From ICANNWiki
Jump to navigation Jump to search

CyberSquatting is the action of attempting to profit by purchasing domain names made of marketable and trademark related terms, and later reselling or licensing those names back to the companies that developed the trademark.

That is, CyberSquatters undertake the deliberate, abusive registration of domain names in violation of the rights of trademark owners. Abusive registration of a domain names is defined by WIPO as:

  1. Registration of a domain name which is identical or misleadingly similar to a trademark.
  2. A registration which the registrant has no rights to, or legitimate interests in, with respect to the domain name.
  3. Wherein the domain name has been registered and is used in bad faith.[1]

Historical Use

Cybersquatting originated in the late 1990s when many companies did not necessarily use the Internet for marketing purposes and did not understand the value of registering their own trademark domain names.[2] Others saw the potential profit and registered these valuable domain names in order to sell them back to the companies with a significant mark-up.[2] Cybersquatting continues to be an issue for many businesses online today, and there is speculation that new gTLDs may cause a spike in cybersquatting complaints.[3] As of 2012, a total of 2,884 complaints have been filed involving "domain name squatting".[3]

ICANN and its UDRP

ICANN is involved in counteracting cybersquatting through its creation and implementation of the Uniform Domain Name Resolution Policy, or UDRP.[4] All registrants of .com, .net and .org domains have been subject to the UDRP since 2000. WIPO made proposals on domain name security in 2000; they called for a uniform dispute resolution policy and review panels to arbitrate the disputes. After continued work with ICANN, the UDRP was accepted at ICANN's Los Angeles meeting in November, 2000, and it was implemented two months later.[5]

Continued Issues

ICANN has had to postpone, and readdress, its plans to begin the creation of large amounts of gTLDs given WIPO's concerns over the high amounts of CyberSquatting complaints. In 2008, WIPO received 2,329 cybersquatting complaints; that was greatest number of complaints received since the creation of the UDRP. Thus, WIPO, the U.S. government, and other interested parties are concerned over ICANN's plans to liberalize the creation of new gTLDs.[6] ICANN, in response has suggested the creation of a database, or IP Clearinghouse, which would compile information on trademark holders and use it defensively to make it more difficult for cybersquatters to register trademark related terms.[7]


According to The Anti-Phishing Working Group, the number of cybersquatted domain names used in conjunction with phishing has fallen to only 2% of attacks in 2012. A report identified 64,204 phishing domains in total, of which only 12% is suspected by APWG as being registered by the phishers. The rest were compromised accounts owned by third parties. More than half of phisher-owned domains were in .tk, a registry that offers free registration.[8]


  • Anticybersquatting Consumer Protection Act of 1999 (ACPA): This law makes "the bad faith, abusive registration and use of the distinctive trademarks of others as Internet domain names, with the intent to profit from the goodwill associated with those trademarks" illegal.[9]
    • Under ACPA, a company can seek money damages and the transfer or termination of the offending domain name.[9]
    • For example, in May 2013, Facebook was awarded 2.8 million dollars in an ACPA lawsuit against typosquatters and cybersquatters in addition to gaining control of the offending domain names.[10]
  • Additionally, if a cybersquatting offense misleads Internet users by directing them to sites with pornographic or explicit content, the cybersquatter can be charged under the Truth in Domain Names Act of 2003.[11][12]

Legal Recourse

In America, a trademark owner is able to sue over alleged cybersquatting through The Anticybersquatting Consumer Protection Act; and in some cases the cybersquatter has been made to not only hand over the trademarked domain but also pay money damages.[13]


  1. Domain Name Handbook
  2. 2.0 2.1 History of Cyber Squatting
  3. 3.0 3.1 UK complaints over cyber squatting hit record and face increase by Jeevan Vasagar
  4. Keyt Law
  5. Harvard Law
  6. Ars Tecnica
  7. Think Digit
  8. Only 2% of phishing attacks use cybersquatted domain names. Published 2012 October 25. Retrieved 2012 November 13.
  9. 9.0 9.1 The Anticybersquatting Consumer Protection Act: Key Information by Martin Samson (as originally cited in Shields v. Zuccarini, 254 F3d 476 - 3d Cir. 2001), Internet Library of Law and Court Decisions
  10. Cybersquatting; typosquatting – Facebook’s $2.8 million in damages and domain names by Christy Roth, Marianne Dunham and Jason Watson (May 10, 2013), Lexology
  11. Truth in Domain Names Act of 2003, Cybertelecom
  12. 18 U.S. Code § 2252B - Misleading domain names on the Internet, Legal Information Institute
  13. Nolo Legal Encyclopedia