Legal Protection of Domain Names: Challenges in the Digital Age

Abstract

Due to the growth of the internet, people now rely on their online identities. An essential part of this online identity is domain names, which are used to determine internet services. As a result, its brand worth increased. But its inherent value has also attracted malicious issues. This article aims to lay out emerging issues such trademark infringement, phishing, cybersquatting, and hijacking. While offers solutions by updating the legal framework, developing new types of sanctions, and using AI detection methods to reduce global domain abuse and improve law enforcement.

Keywords

Domain names | Cybersquatting | Domain Hijacking | Trademark Infringement | ACPA | UDRP

Introduction

A domain name is “a unique alphanumeric address used to identify a location on the Internet, which may function as a business identifier, comparable to a trademark”.¹

In the past few centuries, the Internet Has Utilized IP addresses, which was composed of four sets of numbers specific to each computer. However, it’s hard for humans to remember them. As a result, the Domain Name System (DNS) was created in 1983. Symbolics.com was first registered in 1985 by a computer company named Symbolics, INC.²

It was composed of two groups of names Top-Level Domain (TLD): like “com” and Second-Level Domain (SLD) like symbolics.This helped users to type easily names instead of numbers.³

The widespread use of the internet makes domain names become valuable assets and evolved from simply technical shortcuts to represent a brand identity, goodwill, and online reputation.

The article addresses the legal issues that domain names face including cybersquatting, domain hijacking, trademark infringement, and phishing, calling for a review of legal frameworks and enforcement strategies.

The objective of this research is to shed light on how domain names are legally protected under US law by setting the limitations of the current legal framework such as the Uniform Domain Name Dispute Resolution Policy (UDRP) and the Anticybersquatting Consumer Protection Act (ACPA), in dealing with cybersquatting, bad-faith registrations, and trademark infringement. By illuminating global challenges, this study contributes to advancing knowledge in the field of intellectual property law and encourages secure and fair use through the creation of robust frameworks for safeguarding domain names. It also raises awareness among users and policymakers about the importance of domain names as digital assets, rather than merely technical tools.

Literature Review

As the internet evolved, so have AI methods for online searching, resulting in the expansion of domains like .com, .NET, and .org, among many others. In the digital era, this development has important ramifications for companies and freelancers.⁴In that context, Jacqueline D. Lipton (2023) claims that domain name extensions make it harder for brand owners to register their names in all of these variants.⁵ As a result, cybersquatters find it easier to take advantage of unprotected domain names, particularly using AI to create fake domain names that mimic well-known companies. This situation puts medium-sized enterprises more vulnerable to cybersquatting and consumer confusion compared to bigger corporations because they lack the resources or legal expertise to take legal action.⁶

According to IP expert Irene Calboli (2024), current Legal frameworks such as UDRP and ACPA have significant loopholes. The registration of domain names in another country can not be stopped by ACPA because it is only applied to the US. Also, the UDRP can assist in transferring or canceling a domain name. But, it does not penalize the cybersquatter or compensate the victim, therefore many malicious actors continue their activities.⁷

Another issue that draws the attention of Calboli is domain hijacking, which happens when an unauthorized person takes control of a domain name without the owner’s consent. As a result, it complicates international enforcement.⁸

Furthermore, following Mark Lemley (2024), the protection of domain names is limited to trademark owners and neglect activists, small creators, and public figures. Lastly, those systems are slowly adjusting news tactics used by cybersquatters such as the use of AI or fake registration.⁹

Methodology

The research explores the legal challenges related to domain name protection, including cybersquatting, domain hijacking, trademark infringement, and phishing and proposed solutions for it. Legal databases like WIPO Lex and LexisNexis, scholarly publications, articles, and reports from international organizations, as well as research papers, treaties, and court rulings from US jurisdictions, are all cited in this article.

The Data gathered was combined to provide a comprehensive understanding of the issues and identify key trends and solutions presented in this article.

Result

The ACPA and UDRP provide an administrative procedure for resolving domain name disputes.¹⁰ While they are considered valuable tools, it has certain limitations. To start with, The scope of UDRP is restricted because it only applies to specific domain name registrars and registries that have ratified the policy.

In some situations, Respondents might delay or hinder lawful trademark enforcement by using UDRP. Additionally, a successful UDRP decision is not necessarily legally binding if it is appealed to the court and does not result in financial compensation.¹¹

According to the 2025 WIPO report, 6,168 UDRP cases were filed in 2024. Its benefit is to registered trademark owners, not individuals like activists, influencers, or small creators who lack formal trademarks.¹²

On the other hand, The ACPA is a federal statute that only applies in the US and finds it difficult to combat cybersquatters internationally. ACPA Requires proof of bad faith to protect domain name which is challenging especially when the registrant uses the name for parody or criticism or asserts legitimate interests.¹³

The development of AI has resulted in trademark infringement, phishing, and domain hacking. For example, the number of browser-based phishing attempts increased by 140 in 2024.¹⁴ In addition, there is a rise in UDRP complaints for .AI ccTLDs along with other country-code domains. All those domain extensions and abuse make detection and enforcement more difficult.¹⁵

Discussion

Today, organizations like WIPO or ICANN, national governments and experts are responsible for developing various domain name protection strategies.

One crucial way to protect domain names is through legal frameworks like the UDRP and the ACPA. To begin with, UDRP needs a new system of penalties to be enforced across borders. Combating cybersquatters can be helped by financial sanctions or compensation, such as fines or damages to global domain name disputes. ¹⁶

For example, ACPA grants penalties ranging from $1,000 to $100,000 for fake domain.¹⁷ However, ACPA is only enforced in the US. It was extended through dealing with treaties like the United States-Mexico-Canada Agreement, which states that the three countries must have a similar system like the UDRP.¹⁸

To protect domain name, it’s advisable to use strategies such as AI as a tool to analyze the vast amount of data, spot trends, and build wise predictions. For example, advanced machine learning, computer vision, and NLP techniques can combat cybersquatting and detect trademark infringement and combat cybersquatting.¹⁹

On the other hand, WIPO governments, academic institutions and private companies like GoDaddy create free guidance educational programs to ensure that small businesses and activists protect their domain names. Today, organizations like WIPO or ICANN, national governments and experts are responsible for developing various domain name protection strategies.²⁰

Conclusion

In conclusion, The existing rules for domain names like ACPA and UDRP and its dispute resolution regime are criticized.²¹ As a result, New effective solution strategies must be considered. We must update the existing legal framework, develop new sanctions, use smart detection tools, uphold close international collaboration, and make legal guidance more accessible. If we take those steps, we can create a fair and safe online space where companies can safeguard their online identities without fear of exploitation.

References

1. Lipton, Jacqueline D. Law and Policy for the Internet. 2nd ed., Oxford University Press, 2023.
2. Calboli, Irene. “The Global Challenges of Domain Name Protection.” Georgetown Journal of International Law, vol. 45, 2024.
3. Lemley, Mark A. “The Modern Trademark.” Stanford Technology Law Review, vol. 18, 2024
4. Gabriel Matias, The Role of Freelancers in the Digital Transformation of Your Company, CROWD Blog (June 8, 2023), https://blog.crowd.br.com/en/freelance-digital-transformation/ 5. Internet Corporation for Assigned Names and Numbers (ICANN). Uniform Domain Name Dispute Resolution Policy (UDRP), 1999,https://www.icann.org/resources/pages/policy-2012-02-25-en.

6. U.S. Congress. Anticybersquatting Consumer Protection Act, 15 U.S.C. § 1125(d), 1999.
7. World Intellectual Property Organization (WIPO). WIPO Overview of WIPO Panel Views on Selected UDRP Questions, 3rd ed., 2025, https://www.wipo.int/amc/en/domains/search/.
8. U.S. Department of State. United States–Mexico–Canada Agreement (USMCA), Intellectual Property Chapter, art. 20.11, 2020,

https://ustr.gov/trade-agreements/free-trade-agreements/united-states-mexico-canada-agreem ent.

9. AFRINIC, UDRP and the ACPA: Differences, Advantages, and Their Inconveniences, https://afrinic.net/udrp-and-the-acpa-differences-advantages-and-their-inconveniences (last visited June 12, 2025).

10.Arterton, Jamison. “Remedies for Cybersquatting: UDRP vs. ACPA.” Mintz Law, 22 Sept. 2021, https://www.mintz.com/insights-center/viewpoints/2226/2021-09-remedies-cybersquatting-udrp -vs-acpa.

11. Ghosh, Agnee. “URL Trademark Infringement and UDRP: What Brand Owners Need to Know.” Red Points Blog, 23 Mar. 2023,

https://www.redpoints.com/blog/url-trademark-infringement-udrp/.

12.IP Twins. “UDRP: Perfectible.” Lexology, 29 June 2022,

https://www.lexology.com/library/detail.aspx?g=33f64f4f-73dc-4562-a0b4-1bfb3d2f3f62.

13.ICANN Security and Stability Advisory Committee. SAC115: An Interoperable Internet and the Public Interest, 2023, https://www.icann.org/en/system/files/files/sac115-en.pdf.

14.Nayak, Shreya, et al. “Outsmarting Cybersquatters: The Role of AI in Domain Name Protection.” Journal of Internet Law, vol. 14, no. 3, 2025, pp. 44–60.

15.WIPO Arbitration and Mediation Center. Growing Your Brand Online: Collaboration Between IP Offices and ccTLDs, 2024,

https://www.wipo.int/export/sites/www/amc/en/docs/brandccTLDs.pdf.

16.Novagraaf. “Your Guide to UDRP Dispute Management.” Novagraaf Insights, 2025, https://www.novagraaf.com/en/insights/udrp-dispute-guide.

17.GoDaddy. “Domain Name Security and Protection Guide for Small Businesses.” GoDaddy Resources, 2024, https://www.godaddy.com/resources/smallbusiness/domain-protection.

18.ICANN Office of the CTO. “ICANN’s SSR Research Look-Back 2023.” ICANN OCTO Blog, Jan. 2024, https://www.icann.org/en/blogs/details/icanns-ssr-research-2023-lookback. 19.Julien Chaisse & Danny Friedmann, Law of the Digital Domain: Trademarks, Domain Names, and the AI Frontier, 64 Idea 399 (Franklin Pierce Ctr. for Intell. Prop. 2024), https://law.unh.edu/sites/default/files/media/2024-03/chaisse0friedmann_publication_law -of-the-digital-domain.pdf.

¹ 15 U.S. Code § 1125(d) (ACPA)

² John C. Abell, March 15, 1985: Dot-Com Revolution Starts With a Whimper, Wired (Mar. 15, 2010), https://www.wired.com/2010/03/0315-symbolics-first-dotcom/.

³ Mark J. Gundersen, Want to Be Ruler of Your Own Domain? The Name’s the Thing in E-Business, Bus. Law Today, May/June 2002, at 18, 21, https://www.jstor.org/stable/23292797.

⁴Gabriel Matias, The Role of Freelancers in the Digital Transformation of Your Company, CROWD Blog (June 8, 2023), https://blog.crowd.br.com/en/freelance-digital-transformation/ (last visited June 9, 2025)

⁵ Jacqueline D. Lipton, Beyond Cybersquatting: Trademark Law and Domain Name Disputes in the Digital Age, 33 Fordham Intell. Prop. Media & Ent. L.J. 1 (2023).

⁶Ibid.

⁷ Dr. Irene Calboli, “Challenges in Domain Name Protection: Limitations of ACPA and UDRP,” (2024) Journal of Intellectual Property Law and Practice, vol. 19, no. 2, pp. 112–125.

⁸Ibid.

⁹ Mark A. Lemley & Peter Henderson, The Mirage of Artificial Intelligence Terms of Use Restrictions, arXiv (Dec. 10, 2024), https://arxiv.org/abs/2412.07066.

¹⁰ AFRINIC, UDRP and the ACPA: Differences, Advantages, and Their Inconveniences,

https://afrinic.net/udrp-and-the-acpa-differences-advantages-and-their-inconveniences (last visited June 12, 2025).

¹¹ Connie L. Ellerbach, UDRP Versus ACPA: Choosing the Right Tool to Challenge Cybersquatting (Sept. 29, 2003), Fenwick & West LLP, available at https://assets.fenwick.com/legacy/FenwickDocuments/UDRP_Versus_ACPA.pdf

¹² WIPO Arbitration & Mediation Center, WIPO Domain Name Report 2024: UDRP Case Filings Remain Strong (Jan. 15, 2025), https://www.wipo.int/amc/en/domains/news/2025/news_0001.html.

¹³ Daniel S. Dolgin, The UDRP and the ACPA: What Are They and Which Should Be Used, 28 Man. L.J. 104 (2011), available at

https://themanitobalawjournal.com/wp-content/uploads/articles/MLJ_28.4/The-UDRP-and-the-ACPA-What-Are-They-and Which-Should-Be-Used.pdf en.wikipedia.org+7themanitobalawjournal.com+7dunnerlaw.com+7.

¹⁴ SC Staff, Browser‑Based Phishing Attacks Surge Due to AI, SC Media (Mar. 20, 2025) (describing a 140% year‑over‑year increase in browser‑based phishing intrusions in 2024), available at

https://www.scworld.com/brief/browser-based-phishing-attacks-surge-due-to-ai

¹⁵ Kevin Murphy, .ai Helps UDRP Cases Rise in 2023, WIPO Says, Domain Incite (Jan. 26, 2024), https://domainincite.com/29398-ai-helps-udrp-cases-rise-in-2023-wipo-says.

¹⁶ Jamison Arterton, Remedies for Cybersquatting: UDRP vs. ACPA, MINTZ (Sept. 22, 2021), https://www.mintz.com/insights-center/viewpoints/2226/2021-09-remedies-cybersquatting-udrp-vs-acpa.

¹⁷ 15 U.S.C. §1117(d) (ACPA) – U.S. statute allowing $1,000–$100,000 statutory damages per cybersquatted domainlawreview.law.ucdavis.edu

¹⁸ United States-Mexico-Canada Agreement (USMCA), Intellectual Property Chapter, Art. 20.11 (2018), Available at: https://ustr.gov/trade-agreements/free-trade-agreements/united-states-mexico-canada-agreement/agreement-between.

¹⁹ Partha Shankar Nayak et al., Outsmarting Cyber Squatters: The Role of AI in Domain Name Protection, 14 J. Neonatal Surgery 1475, 1475–82 (2025), https://doi.org/10.52783/jns.v14.3869

²⁰ WIPO Arbitration and Mediation Center, Growing Your Brand Online – Collaboration Between IP Offices and ccTLDs (2024), https://www.wipo.int/amc/en/domains/news/2024/news_0001.html.

²¹ Julien Chaisse & Danny Friedmann, Law of the Digital Domain: Trademarks, Domain Names, and the AI Frontier, 64 Idea 399 (Franklin Pierce Ctr. for Intell. Prop. 2024),

https://law.unh.edu/sites/default/files/media/2024-03/chaisse0friedmann_publication_law-of-the-digital-domain.pdf.