Wednesday, 11 October 2023

Strategies for constructing a domain-name registration and management policy

Introduction

One of the core components of a brand-protection and IP-management initiative for a corporation is an effective domain-name management policy. In general, brand owners will maintain a portfolio of official domains, including 'core' domains used in the day-to-day execution of their business (e.g. for official websites and e-mail infrastructure) and 'tactical' domains, which may include examples intended for potential future use (such as those relating to planned brand or product launches) and other defensive registrations, held so as to avoid them being used (or abused) by third parties[1]. The maintenance of this group of company-owned domains should, in general, accompany a proactive programme of monitoring for third-party infringing activity across the Internet generally ('outside the firewall') as part of an overall brand-protection initiative.

The construction of an official portfolio of core and tactical domains can be a complex process, involving consideration of a number of factors, including levels of IP protection, geographical extent of business operations, brand-protection budget, pre-existing infringement patterns, and overall level of risk aversion by the brand owner.

Policy and portfolio construction

i. Identification of desired domains

The first stage in the construction of a policy is the determination of the set of domains which the brand owner would ideally like to have under their control. In many cases, this can be represented through the construction of a 'matrix' of proposed domain names, in which the rows and columns represent the relevant keyword strings (comprising the second-level domain names (SLDs) - the parts of the names to the left of the dot - of the domains in question) and the TLDs (top-level domains, or domain extensions or suffixes), respectively.

In so doing, there are a number of factors to consider, including:

  • Whether the focus should be on high-relevance domains only (e.g. those which are likely to be directly utilisable for business purposes), or whether to build a broader defensive portfolio.
  • The balance between just domains where the SLD is the brand name in isolation, and (the broader set of) domains containing product- or industry-related or geographical keywords.
  • The TLDs to be covered.
  • The extent to which 'fuzzy' or typo- variations should be included.

In general, the recommendations might typically include points such as:

  • It would be advisable to include domain registrations across TLDs which:
    • Are generally popular.
    • Relate to those geographical regions in which the brand has current or planned business operations, and/or where IP protection (such as trademark registrations) are in place.
    • Are commonly associated with infringing or fraudulent activity[2].
    • (For new-gTLDs particularly,) are industry-specific and relate to the business areas of the brand.
  • It might be appropriate to include broader levels of coverage (TLDs  / brand variants or relevance keywords / typo variations) for brands or products of key importance (i.e. those which generate highest levels of revenue or which may be more susceptible to fraud).
  • A general recommendation would be not to attempt to cover too broad a range of typos or misspellings, due to the potential for infinite variations of these types, and the corresponding possibility of rapidly escalating costs for domains which have little commercial value. Instead, a more efficient approach is to augment the domain management programme with a brand-protection service which is able to identify these types of examples as they arise, and deal with them appropriately through an enforcement and domain-acquisition programme.
  • Finally, it may be appropriate to ensure that coverage encompasses keyword strings or patterns associated with known or repeated infringements.

 A schematic example of how this domain matrix may look in practice is shown in Figure 1.

Figure 1: Schematic example of a domain portfolio matrix for the fictitious (UK-based) luxury brand Luxurybrand, with tagline 'We Are Luxurybrand', and their products: handbags (major product), shoes (intermediate) and perfume (minor)

ii. Portfolio analysis and consolidation

Having constructed the domain matrix, the next stage is to generate a full list of all required domains (essentially, by combining the keywords in the rows with the TLDs or groups of TLDs in the columns, and then deduplicating where necessary). The set of domains can subsequently be analysed to determine which ones:

  • Are already under the ownership of the brand owner.
  • Appear to be official but are perhaps not under centralised control (e.g. domains set up by franchise holders, local offices or marketing partners).
  • Are currently held by third parties.
  • Are currently available for registration.

There then follows a process to consolidate the portfolio as far as possible or appropriate. This might include some or all of the following steps:

  • Aiming to bring any officially-owned domains under centralised control.
  • Purchasing available domains.
  • Where possible / appropriate, acquiring relevant third-party domains.

This last step is generally the most complex. In some cases, it may involve domain purchases or (depending on the nature of the content currently present on the site) dispute procedures. In other cases (for example, where the domain is under the control of a third party making legitimate use of the same brand name), acquisition may not be possible. In certain instances, it may be advisable for the brand owner to monitor the sites for changes to the content (so as to identify any appearance of infringing material).

Other general recommendations are also often applicable. One example might be to ensure that any official portfolio domains which are not under active use are configured to re-direct to the brand owner's official transactional site, so as to maximise web traffic.

Conclusion

The specifics of a domain-name portfolio reflect a balance between risk and budget but, when operating together with an effective brand-protection solution, an appropriate domain-name registration and management policy can form a key component of an organisation's IP management, helping to ensure that key domains are in place for business use, and defensive registrations are held to prevent infringing use. Part of the domain-management piece is also the implementation of an effective domain security programme, utilising an appropriate enterprise domain-name registrar, to ensure that official domains are protected from security threats such as site compromise and hacking.

References

[1] https://www.worldtrademarkreview.com/global-guide/anti-counterfeiting-and-online-brand-enforcement/2022/article/creating-cost-effective-domain-name-watching-programme

[2] https://circleid.com/posts/20230117-the-highest-threat-tlds-part-2

This article was first published on 11 October 2023 at:

https://www.iamstobbs.com/opinion/strategies-for-constructing-a-domain-name-registration-and-management-policy

No comments:

Post a Comment

Phishing trends 2024 - and a look at some new data for domain threat quantification

Overview This year's annual phishing report by Internet technology consultants Interisle [1] has provided a number of key insights into...