Cybersquatting is nothing new. However, what we are seeing is a huge rise in email phishing attacks and these often start from domains being registered that are similar to brands. The domains are then used to create convincing email accounts and dupe recipients.  For example, the HMRC reported a 73% rise in cases in the first six months that COVID-19 hit the UK, according to an FOI request by Lanop Outsourcing.

Cybersquatting has a huge potential to damage brand reputation and value. With the top 100 most valuable brands valued at $2.54 trillion last year (according to Forbes' 2020 list of the 100 most valuable brands), this is an issue that is worth spending some time on.

Last week the EUIPO Observatory’s Expert Group published a paper on preventing use of domain names for intellectual property infringement. The paper provides some useful best practice examples of how different domain name registries and registrars operate and their success in preventing  IP-infringing use of domains. As such it is an interesting paper for IP owners in considering their strategy for protecting their rights.

The full report can be read here, but we have picked out a few interesting points below.

As part of the pre-registration stage, the paper notes that some registries e.g. .uk, .be (Belgium) and .us have specific restrictions and/or conditions around use of domain privacy and proxy services. Where, following the implementation of the GDPR, most access to information on owners of European country code top level domains is not available via WhoIs services (even where the owner is a company), restricting use of these services would be a helpful step forward.

During the registration stage, the working group noted a number of systems that have been developed in different jurisdictions to detect abusive domain name registration applications in order to suspend them before delegation (the process which allows a website with a registered domain name to be accessed). For instance, for .eu domains, EURid has developed a Abuse Prediction and Early Warning System, which uses registration data, metadata and external intelligence to identify potentially abusive registrations. Such registrations will have their delegation suspended pending submission by the registrant of evidence that their registration data is correct and the final decision on whether or not to proceed with the delegation is made by a person. This type of system can be especially advantageous when supported by machine learning and artificial intelligence and can help to prevent a domain name being used before any harm is done to a trade mark or brand. However, such a system requires significant resources and manpower, which may not be possible for other registries.

Post-registration, most registries and registrars do not take down domain names for illegal content on the website itself. In order to be able to take down domain names for illegal content, registrars and registries will need a strong legal basis so that they can avoid any liability for wrongful takedown. In this regard, notice and take down schemes for .uk, .be (Belgium) and .nl (Netherlands) were flagged as good practice examples. The paper also notes that due to the fact that fraudulent registrations can be performed on a large scale, for such measures to be effective, they must allow takedowns ‘in bulk’.

So what?

It remains to be seen whether different registrars and registries will be able to adopt the best practices identified in the paper. However, this paper provides some interesting comparators and identifies some of the good practices that may be open to use by brands, depending on the problem domain name in question.