Domain Names and Trademark Law: Cybersquatting and UDRP
Domain name disputes sit at the intersection of trademark law and internet infrastructure, creating a distinct enforcement landscape governed by both federal statute and an international arbitration framework. This page covers the legal definition of cybersquatting, the two primary enforcement mechanisms available to trademark owners — the Anticybersquatting Consumer Protection Act (ACPA) and the Uniform Domain-Name Dispute-Resolution Policy (UDRP) — and the decision criteria that determine when a domain registration crosses from legitimate use into actionable infringement. Understanding these frameworks is essential for any brand operating in e-commerce or maintaining an online presence, as explored more broadly in the regulatory context for trademark law.
Definition and scope
Cybersquatting is the bad-faith registration, trafficking in, or use of a domain name that is identical or confusingly similar to a trademark, service mark, or personal name in which another party holds rights. The conduct is federally prohibited under the Anticybersquatting Consumer Protection Act (ACPA), codified at 15 U.S.C. § 1125(d), which Congress enacted in 1999 as an amendment to the Lanham Act.
The ACPA applies to marks that were distinctive or famous at the time of domain registration. "Distinctive" tracks the same spectrum used throughout trademark law — from inherently distinctive marks (arbitrary, fanciful, suggestive) to descriptive marks that have acquired secondary meaning (15 U.S.C. § 1127). "Famous" marks, separately defined under the dilution provisions of 15 U.S.C. § 1125(c), receive the broadest protection and do not require proof of consumer confusion.
Parallel to the ACPA, the Internet Corporation for Assigned Names and Numbers (ICANN) administers the UDRP, a mandatory arbitration policy that applies to all generic top-level domain (gTLD) registrations — including .com, .net, and .org — and to most country-code top-level domains (ccTLDs) that have adopted equivalent policies. The UDRP was adopted in 1999 following a WIPO recommendation and provides an administrative, non-judicial path to domain transfer or cancellation.
The scope of these two frameworks does not overlap perfectly. The ACPA authorizes in rem jurisdiction over the domain name itself when the registrant cannot be located, and allows for statutory damages ranging from $1,000 to $100,000 per domain name (15 U.S.C. § 1117(d)). The UDRP, by contrast, offers only two remedies — cancellation or transfer of the domain — and carries no monetary awards.
How it works
ACPA litigation proceeds through federal district court. The trademark owner must establish three elements:
The statute enumerates 9 non-exclusive factors courts weigh when assessing bad faith, including whether the registrant has trademark or intellectual property rights in the domain name, whether the domain reflects the registrant's legal name, the registrant's prior conduct in registering similar marks, and the extent to which the domain was offered for sale to the mark owner at an above-cost price (15 U.S.C. § 1125(d)(1)(B)(i)).
UDRP proceedings follow a 3-element test, all of which the complainant must satisfy:
Proceedings are filed with an ICANN-approved dispute resolution provider. The 3 primary providers are the World Intellectual Property Organization Arbitration and Mediation Center (WIPO AMC), the National Arbitration Forum (NAF), and the Czech Arbitration Court (CAC). WIPO handles the largest caseload globally — its 2022 annual report documented more than 6,000 UDRP cases filed in that calendar year alone. Standard proceedings conclude within approximately 57 days of provider appointment of the panel.
Common scenarios
Typosquatting involves registering domain names that are minor misspellings or typographic variants of famous marks — for example, substituting a single letter or omitting a hyphen. Courts and UDRP panels consistently treat typosquatting as evidence of bad-faith registration, particularly when the typo domain redirects to a competitor's site or displays pay-per-click advertising monetizing the trademark owner's traffic.
Gripe and criticism sites present a harder case. A registrant operating a genuine criticism site at a domain like "brand-sucks.com" may assert First Amendment and legitimate noncommercial fair use defenses. UDRP panels apply a split analysis: a domain that consists entirely of the trademark without any distinguishing term is more likely to support a finding of no legitimate interest, while a domain incorporating a clearly critical suffix may qualify for the noncommercial fair use safe harbor under the UDRP rules.
Reverse domain hijacking is the mirror-image scenario, in which a trademark owner files a UDRP complaint primarily to dispossess a legitimate registrant — such as a person whose personal name matches the domain, or a business with prior use. ICANN's Rules for Uniform Domain-Name Dispute-Resolution Policy allow panels to declare a finding of reverse domain hijacking when the complainant brought the case in bad faith or without adequate factual basis.
Domain name warehousing by registrars — parking large inventories of expired domains containing third-party marks — can implicate both ACPA in rem claims and UDRP proceedings, though the registrar safe harbor provisions in the ACPA require analysis of whether the registrar had bad-faith intent distinct from routine registration operations.
Decision boundaries
The critical variable in both ACPA and UDRP disputes is the distinction between bad-faith commercial exploitation and legitimate competing use. Four contrasts illustrate where panels and courts draw the line:
| Scenario | Likely outcome |
|---|---|
| Domain registered before complainant's mark became distinctive | UDRP complaint fails; ACPA claim fails on element 2 |
| Domain registered by reseller for generic dictionary word that also matches a brand | Depends on demonstrated prior use and lack of targeting evidence |
| Domain registered after mark's fame is established, immediately offered for sale to brand owner | Strong bad-faith finding under ACPA factor 4 and UDRP Policy ¶ 4(b)(i) |
| Domain used for bona fide comparative advertising by a competitor | May survive under fair use; fact-specific analysis required |
The UDRP's "registered and used in bad faith" requirement is conjunctive — both elements must coexist. A domain registered in good faith that is later sold to a bad actor does not automatically satisfy the UDRP standard unless panels infer the original registrant had constructive knowledge of the mark's fame.
Under the ACPA, the safe harbor at 15 U.S.C. § 1125(d)(1)(B)(ii) protects registrants who believed and had reasonable grounds to believe that the use was fair or otherwise lawful — a narrow exception that courts have applied reluctantly in purely commercial contexts.
Trademark owners evaluating enforcement strategy face a concrete choice: UDRP proceedings are faster and cheaper but deliver only domain transfer or cancellation, while ACPA litigation can yield statutory damages up to $100,000 per domain and injunctive relief, but requires full federal court process. For portfolios involving more than 3 to 4 domains, the cost-benefit calculus often favors UDRP for single-domain recovery and ACPA for serial infringers where deterrence through damages is the priority. Additional context on infringement enforcement frameworks is available at the Trademark Law Authority home.