You may just type in your first candidate name for the product into a browser and see what happens when you add .com to the end, like so:

Great! It’s available. Now you head off to register the domain and along the way the domain registrar makes the generous offer to sell you the .net, and .org versions for you too, so you purchase those too just for good measure. Time to call it a day, right?

It would be nice if it were so straightforward (like most things on the internet!). Unfortunately, the top level domain space is probably larger than you think. Verisign’s August 2011 Domain Name Industry Brief reports that .com accounts for about 95 million of the 215 million domain names registered. What accounts for all those that aren’t .com? According to the Verisign report:

The largest TLDs in terms of base size were, in order, .com, .de (Germany), .net, .uk (united Kingdom), .org, .info, .nl (netherlands), .cn, .eu and .ru (russian federation).

Even if one’s company is not currently physically present in Germany, the UK, China, etc, would it be a terrible idea to defensively register them?

Consider that there is more at stake than the loss of brand integrity when web traffic is diverted to the website created by a cybersquatter. If that weren’t bad enough, there are legitimate security considerations to think about. A brand not registered in a foreign top level domain can make an attractive destination to send potential victims in phishing campaigns and other nefarious schemes. Think about it – what percent of your company’s customers would click a link that was sent from an email address that contained yourcompany.co, or yourcompany.cn? The theft of banking information, drive by malware downloads, and customers who remember your name associated with a really bad experience are all possibilities in that scenario.

We don’t recommend that a company attempt to register its name and brands in the hundreds (yes, hundreds!) of possible top level domains and country code top level domains out there. Not only would that probably be impossible because of the requirements placed on registrants in some locales, it’s certainly impractical and almost definitely a poor use of resources. We simply recommend that extra consideration is paid to registering domains that one traditionally might not (yes, including .xxx!). The specific business needs of your company and its aspirations in global markets will determine whether it makes sense to go ahead and register domains outside the normal .com, .net, and .org.

Finally, even once the decision is made to not register a domain somewhere overseas, that doesn’t mean one can forget about them. Companies must actively monitor the web to make sure that others haven’t decided they can put your brand to use, lest they learn about fraudulent uses of their brands in domains the hard way.

(Not scared yet about the risk posed by variations of your brands in unusual domains abroad? Check out Wired’s report on doppleganger domains, if you dare!)

Trademark owners outside of the adult industry may sign up with ICM Registry to block trademarks from showing up on its new .XXX gTLD. Trademark owners have been making several common errors when applying for a .XXX gTLD.[1] If your company plans on submitting an application before the Sunrise B October 28, 2011 deadline, keeping these mistakes in mind can help you avoid paying multiple fees and having to reapply.[2]

Research which registrar you will use when submitting an application. Some registrars are more experienced than others.[3] Make sure you choose a registrar that will pre-check your application for compliance with all of the application guidelines.[4]

Also, the most common application mistakes to avoid are:[1]

• Eligibility. Make sure that your trademark is eligible. To be eligible, you must have a trademark that was registered prior to September 1, 2011, and you must have the following information:
  • Trademarked Name
  • Trademark Registration Number: Note that your trademark registration number is not the same as your application number
  • Nation Code: The country where your trademark was registered
  • Trademark Registration Date: The date your trademark was registered
  • Trademark Ownership: Your relation to the trademark: Owner or Assignee
• Dropping .com from Trademark. Do not drop the ‘.com’ from your trademark if it includes a ‘.com’. If you want ‘example.com’ to be eligible for ‘example.xxx.’ and not just ‘examplecom.xxx’ you can file amendment 7 with the United States Patent and Trademark Office to have the ‘.com’ removed.
• Inexact Match. Apply to register a domain that is an exact match for your trademark. If you want to register characters in addition to the actual brand name, such as slogans or tag lines, apply under Sunrise AD using a pre-existing domain name because members of the adult entertainment industry (the “Sponsored Community”) is very broad.

While this process is intended to provide greater security, it also opens the doors for brand abuse. To help thwart misuse, ICM Registry, the company that will act as a registry for all domains ending in .XXX, has developed a comprehensive rights protection mechanism (RPM) for the launch period of these new gTLD’s. To protect non-adult entertainment industry rights holders from trademark infringement, ICM is also providing an opportunity for these rights owners to block their mark from registration. The opt-out effectively blocks names at the .XXX registry and means they cannot be used as conventional web addresses. This feature, provided by ICM for a onetime fee, will only be available to trademark holders during the sunrise period, which began earlier this week on September 7^th.

There will be two initial sunrise periods (A and B) for the launch of .XXX, allowing trademark holders and adult entertainment webmasters to secure their .XXX domains. This includes companies that own trademarks outside of the adult entertainment industry that wish to defensively register domains the same way that they register “sucks” sites. Both sunrise periods will run concurrently followed by a landrush period and finally a general availability period:

Sunrise A Sunrise A is dedicated to members of the adult entertainment community with either verifiable trademark rights or owners of exact matching domains in other Internet Assigned Numbers Authority (IANA) TLDs which is also known as “Grandfathering.” This period is open from September 7, 2011 to October 28, 2011.

Sunrise B Sunrise B was created especially for Intellectual Property holders who are non-members of the adult entertainment community with verifiable trademark rights so that they can block their domains in the .XXX sTLD. This period is open from September 7, 2011 to October 28, 2011.

Landrush Landrush is for members of the adult Sponsored Community but NOT on a first come, first served basis. Unlike Sunrise A and Sunrise B, there are no qualification requirements needed for Landrush. Applications for competing names will go to a closed-auction at the end of the Landrush period. This period is open from November 7, 2011 to November 25, 2011.

General Availability General Availability is when members of the adult entertainment community get regular, resolving names on a first come, first served basis. Non-members of the adult Sponsored Community can also get “Non-Resolving” names.[1] The period opens December 6, 2011 and is ongoing.

Please note that to be successful, applications made during the sunrise periods must provide basic trademark particulars such as the mark, registration number and date, designated class(es), the country or region, and the status of the entity submitting the request. Applications are $200-$300 per registered mark, assessed as a one-time fee and will run for the length of ICM’s contract with ICANN (at least 10 years). If you miss the Sunrise Period or want to block others from using a .XXX domain corresponding to an unregistered trademark, you can defensively register .XXX domains once the general availability period opens in December 2011. However, keep in mind that the annual registration fees for .XXX domains are expected to be significantly higher than the annual fees for domains in existing TLDs like .com, .net, etc.

The .XXX registration process requires all registrants to agree to participate in and abide by specific dispute resolution procedures that will provide mechanisms for brand owners to challenge .XXX domains that infringe trademarks. ICM is contracting with the National Arbitration Forum to provide the RES and CEDRP dispute resolution services. ICM estimates that the cost for each service will be US$750 to US$1,500. During these disputes, the domain will be locked against transfers. Decisions will not be published. Statistical information about the process itself will be made available. In the event of a conflict between a trademark rights holder and a member of the adult entertainment industry, the domain will be awarded to the adult entertainment industry member and the Sunrise B applicant will be notified.

Although ICM services have been approved by ICANN, there are legal issues that have not been tested. Participating in this process could limit your legal remedies because of your agreement to participate in and abide by the dispute resolution procedures outlined. Additionally, porn and mainstream businesses alike complain they are being forced to buy domain names they don’t want, don’t need and won’t use. A few companies are refusing to pay, but also demanding that ICM block their domains free of charge. ICM responded to the legal threats with a seven-page report in July, claiming that a registry cannot be sued for trademark infringement. The letters, though, have placed ICM on notice, which increases the potential for liability if ICM sells the trademarked names.

As this exchange indicates, registering domains with ICM is one option but may not be the only option available to companies seeking to protect their trademarks. Cyveillance encourages companies to take a hard look at their brand protection strategy to determine if defensively registering for .XXX gTLDs is the only and best option for their brand protection. The ongoing battle for domain name registration and brand protection is always going to be waged; the key to minimizing losses is tied to a company’s assessment of their true threats and their proactive approach to minimizing those threats.

Edelman was kind enough to answer a few questions about their research.

Cyveillance: Your paper is premised on the idea that typosquatting unethically diverts traffic from legitimate online destinations. You open one of your paragraphs with the line, “Most large domain registrants present themselves as ‘domain parkers’ or domainers.” Some readers may be confused about your position on domaining as an industry. Can you clarify your stance on domaining in general?

Ben Edelman: I don’t see much genuine value coming from the domaining business. Yes, some users guess domain names, and domainers can cause results to be shown to users who might otherwise receive error messages. But most web browsers already show results that are at least as useful as domainers’ placeholders – often better, with genuine organic results rather than merely advertisements.

Meanwhile, domainers cause some important harms: For one, as detailed in my article, domainers deplete advertisers’ budgets. Domainers also make it more costly for entrepreneurs to obtain the domains required to run actual substantive businesses: A domain might truly be unclaimed, in the sense that no one has ever used it for anything interesting, but a domainer would nonetheless be able to withhold that domain from a would-be user until they agree on a price. Combine these harms with the remarkably widespread ongoing problem of typosquatting, as presented in my article, and the net value-add of domainers is far from clear.

Domainers will vigorously defend their right to advance-register large numbers of domains, as if this is some kind of moral entitlement. I’m not so sure. In many areas, landowners are (and, historically, have been) required to improve their property lest they be a blight or eyesore to others. The analogy here is less direct: Which domains are “near” an unimproved domainer domain? But certainly unimproved domains harm others, by impeding what could be direct navigations, and by driving up costs to others. Indeed, limits on domain purchases have ample precedent – dating back to Jon Postel’s early restrictions on how many domains a single person or entity could request, and similar restrictions in certain ccTLDs. At least as against domainers with thousands, tens of thousands, or even hundreds of thousands of domains, these ideas do ring true to me.

Cyveillance: In your attempts to collect information about the behavior of typosquatting domains, some websites prevented your systems from gathering information about them. Can you discuss which servers attempted to prevent your analysis? Are you aware of any direct or indirect response to your investigation on their part?

Ben Edelman: Google has pointed out that it will disable typosquatting domains in response to a trademark holder’s specific request. Indeed, but what about infractions that come to Google’s attention some other way, such as in my article or in a complaint from the general public? What about infractions that are readily apparent to Google, thanks to Google’s excellent semantic analysis software? Google does as little as it can – letting Google and its partners continue to profit as widely as they can. Once Google is on actual knowledge that a domain is a variation of a trademark – either because a member of the public says so, or because Google’s own software figured it out – I’d like to see Google avoid targeting ads to that domain. And there’s a strong case that that’s exactly the behavior that the ACPA requires.

Meanwhile, trademark holders have ample grounds to be angry. And reading my article, I believe a new set of trademark holders is remembering that there’s more they could do here.

Cyveillance: Many merchants make use of affiliates to promote their products and services on the internet. You mentioned that “Few affiliate merchants affirmatively allow typosquatting, and most disallow it when it comes to their attention.” What recommendations, if any, do you have for merchants in this situation? Why do you believe most do not prohibit typosquatting among their affiliates to begin with?

Ben Edelman: An easy first step is a specific contractual prohibition on affiliates registering or using typosquatting domains. But merchants then need to follow through on this prohibition by implementing effective, robust enforcement. And merchants would do well to penalize violators, including through litigation. Recall Lands End v. Remy, wherein Lands End sued several LinkShare affiliates who had used typosquatting domains to claim affiliate commissions they had never properly earned.

Cyveillance: Your article states that there are “two main uses for traffic diverted to typo domains: placing pay-per-click ads and redirecting to other (often competing) domains.” Both situations cost brand owners money. This may seem obvious, but just to be sure: which is worse for a brand owner in your opinion?

Ben Edelman: They’re both unlawful, and they’re both unacceptable.

Cyveillance: You conclude by offering that the parties with the most ability to reduce typosquatting are the ad platforms of Google and Yahoo. Do you expect to see either company modify its practices based data like that found in your investigation?

Ben Edelman: I see the two main ways to compel ad platforms to change their practices: litigation and public outcry. Both are underway.

Cyveillance: Based on your research what advice do you have for brand owners when faced with the problem of typosquatting?

Ben Edelman: Trademark owners need not write off typosquatting as an unavoidable cost of doing business. Perpetrators are identifiable, and legal remedies are clear. In few other contexts do sophisticated companies sit back and let themselves get cheated. I don’t see why they’d want to do that here.

The public interest in supporting competition and protecting end-users does not support elimination of the current separation of Registry and Registrar ownership. The end result would be further consolidation of the top tier registrars, gaming of the loopholes in the current contractual reciprocity provisions, and potential increased brand abuses. These changes would, in conclusion, present a severe negative impact on competition among Registries and among Registrars and harm to end users.

Because several registrars own vast domain portfolios, the equal access and vertical separation requirements also have the positive effect of preventing particular registrants from having privileged access to domains in particular registries. Relaxing the requirements could inhibit competition in the market for domain names. Worse, it could make it essentially impossible for brand owners to prevent abusive registrations of their domains in registries where a particular registrant has a pre-emptive ability to register domains. Therefore, preventing registrants from gaining privileged access to particular registries is a compelling reason to preserve the vertical separation requirements. Because of the dangers of the competitive abuses described above, Cyveillance strongly urges the ICANN Board to maintain the separation in the current ICANN contracts and ensure the implementation of regulations that will maintain this clear separation.

More information as well as the opportunity to comment on the proposed change can be found at http://www.icann.org/en/public-comment/.

ICANN, the governing body for the policy setting and management of Internet domains recently adopted a new policy to allow virtually unlimited generic gTLDs. For example, in place of “.com” “.org” or “.net, you could register domains that end in your own company name or brand. For example, Cyveillance could register “.cyveillance” as its gTLD. ICANN has promoted this new policy in the name of innovation, choice and change on the Internet. However, after close review and consultation with our own subject matter, fraud and legal experts, Cyveillance believes these new options pose no real benefits to our clients or their customers and, in reality, would expose them to significant online risks, serious loss of brand equity and will undermine online consumer confidence worldwide.

As ICANN moves forward toward implementation and outlining their processes and procedures, it is readily apparent to Cyveillance that there are serious and dangerous flaws in their approach. Close scrutiny of the proposed procedures reveal:

1) little to no protection for global trademark holders;
2) excessive administrative costs for applicants;
3) virtual total control by ICANN with no accountability;
4) exposure to increased fraud and legal liabilities for brand owner; and,
5) easy access and control for unscrupulous entities to core Internet infrastructure components and ultimately threatens Internet commerce around the globe.

The following are some major concerns Cyveillance has with the proposed implementation of the ICANN policy:

• The gTLD application fee will be $185,000.00 for a single gTLD and it must be acknowledged that it is only “to obtain consideration” of an application and offers no guarantee that the application would be granted (the cost of registering a “dot com” domain is approximately $20). Given that there are currently over 180 million .com domains the total potential revenue to ICANN could be in the trillions of dollars. If only the Global 2000 applied, the administration cost alone (using ICANN’s own estimates) would be $370 Billion. Note that this estimate would only cover their corporate name and not their individual brand names and no other variation of the brand in order to protect them from cybersquatting or typopiracy.
• The proposed gTLD guidebook provides that any community-based applications will take priority in the proposed application process. Enterprises and companies would have little recourse in acquiring gTLDs containing their own company or brand names. For example, if the International Brotherhood of Magicians (http://www.magician.org) wanted to register “.IBM” according to the proposed procedures, they would potentially have priority over “.IBM”, not IBM Corporation. This outcome would not only cause market confusion but would lay the foundation for potential fraud targeting consumers worldwide.
• If no community-based applications are presented other enterprises competing for a gTLD could be determined either between the competing parties or through an auction process (the one with the most money offered wins). There is no guarantee that the most appropriate trademark owner would retain a gTLD containing their brand name.
• When objections arise, ICANN has devised a process whereby any dispute will be decided by a single arbitrator appointed by WIPO (World Intellectual Property Organization) with preference given to the community-based applicant. There is a very serious potential legal problem by giving ultimate decision making authority to a single arbitration panelist appointed by an outside body. A process called “DRSP” (Dispute Resolution Service Provider) – a new form of a UDRP (Uniform Domain-Name Dispute-Resolution Policy, formed by ICANN) – can be filed and ICANN will appoint a single arbitration panelist to make the final determination.
• However, the arbitration panelist decision will be final and will require all applicants to waive all legal rights including the right to bring suit to overturn arbitrary or groundless decisions by a panelist. These arbitration decisions have the force of law and cannot be appealed. ICANN would have complete authority and brand owners would have little or nor ability to object. It also puts ICANN in the position of being an international governmental body – executive, legislative and judicial, all wrapped up in one.
• Also, very importantly, ICANN is considering registry-registrar cross ownership. For instance a large corporation like IBM could select a company to manage their .IBM gTLD and they would act as manager of the domain (both registrar and registry). This could be easily exploited by fraudsters and criminal syndicates that could control the Registry/Registrar/ISP chain thereby making it nearly impossible to take a fraudulent site down or provide little recourse to the affected company.
• There are no mechanisms in place to ensure that a company awarded the registry/registrar application will have the resources (knowledge, technology and capital) to ensure the reliability and availability of the gTLD. For example Registry standards require six 9’s. i.e. 99.9999% reliability, availability etc. This could easily degrade performance and accessibility of all sites falling under certain new gTLD. The result could affect both the performance and security of not only a web site but email, applications and all infrastructures related to the new gTLD.
• The potential for fraud is unlimited – organized criminal entities would have an equal opportunity to apply for these domains throughout this process. It will be even more difficult for companies to protect their customers from fraud through the use of their brand or become the victims of extortion by those who would hold the gTLD (with their legal trademark) for ransom. It will create an unprecedented confusion in the consumer market where a consumer will be unable to distinguish which is the VALID Domain: IBM.com/Sales or Sales.IBM.
• Many large companies spend millions of dollars to manage their other domains. As a defensive tactic, these companies have purchased hundreds and possibly thousands of domains, mostly to simply protect their trademarks and brands. This new ICANN policy will not eliminate the need for defensive registrations as some have claimed, but will actually increase the need, adding significant management time and expense to fully protect their brand and their customers.

Cyveillance is not a registry or registrar and we do not receive any direct benefit regardless of the success or failure of this new policy. At Cyveillance our highest priority is to protect our clients and their brands from online threats.

Corporations and their brands will always need protection from unauthorized use, and therefore we will continue to work on our clients’ behalf to patrol the open source Internet as it continues to evolve. We believe that this new ICANN policy, once implemented, would have the potential to be extremely damaging and ultimately irreversible.

We highly recommend that you read through these issues and learn more about them. You can go to http://www.icann.org/en/topics/new-gtld-program.htm to learn the full details of the program and strongly encourage you to share this with the appropriate affected groups in your company.

For greater impact, we also strongly encourage you to submit your comments directly to ICANN. You can find the instructions on how to submit comments here: http://www.icann.org/en/topics/new-gtlds/comments-en.htm

• net.cn
• org.cn
• hk
• tw
• com.tw
• asia

The scammers portray themselves to be good corporate citizens by informing companies of the registration inquiry. However, we know better. Their agenda is to try to entice the target company to register the Asian domains quickly at a superficially high rate.

Cyveillance recommends the following actions if/when someone in your organization receives one of these emails.

1. Follow your company’s Domain Registration Policy. If you would like to own any of the domain names listed in the scam email, contact a reputable registry to purchase these domains though your normal channels.
2. Delete and ignore the messages as you do with conventional spam. You are not required to take any action, so do not respond or engage in negotiations with the scammers at all.
3. It is still your trademark/brand and you have a right to defend it. You should not be extorted into buying domains prematurely. If any of the domains listed in the emails are ever registered by companies that do not have a relationship with you, you have the right to send Cease & Desist letters or to engage in the UDRP process to recapture that domain.

Shown below is just one example of the emails received.

From: xxxxxxxxxxxxxxxxxxxxxxxxxx
Sent: Wednesday, August 20, 2008 5:18 AM
To: xxxxxxxxxxxxxxxxxxxxxxx
Cc: Platinum Card Mailbox
Subject: xxxxxxxxxxxxxxxxx Domain Names

Dear CEO,

We are SK Net Service Company Ltd, which is the domain name register center in China.I have something need to confirm with you.
we have received an application formally,one company named “MAIRHK Holdings Limited” applies for the domain names
xxxxxxxxxxxxxxxx.net.cn
xxxxxxxxxxxxxxxx.org.cn
xxxxxxxxxxxxxxxx.hk
xxxxxxxxxxxxxxxx.tw
xxxxxxxxxxxxxxxx.com.tw
xxxxxxxxxxxxxxxx.asia
and the internet Brand Name(xxxxxxxxxxxxxxxx)on the internet Aug 19, 2008. We need to know the opinion of your company, because the domain names and keywords may relate to the usufruct of brand name on internet.
we would like to get the affirmation of your company, please contact us by telephone or email as soon as possible. Please let someone in your company who is responsible for trademark or intellectual right contact me freely.

Best Regards,

Rock.Tian
Sponsoring Registrar:
SK Net Service Company Ltd
Add: 3A, Units 20/F, Far East Consortium Bldg,
121 Des Voeux Road, Central, Hong Kong
Tel: +852-3075 9838
Fax:+852-3177 1510 +852-3177 1520
website:www.sknetservice.hk