CHAPTER THREE – STANDARD STEPS TO TAKE

 

It is true in law, as indeed it is in life in general many would say, that the best type of dispute is the one that never happens. Domain name law is certainly an area where some prior thought and planning can avoid disputes arising and thus save a great deal of time and effort down the line.

Therefore, before turning to the various different strategies and procedures for resolving disputes, it is appropriate to consider the steps that one might take to avoid a dispute arising in the first instance.

These steps can be further divided down into those to be taken when protecting an existing portfolio and those necessary when protecting a product or venture for the first time.

3.1 What and where to register?

Having a clear understanding of exactly which domain names should be registered is critical both to the utility of the portfolio and to avoiding disputes. This requires consideration of exactly what to register (i.e. the second level domain letter string) and where to register it (i.e. in which TLDs).

The ideal scenario would be for a rights owner to identify the boundaries of which domains it might want and then register every such domain at the outset. It could then rest secure in the knowledge that no action would ever need to be brought against a cybersquatter as ownership of all other domains has already been considered been deemed to be unnecessary. This would allow resources to be allocated to more serious domain name disputes relating to counterfeiting, spoofing and similar issues. Of course, in practice, this is not likely to be feasible so brand owners should adopt a graduated approach to domain registration making sure that as many key domains as possible are protected within the portfolio.

The obvious starting point when creating an effective domain name portfolio is to produce a detailed schedule of all of the domains that have already been registered. This will not only highlight any gaps that need to be filled but will also provide an opportunity to check that all of the registrant details for each registration are correct and that the renewal deadline has been logged.

Another key early step is to cross reference the domain name portfolio schedule with the existing portfolio of trade marks. Any brands which are considered sufficiently business-critical to be the subject of trade mark registrations should certainly be reflected in the domain name portfolio.

Ultimately, the decision about which domains to register will depend upon the nature of the business in question and how the relevant decision makers perceive the potential risks of not registering those domains.

Brand owners should avoid indiscriminate registration as this will result in a very large portfolio that has no real business benefit. Instead, it is preferable have a targeted portfolio with a clear business rationale behind which domain names are owned and why.

Regarding what second level domains to register, brand owners should consider the following points:

• What am I trying to achieve with the portfolio?
• How do customers find the business / product?
• What will the domain be used for? Will it point to its own website? Will it re-direct to a website at a different domain? Will it be purely defensive?
• Reflect the house mark / product name / company name / slogan / tag line / short-term project name with domain name registrations?
• Is the business predominantly online based? That is to say, is the business related to goods for which there is an e-commerce website or is the business advisory in nature and largely conducted over email?
• Are internationalised domains or translations/transliterations into local languages likely to be necessary?
• Should any domain names be registered defensively? (this is discussed in more detail at paragraph 3.9 below)
• Would it be worthwhile to register a New gTLD? (this is discussed in more detail at paragraph 3.10 below)

Once a strategy has been reached about which second level domains should be protected it falls to consider where they should be protected. Again, an indiscriminate approach will just result in an unnecessarily large and costly portfolio so it is worth spending some time deciding which TLDs will be relevant.

Brand owners should consider the following points:

• The key original gTLDs with open registration requirements will nearly always need to be covered (e.g. .com; .org; .net)
• Identify any relevant New gTLDs. That is to say that if the business revolves around the provision of legal services in London, then registration in the .law and .london New gTLD registries might be appropriate. Registration in the .ninja registry is perhaps less likely to be required. This is discussed in more detail in Chapter 4
• In respect of ccTLDs, the home market / key sales markets / manufacturing markets / markets where licensees and distributors are present (this is discussed in more detail at paragraph 3.6 below) / markets with bricks and mortar presence will nearly always need to be covered
• New gTLDs and new ccTLDs are constantly being launched – either as a New gTLD completes the application process, as IDNs of existing ccTLDs are delegated or as ccTLDs for newly created countries are being delegated for the first time. Brand owners should keep an eye on these developments in case any New gTLDs or new ccTLDs are of interest
• Other relevant ccTLDs might be related to future expansion plans / markets which are hard to police (e.g. .cn; .ru) / markets where infringers are active / ccTLDs in which it is free to register (e.g. .tk)

The take home message here is that there is no one size-fits-all approach for domain registration strategy and every business will have different needs and considerations. Make sure that there is a valid commercial rationale for having each domain registration in the portfolio and do not be tempted to go for an indiscriminate wholesale registration approach.

3.2 Thorough searches before choosing your domain

When registering a domain as part of a new venture, it is prudent to carry out searches before settling on the domain name. The results of these searches should not only highlight any serious issues with earlier third-party rights but would also be valuable evidence of legitimate interest or other good faith intent in the event of a dispute in the future.

It is likely that for any sufficiently important launch full trade mark availability searches will already have been carried out. A trade mark is the most likely right for complainants to rely on in disputes (be it related to the corresponding domain name or in respect of the use more generally) and having a thorough understanding of the third-party landscape is vital.

These trade mark searches, however, are only part of the picture when considering possible domain name disputes.

Trade marks by their nature are jurisdictionally limited and are tied to specific goods and services by the wording of their classification. Domain names are neither limited in geographical scope nor in respect of what goods and services they can be used in relation to. The ccTLDs are each connected to their own jurisdiction but it is perfectly possible, for example, to access a .co.uk domain and make a purchase whilst outside of the UK.

The result of this is that the registration of a domain name, even if it is in a ccTLD, can potentially give rise to a dispute with a complainant from anywhere on the globe. It is not determinative that the domain registrant might have no intention of trading in the complainant’s home jurisdiction or in any jurisdiction in which it has earlier rights.

This creates a scenario where mitigating the potential legal risk of registering a domain name through searching far outweighs the cost of securing the registration itself. It is clearly neither feasible nor cost effective to carry out exhaustive global searches before registering a domain name. However, that does not mean that no searching should be done at all. It is certainly proportionate to supplement any trade mark availability searches with general Internet searches in particularly key markets and not to limit these by any particular goods or services.

Note that some full trade mark availability searches focus only on the relevant trade marks registers. In such a case any supplementary searches should encompass other rights that might form the basis of a dispute, such as Geographical Indications or company name registrations.

General Internet searches will also allow a potential registrant to assess whether any third party might be able to claim common law rights in a name or whether the owner of a registered trade mark might be able to assert extended rights on the basis of a large reputation.

If the searches uncover a potential problem in a jurisdiction that is not an important market, then it might be enough to forestall a dispute if the domain is made inaccessible to web users from that jurisdiction. Of course, this type of proactive action will only be possible if you have done enough searching to uncover the existence of the third-party issue in the first place.

One further relatively quick and simple search to carry out is to check whether the domain name that is intended to be registered has ever been the subject of a previous dispute. All domain name dispute decisions are published online and the websites of the various dispute resolution providers have case law databases searchable by disputed domain name.

This search is an important one and is particularly relevant when purchasing a domain from a third party or registering a domain that has (recently) lapsed. This is because registering/purchasing the intended domain name creates a new set of facts with a new material date that could reignite the dispute and allow any earlier complainant the opportunity to re-file their complaint.

3.3 Use invented words

There is an inherent tension between marketing motives that push for descriptive brands where the consumer is easily educated as to the nature of the product and the legal enforcement of those brands which pushes for the use of distinctive trade marks.

It will not always be practical to choose an invented word but it is worth noting that complainants that own trade mark registrations for invented words find it much simpler, quicker and cheaper to succeed when domain disputes arise.

Savvy cybersquatters are aware of this and it could nudge them into choosing a different target whose brand sits much lower down the spectrum of distinctiveness and for which they might just be able to get a dispute decision in their favour. This would of course put the cybersquatter in a much stronger position in any subsequent negotiation to purchase the domain.

The recent WIPO UDRP Case D2025-0940 <divebuddyapp.com> is an example of a complainant failing in its UDRP action, despite the disputed domain being highly similar to the name in which it was claiming rights, as that name was deemed too descriptive to be enforceable.

Conversely, the recent WIPO UDRP Case D2025-3108; <velux.one> is an example of a complainant succeeding easily in its UDRP action. The panel considered that it was not credible that the domain name could have been chosen in ignorance of the complainant’s very distinctive rights.

3.4 Register your trade marks

Although it will not be possible in all circumstances, it is advisable for the domain name to correspond to a registered trade mark in the ownership of the domain name registrant.

Cybersquatters will often check the registers to see if the brand that they are proposing to target has in fact been registered as a trade mark. Brand owners can, therefore, avoid some of the risk of cybersquatting by ensuring that their key brands are protected by registered trade marks and thus not appearing to be a soft target.

From the Respondent perspective, being able to exhibit a trade mark registration certificate corresponding to the domain name would be good evidence that the domain is proposed to be used for a legitimate business. Panels are reluctant to order transfer of domains in those circumstances and often hold in favour of the respondent saying that the parties would be better served by conducting infringement proceedings in the courts.

Most complainants research a potential respondent before launching a dispute and the existence of a registered trade mark (or other indication of legitimate activity) may well be enough to stop them from commencing the dispute in the first place.

 

 

3.5 Timing of domain registration

A follow-on point from making sure that trade marks are registered is not to leave too much time between filing the application for trade mark protection and the registration of domain name. Ideally, these steps should either be taken at the same time or the domain name should be registered as a first step.

Applications for trade marks are a matter of public record and cybersquatters have been known to watch the trade marks registers in the hope of snapping up corresponding domain names which the trade mark applicant has failed to register themselves. See by way of example Nominet DRS D00019621 <cybfx.co.uk>.

3.6 Licensees and distributors

Many modern businesses rely on networks of licensees and distributors to achieve global reach. It frequently creates problems when such licensees and distributors register in their own name domain names relating to the rights owner’s product.

Many ccTLDs are restricted and will only allow certain categories of entity to register domain names. Ownership of (an application for) a registered trade mark in the relevant jurisdiction (e.g. .au) or a local representative/address for service (e.g. .de) is sometimes sufficient. This allows brand owners to register domains directly. However, some registries are stricter and a physical presence in the jurisdiction or a local tax ID (e.g. .br) is needed.

In such circumstances it could make sense for the licensee or distributor to register the domain name but the overarching agreement should make it clear that the domain is held on trust for the brand owner.

Rights owners should ensure that agreements are crystal clear on the following points:

• who is to be the registrant for any domain names associated with the business arrangement;
• any restrictions in place on the licensee’s or distributor’s ability or register domains and/or bring any associated domain name dispute actions;
• that all domains ultimately belong to and are held on trust for the rights owner; and
• the mechanism by which any domains are to be transferred into the ownership of the rights owner in the event that the business relationship comes to an end.

3.7 Active portfolio management

Many disputes arise due to simple missed deadlines or incorrect contact data because brand owners have a fragmented approach to domain registration and domain portfolio management.

Brand owners should ensure that at the earliest opportunity, and ideally before a dispute arises, they create a policy for how domain names are to be registered, used and maintained.

Such a policy should consider/include:

• Identifying which part of the business is to be in charge of domain name issues (e.g. is it to be IT or legal?);
• Identifying a single entity that should own the domains so that consistent registrant details can be used across the board;
• Keeping registrant contact details up to date;
• Keeping an accurate database of who owns which domains and when the next renewal falls due;
• Prohibition on ad hoc registrations;
• Appointing an in-house domains champion / super-user who is to be the first point of contact for all domain related questions;
• Categorising domains into top, medium and low priority and have different transfer or lapsing procedures for each category;
• Periodic reviews and audits, ideally every year, to see if any domains can be lapsed and ensure that portfolio is streamlined;
• Multi-year registration for key domains;
• Single year registration for less important domains;
• Setting key domains to auto-renew;
• Using “locks” at the registrar to prevent accidental transfer or lapse;
• Using a corporate registrar rather than a retail registrar;
• Linking any domains held in ccTLDs that have a trade mark registration requirement to the supporting trade mark so that it is not allowed to lapse or be assigned separately of the domain name;
• Setting up a domain watching service to monitor new third-party registrations;
• Creating a specific policy around enforcement issues;
• Making sure all employees are aware of the policy and knows that it needs to be followed; and
• Ensuring that licences and distribution agreements refer to and incorporate the policy.

3.8 Litigious reputation

Seasoned trade mark practitioners well know that there are a number of businesses that take a very protective stance with their intellectual property. This experience allows advisors to forewarn clients when, for example, a particular trade mark application is likely to face objections even if the technical legal position is such that those objections might fail in the long run. In some cases this is sufficient for the client to opt for an alternate name that might have a smoother run toward eventual registration.

Similarly, in the domain name environment, where all dispute decisions are freely available online, a litigious reputation might just persuade a savvy cybersquatter to seek a softer target elsewhere.

3.9 Defensive domain registrations

There are two opposing schools of thought on defensive domain registrations.

The first (and most common) viewpoint is that a defensive domain registration has no value as it only prevents registration of the exact domain in the exact TLD. Given the vast number of ways to circumvent such a narrow block, a huge number of domains will inevitably remain unprotected. Accordingly, a proponent of this view would say that it is pointless to take on the cost and administrative burden of maintaining a defensive portfolio at all and that disputes should just be dealt with if and when they arise.

The second viewpoint is that domain name disputes are relatively expensive to prosecute and if even only one dispute is avoided then that will justify the maintenance of a defensive portfolio. Of course, if more than one dispute is avoided then a larger defensive portfolio would be justified. It is perhaps also easier to obtain budgetary approval for the maintenance of a domain portfolio (which can be seen as an asset overall) rather than legal fees for dealing with disputes (which are pure overhead). Proponents of this view often maintain portfolios of many thousands of defensive registrations. They tend to be large corporations whose products are at high risk of infringement (e.g. cigarette manufacturers).

There is no one size fits all approach on this issue and for nearly all businesses the reality will be somewhere on the spectrum between these two extremes. Provided that a strategy has been carefully thought out and followed, a targeted number of defensive domain registrations would be appropriate in most cases.

The starting point when creating a defensive strategy should be following the same considerations as discussed above when protecting an existing portfolio. That is to say, you should narrow down the scope of the exercise by focussing on key brands and markets including where products are sold, manufactured or where licensing/distribution agreements are in place.

It is a helpful thought experiment to consider the likely reaction to a hypothetical third-party domain name registration. For example, as the owner of brand.com and brand.co.uk, what action would be required in response to third-party domain registrations for brand-uk.com, brand-ltd.co.uk, brand-fakes.com, ilovebrand.co.uk, brand.de or brand.xxx?

If the answer is that a domain name dispute would certainly need to be filed, then it makes sense to include that domain name within a defensive portfolio. Conversely, if the action would depend upon the other circumstances of the matter (or indeed that no action was needed at all), then the domain does not need to be proactively blocked by a defensive registration.

If after having gone through the thought experiment the list of defensive registrations is very large then this will need to be balanced against the commercial realities of maintaining such a portfolio. Being so defensive that your business sinks under the weight of the domain name portfolio is clearly not going to be a good idea. This is particularly the case when even a very large defensive portfolio can be easily circumvented by an ill-intentioned respondent.

 

3.9.1 Mergers and joint ventures

Imminent large corporate issues such as mergers and joint ventures have been fertile ground for domain name disputes over the years. This is an area where a little prior thought and a cheap defensive domain name portfolio can potentially save a lot of time and effort.

The case Glaxo plc v Glaxowellcome Ltd (1996) FSR 388 is one in a long series that in fact relate to company name registrations. The judicial approach in these cases has been directly applied to domain name cases, however. The company name Glaxowellcome Ltd was registered shortly after Glaxo plc announced its intention to take over Wellcome plc. The company never traded but was offered for sale to Glaxo plc for £10,000. Lightman J granted a quia timet injunction on the grounds of passing off. The decision of Laddie J in Direct Line Group v Direct Line Estate Agency Ltd [1997] FSR 374 is also a notable example of this type of case.

Similarly, Global Projects Management Ltd v Citigroup, Inc. & Ors [2005] EWHC 2663 (Ch) concerned the merger of Citicorp, Inc. and Travelers Group Inc. to create Citigroup, Inc. The announcement of the merger took place on the morning of 6 April 1998 and Global Projects Management Ltd registered the domain name citigroup.co.uk that same afternoon. Park J gave summary judgment in favour of Citigroup on both passing off and trade mark infringement.

More recently, in WIPO UDRP Case D2017-0438 and Nominet DRS Case D00018607, J Sainsbury plc were required to commence domain name dispute proceedings in respect of a total of 10 domain names being variations of <sainsburyargos.com> and <sainsburysargos.co.uk>. The respondent registered the various domains on and around 5 February 2016, shortly after the acquisition of Home Retail Group (being the parent company of Argos Limited) by J Sainsbury plc had been announced in the media. The panels in both the WIPO and Nominet proceedings ordered transfer of the domains.

It can be seen from the above cases that the rights owner was successful every time. However, even a very strong case still stakes time, effort and money to prosecute to a successful completion. A much smaller outlay on a defensive domain portfolio could have prevented these disputes.

3.9.2 Typosquatting and spoofing risks

It is sensible to include within a defensive portfolio any domain name which is an obvious typosquatting or spoofing target.

Typosquatting refers to a particular form of cybersquatting in which the domain registrant seeks to attract Internet traffic to a website by using second level domain letter strings incorporating common typographical errors of popular brands or other search terms. For example, a typosquatter might register the domain names <mocrosoft.com> or <gooogle.com> in an attempt to capture web traffic intended for <microsoft.com> or <google.com>.^[1]

Spoofing (also known as a homograph attack) is a further variation in which the domain registrant seeks to confuse Internet users by registering second level domain letter strings that are visually similar to (but not actually typographical errors of) popular brands or other search terms. For example, a spoofer might register the domain names <rnicrosoft.com> or <goog1e.com>. This might be done either to drive web traffic or to perpetrate email scams.

The rise of the scammer has meant that spoofing is becoming an increasingly common phenomenon in the modern Internet. The technique is frequently observed in phishing cases and the risk is particularly apparent for Internet users browsing on smartphones and tablets where the full URL of a website is often hidden or only visible in a very small font size.

When the DNS was first created only the ASCII characters a-z, 0-9 and the hyphen were permitted to be used. This provided a limited number of opportunities for spoofing which were relatively easy to spot if sufficient attention was being paid. Common examples were:

• the conjoining of the letters “r” and “n” (i.e. “rn”) to look like the letter “m”;
• the conjoining of two letter “v”s (i.e. “vv”) to look like the letter “w”;
• the conjoining of the letters “c” and “l” (i.e. “cl”) to look like the letter “d”;
• the lowercase letter “i” can look like the lowercase letter “l”; and
• the numbers “0” and “1” can look like the capital letter “O” and the lowercase letter “l”, respectively.

In the present-day DNS Internationalized Domain Names (IDNs) and domain names using Punycode are allowed.

IDNs can use a wide range of non-Latin and special characters from different languages. Punycode is an algorithm used to transform non-Latin and special characters into an ASCII-compatible string. For example, the IDN málaga.com would be written as <xn--mlaga-xqa.com> in Punycode.

Web browsers and email clients automatically decode Punycode so that Internet users see the domain name in the plain text incorporating the non-Latin and/or special character.

This enables registrants to register domain names consisting of or containing letters and characters from numerous non-Latin alphabets and Latin alphabets which contain accents.

Whilst the addition of these different characters and scripts enables non-English speaking web users to navigate the Internet in their local language, it has opened the door to a great many more opportunities for spoofing which are much harder, if not impossible, to spot. By way of example, the letter “ο” (a Greek alphabet omicron) is visually indistinguishable from the Latin letter “o”.

It is beyond the scope of this book to go into the full detail of the types of spoofing being encountered. However, the table below shows a small number of some commonly-spoofed letters which highlights the point that, even if very close attention were to be paid, it would be difficult to realise that the domain name was not what it appeared to be.

Latin Character/Number	Spoof Character/Number
a, c, e, o, p, x, y 3, 4 and 6	Cyrillic alphabet а, с, е, о, р, х and у З, Ч and б
o, nu	Greek alphabet ο and “nu”
o, n, u, S, L	Armenian alphabet օ, ո, ս, Տ and Լ
google.com i	Accents goog̣le.com ï, ì, í

 

Two examples of homograph spoofing are WIPO UDRP Case No. D2013-1318 <sıemens.com> [xn--semens-p9a.com] in which the registrant used the Turkish alphabet character letter “ı” in place of the Latin alphabet character “i” and WIPO UDRP Case No. D2025-1453 <guccĩ.com> [xn--gucc-jya.com], <guccī.com> [xn--gucc-tya.com], <guccï.com> [xn--gucc-8pa.com], <guċċi.com> [xn--gui-7paa.com], <ġucci.com> [xn--ucci-9wa.com] in which the registrant used various non-Latin characters to replace the Latin alphabet characters “i”, “c” and “g”. In both cases, the panel had no difficulty in finding that the disputed domain names had been registered and used in bad faith.

ICANN is alive to the risk of spoofing and is consulting on ways that this might be addressed without unnecessarily restricting the use and availability of IDNs.

Punycode and non-Latin and/or special characters are not permitted in .uk but Nominet does allow IDNs in the .wales and .cymru ccTLDs^[2] under certain conditions.

EURid, the registry for the .eu, .eю and .ευ ccTLDs has had a no script mixing rule since June 2019 following its adoption of the IDNA2008 standard.^[3] The alphabet used in the SLD must correspond to the alphabet of the ccTLD. This is straightforward as regards the .eю and .ευ ccTLDs. However, domain names using Punycode can still be registered in the .eu ccTLD so a risk of homograph spoofing remains.

3.10 Register your own TLD

A further option for avoiding disputes, although out of the reach of most businesses on cost grounds, would be to register a new gTLD for exclusive use by that business.

The TLD owner would have control of all of the second level domain names in the register and this, of course, would make cybersquatting in that register impossible.

As we discuss in Chapter Four, the second round of new gTLDs is underway. Any business considering this option would be well advised to begin the planning process without delay.

3.11 Conclusion

The key take home message for this chapter is that, whilst the risk cannot be removed entirely, a little thought and planning can go a long way to reducing the likelihood of encountering a domain name dispute. It is key to draft a policy and then make sure that it is actually disseminated amongst employees and adhered to.

There is no one size-fits-all approach and every business will have different requirements and priorities.

MORE INFORMATION / PURCHASE THE BOOK ONLINE

[1]    A recent example is WIPO UDRP Case No. D2025-2094 <tglfriday.com>

[2]    https://registrars.nominet.uk/wp-content/uploads/2019/06/
CymruWalesIDNPolicy_0.pdf

[3]    https://eurid.eu/en/knowledge-centre/domain-names-
with-special-characters-idns/