A Domain by Any Other Name
Timothy Rooney
Mar 21, 2023
Your domain name represents your identity on the Internet. Customers, prospects, associates, and generally anyone on the Internet can navigate to your website simply by knowing your domain name. The domain name system (DNS) facilitates this naming process by enabling the resolution of your site’s name to Internet Protocol addresses that devices use to connect to your website over the Internet.
DNS Deception
While DNS simplifies navigation to your Internet presence thanks to your domain name, it also introduces an exposure to visual misrepresentations of your domain name in the DNS and therefore on the Internet. Such misrepresentations may be totally innocent, such as when would-be visitors “fat finger” or mistype your web address in their browsers leading them to another website, or downright malicious where a miscreant creates a website reachable by a visually similar or slight variation in your domain name. Such a malicious website could be designed to appear visually similar to yours and serve as a means to solicit personal information, to entice the download of malware, to smear your brand, or to monetize web visits via advertisements or affiliated links. Other motivations for malicious registration of similar domain names include misrepresenting your brand, siphoning web traffic to a competitor, or merely holding the domain name for sale to the “rightful” domain holder.
Types of DNS Cybersquatting
The registration of a similar domain for such purposes is broadly referred to as cybersquatting and may take one of many forms:
• Brandjacking - the registration of a domain name for a company or celebrity. This “exact match” approach may embolden the domain holder to sell at an exorbitant price or otherwise abuse the domain’s integrity.
• Typosquatting - various forms of a domain name representation including a close misspelling or use of a different top level domain, such as “org” instead of “com” or a country code top level domain such as “co” instead of “com.”
• Homoglyphs (ASCII) - use of similar characters within a domain name such as the number one in place of the letter l. By Internet standards, domain names must be encoded in the DNS as ASCII characters.
• Homoglyphs (IDNs) - Internationalized domain names (IDNs) are a special form of domain name, which represent non-Latin domain names as ASCII. That is, your browser can display links or enable entry of domain names in native characters. e.g., Cyrillic, and DNS will resolve the corresponding ASCII representation or IDN. Some non-Latin characters appear to the eye as Latin characters, and users may easily misconstrue character sets, thereby arriving at a website other than that intended.
Protecting your DNS
What can you do if you find a domain name similar to yours that appears to be maligned? The Uniform Domain Name Dispute Resolution Policy (UDRP) was been established by the Internet Corporation for Assigned Names and Numbers (ICANN) in conjunction with the United Nations’ World Intellectual Property Organization (WIPO) in 1999. The policy requires the complainant to establish that the domain is identical or confusingly similar to their trademark or service mark, that the registrant has no legitimate interests in the domain name and the that domain name is being used in bad faith. Please visit our website for more information about DDI security.