Website domain names as we know them will look dramatically different now that the menu of Internet domain name suffixes is expanding. The Internet Corporation for Assigned Names and Numbers (ICANN) recently released the first wave of new generic top-level domain names (gTLDs)—a number that ultimately will exceed more than 1,000 when the expansion is complete. Suffixes such as “.clothing,” “.guru,” “.technology,” and “.sexy” are now available for registration of domain names alongside traditional standbys such as “.com,” “.edu,” and “.org.”
As discussed in a prior legal alert, ICANN’s new gTLD system will expand the domain name environment from 22 gTLDs to more than 1,000. The Association of National Advertisers and other advocacy organizations have worked hard to make private industry aware of this issue, but many companies might not be fully aware of this transformative change in Internet naming and how it will affect their organizations.
New gTLDs pose a number of risks to the corporate environment that, if not fully evaluated, may catch marketing, IT, and security teams unaware. Such risks include:
-
Trademark Abuse and Ensuing Consumer Confusion: Due to the number of new gTLDs, it is not economically feasible to comprehensively pre-register brands as domain names as a prophylactic measure to protect the company’s good name. But, there are limited brand protection mechanisms available to trademark owners that can be utilized as a first line of defense in a broader and thoughtful brand protection strategy.
-
Potential Decline in Overall Internet Health: Issues arising from the complexity of Domain Name System (DNS) expansion, if not fully resolved, could pose security risks and potentially destabilize global Internet operations. As we have previously discussed in Ballard Spahr webinars, with three new Internet root-level technologies (new gTLDs, Domain Name System Security Extensions (DNSSEC), and Internet Protocol version 6 (IPv6)) coming online in the next two years, we remain concerned about overall Internet stability.
-
Internet Security Issues: A phenomenon called “name collision” can occur for those entities that have established private namespaces in their local corporate environments based on assumptions about the finite number of top-level domains. Those private namespaces may “collide” with newly delegated gTLDs when private networks end up querying the public-facing DNS root servers.
Brand Management/Trademark Considerations
The new gTLDs will launch in a series of batches over the next two years. The first four batches launched on November 26, December 3, December 9, and December 10, 2013. The fifth batch launched today, December 11, 2013. Details are available in the table below and in a section of ICANN’s website that explains the sunrise claims periods, or the time frames within which a trademark owner can register a domain name containing the owned mark.
|
New gTLDs
|
|
.bike
|
.clothing
|
.guru
|
|
.camera
|
.equipment
|
.estate
|
|
.holdings
|
.plumbing
|
.singles
|
|
.gallery
|
.graphics
|
.lighting
|
|
.ventures
|
.photography
|
.menu
|
|
.uno
|
???
|
.today
|
|
.construction
|
.contractors
|
.directory
|
|
.kitchen
|
.land
|
.technology
|
|
.tattoo
|
.sexy
|
|
The new gTLDs create a vastly larger domain name space in which brand owners will need to protect and enforce trademark rights against abuse by cybersquatters, online trademark infringers, and fraudsters. Given the sheer volume of the expansion, many brand owners feel that the system forces them to participate by defensively registering their trademarks as domain names they will never use just to keep them out of the hands of miscreants. For more about the controversy, see the Association of National Advertisers CRIDO website.
Doing nothing can be costly, but the scope of the new gTLD systems makes a comprehensive defensive registration strategy prohibitively expensive. As a result, companies should approach protecting their brands in this system strategically and thoughtfully. How and to what extent a company can and should protect its trademarks under the new system is a function of practical cost and the company’s particular branding and online marketing strategy. Our integrated team of attorneys and security specialists can work with your team to discuss the new naming universe that lies ahead.
There are two primary rights protection mechanisms offered by ICANN that companies can take advantage of at this stage to protect their brands in the new gTLD environment: the Trademark Clearinghouse and the Sunrise Period. In addition, some gTLD registries (various private companies responsible for distributing and maintaining domain names in the new gTLD spaces) are offering rights protection mechanisms intended to protect trademarks within the gTLD spaces they control.
Trademark Clearinghouse
The Trademark Clearinghouse (TMCH) lets brand owners record their registered trademarks (and other qualifying trademarks) with ICANN, and provides two important advantages:
-
Recording on the TMCH is a prerequisite for registration of a domain name during the Sunrise Period discussed below.
-
For a limited time, when someone registers a trademark recorded on the TMCH, the brand owner (and the would-be registrant) will be notified of potentially infringing registrations.
The cost to record a trademark on the TMCH varies depends on volume and vendor, but it is roughly $690 for three years.
Sunrise Period
As the new gTLDs are deployed, the registries will provide TMCH registrants with a Sunrise Period during which they can register their trademarks as domain names before registration opens to the general public. The timing and cost for registering domain names during this time will be unique for each gTLD.
The Sunrise Period for the first batch of new gTLDs noted above closes on January 24, 2014. The Sunrise Period for the second batch closes on January 31, 2014. For these batches, the fee to register during the Sunrise Period is $200. In addition, there is an annual fee to register the domain name, which will vary depending on the gTLD (typically between $35 and $50).
Take note, however, that vendors are reporting delays. For defensive Sunrise registrations, it is best to get on the TMCH as soon as possible and keep watch for the start of the Sunrise Period for the new gTLD of interest (or concern).
Registry-Sponsored Rights Protection Mechanisms
In addition to the mechanisms provided by ICANN, some gTLD registries have initiated rights protection mechanisms (RPMs) to protect trademarks within the gTLDs they control. For example, Donuts Inc., has proposed additional RPMs for the 300 gTLDs it controls. One Donuts-sponsored RPM is the Domain Protected Marks List (DPML). For brand owners who qualify (and for a price of $3,000 per trademark), the DPML will block the registration of any domain name containing a trademark on its list for five years across the more than 300 Donuts-controlled gTLDs.
Security Concerns with DNS Collision
After several months of advocacy (and Ballard Spahr attorneys fighting this issue at ICANN meetings in Toronto, Beijing, and Durban, South Africa, with many other international organizations and advocates), ICANN has finally put together an IT communications package about internal DNS namespace collisions and what they could mean for IT operations.
The root cause of DNS namespace collisions results from a common internal server naming convention a few years ago. IT administrators would name internal e-mail servers, switches, routers, corporate Intranets, and other internal infrastructure with domain names that would not resolve on the public DNS. IT administrators implemented this practice so the internal servers would still be “up,” even though a corporation may not have access to the public Internet.
So, instead of www.corporation.technology.com, a corporate e-mail server could be named simply corporation.technology. With the “.technology” domain coming online shortly, a DNS query a network administrator intended to have resolved locally, using an internal name space, will now be resolved using the public DNS (if segmentation protections are not employed).
As stated in ICANN’s own report, “[u]nder these circumstances, queries that were never anticipated to leave the internal network are now getting results in the global DNS, and those results are different. At a minimum, leaked names that produce differing results may be bothersome to users (e.g., they may cause delayed access to web pages). They may also pose security problems (such as email being sent to the wrong recipients).”
ICANN will be working with Internet registries to notify organizations of such conflicts, but we strongly recommend that organizations not rely on such communications. There will be a very short notification window, and we encourage organizations to fix any problems in their internal corporate networks. We encourage the development of the following IT strategy within corporate networks:
-
Monitor domain name services, compile a list of internal, non-resolving domain names, and compare this list against the list of new TLD strings.
-
Formulate a plan to mitigate causes of any data leakage onto the public network (i.e., develop a domain renaming strategy that could take considerable time).
-
Prepare network administrators and IT operations teams for the impending change in name usage by notifying them in advance or providing training. Relying solely on generic security awareness training to your IT users will not be enough.
-
Implement a plan to mitigate the potential collision.
Periodically, Ballard Spahr issues alerts identifying the latest gTLD news, including updated schedules of new gTLD launches and Sunrise Periods. In the meantime, to stay up-to-date on ICANN matters, visit ICANN’s website.
