The world of online real estate has grown since 2014, with the introduction of more than 800 new domain extensions. Web addresses are no longer limited to .com and established country-code extensions such as the United Kingdom’s .uk and Japan’s .jp. Now there are unique spaces for industry sectors, special interests, geographical regions and more.
For consumers, this has led to a greater opportunity, freeing up names that are taken in other extensions and making space for creativity in online branding. By the end of 2023, nearly 32 million domain names had been registered in these new extensions. Compared to 172.7 million names in .com and .net, this suggests high-value and relevant domains in the new extensions are far from exhausted yet.
On the flip side, however, for those who protect and manage brand identities and IP online, this expansion has also led to more avenues of risk to cover in their protective measures.
Bad actors around the world are becoming more sophisticated and difficult to combat, increasing complexity and cost for brands looking to keep ahead of them.
Brand risks of domain abuse
In dollar terms, the consequences of a brand’s domain name falling into the wrong hands can be significant. Domain squatters – bad actors who register domain names they believe to be high-value, such as those relating to brands and companies – can attempt to hold a domain to ransom. The processes for purchasing it back or disputing ownership to have it returned can be time-consuming and costly, not to mention the ongoing reputational damage of such a dispute or of the domain being misused in the meanwhile.
For example, a request under the Uniform Domain Name Dispute Resolution Policy (UDRP), which is one of the most common ways to contest a domain name, can cost around USD$1,500 – just to file – for up to five domains in additional to legal support costs. However, a UDRP dispute typically takes around two months to complete, which could be enough time for the domain to be used for nefarious purposes. Despite this, total UDRP filings continue to grow as brands are left with few other options to combat bad actors. On the other hand, someone squatting on a brand’s domain can often demand upwards of tens of thousands of dollars to return it in an aftermarket sale.
Some bad actors, however, are looking for more than a quick cash grab.
Scammers can attempt to imitate brands and organizations using domains that appear to be legitimate; for the purposes of phishing, fraud, humiliation or other forms of deception. This can result in financial, reputational and operational damage and costs far beyond the price of registering a domain.
With the expansion of the domain name system to include ‘internationalized domain names’, characters other than those in the ASCII alphabet (a through z) can now be registered in domains. This opens a new world of possibilities for impersonating a brand using confusingly similar characters from other alphabets such as Cyrillic or Greek to imitate brand names.
The problems caused by online brand imitation are growing.
In Q2 2023, the Anti-Phishing Working Group (APWG) observed more than 1.28 million phishing attacks worldwide: the third-highest quarter on record. This doesn’t account for attacks that may have gone unnoticed or unreported. The World Economic Forum also reported that in 2020, malware and ransomware attacks increased by 358% and 435% respectively.
With a domain name that appears legitimate, this risk increases. A survey conducted by Proofpoint found that 63% of participants think that an email address always belongs to the corresponding website of the brand, and 44% believe an email is safe when it features familiar branding.
The APWG reported that business email compromise, one of the most common forms of online fraud, has resulted in $50.8 billion dollars in losses between October 2013 and December 2022.
Defensive domain registrations
The most common defence against this kind of online impersonation is defensive domain registrations – in essence, registering as many domains relating to a brand as possible within a company’s budget, so they can’t be claimed by anyone else. These might include the brand name as well as confusingly similar variations, product names, subsidiaries and other trademarks or protected terms.
However, managing defensive domain portfolios has become exponentially more complex as the options for domain extensions have increased. Each domain has its own registration fee, renewal term, and terms and conditions to manage, let alone complex policy frameworks that make some extensions entirely unavailable. Multiply the number of online brands companies wish to protect by hundreds or even thousands of domains, and the financial and operational burden becomes unmanageable and expensive.
Analysis by GoDaddy Corporate Domains of the Global 2000 companies in 2022 found that in the top 50, the average domain portfolio was around 8,300 domains, with an average spend of $373,000.
In its Sixth Annual Corporate Domain Management Survey, GoDaddy Corporate Domains also found that for those companies with more than 10,000 domains, 40% say that legal departments have responsibility for managing domain portfolios.
For these companies, portfolio management takes at least 4-5 days’ work per week and more than half of all respondents said managing domains has become more difficult over time.
According to GoDaddy Corporate Domains, “the complexity and variables that large companies face transcends far beyond the sheer number of domains.”
“Many companies maintain defensive registrations of domains, not because they need them to generate traffic, but because they don’t want them falling into the wrong hands.”
The evolution of domain blocking
Domain blocking emerged as a new approach to brand protection in 2011, following the introduction of the .xxx domain extension for use by the adult entertainment industry. Its owner, ICM Regstry, developed a blocking service now known as AdultBlock: a unique solution to prevent the use of brand names and trademarks in the .xxx extension. Today, AdultBlock also covers the other adult themed extensions .porn, .adult and .sex.
Since that time, a number of other blocking products have been introduced, protecting trademarks in various extensions collectively covering around a third of the market.
One of the largest examples is the Domain Name Protected Marks List (DPML) service from Identity Digital, which similarly blocks domains in over 300 extensions under Identity Digital’s management.
Typically, these blocking services have been selective or carried only a small number of extensions. While beneficial for brand owners, there remained no simple, unified approach to blocking on a widespread scale that covered all types of web extensions in which brand owners must protect themselves.
How domain blocking works
Unlike defensively registering a domain name, blocking a domain does not allow the domain to be used for websites, email or any other purpose. The ‘asset’ is owned by the company but effectively works by removing the domain from availability altogether, meaning no other party can register or use it.
Operationally, this can be beneficial for brands with no intention of using a domain, as they are not required to maintain the registration, renew it each year and continue paying registration fees. In the case of AdultBlock, this was also appealing to companies who did not want to register a .xxx domain and create an association between their brand and the adult entertainment industry.
Additionally, domain blocking services often include features that block variants or ‘look-alikes’ of brands, such as replacing the letter ‘e’ with the number ‘3’ or adding a plural ‘s’ to the brand name – tactics often engaged by bad actors to trick consumers into clicking fraudulent links or trusting false emails. Identifying and defensively registering all of these across hundreds of domain extensions would be almost impossible.
A new era for online brand protection.
This year, a new domain blocking service is joining the market: GlobalBlock. It is the first product release from the Brand Safety Alliance (a GoDaddy Registry initiative), a new organization dedicated to developing innovative digital brand protection solutions for brand owners.
GlobalBlock is designed to simplify domain portfolio management and take the guesswork out of online brand protection. It also offers additional features for peace of mind, such as Priority AutoCatch, which captures previously registered domain names that match the brand and adds them to the customer’s GlobalBlock account, removing the possibility of the name being released to the public. Additionally, the Domain Unblocking feature allows brands to utilize their names that were previously blocked by GlobalBlock in digital activities at their convenience.