Co-authored by David Barnett, Head of Consulting, Brand Monitoring, and Nipa Patel, Chief Technology Officer at CSC.
One of the primary goals of a brand protection program is to detect illicit third-party activity that lies outside the firewall, i.e. outside of an official and tactical domain portfolio of a brand owner. Trademark threats occur across a range of internet channels, but domain name abuse is one of the main areas of concern, both in terms of visibility and risk of brand domain names being confused by potential customers, and application options available. For this reason, domain monitoring is considered a core part of a brand protection service.
One of the main sources of data for monitoring are zone files, which are published by registry organizations and contain lists of all domains registered on a top-level domain (TLD), also known as a top-level domain (TLD). domain extension. By comparing consecutive daily versions of the zone file, one can identify both new registrations and stale domains.
When a new TLD is launched, it goes through several phases, including a Sunrise phase, where brand owners can apply for new domains, and a subsequent General Availability phase, where all entities, including members of the public , can register domains.
In this study, we considered the following four TLDs that entered general availability in 20211and analyzed domain registration patterns after the launch date.
.CFD (launched April 20, 2021) – Originally assigned to DotCFD Registry Limited by the original applicant, IG Group Holdings PLC, and delegated in 20152the .CFDs extension (originally intended to relate to the negotiation of “contracts for difference”3). It was eventually acquired by ShortDot and entered general availability in April 2021, being marketed as referring to clothing and fashion design.4.
.BASKETBALL (launched June 15, 2021) – The International Basketball Federation (FIBA), in partnership with TLDH and Roar Domains, initially obtained the rights to serve as registry operator for the .BASKETBALL extension in 20145. After a long period of qualified launch programs, priority community registration phases and Sunrise periods, FIBA has finally opened access to the extension, marketed by the agency Roar Domains doing business under the name of ROAR.BASKETBALL, in mid-2021.6.
.SBS (launched June 15, 2021) – .SBS was originally operated by the Special Broadcasting Service Corporation (Australia) as a restricted .BRAND TLD in 2015. Following a termination notice by that registry operator in 2020, ShortDot acquired the extension and it entered into general availability in June 20217. It is marketed as referring to “Side by Side, perfect for social causes, charities and other philanthropic endeavors8.”
.ZUERICH (launched December 2, 2021) – The government of Zurich has been entrusted with the management of the .ZUERICH extension (Zürich) in 2014 to “promote local industry, scientific interests, tourism and marketing, and highlight the high standard of living in the Zurich region9.” The Sunrise period, where registration requests were subject to residency restrictions, began in August 2021, before moving to general availability in Decemberten.
To analyse
Figure 1 shows the domain registration activity patterns against the start date of the respective general availability phases.
As expected, there are generally lower levels of activity in the early phases of each TLD release. These are primarily authorized parties registering domains for official use and legitimate trademark holders requesting defensive registrations. A rapid increase in domain registrations usually follows, including domains intended for legitimate use as well as potentially infringing domains.
Across the four TLDs, over 32,000 domains were registered between the general availability launch phases and the crawl date (December 17, 2021). Across these datasets, several themes are evident. Several domains incorporate popular brand names (Figure 2) and may have been registered with the intent to cause harm (eg, phishing or fraud, diverting traffic to third-party content, or selling counterfeit items).
| Mark | Number of domains containing the brand name |
|---|---|
| Apple® | 40 |
| Amazon.co.uk® | 27 |
| Google® | 7 |
| Microsoft® | 4 |
| Samsung | 3 |
| walmart | 6 |
| Facebook® | 4 |
| Industrial and Commercial Bank of China Limited | 0 |
| Verizon® | 2 |
| 3 |
Many brand-specific areas have not resolved into meaningful site content at the time of analysis, although they may merit continued monitoring for future infringing content. Additionally, several had already been flagged as unsafe at the browser level, potentially indicating that malicious content may have been present before, but later removed. Two of the domains were resolved on the same website, for a company claiming to be one of the brand’s official “Product Service Centers”. In such cases, any misrepresentation of affiliation can harm a brand’s reputation. Of the remaining domains, some were found used to generate revenue, with some examples featuring pay-per-click links, and others explicitly advertised for sale.
Other popular domain keywords12 are also represented in this dataset — for example, coin (156 domains); life (66); home (59); your (54); and online (123). Other examples related to specific content areas. For example, references to e-commerce appear repeatedly via the keywords: shop (89 domains) and store (51). Other keywords of greater potential for concern include: casino (48 domains); porn (22); and download (6). Other popular or topical domains are also represented, for example: crypto (56 domains); bitcoins (24); block chain (9); and covid(4).
Observations and Recommendations
The analysis shows the rate at which potentially infringing domains are registered following the launch of a new TLD. This highlights the importance of employing a comprehensive brand monitoring program that can cover new extensions as they launch.
Monitoring should also be accompanied by a law enforcement program. Ideally this should incorporate a range of enforcement approaches, so that the most effective methodology can be selected, while reserving some options for escalation.
Monitoring and enforcement can be made more efficient by using automated technology. This can analyze and prioritize targets, monitor domain content changes over time, and use clustering and other artificial intelligence (AI) features to draw connections between offenses, streamlining the enforcement process. .
Launches by country code
Another type of launch that has happened in the past few years is when a country code starts offering second-level domains, where previously it was only possible to register domains at the third level ( for example, the launch of .UK, where previously only .CO .UK was available). When these launches occur, an additional grandfather phase is added to the process. During the grandfather phase, current owners of third-level domains are granted a first refusal for the second-level domain. The most notable launches in recent years have been .NZ (New Zealand) and .UK (United Kingdom). Many trademark owners failed to register the relevant domains during the grandfathering stages, resulting in a high number of third-party registrations. The number of disputes filed with Nominet for .UK domains increased by 230% between 2018 and 2019, for example13. Second-level domains now make up 20% of all .NZ registrations14and 13% for .UK.
The grandfather phase for .AU (Australia) will launch oBlon on March 24, 2022. Trademark owners will therefore have to decide whether to defensively register the names they currently own in .COM.AU or employ an effective monitoring program.
