Perhaps because they are intangible assets, many organizations overlook and fail to protect domain names. Domain names provide powerful opportunities to be used proactively as a branding sword. Domain name registration and maintenance can also act as a shield to protect trademarks and prevent bad actors from causing reputational damage and extorting the organization.
What is a domain name, and what opportunities might it provide?
A domain name is the unique identifier for each website on the Internet. The structure of a domain name provides multiple branding opportunities. A domain name is a hierarchy of two components: the top-level domain (TLD) and the second-level domain (SLD). The TLD is, perhaps counterintuitively, the second part of a website’s name, for example, “.com” (commercial) and “.org” (not-for-profit). TLDs may be generic, or gTLDs, like the foregoing, or country-specific, for example, “.ca” or “.uk”. The SLD is, perhaps counterintuitively, the first part of the website address that comes before the TLD. For the fictitious website address www.goobing.com, the TLD is “.com”, and the SLD is “goobing”. A domain name may consist of more than these two segments, for example, www.bbc.co.uk, in which there is also a subdomain name.
The structure of domain names offers numerous choices when it comes to selecting a TLD. Registering “.ca” promotes a website as Canadian. A .ca domain name creates a visual association between a brand and Canada. For instance, a Canadian organization that sells maple syrup may wish to use a .ca TLD to leverage Canada’s renown as a maple syrup exporter. Similarly, .ca may attract “buy Canadian” consumers. The Canadian Internet Registration Authority (CIRA) administers the .ca TLD.
But there are also risks
The registration of domain names is on a first-come-first-served basis, and this has implications for selecting both TLDs and SLDs. If, for example, you register a website using the .com TLD only, you may find that someone else registers the .ca name and it will no longer be available to you. Registration of a domain name by someone else could lead to trademark infringement in the right set of circumstances. In the example above, if www.goobing.com is a trademarked headhunting firm and www.goobing.ca is a skip-tracing outfit, the skip-tracer’s website may create confusion for customers of the headhunting firm. Note that the fact that a domain name is identical to a trademarked name does not automatically translate to trademark infringement; the analysis is more nuanced than that.
Additionally, registration of a domain name is not the same as registering a trademark. Organizations need to complete both registrations to protect trademarks and domain names.
In the above example, Goo Bing, the headhunting firm, may wish to register both the full spelling of its name as well as its abbreviation to protect variations of its SLD. For instance, Goo Bing may choose to register www.gb.com and www.gb.ca.
Depending on its risk assessment, an organization may even choose to defensively register a TLD like “.sucks” to prevent someone else from doing so. To illustrate, Goo Bing may defensively register www.goobing.sucks, making that name unavailable to anyone wanting to use that domain name to publicly register dissatisfaction with the Goo Bing brand.
There are several other risks associated with domain names, including the following:
- Cybersquatting: Involves a cybersquatter registering a domain name using elements of your SLD name. The domain name registered may be the organization’s name or a variant. The goal of the cybersquatter may be to prevent their competitor from registering the domain name. Alternatively, a cybersquatter may hold the domain name for a ransom, releasing it only upon payment of the ransom.
- URL hijacking or typosquatting: Similar to cybersquatting. The difference is that the domain name registered is a common misspelling of the real domain name. Continuing with the above illustration, a URL hijacker may register www.gooobing.com, for example. The goal of a typosquatter can include taking users to a site offering pornographic content or competing goods or services.
- Domain name sniping: Involves registering a newly-expired domain name before the organization can re-register. Domain name sniping is not as common as it used to be. First, the Internet Corporation for Assigned Names and Numbers (ICANN), which administers domain names globally, implemented a 30-day grace period. Organizations can restore their domain names during the grace period. Additionally, registrars and other providers offer renewal reminder services and auto-renewal options which reduce the risk of inadvertent expiry.
There are several other ways to lose access to valuable domain names.
Meeting your duty of care
Implement policies and procedures to register and maintain domain names. Ensure that the board and management team think seriously about what domain names the organization may need to register. Bear in mind that registration is on a first-come-first-served basis. Assign someone the responsibility of registering, maintaining and monitoring domain names and their usage. Ensure that there are procedures in place to track the expiry dates for registration and ensure that payment details and all other requirements for renewal remain current. If there is a dispute surrounding domain names and trademarks, in addition to legal action which is available through the court system, both ICANN and CIRA have alternative dispute resolution mechanisms available.
Log in to Not-for-Profit PolicyPro to access the soon-to-be-released SPP NP 1.12 – Domain Name Registration for further guidance on the above.