Threat Intelligence Blog

Posted October 28, 2011

Congratulations! Your company has come up with a brand new widget that’s going to change the world, and it needs a name. Naturally, in your role as a savvy brand manager, before making any decisions about the new name you check to see whether the domain name for your company’s new product is taken.

You may just type in your first candidate name for the product into a browser and see what happens when you add .com to the end, like so:

our great product reviews search autocomplete

Great! It’s available. Now you head off to register the domain and along the way the domain registrar makes the generous offer to sell you the .net, and .org versions for you too, so you purchase those too just for good measure. Time to call it a day, right?

It would be nice if it were so straightforward (like most things on the internet!). Unfortunately, the top level domain space is probably larger than you think. Verisign’s August 2011 Domain Name Industry Brief reports that .com accounts for about 95 million of the 215 million domain names registered. What accounts for all those that aren’t .com? According to the Verisign report:

The largest TLDs in terms of base size were, in order, .com, .de (Germany), .net, .uk (united Kingdom), .org, .info, .nl (netherlands), .cn, .eu and .ru (russian federation).

Even if one’s company is not currently physically present in Germany, the UK, China, etc, would it be a terrible idea to defensively register them?

Consider that there is more at stake than the loss of brand integrity when web traffic is diverted to the website created by a cybersquatter. If that weren’t bad enough, there are legitimate security considerations to think about. A brand not registered in a foreign top level domain can make an attractive destination to send potential victims in phishing campaigns and other nefarious schemes. Think about it – what percent of your company’s customers would click a link that was sent from an email address that contained, or The theft of banking information, drive by malware downloads, and customers who remember your name associated with a really bad experience are all possibilities in that scenario.

We don’t recommend that a company attempt to register its name and brands in the hundreds (yes, hundreds!) of possible top level domains and country code top level domains out there. Not only would that probably be impossible because of the requirements placed on registrants in some locales, it’s certainly impractical and almost definitely a poor use of resources. We simply recommend that extra consideration is paid to registering domains that one traditionally might not (yes, including .xxx!). The specific business needs of your company and its aspirations in global markets will determine whether it makes sense to go ahead and register domains outside the normal .com, .net, and .org.

Finally, even once the decision is made to not register a domain somewhere overseas, that doesn’t mean one can forget about them. Companies must actively monitor the web to make sure that others haven’t decided they can put your brand to use, lest they learn about fraudulent uses of their brands in domains the hard way.

(Not scared yet about the risk posed by variations of your brands in unusual domains abroad? Check out Wired’s report on doppleganger domains, if you dare!)

Additional Posts

Anti-Counterfeiting Trade Agreement (ACTA) Explained

Background The proliferation of counterfeit and pirated goods poses considerable challenges for ...

Update – How Will ICANN’s Newest Domain Name Program Affect Your Company’s Brand?

The information below is an update to the following blog posting: How Will ICANN’s Newest Domain ...