Co-authored by David Barnett, head of consultancy, Brand Monitoring, and Nipa Patel, technology manager at CSC.

One of the central goals of a brand protection program is detecting infringing third-party activity that falls outside the firewall—that is, external to a brand owner’s portfolio of official core and tactical domains. Brand threats occur across a range of internet channels, but domain name abuse is one of the most significant areas for concern, both in terms of the visibility and potential for confusion of branded domain names by potential customers, and the enforcement options available. For this reason, domain monitoring is considered a core component of a brand protection service.

One of the primary data sources for monitoring are zone files, which are published by registry organizations and contain lists of all registered domains across a top-level domain (TLD), also known as a domain extension. By comparing consecutive daily versions of the zone file, one can identify both new registrations and lapsed domains.

When a new TLD is launched, it progresses through several phases, including a Sunrise phase, where trademark owners can apply for new domains—and a subsequent General Availability phase, where all entities, including members of the public, can register domains.

In this study, we considered the following four TLDs that entered General Availability in 2021¹, and analyzed the domain registration patterns following the launch date.

.CFD (launched April 20, 2021) – Initially assigned to DotCFD Registry Limited by the original applicant, IG Group Holdings PLC, and delegated in 2015², the .CFD extension (initially intended to relate to “contracts for difference” trading³). It was eventually acquired by ShortDot and entered General Availability in April 2021, being marketed as referring to clothing and fashion design⁴.

.BASKETBALL (launched June 15, 2021) – The Fédération Internationale de Basketball (FIBA) in partnership with TLDH and Roar Domains originally won the rights to serve as registry operator for the .BASKETBALL extension in 2014⁵. After an extended period of qualified launch programs, community priority registration phases, and Sunrise periods, FIBA eventually opened access to the extension, marketed by agency Roar Domains doing business as ROAR.BASKETBALL, in mid-2021⁶.

.SBS (launched June 15, 2021) – .SBS was originally managed by the Special Broadcasting Service Corporation (Australia) as a restricted .BRAND TLD in 2015. Following a termination notice by this registry operator in 2020, ShortDot acquired the extension and it entered General Availability in June 2021⁷. It’s being marketed as referring to “Side by Side, perfect for social causes, charitable organizations, and other philanthropic initiatives⁸.”

.ZUERICH (launched December 2, 2021) – The government of Zurich was awarded management of the .ZUERICH extension (Zürich) in 2014 to “promote local industry, scientific interests, tourism and marketing, and to highlight the high standard of living in the Zurich region⁹.” The Sunrise period, where registration applications were subject to residency restrictions, began in August 2021, before moving to General Availability in December¹⁰.

Analysis

Figure 1 shows the patterns in domain registration activity in relation to the start date of the respective General Availability phases.

As expected, there are generally lower activity levels in the early phases of each TLD release. These are primarily authorized parties registering domains for official use, and legitimate trademark holders applying for defensive registrations. A rapid increase in domain registrations generally follows, comprising domains intended for legitimate use as well as potentially infringing domains.

Across the four TLDs, more than 32,000 domains were registered between the General Availability launch phases and the date of analysis (December 17, 2021). Across these datasets, several themes are evident. Several domains incorporate popular brand names (Figure 2) and may have been registered with intent to infringe (e.g., phishing or fraud, traffic misdirection to third-party content, or the sale of counterfeit items).

Many of the brand-specific domains didn’t resolve to any significant site content at the time of analysis, though may be worthy of ongoing monitoring for future infringing content. Furthermore, several had already been flagged as dangerous at a browser level, potentially indicating malicious content may have been present previously, but subsequently removed. Two of the domains resolved to the same website, for a company purporting to be one of the brand’s official “product service centers.” In such cases, any false claims of affiliation can damage a brand’s reputation. Of the remaining domains, some were found being used for revenue generation, with some examples featuring pay-per-click links, and others explicitly advertised for sale.

Other popular domain keywords¹² are also represented within this dataset—e.g., coin (156 domains); life (66); home (59); your (54); and online (123). Other examples related to specific areas of content. For example, references to eCommerce appear repeatedly via the keywords: shop (89 domains) and store (51). Other keywords raising greater potential for concern include: casino (48 domains); porn (22); and download (6). Other popular or topical areas are also represented, for example: crypto (56 domains); bitcoin (24); blockchain (9); and covid (4).

Observations and recommendations

The analysis shows the high speed at which potentially infringing domains are registered following a new TLD launch. This highlights the importance of employing a comprehensive brand monitoring program that can cover new extensions as they launch.

Monitoring should also be accompanied by an enforcement program against infringements. Ideally this should incorporate a range of enforcement approaches, so that the most effective methodology can be selected, while reserving certain options for escalation.

Both monitoring and enforcement can be made more efficient using automated technology. This can analyze and prioritize targets, monitor domains content changes over time, and use clustering and other artificial intelligence (AI) features to establish links between infringements, thereby streamlining the enforcement process.

Country-code launches

Another type of launch that’s happened over the past few years is where a country code begins offering second-level domains, where it was previously only possible to register domains at the third level (e.g., the launch of .UK, where previously only .CO.UK was available). When these launches take place, an additional Grandfather Phase is added to the process. During the Grandfather Phase, current owners of third-level domains are given first refusal to the second-level domain. The most notable launches in recent years have been .NZ (New Zealand) and .UK (United Kingdom). Many brand owners failed to register relevant domains in the Grandfather Phases, resulting in high numbers of third-party registrations. The number of disputes filed with Nominet for .UK domains rose by 230% between 2018 and 2019, for example¹³. Second-level domains now account for 20% of all registrations for .NZ¹⁴, and 13% for .UK.

The Grandfather Phase for .AU (Australia) will launch oBlon March 24, 2022. Brand holders will therefore need to decide whether to defensively register the names they currently hold in .COM.AU, or employ an effective monitoring program.