Mar 29, 2022 - by Matt Serlin

Informed Defensive Domain Strategies Balance Risk Against Budget Constraints

The bulk of any corporate domain name portfolio are defensive registrations. In fact, it’s often true that less than 1% of a corporate portfolio is comprised of actual production sites, and the rest are defensive registrations. Dominating corporate portfolios, defensive domains can be costly to maintain. Therefore, their protective value must justify their price and that value may change over time. Companies must develop a defensive strategy that safeguards the organization’s brands while also staying within budgeting parameters.

Developing an Effective Defensive Strategy

A defensive strategy helps companies predetermine which variations of their brands should be registered as domain names in an effort to thwart scammers, phishers, and infringers. However, it must also take into consideration that a company can never register every possible variation, common typo or misspelling in an effort to direct legitimate website visitors to the actual legitimate sites.

There are two sides to an effective defensive domain strategy. One is defining what to register, where to register it, what the potential variations should be. The second is to monitor for abusive registrations and then take action only when warranted. A company cannot afford to take action against every single registered name that is a close match. The key is to look at who has registered it, why it was registered, and then only take action when absolutely necessary.

Finding the Right Balance

A company could register tens of thousands of names and terms defensively, but there must be reasonableness to the process. This entails finding the right balance between what is reasonable to register (and spend money on) and what is unreasonable. This balance varies from company to company. Some companies are willing to spend more money on defensive domains up-front while others are going to be willing to take more risk and not be as preventative.

Each company has to determine that right balance for them, driven by a combination of budget and risk considerations. Some companies are more budget-constrained or risk-averse than others. Decisions are also guided by reactive situations where they have experienced infringement. Once burned, companies are often keen to allot more funding for defensive registrations. With either approach, companies are well-advised to invest in monitoring to identify registered domains that constitute possible threats.

Leveraging Internal and External Guidance

From an internal standpoint, many different departments within a company are stakeholders for domains including legal, marketing, IT and others. Feedback from each perspective helps inform decisions about defensive registrations. Many organizations benefit from creating Domain Name Councils (DNCs), internal cross-departmental committees that meet periodically to discuss domain topics. Ideally, companies can also seek guidance from outside domain experts to combat infringement and other nefarious activity.

Mature companies typically have a policy in place regarding what standard variations and TLDs should be registered. DNCs can establish the initial policy and then meet periodically to review and revise it. The domain portfolio is a living entity that cannot remain static – it must change as the organization changes.

Domains and their surrounding context are constantly evolving. A list of agreed-upon terms earmarked for defensive registration five years ago may no longer make sense today. As the Internet landscape changes, there are also new terms that companies should perhaps think about registering alongside their brands. For example, the Covid pandemic had an indelible effect on the entire business world, and any policy drafted before it would not have foreseen its impacts. That alone is cause to revisit the portfolio and defensive decisions. Additionally, there has been focus on NFTs, blockchain and crypto and other trends will undoubtedly pop up in the future that are not top-of-mind yet. Thus, companies need to constantly examine and revisit their defensive domain policy according to the new normal, again and again.

Keeping Domains to Thwart Speculators

Domain name professionals know that domain speculators are watching to see which names are expiring at the corporate registrars. Expired names are likely to get picked up by speculators and re-registered, obviously in hopes of reselling them to someone else at a profit. Knowing this possibility, domain owners may be reluctant to let domains lapse or expire. However, they cannot keep all domains so what makes one domain expendable while another us a must-have? Consider what will happen if someone picks up the name – will that cause a major headache in the future? If the answer is yes, it may be wise to hold on to that one.

Where to Pare?

When deciding which domain names to lapse, traffic metrics are helpful in determining how often the domain has been used. Companies should consider dropping domains that are no longer visited and those that are visited only a handful of times, as these are sometimes not worth keeping.

Not all traffic is “good” traffic, of course. Just because a site is getting visitors does not mean those visitors are valuable or even human, as bot visits abound. In addition to visitor statistics, organizations can also check the page views or DNS queries to assess what kind of traffic those typos or misspellings or variations are getting. Also, by appending a UTM code alongside the defensive registration, companies can then see whether or not that traffic is actually converting or have it point to their main website to then see what that traffic does, where visitors go, or whether they complete a transaction. In this way, companies can know if those variations are getting not just traffic but valuable traffic, and understand exactly what’s happening with the traffic. And as this traffic can change over time, a worthwhile defensive registration could become so rarely visited that when checked just a few years later, it could then be lapsed.

Another regular domain type on the chopping block is the highly restricted domain name. If the requirements to qualify are high, meaning if those domains require local presence or business registration, they could pose less risk when lapsed. If domains require a business registration number or the name must match a trademark, even that kind is a little questionable. However, if the requirements are very high and so is the cost, that’s another one to seriously consider removing from the portfolio. Domain names with multiple hyphens are also typically good candidates to consider discarding.

Domains that cost $15/year to maintain are less pricey but expensive defensive domains add up, so it’s essential to make sure each high-priced is truly justified. Some ccTLDs and new gTLDs are up to $1000/year each so shedding any superfluous ones will definitely benefit the bottom line. That said, any domains that have been reclaimed through domain dispute filings or court-ordered transfers, are probably worth keeping.

Technology, Tracking and Measurement

To minimize manual work, companies can rely on modern technology tools to inform their decisions about defensive and active registrations. Next-generation portfolio management offers monitoring and advanced portfolio reporting with powerful searching, sorting and exporting. A dashboard can highlight required actions, current status, actionable intelligence and curated content.

Such technology is able to quickly identify DNS records, organize and parse data, and reveal which sites have had no activity for 6 months, for example. Technology platforms can also be used to categorize and tag defensive registrations versus active site registrations. This allows companies to understand portfolios at a glance, saving them valuable time doing research.

Conclusion

As defensive domains account for such a huge portion of a company’s budget, organizations need to know their money is being well-spent. Companies must define what to register, as well as potential variations, and also detect and act upon abusive registrations. Each company is guided by budget constraints and risk considerations, seeking input from both inside their organization and external resources. Certain domain names are maintained to keep them from speculators, and some lapsed can only be reclaimed at great expense. Paring down domain names requires looking at not only quantity but also quality of traffic, and how restricted the domain is. And as businesses need to be more agile than ever, modern technology is at hand to save time and provide valuable insight on defensive domains. A lean and effective defensive domain strategy strikes the right balance between risk and budget.

Tags: TAG1, TAG2, TAG3, TAG4


Matt Serlin

With a focus on security, service and support, Matt Serlin joined the company in 2017 to lead all domain operations, including client services and domain name provisioning. Matt has over 15 years of direct domain name experience most recently with MarkMonitor where he was instrumental in building the industry’s first dedicated client services team, which has become the de facto standard for all corporate registrars.

Request a demo.

See for yourself the power of the Brandsight platform.

Schedule a demo
Brandsight web application