A domain helps organisations in many ways. Domains help distinguish brands from competitors, they may provide customers with a destination to buy products, and they help build trust and increase credibility in the market. Yet, despite being key to brand integrity and at the core of brand identity, many organisations are yet to recognise the full potential of their domain assets or even protect them with a comprehensive domain strategy, leaving them potentially vulnerable to attack and infringement.
At a time of rapidly evolving online security threats and changing regulation, it is more important than ever that organisations step up efforts by making intelligent domain management decisions and ensuring that their brands are protected online.
This pressing requirement to balance promotion with protection means taking a fresh look at the fundamentals of domain management while also thinking more strategically about the entire domain name lifecycle and its management, including directing domains to appropriate content, allowing unnecessary names to expire, and maximising domain portfolio value by selling unused but valuable generic domains to strategically fund new registrations and monitoring efforts.
While basics such as registering new domains, renewing existing ones, and keeping track of the wider portfolio remain largely the same as in the past, in the current environment, ongoing portfolio management must stay a major priority. As well as getting the basics right, a more proactive and strategic approach to domain management means establishing greater cross-department collaboration – including IT, legal, marketing and management – and more innovative tactics to mitigate the risk of infringement and safeguard customers and reputation.
Best practice registration
The first step in best-practice domain registration is to categorise and tier brands, e.g. from most critical/core brands to least important brands, making it is easier to identify the game plan for registration strategy or possible domain recovery options, including anonymous acquisition or UDRP.
Key factors such as corresponding trademarks and past instances of abuse, dispute, or litigation can help calculate the importance of the domains to the business so that they can be prioritised correctly. For example, if a brand holds trademarks in more than 30 countries it is typically considered a “core” brand while those brands specific to a certain geographical region would still be important but perhaps not categorised as core. Brands that consist of slogans or other intellectual property used to support marketing campaigns are usually categorised as less essential.
Once the classifications are made, it is easier to determine the required level of protection. For example, in the .COM space, keyword variations, misspellings, IDNs, and typosquats should all be considered for critical or core brands, while less important brands require less coverage, meaning domain registrations may be limited to mostly exact-match options.
To understand propensity for risk, it is worth conducting an audit on the proposed domains. If the organisation’s culture is risk averse, defensive registrations are often the best option. Especially in extensions that are most at risk for infringement such as popular legacy gTLDs, free or low‑cost TLDs, and unrestricted (i.e. no trademark or local presence required to register) ccTLD extensions. Trademarks can help guide registration strategy as domain footprints should ideally align with trademark footprints.
Strategically, when deciding which TLDs to register different domains in, corporate objectives and future marketing requirements should be considered. For example, if there is concerted effort to expand into a certain region, the domain registration plan should include TLDs in these areas of the world as well as any relevant new gTLDs.
While considering domain strategy, to save future headaches and problems, don’t forget that contact information on domains should be standardised as much as possible. The registrant contact should ideally be the same as the business owner or trademark owner (where possible) and a role (e.g. Domain Admin) should be listed instead of a person’s name, to reduce the risk of renewal notices or notifications being missed if an individual leaves the organisation, as well as avoid privacy and General Data Protection Regulation (GDPR) issues.
Monitoring for abuse
A domain portfolio, as both a collection of valuable IP assets and important technologies, requires continuous monitoring. From domain squatters and phishers redirecting traffic to fraudulent sites, to domain hijacking, and other forms of DNS abuse, domain infringement and abuse comes in many forms. This makes proactive monitoring or watching an important best-practice for domain portfolio security.
The consequences of fraudulent attacks can be disastrous and far-reaching, from stolen business and lost revenue, to loss of trust, damage to reputation and costly legal proceedings. Helping to mitigate risk, a domain watching service provides key information and access, such as notification of newly registered and dropped domains, the ability to search using wildcards, a live link for each domain, and a live link to the Whois record for each domain.
Monitoring domain registrations is particularly important because it enables organisations to proactively deal with abuse and, crucially, enables them to take immediate action. While GDPR regulation has made it more challenging in some ways to enforce against domain infringement, experienced domain portfolio managers still have mechanisms and strategies to enable their organisations to act when infringement is detected.
Stepping-up domain security
One of the best ways to protect valuable domains is to use advanced locking mechanisms to protect against unintentional modification, unauthorised transfers, and malicious attacks. Registrar locking, for example, prevents common domain actions (e.g. update, transfer, delete) until the registrar unlocks them by completing a pre-determined, customer-specified security protocol.
Other key security steps include protecting authorisation codes, using two-factor authentication to access a domain management portal, continually managing and reviewing user accounts, and limiting and specifying user rights for the management of domains. A hardened, corporate registrar platform can also provide tools and technologies that complement an organisation’s own security ecosystem and provide more complete protection.
Forgotten basic to IP asset
In a modern digital era, there’s little doubt of the importance of a domain in distinguishing individual brands from competitors and, in the longer term, helping to build trust, professionalism and credibility. Changing regulation and an evolving threat landscape mean domain management has never been more important – or more challenging – yet it is a responsibility no organisation can afford to ignore, with inaction risking enormous amounts of potential harm.
While it is doubtless a complex and ongoing task, raising the profile of domain management at the senior level, increasing collaboration across the organisation, and adopting external support and smarter tactics to drive web traffic can all help to transform domain portfolios, turning an overlooked IT basic and a potential liability, into a recognised IP asset that can help build a brand and boost revenue and growth both online and offline.
Stu Homan, Director of Domain Management, MarkMonitor