A study (18-page PDF) from researchers at Georgia Tech and Stony Brook University has attracted attention to what it calls “combosquatting,” but the practice has been around since the early days of domain name disputes.

The study says combosquatting “refers to the combination of a recognizable brand name with other keywords (e.g., paypal-members[.]com and facebookfriends[.]com).” It adds that this practice differs from other types of cybersquatting “in two fundamental ways: first, combosquatting does not involve the spelling deviation from the original trademark and second, it requires the original domain to be intact within a set of other characters.”

Problems Created by Combosquatting

The researchers note that “combosquatting domains are not only used for trademark infringement but are also regularly used in a wide variety of abusive activities—including drive-by downloads, malware command-and-control, SEO, and phishing.”

Soon after Georgia Tech announced the study, bloggers and reporters from the Internet and trademark industries began writing about it:

• The World Trademark Review reported that “[t]his potential to more effectively dupe consumers has serious consequences for both internet users and brand owners.”
• ZDNet reported that “the number of combosquatting domains registered grew every year between 2011 and 2016, indicating attackers are very aware of the success they can have using this technique.”
• And Domain Name Wire reported that the “study suggests that the prevalence of combosquatting can be reduced by defensive registrations and registrars preventing domains with famous trademarks from being registered without verification.”

Just Another Type of Cybersquatting

While the “combosquatting” name may be new (and the threats related to it may be growing), the practice itself is not. Indeed, it’s nothing more than a type of cybersquatting, a term that dates to at least 1998.

The word “combosquatting” does not seem to show up in any decisions under the Uniform Domain Name Dispute Resolution Policy (UDRP), but domain names containing both a trademark and another word have appeared in UDRP decisions for many years.

Even the first full year of the UDRP (2000) includes many decisions involving what today could be called combosquatting, such as those involving <christiandiorcosmetics.com>, <gatewaypccountry.com>, and <bostitchnails.com>, just to cite a few.

Although the recently updated WIPO “Overview” of UDRP decisions doesn’t refer to combosquatting by that name, it makes clear that the practice of registering a domain name that contains both a trademark plus another term is common. The other term often includes a descriptive or geographical term, another party’s trademark, or even a negative term (although the latter might not truly fall within the researchers’ definition of combosquatting).

UDRP to the Rescue

Regardless of whether combosquatting really represents anything new, the researchers’ article makes clear that it “is becoming more prevalent year over year.” Fortunately for trademark owners and their customers, the UDRP provides a very effective tool for combating this harmful practice.