The domain management landscape has changed dramatically over the past 30 years. The first domain was registered in 1985. For the first few decades, organisations and individuals needed only to register TLDs such as ‘.com’ or ccTLDs domains such as ‘.co.uk’. The domain registration and management process was revolutionised by two factors:
- an increase in online crime; and
- the launch of gTLDs in 2013.
So, why are domains so important? Simply put, because a domain forms the core of brand identity, especially for organisations that have a significant e-commerce presence. A domain helps distinguish a brand from competitors and sets it up for long-term success, by building trust, professionalism and credibility.
The result is that domain management has never been more important or more challenging. While there are additional factors to consider, including cost pressures and a more complex landscape to navigate, organisations must view domains as part of the remit of the law, marketing and brand protection and overcome the old attitude that sees domains as merely an IT issue.
In the traditional sense, domain management includes registering new domains, monitoring existing ones and keeping track of the wider portfolio with a view to streamlining it and potentially selling unused domains. In today’s business environment, the basic tenets of domain management remain the same, but there are other factors that play a key role, especially when it comes to brand protection.
The fact remains that brands need to be more vigilant and take more proactive steps to protect their reputation and their customers, as well as mitigate the risk of infringement.
Domain management requires a comprehensive approach that includes cross-department collaboration and combines traditional and more innovative tactics. This includes looking at five core areas that can help streamline the process:
- use best practices to lay the foundation;
- remain vigilant by monitoring for abuse;
- think about domain security;
- view domains as assets; and
- register gTLDs.
Use best practices to lay foundations
Classify your domains
The first step in any registration process is to categorise and tier your brands. Identify which brands are critical or core, which are important and which are of limited or lesser importance. By grouping them into such categories, it is easier to recognise what action needs to be taken when it comes to the domains, whether that is a defensive registration or domain recovery, including possible enforcement against infringement. While classifying brands may not always be straightforward, brand
protection professionals can use existing trademarks and instances of abuse to calculate the importance of the domains to the business. If, for example, a brand holds trademarks in more than 30 countries, it is typically considered a core brand. In the same vein, important brands are classified as those that are specific to a certain geographical region, while limited brands could consist of slogans or other intellectual property used to support marketing campaigns.
Protection equals brand type
Once brands are classified, it becomes easier to determine the amount of protection or coverage that is required. For instance, numerous variations, misspellings and typosquats should be considered for core or key brands or ‘.com’ domains (eg, ‘yourbrand.com’ should include ‘yrbrand.com’, ‘yourbrond.com’ and ‘yorbrnd.com’).
Important and limited brands require less coverage, so domain registrations can be limited to exact-match options.
Always consider risk
Understanding the organisation’s propensity for risk is crucial. If the culture is risk averse, then defensive registrations may be the solution. While defensive registration can help mitigate risk, it does not negate the need for proper monitoring for abuse.
Conducting an audit on proposed domains will help to shape this understanding of risk. The extensions that are most at risk for infringement include popular legacy gTLDs, free or low‑cost TLDs and unrestricted ccTLD extensions.
Let trademarks guide registrations
While trademarks and domains are two separate IP assets, the former can be used to great effect in guiding a registration strategy. Domain registrations should align with trademark registrations – if a German trademark exists, for example, register the ‘.de’ domain.
Align domain registrations with corporate objectives
When deciding where to register different domains, corporate objectives and future marketing needs should be considered. For example, if the business goal is to maximise awareness of the brand and generate worldwide revenue, the following elements should be considered as part of the wider domain registration plan:
- office locations or regions where the organisation does business;
- TLDs that support global sales and marketing programmes;
- existing and select gTLDs; and
- top 10, 25 or 50 e-commerce countries.
Standardise Whois approach
To ensure consistency, information entered into the Whois database should be the same across all domains wherever possible. For example, the registrant contact should be the same as the business owner or trademark owner, and the domain contact should be generic where possible, using roles as identifiers (eg, names like ‘domain administrator’ or ‘domain name system (DNS) administrator’). The same applies to email addresses. The rationale is that people do not stay in the same role forever. If an individual uses their own name and contact details for the domain contact information, there is a chance that renewal notices or other important notifications could be missed if that person leaves the organisation – not to mention the privacy and EU General Data Protection Regulation (GDPR) ramifications.
When local presence information is needed to secure a domain, the same should be used whenever possible. If registering a domain name requires that the administrative contact lives in the country that matches the domain extension, the person chosen should be a director of the company or an employee who has full signing authority for any changes needed to the domain.
Remain vigilant: monitor for abuse
Registration is crucial in the domain management process, but it does not end after the paperwork is filed. Looking after a domain portfolio also requires monitoring and security to ensure the health of the brand and the organisation itself.
Domain abuse or infringement comes in many forms, from domain squatters and phishers redirecting traffic to fraudulent sites (domains that are confusingly similar to legitimate sites), to losing ownership to domains if the DNS is hacked and details are changed.
In the case of fraudulent websites, the consequences can be dire, including stolen business and lost revenue, broken customer trust, reputational damage and legal proceedings.
A domain monitoring service can assist in mitigating risk and should include such features as:
- notification of newly registered domains and newly dropped domains;
- the ability to create exclusion lists and search zone files using wildcards;
- the status of each reported domain (eg, active, inactive or dropped);
- a live link for each domain; and
- a live link to the Whois record for each domain.
Monitoring domain registrations enables brands to proactively deal with abuse and take immediate action. This includes actively monitoring a site, sending a cease and desist letter, filing a UDRP or URS action, or challenging the accuracy of the Whois record if the name falls into the hands of a suspicious individual or entity.
While enforcement against domain infringement might be hindered by GDPR, when it comes to identifying owners of infringing sites, there are still mechanisms in place. Brand protection experts have accounted for the changes that GDPR has brought and many have adjusted their enforcement strategies accordingly.
Think about domain security
Along with monitoring for abuse and infringement, organisations should also pay increased attention to security. Protecting valuable domains is the cornerstone of a domain security strategy and one of the best ways to do this is by using advanced locking mechanisms. This is especially useful if the website is used for e-commerce. Locking mechanisms protect the domain from unintentional modification, unauthorised transfers and malicious attacks. Registrar locking, for example, prevents domain actions (eg, updates, transfers and deletions) until the registrar unlocks them by completing a pre-determined, customer-specified security protocol.
Other key elements of domain security include working with a hardened, corporate registrar with the expertise and technologies to complement an organisation’s security ecosystem. It is also helpful to consolidate the business’ domain portfolio and have a centralised view of all domain names across all locations to keep track of them.
Brands should also:
- protect authorisation codes;
- use two-factor authentication for accessing a domain management portal;
- continually manage and review user accounts; and
- limit and specify user rights for management of domains.
View domains as assets
Domains are a necessary expense for many businesses, particularly when it comes to defensive registrations such as registering similar sounding domains or misspellings. Global organisations and those with many brands often sit on hundreds of these domains that add limited value to the business. However, they could be turned into potentially valuable assets simply by ensuring they point to a live site. If a legitimate customer stumbles on one of these sites, they can be forwarded on to the brand’s primary website, redirecting potential customers, which can improve both reputation and revenue.
Register your gTLDs
Since their launch in 2013, gTLDs have changed the way organisations register, monitor and secure their domain portfolios. gTLDs have the potential to deliver significant benefit to brands in terms of cementing brand identity and making organisations more memorable and easier to find. While they require a different approach from registering TLDs, there are also a few best practices to guide brands.
Identify and submit trademarks to the Trademark Clearinghouse
The Trademark Clearinghouse (TMCH) serves as a central repository of authenticated trademark information. The information contained within the TMCH can be used to enable sunrise registrations and domain name blocking.
Review all new gTLDs and register selectively
With approximately 1,000 new gTLDs now delegated, many companies have fallen into a registration rhythm, and approaches range from very minimal registration and blocking strategies for one or two core brands, to registrations of multiple brands in each new gTLD registry.
Decisions about what to register are based on a risk tolerance continuum focusing on TLD relevance, and the risk posed by a monitoring-only approach. Most companies are looking to register exact matches of their core trademarks in registries where there is a close correlation between the brand and the TLD. For example, financial institutions generally should register TLDs such as ‘.bank’, ‘.loan’, and ‘.mortgage’, provided that they meet the eligibility requirements.
However, there are certain categories of registration which pose their own special risks. These include gripe (eg, ‘.wtf’ and ‘.sucks’), vice (eg, ‘.sex’ and ‘.poker’), corporate identifier (eg, ‘.inc’ and ‘.gmbh’) and charitable (eg, ‘.foundation’ and ‘.charity’) TLDs. Companies must determine their tolerance for risk when planning their registration and blocking strategies around these.
Think about domain blocking
Domain blocking is one way to prevent infringement, domain squatting and domain abuse. Brand owners can block trademarks validated in the TMCH from registration in certain new gTLD extensions. Instead of having to defensively register domains, brand owners can use blocking mechanisms.
There has been a lot of movement in the industry recently with the introduction of new blocking mechanisms for adult-content-oriented domains. The new blocks cover four adult-themed TLDs: ‘.xxx’, ‘.porn’, ‘.adult’ and ‘.sex’.
The downside is that any blocked registration can be challenged, overridden and registered as a domain by anyone who owns a validated TMCH submission.
Moreover, any names that are identified as premium are ineligible for blocking. This means that if a trademark is a dictionary term, first name or surname, or a three‑letter acronym, there is a distinct possibility that it will be deemed as premium by the registry and therefore ineligible for blocking. To complicate matters, premium name lists are only distributed just prior to the launch of every sunrise period for Donuts and Rightside registry TLDs.
Donuts and Rightside are two examples of large TLD operators that have blocking options. Other operators also have blocking options, with their own unique pricing structure and level of protection. That said, for companies with a unique trademark and where risk and relevance is high in the applicable TLDs, blocking can be a cost‑effective approach. However, for others the cost benefit or level of protection may not justify a blocking approach.
In today’s fast-changing threat landscape, brands must be more vigilant than ever and work harder to ensure that they can mitigate the risk of infringement. This applies to domain management too.
The way that brands register, manage and protect domains has evolved in line with burgeoning online threats, advances in the industry (eg, the rise of gTLDs) and increasing pressure on budgets. The challenge is not insurmountable. Brands must widen their strategies to incorporate to new tactics and methods and not rely on the same practices as they have been for the past three decades. Attitudes towards domains must also change. Domains can be a significant asset for organisations, not just in brand building but also in boosting revenue through increased web traffic.