The Biting Point

by Dino Kusanović

When dealing with a clearly abusive domain name, one that is doing active damage to your brand, decision to act is (hopefully) an easy one. Equally easy is a decision not to act and simply ignore an infringing domain name that has its DNS zonefile disabled.

However, in this article we will submerge ourselves into the murky waters of in-between, where a decision to act is not a straightforward one. Let’s examine some real-life scenarios, and to find your biting point, we will look at the issue through the prism of cost.

The cost of doing nothing

Any dentist will tell you that doing nothing is only cost-free (and pain-free) in the short term. It’s appealing not to register any defensive domain names, not to setup a blocking service, not to have a domain name watching service, not to be proactive. As compared to doing nothing, all those additional actions incur costs. And for a short while doing nothing can seem like a valid strategy.

As long as your IP remains unknown and obscure, you are unlikely to be targeted by domain name speculators and cyber criminals. But generate any amount of success, get your name out there, and you can be sure that your renown will attract those with nefarious intentions.

Total cost to your IP per annum: $0

“You have your brand.com, what more do you really need?”

The cost of success

You can find comfort in knowing that most domain name related abuse is not personal. Bad actors have nothing against your brand in particular; they just see an easy target to exploit. Once you realize that cyber criminals act much like any other commercial enterprise, you begin to understand how to disrupt them.

Unfortunately, your inaction thus far has enabled registration of hundreds of infringing domain names, many of them are very good – the kind you wish you registered yourself. These infringing domain names resolve to different abusive websites: some serve pay-per-click advertising, leading your potential clients away to the competitors; some spread malware or show pornographic material; and some resolve to spoofed web shops, selling counterfeit goods, scamming Internet users looking for your IP.

Combined, these abusive domain names are harming your IP and its image, which took a lot of time and money to build. Now all your hard work is being used against you and your stakeholders.

Total cost to your IP per annum: $25,000 – $100,000

“You are losing sales; your staff are swamped with complaints about orders placed on spoofed websites; you are receiving a worrying number of phishing emails from infringing domain names; search-engine results are filled with abusive websites; etc.”

The cost of fallout

Because you ignored the issue for too long it has spiralled out of control. The phishing emails became unbearable, so you paid for external training for your staff on how to deal with them. Unfortunately, your business partners aren’t treated to the same training; they are not aware of the issues surrounding your IP and they have no reason to distrust you. One of them falls victim to a phishing attack from a lookalike domain name – the email looked legitimate, had your company signature and everything. As a result, your long-term business partner wired $150,000 to a bank account that’s not yours, for a shipment that doesn’t exist.

Social media and review websites are filled with negative posts concerning your IP – unknown to the Internet users, they were not shopping on your genuine website. You can’t blame them, the cyber criminals did a really good job spoofing your web shop.

You now face an uphill battle. Even with an unlimited budget, it will take a long time to get on top of this issue, and even longer to rebuild the trust in your IP.

Total cost to your IP per annum: $500,000+

“Your long-term business partner is now threatening legal action; the potential investor pulls out after seeing a worrying reports by the consumer protection group concerning your brand; the scale of the issues starts being picked up by the mainstream media; etc.”

The cost of doing business

The truth is, dealing with bad actors and domain name infringements is just the cost of doing business in today’s online world. Online enforcement should not be seen as this exciting adventure where you get to pretend-battle criminals from exotic locations for daring to tread on your IP.

Online brand protection is as sensible and boring undertaking as getting your car or home insurance renewed. You are rarely thrilled about it, but you know you must get it for the peace of mind it offers. Approaching online brand protection enforcement from this angle allows us to see it as a sensible and crucial step that it is. Without it we cannot hope to secure our IP – it’s not an afterthought that we wheel out once the damage has already been done – instead it’s a thread weaved through your organisation and your IP, binding everything together.

Prevention is better (and cheaper) than cure, so you get ahead of the problems by working with Com Laude.

Total cost to your IP per annum: $30,000

“You have a healthy domain name portfolio, which is constantly optimised by Intelligence; you have GlobalBlock which blocks over 700 TLDs matching your brand; you have Watch, which finds and evaluates infringing domain names and shapes your enforcement strategy; you dispute several high-threat domain names, which discourages further infringing registrations; etc.”

Finding your biting point

This perceived intangible nature of online brand protection works against itself, as it doesn’t solely exist in your legal department, nor your marketing or IT security departments. This struggle to pin down online brand protection becomes most apparent when it is time to find a budget for it. As such, don’t treat online brand protection as a legal, marketing or IT issues – it’s your brand’s issue!

How much you spend on online brand protection boils down to a simple equation: risk vs cost. What can you afford to risk? How much can you afford to lose?

And the cost itself can be further distilled into:

Doing nothing v. Registration v. Acquisition v. Dispute v. Realistic worst-case scenario

This is where you will find your biting point. But do note that your threshold for action is not set in stone; it’s a fluid mark that changes throughout the life cycle of your IP.

For example: you might decide that you do not care for pay-per-click advertising, so you ignore those infringing domain names. You might decide that you do not care for lookalike domain names configured with MX and SPF records, so you ignore them as well. However, you go after every fake shop domain name you can find, and that’s your biting point. One day your billing department gets scammed by a lookalike domain name – now the potential risk of phishing domain names is no longer an academic thought experiment, but it’s a real threat with real world consequences. So, your biting point changes, you adjust your strategy accordingly.

Talk to us today to find your biting point and take the most important step towards protecting your key IP assets!