Guest blog: SIDN BrandGuard: using the results

Human factor is important

Once the software has done its initial classification work, making use of the classified results relies on human judgement: which domain names are actually a threat? The first step is to decide what constitutes a threat. Of course, domain names used for phishing sites and other malicious activities are bad news for any organisation. As are names associated with webshops selling fake goods. But what about domain names linked to websites with no substantial content? Or sites full of sponsored links or adverts? Before you can start sorting your BrandGuard results, you need to decide what kinds of registrations you're worried about.

Recognising malicious registrations is skilled work

The next question is, how can you tell those registrations from the rest? Phishing sites and other malicious websites are often easy to recognise. However, it may take a trained eye – and quite possibly a test purchase – to identify a webshop selling fake goods. When it comes to tackling an identified threat, there are various possibilities. For example, you might need to turn to a third party – hosting service provider, registrar or payment service provider – for help. Or it could be that the best way forward is to initiate proceedings with the relevant dispute resolution body, such as WIPO.

Special challenges facing government bodies

BrandGuard users in the public sector face additional challenges. They'll often come across websites set up by people offering services as agents or intermediaries. A site might, for example, be offering to legally or illegally supply government documents for particular individuals, such as certificates of good behaviour, driving licences or extracts from municipal registers. Such documents are available to the public directly from (the websites of) the relevant government bodies. Nevertheless, independent service providers often offer to supply the documents on an agency basis. High search engine rankings and slick site design typically give visitors the impression that the services offered are legitimate. However, in return for supposedly relieving the user of the 'trouble' of dealing with the relevant public body, the sites charge premium prices for documents issued by public bodies at cost.

Figure 1: screenshot of 24 November 2021 from www.mijnvogaanvragen.nl.

Undesirable or illegal?

While such agency operations may well be undesirable, they aren't necessarily illegal. As with so many things, legality depends on a number of factors. First, whether the service itself is permissible. Is the site offering certificates of good behaviour to people who are ineligible under government guidelines, for example? Or an elderly person's driving test that doesn't conform to the official standards? Is the associated mail domain being used for phishing? Does the 'agency' website make unauthorised use of government logos or written material? If unlawful activities like those are involved, a third party, such as the relevant hosting service provider, will have a legal obligation to take the website down. If they fail to cooperate, they are liable for damages attributable to the site's availability.

Requesting names and contact data

An aggrieved party will often seek to obtain the name and contact details of the party behind a disputed registration. And with good reason: that information enables legal action to be initiated, or at least a summons to be issued. The follow-the-money principle also applies: a payment provider is technically able to say who was paid for a fake certificate of good behaviour, and a hosting service provider knows who paid for their services.

Defensive registrations

SIDN BrandGuard's results are selected primarily on the basis of domain names: a domain name registration can itself be unlawful, even if the name is not being used for a malicious website or content. Many brand owners and companies benefit from having a particular domain name, or, at least, from denying that name to anyone else. It is therefore advisable to register certain obvious domain names yourself for preventive reasons. A version of your domain name with a zero in place of a letter 'o', for example. Defensively registered domain names can then be set up to redirect to your main domain. The tactic is relatively inexpensive and ensures that the domain names in question are unavailable to criminals. Defensive registrations can even be advantageous in terms of search engine optimisation.

Dispute Resolution and NTD

If, despite your defensive registrations, you come across a threatening domain name, you have the option of initiating proceedings. A domain name dispute can often be pursued using an 'alternative' procedure – in other words, a procedure that doesn't involve a law court. Alternative procedures are cheaper and faster than judicial proceedings. They usually involve a complainant asking for control of a domain name registered by someone else. The procedure for settling domain name disputes is decided by the registry for the TLD. So the procedure for a disputed .nl isn't the same as for a disputed .com. Although such procedures may be broadly similar, key details often differ. For example, only a brand owner can start a .com dispute procedure, but anyone with a legitimate interest can dispute control of a .nl domain name. For the legal pursuit of unlawfully registered domain names, SIDN works with ICTRecht. We have extensive experience of notice-and-take-down (NTD) requests, the sourcing of registrants' names and contact details, and domain name-related legal proceedings. In many cases, ICTRecht can quickly and at no charge assess what course of action is likely to offer the best prospects of success. Read more about ICTRecht's legal assistance services.