Home / Blogs

Who Should Bear Domain Name Risk?

Domain owners are bearing tremendous risk that someone else is better equipped to absorb. In this post, I outline the motivation of risk ownership, the sources of risk associated with owning a domain name, and the ways by which some of these risks have been transferred to institutions that are better equipped to handle them. I close by pointing out that we would be better served by having a trademark risk-management entity.

What is risk ownership?

Risk ownership1 involves choosing which risks to bear and which to transfer or sell to another party. You should bear a risk only when you have the competency to mitigate it or when there is no viable mechanism for transferring the risk. In general, the motivation for transferring risk is to reduce the overall risk for an individual or a business2 and free up cash that would otherwise be needed as a cushion.

Risk management3 is very important. Corporate success cannot be attributed solely to one person, but a single person or source of risk can indeed bring an established institution down. Nevertheless, risk management depends on the manager’s appetite for risk.

Sources of Domain Name Risk

1. Domain Specific:

a. Renewal. This includes forgetting to renew, not having the money to renew, and incorrectly deciding to renew4 all domains in a large portfolio. The risk of forgetting to renew was initially born by the domain owner. Registrars soon realized they could make money by providing auto-renew services and encouraging discounts for multiperiod registrations. Registrar are better suited for owning this risk, as they can spread management cost over a large number of clients. Thus, the domain owner is willing to pay a fee for transferring the risk to a registrar.

b. Hijacking5

c. Trademark. Currently, a domain name is registered with prayers that no costly legal action will be taken against them. However, some of the new registrants take advantage of the system, while others innocently include brand names in their domain names. For the former, the cost of the illegal action is generally minimal, as they either surrender the domain name to the brand owner, don’t pay for it before the end of the five-day grace period,6 or possibly sell it at a high price at one of the prominent marketplaces.7 On the other hand, the innocent group can be bullied into surrendering the domain name even when it does not legally infringe on someone else’s IP, or they can incur uncessary shut down and legal costs. Hence, to manage this risk, the latter group should set aside cash to fight any potential legal action or if possible, transfer the risk to an entity that is better suited to absorb it.

It makes sense that independent entities or registrars should sell trademark insurance policies. Such an intermediary must have legal expertise and the ability to spread risk management cost over a large number of clients. Currently there is no such institution, which implies that this risk is under-valued and thus represents inefficiency in domain name markets.8

For trademark issues associating with existing domain names, a cooperative IP regime mitigates this risk and creates value to domain name owners and IP claimants.9

d. Price risk10

e. Parking Income11

2. Industry Wide

a. General market price drop12

b. Industry reputation risk requires domain activism,13 lobbying by the Internet Commerce Association (ICA), and cooperation of domain name and trademark owners.

c. Loss of privacy through public access to Whois information.

3. Sub-industry risk is due to front running,14 potential bankruptcy and/or de-accreditation of registrars and resellers, and the risk of default of a secondary market player. Both these sources can disrupt activities for a segment of the market.

4. Transaction Risk

a. Waiting too long to buy and/or sell. Thus, the risk of lost opportunities.

b. Risk of money and ownership transfer, which can be mitigated by engaging an escrow agent.

c. Ineffective domain-name valuation.15

5. Infrastructure risk16

a. Spam and phishing

b. Cyber security

c. Lack of technology policy

1 Robert C. Merton, “You Have More Capital than You Think,” Harvard Business Review 83, no. 11 (November 2005): 84-94.
2 Alex Tajirian (October 2005), “Domain Name Protection: A Risk-Analytic Framework,” DomainMart.
3 Risk management competency is one of the factors that should drive industry merger and acquisition decisions.
4 See Alex Tajirian (July 2008), “To Renew or Not to Renew Your Domain Name?,” DomainMart.
5 See, for example, Bruce Tonkin (January 2005), “Closer Look at Domain Name Transfer Policy and the Hijacking of Panix.com,” CircleID.
6 See Alex Tajirian (August 2007), “Domain Tasting: A Solution,” DomainMart.
7 In such a case, the marketplace is an accomplice in infringing on the trademark, and thus the industry must take appropriate action against the marketplace.
8 For marketplace inefficiencies, see Alex Tajirian (January 2006), “Price Inefficiencies in Domain Name Markets: An Empirical Investigation,” DomainMart.
9 See Alex Tajirian (April 2008), “Brand Complementors: Implementing a Cooperative Domain-Name Use,” CircleID.
10 See Alex Tajirian (February 2006), “Toward Large Domain Name Portfolios,” DomainMart.
11 Ibid.
12 See Alex Tajirian (February 2008), “Thoughts on Hedging Domain-Name Price Risk,” DomainMart.
13 See Alex Tajirian (July 2008), “Take Action: Your Domain Names Are Losing More Than You Realize!,” DomainMart.
14 See, for example, “Network Solutions Responds to Front Running Accusations,” CircleID.
15 See Alex Tajirian (December 2007), “Effective Domain Name Appraisals,” DomainMart.
16 See CircleID.

By Alex Tajirian, CEO at DomainMart

Filed Under


Risk Management and Domain Registrant Issues Enrico Schaefer  –  Sep 30, 2008 4:58 PM

Alex: Interesting post. We see companies - especially outside the more able e-commerce companies - losing their domain names every day due to a failure to understand and manage their administrative process.  Companies are often clueless concerning their registrant status, information and renewal dates.  They fail to control the registrant login accounts or the people who have access to those accounts.

At the same time, many of these companies are dependent on their web business to pay the bills every month. One might think that given their dependency, care would be taken to control and manage their domains.

Here are some further thoughts….

Protecting Your Domain Name On The Internet

Protecting Your Domain Name Portfolio: Control is the Key.

Enrico: We have both written about these Alex Tajirian  –  Oct 2, 2008 12:27 AM

Enrico: We have both written about these problems and issued numerous warnings, and so have many others. Being ”clueless concerning their registrant status” seems to be the hardest to solve and is devastating. Nevertheless, it seems, not surpriseingly, that “their dependency” is not enough to get their attention. Do you have any ideas for a solution?

On the upside? Defensive tactics tim morse  –  Oct 2, 2008 3:38 AM


Agreed, there is risk on the registrant’s side for a “pure owner.”
But, what is your take on a more “defensive” registration?

Ref: http://domainnamewire.com/...

Tim Morse

Tim: I couldn’t find anything in your Alex Tajirian  –  Oct 3, 2008 2:56 AM

Tim: I couldn’t find anything in your link related to the issues that Enrico raised, namely that some companies may not have the money to renew and some registrants are ignorant about inherent registration risk. Your article raises some interesting issues, namely (a) why do companies and individuals register domain names but do not redirect or monetize them? I can think of anecdodal cases, but I have not seen it regorously addressed, and (b) who decides who is a domain name expert? Some thoughts! 1) Why were these (probably high paid) experts retained? Appraisal, redirect, or other? 2) Both Brian Hall and Bill Hartzer refer the to the registration move as strategic; It better be tactical. The strategic move should be how and how fast to respond to a potential crisis (from the presepctive of shareholders and common good)? An example of a successful strategic response is the Tylalno recall. A disasterous response is the Exxon Valdese, while Katrina is probably a combination of bad strategy and bad management. Such a domain name registration is tactical in that it is intended to support the strategy. 3) Bill Hartzer reasoned that the decision not to redirect the domain name, as a “failure of the company’s IT department.” This is certainly one plausible reason. Another is that ConAgra had no domain name risk management strategy. Nevertheless, it is not clear from the article whether Bill, or any of the experts, pointed this out to ConAgra. Hence, it takes us back to Enrico’s point of lack of education. 4) I agree with David Kemodel that defensive and offensive strategies are not new and can be value adding. Nevertheless, a “confusing signally” strategy (whereby you register domain names in areas that you don’t intend to enter so as to confuse your competition) has also been pointed out. My 1.8888 cents.

Strategic v. Tactic Brian Hall  –  Oct 6, 2008 2:56 PM

Alex, You appear to presuppose that ConAgra had not already considered how to react in light of such a recall that would undoubtedly cause a PR nightmare. Had they discussed it, identified the means by which they could mitigate the bad press, and registered the domain name as part of that solution, I still believe the registration was strategic. You do draw a good distinction however, and if in fact only after the tainted peanut butter was identified, thus necessitating the recall, did they choose to register the domain name, then indeed it could be viewed as a tactical decision to avoid bad press. The answer lies in the timing. In this instance, timing did not matter, but a strategic decision is often better than a tactical one. My recent article, http://tcattorney.typepad.com/anticybersquatting_consum/2008/09/cybersquatting.html, which came out before this Conagra article, illustrates how failure to implement a domain name strategy, especially where a tactical reaction does not occur, can lead to problems, such as cybersquatting or bad press. I also agree with the below comments that education is imperative. Examples like those in my above article are what Enrico and I use to educate our clients about the impact of domain names. As for the trust, I believe that, again, being able to point to actual real world examples like those mentioned above help clients to trust our experience, knowledge, and judgment. We show what has happened, advise what else can happen, and then recommend what to do. Education may actually lead to trust, and trust actually leads to avoiding some of these domain name issues.

The article I referenced can be accessed Brian Hall  –  Oct 6, 2008 2:58 PM

The article I referenced can be accessed here.

ConAgra - Pt. 2 tim morse  –  Oct 6, 2008 7:41 PM

Not sure if this is a company that is acting tactically, or strategically, but have since learned that they are acting, nonetheless. Another domain name was registered by ConAgra, in relation to pot pies. Brief history: Company issues "Consumer Advisory" - Oct. 9, 2007 http://media.conagrafoods.com/phoenix.zhtml?c=202310&p=irol-newsArticle&ID=1060683 In the advisory, ConAgra states that it was contacted by state health officials, and that seems to have prompted the advisory. Further, the company stated that on Oct. 8, the company was advised by health officials in several states, "...that a number of consumers had been diagnosed with salmonella that they believe is statistically associated with the consumption of Banquet chicken and turkey pot pies." ConAgra registers the domain PotPieRecall.com & PotPieRecall.net on Oct 9, 2007 http://www.networksolutions.com/whois/results.jsp?domain=potpierecall.com On Oct. 10, 2007, Fox News reports that ConAgra closed the production plant on Oct. 9th, but stated that there was no recall issued by the company. http://www.foxnews.com/story/0,2933,300557,00.html On Oct. 11, 2007, the company issues a press release stating that it WAS recalling the pies: http://media.conagrafoods.com/phoenix.zhtml?c=202310&p=irol-newsArticle&ID=1061952&highlight;= That same day, ConAgra published a list on their Web site, clarifying: http://media.conagrafoods.com/phoenix.zhtml?c=202310&p=irol-newsArticle&ID=1062133&highlight;= November 14, the company issues a release that stated the plant was reopened for production: http://media.conagrafoods.com/phoenix.zhtml?c=202310&p=irol-newsArticle&ID=1078267&highlight;= Attorney Bill Marler pointed out in his blog on that the illnesses alleged to be connected to these pies began in Jan. 07: http://www.marlerblog.com/2007/10/articles/case-news/first-lawsuit-filed-over-conagra-pot-pie-salmonella-outbreak/ He reports on a lawsuit pending. Marler calls into question the issue of the recall, noting the two-day lag in the announcement being labeled as a "recall." Given the above, especially with the registration of the .net on the same day as the .com, it would seem that ConAgra is at least cognizant of the value of owning these types of domain names. Penguin

Clarification on "experts" tim morse  –  Oct 6, 2008 7:10 PM

Alex, Quick clarification. The experts I interviewed were not affiliated with ConAgra. I selected them to comment on the situation. Perhaps, I applied the term too freely; however, in my opinion, they represented individuals with expertise in the domain and/or e-commerce industries. To that end, I hoped that they would provide comment that might be of interest to both "end users" (cf: ConAgra), domain investors (who sell on the aftermarket), and "competition" - those end users who may seek to gain a competitive advantage (cf: a law firm). Sorry for any confusion Penguin

Clarification from actual "expert" Rob S  –  Jan 16, 2009 3:36 AM

As a person *very* involved in this event at ConAgra (I am no longer associated with the company), I can assure you the company has a strategy for the overall communications approach, as well as clear tactics for how to handle these events. The primary focus of all of our efforts were to ensure the safety of consumers. It was critical that accurate information was conveyed, which you'll find was the reason for some of the delays. It had nothing to do with the technology organization. I've had to chuckle at some of the theorizing of "experts" in this example. The evidence just doesn't back it up. The strategy involves: 1. Defensive domain buys. The company looks to protect their brands through positive, phonetic and negative word association buys. 2. Opportunistic buys. 3. Content ownership. 4. Content distribution. Note, prior to this event we had already developed a plan for handling ANY event of high interest. We didn't predict a recall (we thought it would be more likely to have an investor related spike). As soon as we learned of the event, we had a conversation with all key players. This proved critical with our ability to respond proactive. We triggered the plan. We purchased the peterpanrecall.com as soon as we learned of the event. We pointed that domain to our web site to ensure we captured that audience, even with limited content to support it. We pushed more content to the caching networks in anticipation of the spike. I won't delve into specific numbers, but I will always remember the day this hit (a Thursday). Our traffic spiked considerably and sustained that load over 5 days. If we had not prepared for that load with caching networks and partners, our sites would have crashed. We minimized navigation to the contact paths. When you deal with this level of spike, it's important to minimize the amount of unnecessary traffic. The article that took the most time was the creation of the communication to users. This was mistakenly read by a lack of cooperation within the business, but it had more to do with our collaboration with the FDA and legal review. We didn't know the cause of the problem. The overall response within the company was phenomenal. On a dime, the entire organization turned around to handle this. #1 priority was consumer safety and getting out accurate information. I should note that many reviews have since featured the response by the company as an example of how to handle a recall. Knowing what I know, the only item I would've changed would've been to create a prebuilt completely static site for emergency events. It's a small cost, but the 5 days following the event were stressful as we monitored the servers.

Defensive Registrations Enrico Schaefer  –  Oct 2, 2008 2:33 PM

There are certain domains which should be defensively registered. Obviously, the number of domains which could be registered is endless.  So there is a point of diminishing returns. We typically analyze the clients’ domains and brand portfolio and make recommendations.

I think education is the key.  Companies need to protect their marks in cyberspace.  That is the bottom line. The ones who end of having problems wish they had done more to protect their domains on the front end.

Enrico: I agree that education is key. Alex Tajirian  –  Oct 3, 2008 2:51 AM

Enrico: I agree that education is key. However, it seems that the educational system has failed. Nevertheless, there is an element of trust of the entity registering the name on behalf of the owner, which education alone will not solve. You are closer to the problem than a lot us. What are your clients “who end up having problems” telling you? Any thougts on improving the educational system and solving the trust issue?

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet




Sponsored byVerisign

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byDNIB.com

Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix

Threat Intelligence

Sponsored byWhoisXML API