How to protect your website domain name

Authors: Kristél Kriel, Adam Lakusta

Finding a catchy domain name for your website is an important part of your ecommerce strategy – and one that often comes with legal hurdles.

When you’re registering a domain (e.g., you’ll typically encounter three main issues: the sheer amount of domain names that are already in use, trademark infringement and domain name security.

This blog outlines some key steps to address these issues.

Acquiring a trademark

It may be possible to overcome some of these challenges by acquiring a registered trademark in Canada. One large benefit registered trademark owners enjoy is priority registration of domain names that correspond with their trademark.

Another benefit of trademark ownership is being able to challenge the use of domain names when they are identical or confusingly similar to your registered trademarks. To find out more about the dispute resolution process, see our blog post on the topic.

Enforcing your trademark

Today, a main source of trademark infringement is caused by infringing domain names. You should take steps to enforce your trademark rights early. That starts with having an effective strategy to monitor for infringement of your trademark.

Knowing where to look for infringement — especially to catch it at an early stage before it costs you internet traffic and/or money — can be very complicated. That’s why many organizations choose to outsource their monitoring to professionals.

Other ways to protect your domain name

While securing trademarks and domain name registrations is important, there are other proactive steps you can take to protect your domain and end users.

  1. Register multiple domain names

Registering different variations of your domain name can prevent others from registering a similar domain name and using it for malicious purposes. Trademark laws can help you to address such registrations when they occur, but registering multiple domain names allows you to get ahead of the issue.

  1. Choosing the right domain name registrar

The domain name registrar is the service responsible for reserving domain names and administering registration accounts. There are multiple registrars offering different scopes of service, with some offering minimal services and others offering a wide collection of premium services. No single registrar is right for every organization; however, choosing a registrar that offers advanced security services can mitigate risks to your domain name.

  1. Use domain name and trademark monitoring services

The Trademark Clearinghouse (TMCH) is a repository for national and regional trademark registrations. Applicants filing for domain names that match the trademarks in the repository will be notified that a trademark exists. If an applicant registers a domain name that corresponds with a trademark, a notice is automatically sent to the trademark owner for further action to be taken.

While the TMCH provides services for generic top-level domains, it does not monitor for country code top-level domains, such as “.ca” in Canada. There are a variety of private cybersecurity and brand protection firms that perform similar services to the TMCH for country code top-level domains as well as providing other brand protection services. Such services can be useful to protect brands, as brand owners are increasingly registering multiple domain names under different top level-domains, often including both “.com” and “.ca” domains.

  1. Perform internet searches periodically

Bad actors appropriating the trademarks and domain names of reputable brands want consumers to find them so they can divert internet traffic and, in most cases, make money.

To prevent this, you can perform regular web searches of your domain names and trademarks. Additionally, you can search for similarly spelled domain names using the ICANN Lookup Tool. Whereas individuals can perform internet searches to locate similar domain names and potential infringement, the ICANN Lookup Tool enables brands to locate potential infringement without the risk of accessing the websites and potentially exposing their systems to malware.

By performing simple routine searches for your trademarks and domain names, you may be able to find and address potential infringement activities before any damage is done.

Protecting against domain name “spoofing” and doppelganger domains

The Canadian Centre for Cybersecurity is reporting an increase in domain name “spoofing” and doppelganger domains — domains that appear to be from legitimate businesses but are often used for fraudulent purposes. In addition to the above, there are several ways to guard your domain names against these attacks.

  1. Mandate cybersecurity training

Without proper cybersecurity systems and protocols in place, your organization is left vulnerable to domain name spoofing attacks, which can result from clicking a suspicious link or failing to recognize an “internal” email originating from outside your organization. Trained personnel are the first and best defence to guard against cybercriminals .

Mandating cybersecurity training is a proactive step you can take to address the risk of domain name spoofing and doppelganger domains. Cybersecurity training can include organization-wide instruction on how to identify and respond to suspected spoofing attempts. Additionally, cybersecurity training should include reviewing the security protocols employees must follow relating to sensitive email-related tasks, such as wire transfers.

  1. Have a recovery and response plan

If you fall prey to domain name spoofing, you need to have a recovery plan in place. This will include preparing and maintaining a list of trustable contacts and preparing instructions to respond to and report fraudulent activities. An additional means of addressing a spoofing incident is obtaining legal counsel and sending a legal cease-and-desist letter. When used early on, these letters can be useful in resolving spoofing attempts.

  1. Initiate domain name abuse proceedings

The Canadian Internet Registration Authority (CIRA) administers “.ca” top-level domains and the Internet Corporation for Assigned Names and Numbers (ICANN) administers numerous top-level domains, including “.com”. Organizations can initiate domain name abuse proceedings through CIRA or ICANN, which can require bad actors to transfer or cancel their domain name registrations.

  1. Implement email and transaction authentication protocols

Fraudulent emails purporting to be from reputable brands are common. These emails are commonly associated with domain name spoofing. To protect against this, you can implement various authentication protocols. These options should be reviewed with your security professionals.

Key takeaways

To enjoy the full value of your domain names, you must be proactive. Once you have an ecommerce strategy in place, the additional measures outlined above are key steps to help minimize the risks to your domain names.

For assistance with registering trademarks and domain names, trademark monitoring and designing a legally compliant ecommerce strategy, contact a member of our Innovation, Data & Technology team.

This post is part of a blog series about moving your organization’s operations online. For more information regarding moving your organization’s operations online, please see our blog post series covering the legal risks that organizations should consider on an ongoing basis.