintenance and management strategies
Many IP experts in charge of domain names find the volume of domains for which they are responsible overwhelming. It seems easier to pay for a portfolio that increases year on year than to ‘right size’ it. It seems simpler to pay for 25 domains of little value than to run the risk of lapsing a domain that might come in useful six months down the line. It seems preferable to lock out infringers through defensive registration than to tackle domain name abuse. It seems less painless to defer decision making to a trusted registrar – and few of them are likely to encourage you to cut your portfolio – than to try to negotiate a reduction in its charges to compensate for a swelling portfolio.
There is one relatively simple step that all IP experts can take to combat this natural reluctance to focus on domain names: prioritising domains into four (or more) levels based on their importance and value. This categorisation process helps to keep the focus on critical domains and aids efficient decision making, with the result that resources are maximised. This prioritisation process – including where the lines are drawn between categories – should be undertaken carefully, with due regard to the value placed on marks in the trademark portfolio.
It might feature the following four levels, for example.
These are domains that match ‘crown jewel’ trademarks or support commerce-critical or core corporate websites. Generally up to 5% of a portfolio can be categorised as level one; otherwise, the prioritisation is incorrect. There would be a direct customer or business impact in the event of the failure of or a successful malicious attack on a level-one domain. All level-one domains should carry locks at the registry and registrar level. They should be registered for multiple years, on auto-renew. The primary ‘.com’ registration, the home-country ccTLD registration and the domains that support the company intranet and email should be in this category. Any change to a level-one name should require sign-off from the in-house domain name champion, a senior trademark expert and an IT or web specialist. Your registrar must be informed of this process and should make changes to level-one domains only when it has received appropriate authorisation. When changes to level-one names are made – including opening and shutting registry locks – the process must be documented. ‘Shoulder surfing’ should be required at each stage of the process, at both the client and the registrar end. This means that the actions of an individual are supervised and checked by a colleague standing next to the individual during the process. It ensures that locks are closed after changes are completed.
These are domains that are important to communication but not critical, and which should account for perhaps 10% of a portfolio. Level-two domains might support informational websites for country-specific businesses, but nothing connected with e-commerce. While nobody wants an interruption to any domain, if a level-two domain is taken offline, the impact on the bottom line of the corporation or its global reputation should be low. Level-two names should also be considered for locks, but locks should not be mandatory. Level-two domains should be placed on auto-renew; however, the process to change a level-two domain can be simpler, requiring the sign-off of the domain champion and one other person.
These are good-to-have registrations, mostly filed for defensive purposes or perhaps to support a short-term initiative that has now expired (so a level-two domain becomes level three after its useful life has expired). Holding such domains is probably cheaper than trying to reclaim them from third parties, especially if they can be pointed to websites so that they support navigation by consumers. Up to 80% of a portfolio might be classified as level-three domains. They can be set on auto-renew, but should not be renewed for more than one year at a time. They should be reviewed every three years with a view to culling them by 15%, to account for an average annual portfolio growth of perhaps 5%.
These are low-value domains, perhaps part of a bundle reclaimed from infringers after a Uniform Domain Name Dispute Resolution Policy action or registered initially for entities that have been dissolved or discontinued marketing initiatives. They might reflect the old name of a product or service or be based on misspellings that are rarely typed. They have no commercial value and should be set to lapse at the end of their life or at a key date in the year.
Crucially, the level that a domain name is in should be entered into the in-house IP database of domain names and associated with the corresponding record for the trademark. Ideally, the reasons why any changes are made to level-one and level-two domains should also be recorded here, along with the details of the requestor.
When facing the prospect of transferring in or away a portfolio of domains, there are a few rules to follow which can make the task much easier.
Establish a transfer plan that features a report on every domain, including:
- its registered owner;
- its jurisdiction;
- whether it carries live settings;
- its level (and therefore its value to the business); and
- its expiration date.
Armed with this report, a staged process can be implemented which should feature weekly status updates and the possibility to ‘huddle’ with your registrar and your in-house technical and business colleagues to resolve any issues.
Review and cull
Review all domains that are to be moved and take the opportunity to cull any that are not necessary. There is no point in moving registrations of limited value; however, at an early stage check Domain Name System queries and traffic and ask the responsible managers to identify any domains supporting live sites.
Get a report on renewals due in the next three months. Focus on gTLDs with a renewal date in the next month and ccTLDs in the next two months: if you want to keep these domains, get them renewed either by the losing registrar or by the gaining registrar, if the losing registrar is cooperative in facilitating a quick transfer.
Your formal transfer plan should be segmented to feature three kinds of registry.
This includes almost all gTLDs (legacy and new) and about 100 ccTLDS. These registries usually transfer domains from one registrar to another using ‘auth-codes’, where the gaining registrar has an auth-code for each domain, provided by the losing registrar, which enables the transfer.
These are registries where the transfer process requires some manual intervention, such as logging into an online account. The gaining registrar sometimes has to pull domains one at a time, but it can be done in batches; sometimes the registry will assist.
These registries can be divided into two groups:
- those which require one of the registered contacts on the WHOIS record as a representative of the domain owner to acknowledge the transfer of a domain by email; and
- those which require a hardcopy letter of authority on company letterhead, which must match the name of the registered domain owner.
Sometimes the letter must be notarised or in a local language. The support of a local agent may also be required to hold the domain for you under a beneficial ownership agreement.
The time spent preparing for a transfer project is proportional to its success: know your goals and your deadlines.
If these simple rules are introduced and adhered to, managing a complex corporate portfolio of domains need not be taxing.
28-30 Little Russell Street
London WC1A 2HN
Tel +44 020 7421 8250
Fax +44 087 0011 8187