How can trends in cybersquatting inform policing policy?

This is an Insight article, written by a selected partner as part of WTR's co-published content. Read more on Insight

Looking back at 2014, it is clear that the strategy of actively protecting a brand or trademark in the online space has gained momentum and increasing support from the executive suite. Online brand policing is evolving from a strictly legal approach to one that encompasses marketing, e-commerce, compliance, security and profit and loss responsibilities.

Looking back at 2014, it is clear that the strategy of actively protecting a brand or trademark in the online space has gained momentum and increasing support from the executive suite. Online brand policing is evolving from a strictly legal approach to one that encompasses marketing, e-commerce, compliance, security and profit and loss responsibilities. This particular trend can be seen by the wide variety of job titles of the stakeholders seeking policing solutions – it is no longer the role of the senior or general counsel alone, but one that can also involve the chief marketing officer, the chief financial officer, the loss prevention chief and ultimately the CEO. This change illustrates and reinforces the notion that the online presence of the brand or trademark is the window through which the consumer views the brand or trademark – it is hard to imagine a more critical prism for the company.

Profiting from cybersquatting

The starting point when tackling cybersquatting is to understand how and why the infringer is motivated and remunerated. Cybersquatting – the bad-faith registration and use of a domain name that is confusingly similar to an existing mark – can be a profitable endeavour. Cybersquatters often carry out a litany of illicit behaviours: selling counterfeit goods, delivering a malware payload, stealing identities and creating revenue via a plethora of advertising schemes. They also use advanced technologies and services to determine potential domain name traffic and the ensuing potential pay-per-click revenue to be derived (ie, the incentive).

The result for internet users is at best frustration, and at worst a personal attack that can steal credentials and ultimately identity. Brand and trademark owners have realised this and are ramping up their policing strategies, to protect their consumers and to recapture lost revenue and traffic. The results are a loss of resources – resources that must now combat direct attacks – and a tangible need to create a proactive monitoring and enforcement strategy with appropriate inter-departmental stakeholders.

Revenue is lost to pay-per-click sites, phishing schemes and malware. The Anti-phishing Working Group’s 2014 report listed 128,378 phishing sites being monitored in the second quarter of 2014. This represents the second-highest number of phishing sites detected in a single quarter, eclipsed only by the first quarter of 2012, which saw 164,032 such sites. New online payment services and crypto-currency sites are being targeted more frequently, illustrating the flexibility of cybersquatters – they follow the money, literally. During the second quarter of 2014, 531 brands were targeted and the United States continued to be the country hosting the highest number of phishing sites. These bad-faith domain name registrations led to billions of dollars in losses and represent a rising trend.

Policing techniques

In 2015 a company can combat such activity by deploying four online policing techniques:

  • filing suit against cybersquatters under the Anti-cybersquatting Consumer Protection Act 1999;
  • filing Uniform Domain Name Dispute Resolution Policy (UDRP) actions;
  • registering a defensive domain name portfolio; and
  • acquiring a software as a service-based vendor monitoring and enforcement platform and incorporating the technology and service within the company.

Many conversations about cybersquatting focus on the threat of the new generic top-level domains (gTLDs), and not just because of their novelty. They are a radical break from the familiar domain space, dominated by ‘.com’ and a cluster of leading secondary TLDs (eg, ‘.net’, ‘.de’ and ‘.biz’), where “all the good domains are taken”. Because the existing space is cluttered, the new gTLDS offer a fresh battlefield for the ongoing struggle between brand holders and the cybersquatters seeking to profit from those brands through typosquatting and misuse.

However, the new gTLDs are best understood as part of the wider enforcement landscape. Although registration numbers are still small – fewer than 1% of total domain registrations – they will have a disproportionately large impact on enforcement strategies across the entire domain space in two ways:

  • The new gTLDs will heighten issues faced by brand holders across all TLDs, making them work harder with their existing tools and processes; and
  • They will present brand holders with new issues raised by a domain space reorganising itself around themes such as affinity groups, geographic identities and ‘.brand’ registries.

Policy decisions made in response to the new gTLDs will affect policy towards existing TLDs, until familiarity erases the distinction. IP professionals will simply take for granted an indefinitely expanding domain space.

Most companies already know, in theory, that the days of automatically registering all variations of their brand defensively are over. Nevertheless, day to day it is often easier to register variations than to take the time to work out a detailed enforcement policy or to muster the discipline to enforce it. For most brands, defensive registrations are still the most practical approach. However, if – or more likely when – the domain name space suddenly explodes, the limitations of an existing policing policy become impossible to ignore. Even simple monitoring involves the burden of timely response – when 1,000 or 10,000 new TLDs pop up, must a company’s enforcement workload and budget grow to match? Many brand owners opposed the new TLD programme for this reason. They can be forgiven for hoping that the new TLDs will be ignored by ‘real’ internet users and that the whole expansion will somehow not come to fruition. Nevertheless, some companies have made significant investments in the first round of the TLD expansion and many more will follow in the second and subsequent rounds. Companies such as Google and Amazon have shown their commitment by applying to create large numbers of gTLD registries of their own. Google alone applied to be the registry for more than 100 TLD strings and is launching its own retail site, Google Domains, where it is expected to encourage consumer adoption of its TLDs.

If a company cannot wish the problems away and cannot register its brands everywhere, it needs a more sophisticated monitoring solution, with more emphasis on reacting to abusive activity and less on simple possession of the domains and variations in each TLD. This imperative underlies the rapid growth of online brand protection technologies which monitor subtleties of content, not just the brand name. Here, as many IP professionals know from experience, the ‘laches’ dilemma rears its ugly head. Online brand protection tools can now deliver so much information that it can amount to an avalanche of data which is impossible to manage. As technologies evolve, such data will become part of every brand holder’s toolkit; but it will never replace good judgement on the part of the IP professional using it. A company’s first step must be to define its enforcement policy in advance so that it makes clear what the company and its service provider do not care about and demands an online brand protection product that is trimmed down to a manageable number of results which are both egregious and actionable. Companies should be doing these things well already, but they must now do them better – and across old and new TLDs alike. There is no escape from the laches dilemma; it can only be managed.

Monitoring solutions

Companies face some novel challenges when dealing with cybersquatting in the new TLD space, but these can be dealt with by following the steps below.

First, assess the relative value of individual TLDs, which will vary dramatically. Effective policing will take into account the success or failure – defined by the popularity for real users – of specific name spaces. Less than one year in, dramatic differences in cybersquatting rates are emerging between TLDs. Companies should avoid those built on an obviously predatory business plan designed to create a battlefield for cybersquatters and brand owners. Successful TLDs will bring together real internet citizens who buy, sell, meet and learn. These communities need not be large – and will certainly be small compared to ‘.com’ in the near term. They will be founded on narrower markets for goods and services (eg, stronger affinities of sport or politics) and more durable geographical identities (eg, cities). There will be a market for metrics for rating such markets and providers which will rush to supply them.

Second, nail down the priorities. The stronger an enforcement policy, the more clearly a company will know which TLDs it cares about and which it does not. If a retail business has a presence in London, but not in Nagoya, it needs to register and enforce ‘.london’, but not ‘.nagoya’. If the brand is a software provider that spans the globe, it should monitor widely for egregious abuse, but pay particular attention to ‘.tech’. Another good example is the humble ‘.pizza’ domain: consider the value of a simple, memorable domain (eg. ‘’) on a marketing flier put through a letterbox in New York. Will ‘.pizza’ take the world by storm? Probably not – but it will be valuable for people with a sudden craving for pizza and the businesses that want to feed them. If a company’s brand matters in that world, it should register defensively and enforce fiercely; if its brand is a luxury timepiece worth more than the average storefront pizzeria, there is no need. Rather, that company should monitor for egregious abuse, but focus on registering its brand in ‘.watch’. IP professionals who see the new TLD programme as an onslaught of outstretched hands should take comfort in knowing that clear thinking on their part will allow them to narrow their challenges significantly. It must also be remembered that not all of the new TLDS will survive – the majority will either go out of business or become irrelevant outside a small niche market.

Third, make the most of the rights protection mechanisms created by the Internet Corporation for Assigned Names and Numbers (ICANN) in response to brand holders’ concerns. Companies should:

  • use the Trademark Clearinghouse (TMCH) to register key marks;
  • obtain sunrise registration for the domains they want;
  • use registry-specific tools such as the Domain Protected Marks List blocks to prevent registrations entirely; and
  • take advantage of the UDRP and Uniform Rapid Suspension processes to recover abused domains.

Think of the new gTLD space as a board game, like Go, in which the goal is to control the most territory. Each square is a potential domain name relevant to a company’s trademark. How can it expand its zone of control most cost-effectively?

The TMCH, while not perfect, is a useful mechanism for enforcement. Recording a mark there gives its owner the power to register in sunrise phases before the public does and to be notified of parties which register relevant domains that the owner chose not to register. Set aside ‘.brand’ TLDs restricted to a single registrant (eg, ‘.wolterskluwer’), and those so restricted that they are irrelevant (eg, professional domains). Imagine that only 1,000 TLDs are of possible interest to a company. That gives the TMCH registrant some degree of preference over 1,000 potential domains. An old UDRP showing that a typo was abused in the past allows a company to add an ‘abused’ label to that variant, expanding its mark’s zone of control over another 1,000 potential domains so that it does not have to re-fight old battles. Clearly, most of those domains would not be registered anyway, and many might not matter if they were; but some are important. That is the power of the TMCH concept and it generally works as intended. It has its limits: many mark owners seem to think that simply having a TMCH registration is enough to block any registration or to win any UDRP action. In fact, the scope of the original trademark determines its reach in the TMCH. If the trademark relates to fishing gear, the TMCH registration will not help if the registered domain name is used for perfume.

The TMCH should never be considered in isolation from registry-specific rights protection mechanisms, such as the Domain Protected Marks List blocks offered by the biggest registry operators, Donuts, Right-side and Minds + Machines. If a TMCH registration gives a registrant some degree of priority over a large swathe of the game board, the Domain Protected Marks List blocks can be a cost-effective way to nail down hundreds of squares so that nobody else can register there. There are some exceptions – domains flagged as ‘premium’ will generally be exempt from the blocks. As with the TMCH itself, most of those domains would not be registered and many of them would be of little interest if they were; but a block covers a lot of potential domains that could still raise issues for a company.


As the internet superhighway expands its lanes with no end in sight, brand owners must stay on top of cybersquatting while enforcement budgets shrink. To combat cybersquatters as they become increasingly sophisticated and evasive, brand owners must be diligent, put in place a clear strategy and be open to new monitoring technologies. Policing policy must evolve constantly to adapt to the changing environment if brand holders are to stay one step ahead of their adversaries on this new superhighway.


Corsearch | Wolters Kluwer Corporate Legal Services

111 Eighth Avenue

New York, NY 10011

United States

Tel +82 2 3404 0000



William Stahl

Digital brand management consultant

[email protected]


William Stahl is a digital brand management consultant at Corsearch. He graduated with a BA from Williams College and an MFA from the University of Texas at Austin. Mr Stahl specialises in domain name management and has 15 years’ experience in this at VeriSign, Melbourne IT and Corporation Service Company. He contributes to the Corsearch blog,, on the expansion of the internet domain space into new top-level domains, the Trademark Clearinghouse and the Internet Corporation for Assigned Names and Numbers.



Marcello Tallarigo

Director – online brand protection

[email protected]


Marcello Tallarigo is trilingual, speaking Italian, French and English. He received a MA in economics, science and technology from the Johns Hopkins University and a BA from Lafayette College in international affairs and French literature.


Stephen Stolfi

Vice president, global sales and strategic partnerships

[email protected]


Stephen Stolfi is a member of the Corsearch Executive and Wolters Kluwer corporate legal services management teams. He has led the expansion of Corsearch from a US-based organisation into a global business operating in six countries with partnerships in Asia, Europe, Latin America and the United States. Mr Stolfi has worked in the trademark research and brand protection business for over two decades and was responsible for the formation of the current sales, customer service and product support functions of the company. Throughout his career, he has guided and trained numerous corporations and law firms on effective trademark search and brand protection strategies. Most recently, he helped Wolters Kluwer to register the ‘.WoltersKluwer’ top-level domain set to launch in 2015.

Unlock unlimited access to all WTR content