Practical Ecommerce

Legal: Your Domain Is At Risk

The lawyers at my firm represent registrars. We also represent domain name owners. And we sometimes represent domain name thieves (yes, everyone is entitled to an attorney). Here is an insider’s perspective on the new dynamics at play in domain name cybersquatting.

Most domain owners think their registrar is licensed by some governmental agency with oversight responsibilities. That’s not really the case. The due diligence of the Internet Corporation for Assigned Names and Numbers (ICANN) and registries in approving registrars is virtually nonexistent. All it takes to become a registrar is payment of the $10,000 fee. Yet my impression is that consumers take from the registrars a false sense of comfort — as if their mere existence ensures domain names will be protected.

That assumption can get you in a lot of trouble. Recently, several registrars have failed in a highly-publicized fashion:

  • Some went out of business and left the domain name owners in the dark, thus exposing those domain names to cancellation and loss.
  • Others encountered security problems in which either the data queries or data flows were intercepted by unscrupulous third parties during availability inquiries.
  • Finally, there are cases where databases were accessed legally and then filtered for incorrect email addresses; ultimately, the domain name involved was taken over.

Couple these issues with the fact that you never really know, in many cases, who you’re dealing with, and you have a recipe for disaster. The problem, of course, is that there are no established due diligence or minimum standards involved in the application process; no meaningful standards of performance that would serve as an early alert system; and no one actively overseeing the performance of the registrars.

All of that means your domain name is at risk in today’s environment. In fact, it may already be in someone else’s hands and you don’t even know it because most thieves will change the ownership information (or at least the email address and password) but leave it pointing to the real owner’s site until the time is right to make the getaway. It’s a bit like someone surreptitiously breaking into your business one night, ripping you off, then waiting until the next morning, during normal business hours, to walk out.

How do you solve this problem? You can’t. However, you can take steps to minimize the chance of losing your domain name. Make sure you house your names with a reputable and reliable registrar. Make absolutely sure your email address is correct in your registration records. On a regular basis, check the Whois information and confirm you are still listed as the owner and all of your contact information is correct (most importantly your email address). Don’t assume there is no problem simply because traffic still flows to your site.

What should you do if you lose your domain name? In most instances, it’s not realistic to expect ICANN’s Uniform Domain Name Resolution Policy (UDRP) arbitration to help you. It is not designed to deal with stolen domain names. If the thief is foolish enough to use the name in a manner that could infringe on your registered or common law trademark, a UDRP arbitration might be successful. Unfortunately, though, these thieves are usually much too smart to do that; they will sit passively on your name and wait for you to come knocking.

At that point, you can hire a lawyer to file a lawsuit — with little hope of recovering damages, as the new owners are most often overseas con men — or you can buy your name back from them in what appears to be a legitimate business transaction.

Does all this sound like the perfect crime? It comes pretty close.

The information in this article is not intended to be legal advice. Always consult your attorney when faced with legal issues.

John W. Dozier, Jr.

John W. Dozier, Jr.

Bio   •   RSS Feed


Sign up for our email newsletter

  1. Legacy User April 23, 2007 Reply

    Great suggestions and very true. Goes to the point of spending a few more dollars and going with a tried and true register like NS or Godaddy. Yes it cost a few pennies more but in the long run, attorney costs or otherwise really aren't worth it. Still isn't worth it. Scott Neuman

    — *Scott Neuman*

  2. Legacy User April 24, 2007 Reply

    Hi, I saw this post referenced at Subliminalmessages.Com. I have a lot to say, so I apologize in advance if this is long winded.

    First of all, registrars need to be held accountable. They should 1.) be required to have another ICANN registrar named as a godparent in case something should happen, and 2.) they should be required to have insurance. Lots of it.

    If people haven't yet figured out that domains are property, they soon will. The analogy is obvious. Just as a bank requires homeowners to carry property insurance (and title insurance, too), so should registrars carry the necessary liability insurance in case another registerfly disaster occurs. Imagine the initial guys who were trying to renew their precious cyber property only to realize that their requests for renewal were being ignored. Huh? That's just wrong. The worst part is that in cyberspace, no one will hear you scream.

    Sure, ICANN got involved months later, but how did that few those whose domains already expired and got resold? Yeah, other companies offered "specials" to "help" those affected, but it was impossible to get the needed transfer authorization from Registerfly. What was a poor domainer to do?

    Just as a bank is insured by FDIC up to $100,000. A registrar should have insurance to make the same type of claim. Some registrars may, for competitive reasons, want to offer insurance for $500,000. This would attract a better caliber of portfolio. Offer less and you surely won't get my business.

    The status quo is no good and needs to be addressed before another disaster occurs to further weaken the public's trust in the registrar system. It came close to happening with Directnic during Hurricane Katrina. To their credit, however, they pulled through like a champ. The domain world, however, was holding its breath.

    — *Domainer Sam I Am*

  3. Legacy User May 21, 2007 Reply

    "Make sure you house your names with a reputable and reliable registrar."

    Easier said than done. Even the aforementioned NS and GoDaddy have had less than stellar track records. I'm researching now to find a more reputable registrar for all the domains I manage for my clients. And so far it's been quite depressing.

    I don't suppose Mr. Dozier can pass along specific recommendations for registrars that are truly reputable and reliable? Probably not… what with client/attorney privilege and such. Oh well… my search continues.

    Thanks for the legal insight and advice.

    — *Eugene Barnes*

  4. Legacy User July 6, 2007 Reply

    Well… not that it can't happen, but I have been very happy with

    GoDaddy was getting on my nerves with the endless advertisemens they had.

    — *Sean*