Ask HN: How to prevent a company from taking my domain name?
I was in my early 20s and one could argue, that it was not the wisest decion of a young adult, but I don't regret it honestly. It always felt like I have a small piece of the web realestate which has my name labeled on it and I absolutely love my fname@lname.com email address. I created an address for my wife, father, mother, brother and his wife in the same way which they are using daily and are proud of.
I was very stressed for any domain or registrar errors that might cause that I lose the domain name and I still am very afraid of it. I have however read quite a few "horror stories" in the past years, regarding bigger companies which were able to obtain people's personal or business domain names, just because they are huge companies with extensive finances and good lawyers. I already know of two companies in different countries which have the very same name as I occasionally receive emails written to them on my catch-all email address.
For now the domain is used to host our personal sites, but I recently started working as a web developer and may do freelance work or even create a startup or company in the future. I don't know what this domain will be used for, but I can't say that it will always be for personal use. Maybe it will be the same industry as other companies with the same name. Maybe not. I know a domain name can't be patented. Trademarking is possible, but there are a lot of requirements. What do experts propose?
TLDR: What can I do to secure my domain name, no matter what happens?
94 comments
[ 3.5 ms ] story [ 180 ms ] threadTip 1: Pick an enterprise-class domain name registry.
Tip 2: Set up 2FA that isn't phone-based.
Tip 3: Request DNSSEC from your registrar.
I've used name.com, namecheap.com, sav.com and porkbun.com as registrars without difficulty, although one will always find anecdotal reports of problems other users have had with any service.
GoDaddy, on the other hand, is to be avoided. It's like the PayPal of domains. Awful customer service and dark patterns everywhere.
My experience is many years old now, but when Network Solutions's incompetence resulted in our glue records getting changed by hackers, the startup I was at switched to MarkMonitor. At the time, MarkMonitor charged a large premium per domain year, and a significant annual cost to setup 'registry lock' (which prevents the customer or the registrar from making changes to the domain without going through a proccess with the registry), and they had IIRC a $10k/year minimum spending commitment. A lot has changed since then, it's probably worth getting them on the phone if you're serious about your domain, but it's probably still going to be expensive. Get on the phone with at least CSC Domains as well.
Registrar. You can't buy directly from the registry unless you become registrar yourself.
Some other important tips:
- make sure auto-renew is enabled with a reliable credit card
- make sure to update your personal data once a year. Registrars are mandated by the registry to send a reminder email once a year, but for an important domain I'd also set a recurring reminder every year, 2 weeks before expiration to make sure that everything is ok. You probably shouldn't "setup and *forget*" your domain names
- if you can afford it, make sure to register multiple years at once, the max is usually 10 years, but I'd recommend registering for only 9 years, because if you need to transfer to another registrar for some reason, the registration will be bumped 1 year. If you're already at 10, you're stuck.
> At the time, it didn’t seem like the start of an all-consuming legal battle, a David vs. Goliath fight that took nearly 10 years and cost the small business owner millions of dollars—to say nothing of the incalculable toll on his personal life.
Not exactly a great example of “fine”.
He could have just sold the domain for a ton of money and had Nissan give him uzi.nissan.com in perpetuity, for example.
I mean, I'm all for freedom and all, but being smart about things is also a solid guiding principle.
Edit:
Ah, he agreed at some point:
> “Who the hell wants to buy a computer from a company that’s in a lawsuit with a giant like Nissan Motor?” he said. “I would have let it go first day if I knew what I would have to go through, and what it would do to me and my family,” Uzi told Jalopnik. “I was driven 99.9 percent out of business.”
> “Court proceedings were going every week,” he added. “I had to read hundreds of pages of proceedings and make sure they are correct. The best attorneys will make mistakes. You know your story more than anybody else. And then you don’t have time for anything else.”
> […]
> If you have a question not answered above, feel free to send it to: faq at gail period com. Thanks for visiting.
Now I wonder what the other address is. Probably gail@ or mail@. Actually the last one rhymes, I hope she uses that.
Everyone thinks .com is so desirable; but just think, she could have: snail.mail@gail.mail.
Bloody hell, there could be some spicy stuff on a few of those emails!
https://www.gailonline.com/
Gas Authority of India Limited, USD $12Bn annual revenue.
(IL and CL are very common in company names here that originated as initialisms. Something India Limited or Something Corporation Limited. E.g. HPCL, BPCL, CRISIL, etc)
in case: be open selling your domain? just as one possibility to avoid lengthy legal disputes / costly interactions with lawyers!?
you mentioned above, you are "from a poor country" ... several k or even some 2 digit k of us$ / euro - depending on the actual name - might be a decent pain-compensation for "loosing" your domain and carry you further in your country than a stupid personal domain with nice email-addresses attached to it ;))
Don't confront them to offer them anything, let them come to you.
Trademarks dont mean you own a word, they mean that the use of that word is to be protected from passing-off/impersonation (intentional or otherwise).
So by all means call yourself Coke - just dont market yourself as a soft-drink (or whatever other categories the mark is held and/or defended in).
If the person holds an asset and isn’t doing anything malicious with it there is zero reason they should be forced to give it up just because some corporation wants it.
Offering to sell the domain will probably count as evidence that you've registered it in bad faith rather, and make it easier for a trademark owner to win a dispute.
If they ever decide to do business in your country, expect them to want their name. They will probably take you and your registrar to court, but in the end, they will have to pay you for the name.
Domains don't cost a lot, but I would just take what they offer you, don't try to fleece them because you got there first.
I would look at another domain name as a fallback should any of this happen, but just keep in mind that it's a possibility.
If it’s your family name, what can they do but bleed you in legal costs? It depends on the country maybe, but I would not part with that domain in my country if it’s my family name and registered ages ago (clearly not to try to blackmail that company). Not sure anyone should.
Horrible advice.
It's just a name, and if you're not a registered company, you're going to be seen as a squatter no matter what.
All I'm suggesting is to be prepared to have the domain ownership contested and have a backup if you have to change domains.
> I spent like a year or so to save up for it, which cost roughly 6 months of average net salaries in my country about 7 years ago.
Not really, you are stating, matter of factly, that the big evil corp will own it and you are basically screwed. This is not true (in places I know, but might differ somewhere) if it’s not squatting and it’s actually your family name. It’s beyond reasonable.
Also, I find this capitalist overlord cynicism really quite annoying. I would help OP with legal fees to prevent this from happening. Just laying down and get pummelled just because it’s a big corp should not be the default.
It wasn't $5.
How can I get a hold of this domain?
I would keep it as far away from anything business-like as possible.
It is worth noting that for a trademark to be enforceable it has to be in use, at least in the US. So if you're not going to use it in any way, then yeah it has no value.
But if you are going to use that trademark then it can give you an awful lot of protection. Note that defense of a trademark is usually around if there is potential for confusion. Say the trademark is the name of a medicine and your trademark includes that name but you sell luggage, the phamaceutical company doesn't really have a claim against you because they don't operate in that area and there's no potential confusion. If you want to sell first aid kits however that might be a problem.
Without a trademark, you may still face a company who does have a trademark.
By far the most likely outcome is that a company that is interested in your domain will offer to buy it from you for a nice sum. You are free to reject their offer.
They may decide to sue you but you have a good standing because it is your last name. Relax.
I have three domains (.com, .org, and .net) of my [first initial][last name][.tld]. Have had them for a long time.
A defense law firm in Australia, set up a domain, with [first initial][last name].com.au
I used to get regular emails, with terrifyingly personal stuff in them. Many of these emails came from Australian government/court orgs. They probably could have been sued into the mantle for some of the stuff (like juvenile criminal proceedings), that got sent to some random Yank in New York.
I was always careful to forward everything I got to the lawyers, along with contacting the courts, and letting them know their mistake.
In a couple of instances, I was thanked. In most, I was ignored.
No one ever tried the barratry route with me. I actually probably would have sold them my domains at cost, if they had asked, but they never did.
I haven't gotten one of those emails in years. I have no idea why.
These weren't frequent, so it wasn't a big deal, and I didn't want these to get lost, as they were of critical importance to the people they concerned (like life/death jail/free stuff).
Do not enterain any offers. If they reach out, it is best to completly ignore and do not respond. Failing that, tell them it is your name, and your name is not for sale at any price.
If they ever try to take you to court, point the judge to nissan.com which is owned by someone with the name Nissan, and even the large car manufacturer did not have the right to take it.
You can't use the domain name for the same activity (the same Nice class https://en.wikipedia.org/wiki/International_(Nice)_Classific...) as the company with the same name that has a trademark for the same activity class.
If you follow this rule no company will be able to contest your domain name.
I don't care if they printed out my domain on a car print or a card or something that they give out. That's not my problem.
The thing is, companies can (at least under some TLD's) claim domain names. But this claim has to be tested. And the test that I'm aware that exists is kinda if you have some kind of claim to it as well. It may that you own a business with that name, but it's also claim enough that you have that name as your name. Then your claim is valid and you had it first.
I'm not sure how it works with .com, but I wouldn't think they are very different.
In whois records I've seen something called registry lock, may be worth for you to look into that: https://internetstiftelsen.se/en/domains/tech-tools/registry...
Some basic rules if you wish to keep the domain:
* Don't offer to sell the domain. If you are contacted by a prospective buyer, just decline, saying that the domain is not for sale. Don't counter-offer or enter into discussions or negotiations.
* Don't put ads or links to third-party commercial entities on your website. If you're going to use it for business purposes, make sure that it's just for your business, which incorprates your family name, eg FamilyName IT Services Ltd.
* Make sure your website has an "About Me/Us" page, which briefly outlines who you are, ensuring that you mention that your Family Name is the same as the domain name.
* The advice in this thread regarding use of 2FA on everything is sound. I've a high value domain portfolio and receive password reset requests every week, triggered by bad actors trying to access anything that they can think of that might give them access to accounts.
* Don't use GoDaddy or any or their network.
* Read up on UDRP (dispute resolution) and Reverse Name Hijacking if you want to get up to speed on the legal and procedural issues that might affect you.
* Domain disputes are a specialised field and you would need the advice of a specialised lawyer if you find yourself the recipient of a UDRP complaint. John Berryhill (I've no connection) is well regarded in this area, and I'm sure that there are others. He would be my first port of call.
And now I am concerned for the domain I use for our family email addresses, which is not related to our last names (well, it has the initials of me and my wife, but then I added a random number to make it available. It's 3 letters domain)
Not a company I’d like to support.
If your name is Apple and you somehow obtain new domain named apple.newtld you have a chance to loose the domain if there is any way it can be seen as profiting off of the association with the APL. For example if you put ads on a page that is nominally your personal page it can be seen as getting traffic from people who mistakenly came to this page since there is very little chance they came legitimately.
If it is large company they will be looking at every possible way to get your domain and the only way to fight it is to either spend huge amount of money on lawyers or not give any pretext, however small.
You are also as likely to lose the domain by a targeted attack by people who hope to then sell the domain. If you have a nice domain name you need to invest a bit of thought in protecting it from takover (locking the domain, protecting your information, not using your regular phone number, phone, email, laptop, etc. to have anything to do with the admin access to the domain).
Since company tax filings are public in Sweden, you can deduct Amazon paid ~$500k for amazon.se, which in my mind is very cheap.
But do make sure you have auto-renew setup etc. If you lose it, they can nab it fast and it'd be hard to get it back.
Instead of auto-renew I register my domains for 10 years, and add an annual recurring event to my calendar to remind me to add another year.
That way I keep the expiration 9-10 years in the future so that if there is ever a big price increase and I need to move to a cheaper domain I've got a long time to make the move.
No need for auto-renew because there is no way that I'd manage to miss the calendar events enough years in a row to have the domains expire, and even if I did have auto-renew the on-file credit card information would be out of date when it is time to auto-renew.
https://en.wikipedia.org/wiki/Apple_Corps
I always wondered how Apple Computer Inc. were allowed to enter the iPod business without being sued again.
They were sued again. Apple Computer won the case.
AFAIK Trademarks are not automatically an international thing. A business would need to make an effort to register in multiple countries. Trademarks are also not all industries, all at once. McDonald's wouldn't like it, but if my last name was McDonald, and I wanted to setup a lawnmowing business called McDonald's Lawnmowing, they cannot stop me (although you can bet they'd try to scare me off).
I am not sure of your financial position, but it might be economical to register a business name, and even a trademark in your country. This will will give you one more level of protection. They would need to challenge your trademark first. Now, protecting a trademark is not necessarily cheap. It could be a matter of sending a few "piss off" letters in response to their inflated threats, but it could escalate. That said, the same escalation could happen regardless of you having a trademark. Depending on your country, people can (and do) sue other people with no legal standing, and use costs of defending oneself as a cudgel to get what they want.
- ask your registrar to do the 'registry lock' on your domain. Not registrar lock but 'registry lock' specifically. Most will do this. If they won't, then transfer to another registrar.
- register the domain for at least 5 years. 10 years if you can.
- use the 2FA at your domain registrar. There are some registrars that offer a "pass code" or other task to be performed before the domain can be transferred. At one registrar, I have the requirement that they need to call me on my cell phone and I must mention a code word to them.
- If you're using Google or a Google Account (not recommended but in some cases it's necessary), then absolutely sign up for Google Advanced Protection. I cannot tell you how many domains have been stolen and lost because they were using a google account (gmail).
- Remove privacy whois on your domain. Use a business address, email (not gmail) and a real phone number on the whois of your domain. If the domain is stolen, then the whois history will show who owns it... if it goes to privacy then the thief/hacker most likely wants to hide themselves. If you get spam email/calls from that public whois data, then change registrars. It's certain registrars that are giving out or allowing scraping of their whois data.
- If you don't already own a trademark on the word in the domain, then don't think that that getting a tm will protect your domain name. If you registered the domain before someone files for the trademark, then you have the rights to it. Don't let anyone else tell you that you don't, especially if you are using it for a website.