Cyber-squatting; or “Hey! Get Your Stuff Off My Name!”

The internet is a strange land. Every time you visit a website, you seamlessly interact with a massive domain name system. Currently, this system can hold approximately 4.294 billion addresses, and work is being done to raise this limit, as it is not enough to meet the demand. Each address, called an Internet Protocol (or “IP”) address, is the location of a computer, server, or other device. Normally, IP addresses are arranged into four sets of digits, such as “”.

For humans, names are generally more memorable than IP addresses. So, back in 1983, the “Domain Name System” (the “DNS”) was introduced. Now, instead of having to remember “”, you can find the website by typing “” into your browser.

The DNS is a good system. It’s humanly memorable and easy to use. Businesses love it because they can acquire and use a domain name that promotes their brand and helps consumers to find them.

But the thing about humans is that they make mistakes and are capable of being tricked. As a result, a whole shadow industry has blossomed on the internet of people and businesses purchasing, operating, and selling domain names that are permutations, variations, and misspellings of established names.

It’s not all illegitimate. But there are bad actors, and the DNS can be abused…


A client comes to me having discovered that someone has set up and is operating a similar domain name to theirs on the internet. I look at the problem website. In the address bar, the domain name is virtually identical, only two of the letters are reversed. Turns out, the rogues have registered a number of misspellings of my client’s domain name, as well as a .ca, .org, and .net version of the client’s actual domain name. All these domains redirect traffic to a competitor site.

Then the client tells me he has an aggressive competitor. There’s a long story, but the gist is that this competitor has been actively targeting their business and undercutting their prices, for ages. Now however, they have embarked on this new tactic. They’ve obviously bought up and are now squatting (or “cyber-squatting”) on misspellings and permutations of the client’s domain name, diverting the client’s business and customers away.

I tell my client that there are two ways to attack and stop this kind of inappropriate behavior. We could file a lawsuit, or we could bring an arbitration proceeding under the Uniform Dispute Resolution Policy (the “UDRP”). The UDRP is not useful in all circumstances, but if all you really need is transfer of an infringing domain name to you, it’s a great tool.

To get the domains transferred, we need to prove all of the following:

  1. That the domain name is identical or confusingly similar to a trademark or service mark in which the Complainant has rights;
  2. That the Respondent has no rights or legitimate interests in the domain name in dispute; and
  3. That the domain name has been registered and is being used in bad faith.

One of my first questions is, naturally, “Do you have a registered trademark?” If we do, things just got a lot easier1.

Without a registered trademark, it is possible to prove that the client has acquired common law trademark rights over time and by use. It takes more time and effort, but can be demonstrated by proof of website registration, supported by evidence of brand marketing, business volume, and use of the client’s mark in public. It’s more work for the lawyer, so it is more costly, but it can be done.

However, demonstrating that the Complainant (our client) has rights in the domain name is not, by itself, enough. We also need to show that the Respondents (the “rogues”) have no rights or legitimate interests in the domain name. And, that the disputed domain name been registered and is being used in bad faith. Failure to prove any one part of the 3-part UDPR test spells failure in the proceeding.

Frequently, the Respondent has (or can advance) some kind of claim to the mark. For example, in many industries, certain standard terms are used by everyone. For example, if the client’s own brand name and website is common, or generic, it can become very hard to show that the Respondent has no rights or legitimate interest. Similarly, if the client does not discover the subterfuge for six months to a year, it may become too late. The longer the “rogues” have operated the domain name, the more rights they may claim to it. If they are offering legitimate products and services, they may even claim that there is no bad faith – it’s a bona fide business!

Registration of your trade-mark with the Canadian Intellectual Property Office gives you the exclusive right to use that mark across Canada for 15 years. If you have a registered mark, it’s a short, straight line of argument to satisfy the entire UDRP test. It proves (a) the client’s rights in the mark, prohibits the “rogues” from using the mark (i.e. supports our assertion that (b) they have no right to use it), and it (c) supports the conclusion that this is just bad faith behavior designed to attack your business and steal your customers.

In many cases trademark registration in Canada will cost you a few thousand dollars, which can generally be spread out over a few years so that it’s virtually painless as a business expense. It protects your exclusive right to the mark, as well as anything confusingly similar to it.

Start to finish, a UDRP proceeding can take as little as 3-6 months. The cost of filing a UDRP proceeding may be as little as $1500. The lawyer’s professional fees would be in addition to that, and that cost would, of course, range depending on the complexity of the case and the amount of time needed to construct and present the argument. Costs escalate when the parties start arguing back and forth, each asserting a claim to the domain name and mark.

Of course, it’s most cost effective to avoid a lawyer.

Here’s a checklist of what smart businesses do to protect themselves from cyber-squatting:

  1. Register your trademark.
  2. Don’t operate a domain name that is substantially different from your trademark and brand
  3. Purchase common misspellings of your website and domain name. It costs about $10/year to maintain a domain name registration.
  4. Monitor the internet. Once a month, do a Google search on your brand and domain name, to see what comes up.
  5. If you discover someone cyber-squatting on a domain name confusingly similar to yours, immediately contact them, ask them to stop and hand over the domain name. You may consider offering to pay their out of pocket expenses in exchange for handing over the infringing domain.
  6. Keep a list of the infringing domains you’ve been monitoring. Check again. Sometimes cyber-squatters will take down their website at the first sign of trouble, but then put it back up a few weeks later.

Remember, if you don’t enforce your rights, you may lose them. If a cyber-squatter doesn’t respond or won’t cooperate, contact a lawyer knowledgeable in e-commerce and intellectual property law. Get advice as to your case and your options.

1Incidentally, a Canadian trademark counts, even against a foreign Respondent. All you need prove is that you have established trademark rights somewhere.


Troy Harwood-Jones  is a commercial lawyer and corporate litigator at PKF Lawyers, in Winnipeg, Manitoba. Troy’s primary areas of practice are in the arenas of Civil Litigation, Corporate and Commercial Law, and Wills, Estates, and Elder Law. Troy has unique expertise in the practice areas relating to e-commerce businesses as well as Trademarks and Intellectual Property Law.