top | item 34922979

Ask HN: How to prevent a company from taking my domain name?

86 points| lname_dot_com | 3 years ago

I have bought a 5 letter COM domain name that I'll call lname.com, which matches my last name. It has no meaning in English. I'm from a poor country and I spent like a year or so to save up for it, which cost roughly 6 months of average net salaries in my country about 7 years ago.

I was in my early 20s and one could argue, that it was not the wisest decion of a young adult, but I don't regret it honestly. It always felt like I have a small piece of the web realestate which has my name labeled on it and I absolutely love my fname@lname.com email address. I created an address for my wife, father, mother, brother and his wife in the same way which they are using daily and are proud of.

I was very stressed for any domain or registrar errors that might cause that I lose the domain name and I still am very afraid of it. I have however read quite a few "horror stories" in the past years, regarding bigger companies which were able to obtain people's personal or business domain names, just because they are huge companies with extensive finances and good lawyers. I already know of two companies in different countries which have the very same name as I occasionally receive emails written to them on my catch-all email address.

For now the domain is used to host our personal sites, but I recently started working as a web developer and may do freelance work or even create a startup or company in the future. I don't know what this domain will be used for, but I can't say that it will always be for personal use. Maybe it will be the same industry as other companies with the same name. Maybe not. I know a domain name can't be patented. Trademarking is possible, but there are a lot of requirements. What do experts propose?

TLDR: What can I do to secure my domain name, no matter what happens?

94 comments

kolp|3 years ago

Domain investor here. Some, but not all of the advice here is absolutely dreadful and is an example of why you should not take advice from random strangers on the internet.

Some basic rules if you wish to keep the domain:

* Don't offer to sell the domain. If you are contacted by a prospective buyer, just decline, saying that the domain is not for sale. Don't counter-offer or enter into discussions or negotiations.

* Don't put ads or links to third-party commercial entities on your website. If you're going to use it for business purposes, make sure that it's just for your business, which incorprates your family name, eg FamilyName IT Services Ltd.

* Make sure your website has an "About Me/Us" page, which briefly outlines who you are, ensuring that you mention that your Family Name is the same as the domain name.

* The advice in this thread regarding use of 2FA on everything is sound. I've a high value domain portfolio and receive password reset requests every week, triggered by bad actors trying to access anything that they can think of that might give them access to accounts.

* Don't use GoDaddy or any or their network.

* Read up on UDRP (dispute resolution) and Reverse Name Hijacking if you want to get up to speed on the legal and procedural issues that might affect you.

* Domain disputes are a specialised field and you would need the advice of a specialised lawyer if you find yourself the recipient of a UDRP complaint. John Berryhill (I've no connection) is well regarded in this area, and I'm sure that there are others. He would be my first port of call.

twawaaay|3 years ago

I would add the purpose of half of this advice is to make sure to prevent any possibility your domain possession is viewed as being used to monetise the name association with another legitimate company.

If your name is Apple and you somehow obtain new domain named apple.newtld you have a chance to loose the domain if there is any way it can be seen as profiting off of the association with the APL. For example if you put ads on a page that is nominally your personal page it can be seen as getting traffic from people who mistakenly came to this page since there is very little chance they came legitimately.

If it is large company they will be looking at every possible way to get your domain and the only way to fight it is to either spend huge amount of money on lawyers or not give any pretext, however small.

You are also as likely to lose the domain by a targeted attack by people who hope to then sell the domain. If you have a nice domain name you need to invest a bit of thought in protecting it from takover (locking the domain, protecting your information, not using your regular phone number, phone, email, laptop, etc. to have anything to do with the admin access to the domain).

Fire-Dragon-DoL|3 years ago

You are a random stranger on the web giving good advice, though.

And now I am concerned for the domain I use for our family email addresses, which is not related to our last names (well, it has the initials of me and my wife, but then I added a random number to make it available. It's 3 letters domain)

brtkdotse|3 years ago

Amazon.se was registered by a 1-person company Amazon AB in 1997. The reason Amazon didn't launch in Sweden until 2020 was because the person who owned Amazon AB didn't want to sell (but finally did).

Since company tax filings are public in Sweden, you can deduct Amazon paid ~$500k for amazon.se, which in my mind is very cheap.

hmcamp|3 years ago

Tell me more about Godaddy, please. Why shouldn’t we use them?

ChrisMarshallNY|3 years ago

Funny story.

I have three domains (.com, .org, and .net) of my [first initial][last name][.tld]. Have had them for a long time.

A defense law firm in Australia, set up a domain, with [first initial][last name].com.au

I used to get regular emails, with terrifyingly personal stuff in them. Many of these emails came from Australian government/court orgs. They probably could have been sued into the mantle for some of the stuff (like juvenile criminal proceedings), that got sent to some random Yank in New York.

I was always careful to forward everything I got to the lawyers, along with contacting the courts, and letting them know their mistake.

In a couple of instances, I was thanked. In most, I was ignored.

No one ever tried the barratry route with me. I actually probably would have sold them my domains at cost, if they had asked, but they never did.

I haven't gotten one of those emails in years. I have no idea why.

quickthrower2|3 years ago

Why not have one or two mail accounts on the domain and reject or bounce everything else?

panki27|3 years ago

See also https://gail.com/

albert_e|3 years ago

There is a legit public sector company (huge one) in India with that very name GAIL. It uses

https://www.gailonline.com/

Gas Authority of India Limited, USD $12Bn annual revenue.

(IL and CL are very common in company names here that originated as initialisms. Something India Limited or Something Corporation Limited. E.g. HPCL, BPCL, CRISIL, etc)

roxgib|3 years ago

> Another interesting gail.com factoid: my amazing e-mail provider, ProtonMail, rejects about 1.2 million mis-addressed e-mails per week to the gail.com domain.

Bloody hell, there could be some spicy stuff on a few of those emails!

codetrotter|3 years ago

> There are only two valid e-mail addresses on the gail.com domain, so it is extremely likely that your photos were rejected by my e-mail provider and deleted.

> […]

> If you have a question not answered above, feel free to send it to: faq at gail period com. Thanks for visiting.

Now I wonder what the other address is. Probably gail@ or mail@. Actually the last one rhymes, I hope she uses that.

Tepix|3 years ago

The domain is yours for now and that cannot be changed easily.

By far the most likely outcome is that a company that is interested in your domain will offer to buy it from you for a nice sum. You are free to reject their offer.

They may decide to sue you but you have a good standing because it is your last name. Relax.

jrs235|3 years ago

This. Look into the backstory and history on nissan.com

sshine|3 years ago

To prevent domain hijacking:

Tip 1: Pick an enterprise-class domain name registry.

Tip 2: Set up 2FA that isn't phone-based.

Tip 3: Request DNSSEC from your registrar.

thiht|3 years ago

> registry

Registrar. You can't buy directly from the registry unless you become registrar yourself.

Some other important tips:

- make sure auto-renew is enabled with a reliable credit card

- make sure to update your personal data once a year. Registrars are mandated by the registry to send a reminder email once a year, but for an important domain I'd also set a recurring reminder every year, 2 weeks before expiration to make sure that everything is ok. You probably shouldn't "setup and *forget*" your domain names

- if you can afford it, make sure to register multiple years at once, the max is usually 10 years, but I'd recommend registering for only 9 years, because if you need to transfer to another registrar for some reason, the registration will be bumped 1 year. If you're already at 10, you're stuck.

gepeto42|3 years ago

And secure the email addresses used for your registrar account with 2FA, and disable weak recovery methods.

tptacek|3 years ago

Setting up DNSSEC will not do anything to prevent domain hijacking, which is an attack that occurs at the registrar level.

severino|3 years ago

Regarding tip number 1, how can one find an enterprise-class domain name registry? Any advice?

lname_dot_com|3 years ago

1. How bad is Cloudflare? 2. Done. 3. Done.

fukawi2|3 years ago

You have a legitimate use case and are using it in good faith. I can't imagine any scenario where someone would have any success in taking it away from you against your will unless you made a mistake in letting the registration lapse or something. Make sure you've got auto renewal set up, with a reputable registrar.

lname_dot_com|3 years ago

Thank you! Yes, auto-renewal is on. It's not an option, that it will expire.

dutchbrit|3 years ago

You should be fine. See nissan.com as an example. You aren't a domain squatter and even they barely have issues.

ceejayoz|3 years ago

https://jalopnik.com/uzi-nissan-spent-8-years-fighting-the-c...

> At the time, it didn’t seem like the start of an all-consuming legal battle, a David vs. Goliath fight that took nearly 10 years and cost the small business owner millions of dollars—to say nothing of the incalculable toll on his personal life.

Not exactly a great example of “fine”.

Tade0|3 years ago

To add to this: Mr. Nissan passed away in 2020 and yet the site is still up.

rationalist|3 years ago

The stories I hear are when the domain name owners ask how much, and then reject the amount.

Do not enterain any offers. If they reach out, it is best to completly ignore and do not respond. Failing that, tell them it is your name, and your name is not for sale at any price.

If they ever try to take you to court, point the judge to nissan.com which is owned by someone with the name Nissan, and even the large car manufacturer did not have the right to take it.

lname_dot_com|3 years ago

Thank you! No, I wouldn't be considering an offer at all.

zizee|3 years ago

I'm not an expert, this is not expert advice.

AFAIK Trademarks are not automatically an international thing. A business would need to make an effort to register in multiple countries. Trademarks are also not all industries, all at once. McDonald's wouldn't like it, but if my last name was McDonald, and I wanted to setup a lawnmowing business called McDonald's Lawnmowing, they cannot stop me (although you can bet they'd try to scare me off).

I am not sure of your financial position, but it might be economical to register a business name, and even a trademark in your country. This will will give you one more level of protection. They would need to challenge your trademark first. Now, protecting a trademark is not necessarily cheap. It could be a matter of sending a few "piss off" letters in response to their inflated threats, but it could escalate. That said, the same escalation could happen regardless of you having a trademark. Depending on your country, people can (and do) sue other people with no legal standing, and use costs of defending oneself as a cudgel to get what they want.

toxicFork|3 years ago

It's your last name, they cannot force it off you. I'm not a lawyer, but worked for a company which tried.

anonzzzies|3 years ago

Exactly. Same here.

bhartzer|3 years ago

Best thing you can do is this:

- ask your registrar to do the 'registry lock' on your domain. Not registrar lock but 'registry lock' specifically. Most will do this. If they won't, then transfer to another registrar.

- register the domain for at least 5 years. 10 years if you can.

- use the 2FA at your domain registrar. There are some registrars that offer a "pass code" or other task to be performed before the domain can be transferred. At one registrar, I have the requirement that they need to call me on my cell phone and I must mention a code word to them.

- If you're using Google or a Google Account (not recommended but in some cases it's necessary), then absolutely sign up for Google Advanced Protection. I cannot tell you how many domains have been stolen and lost because they were using a google account (gmail).

- Remove privacy whois on your domain. Use a business address, email (not gmail) and a real phone number on the whois of your domain. If the domain is stolen, then the whois history will show who owns it... if it goes to privacy then the thief/hacker most likely wants to hide themselves. If you get spam email/calls from that public whois data, then change registrars. It's certain registrars that are giving out or allowing scraping of their whois data.

- If you don't already own a trademark on the word in the domain, then don't think that that getting a tm will protect your domain name. If you registered the domain before someone files for the trademark, then you have the rights to it. Don't let anyone else tell you that you don't, especially if you are using it for a website.

etu|3 years ago

I have `<firstname>.nu` as one of my domains, some company that resides on the same postal address as the owners of `<firstname>.se` reached out to buy the domain from me for I think it was €1000. I just told them no, I've had that name for 15 years, I've used it for my personal website ever since and have email and such set up.

I don't care if they printed out my domain on a car print or a card or something that they give out. That's not my problem.

The thing is, companies can (at least under some TLD's) claim domain names. But this claim has to be tested. And the test that I'm aware that exists is kinda if you have some kind of claim to it as well. It may that you own a business with that name, but it's also claim enough that you have that name as your name. Then your claim is valid and you had it first.

I'm not sure how it works with .com, but I wouldn't think they are very different.

In whois records I've seen something called registry lock, may be worth for you to look into that: https://internetstiftelsen.se/en/domains/tech-tools/registry...

gorodinskiy|3 years ago

Look into the trademarks for the same name. (for example here: https://branddb.wipo.int/en/quicksearch)

You can't use the domain name for the same activity (the same Nice class https://en.wikipedia.org/wiki/International_(Nice)_Classific...) as the company with the same name that has a trademark for the same activity class.

If you follow this rule no company will be able to contest your domain name.

lname_dot_com|3 years ago

There are a couple with that name. Then what can I do? Register a company for what I might be doing in the future?

hennell|3 years ago

In general if you're using it for legit purposes it's hard to take a domain taken even for big brands. You have it first, and unless you're using it for a competitor or to defame them it's hard to claim malice. They should have checked the name was able for them to use before using it.

But do make sure you have auto-renew setup etc. If you lose it, they can nab it fast and it'd be hard to get it back.

tzs|3 years ago

> But do make sure you have auto-renew setup etc

Instead of auto-renew I register my domains for 10 years, and add an annual recurring event to my calendar to remind me to add another year.

That way I keep the expiration 9-10 years in the future so that if there is ever a big price increase and I need to move to a cheaper domain I've got a long time to make the move.

No need for auto-renew because there is no way that I'd manage to miss the calendar events enough years in a row to have the domains expire, and even if I did have auto-renew the on-file credit card information would be out of date when it is time to auto-renew.

digitcatphd|3 years ago

I don’t understand, what’s the emotional attachment? Put the domain up for sale and hire a broker, the money could be life changing for you.

lname_dot_com|3 years ago

I'm sorry, but I can't explain it. Some people are sentimental and are attached to items and memories. People are different. It's important for me for some reason, which I can't comprehend.

notahacker|3 years ago

Actively trying to sell it is the way he most likely encounters the problem he's worried about (losing the domain for nothing to a company that argues he was trying to profit from their trademark....)

sys_64738|3 years ago

Also worth a read about an upstart computer company being sued.

https://en.wikipedia.org/wiki/Apple_Corps

I always wondered how Apple Computer Inc. were allowed to enter the iPod business without being sued again.

qbrass|3 years ago

https://en.wikipedia.org/wiki/Apple_Corps_v_Apple_Computer

They were sued again. Apple Computer won the case.

jmyeet|3 years ago

You might want to consider registering a trademark on that name if at all possible. Even if you can't register the 5 letter name itself, register something else like "iname widget". it should bolster your defence if it ever came to it.

throwaway29495|3 years ago

I wouldn't do that. A trademark might be lost due to that company being the first one to trade under that name, and part of that might be the court forcing the person owning the domain to transfer the domain name. If there's no trademark and there's no business at that domain there's no way to sue for trademark infringement.

I would keep it as far away from anything business-like as possible.

dotBen|3 years ago

There is case law with WIPO on this issue which is in your favor, see https://swanturton.com/armani-v-ar-mani/

lname_dot_com|3 years ago

Thank you for sharing!

pprotas|3 years ago

I would like to ask the inverse of this question; a company is squatting the domain that is the same as mylastname.com. They just redirect to their main site when you visit this address.

How can I get a hold of this domain?

KomoD|3 years ago

Buy it from them or wait until expiry, no other option unless you have a trademark from before the domain was registered.

iamben|3 years ago

Offer them enough money to let it go.

KomoD|3 years ago

Trademark sounds like a good route to be safe, but you will most likely win all UDRP cases regardless.

mathewvp|3 years ago

Which mail client do you use? Is it free?

lname_dot_com|3 years ago

Personal Gmail through Cloudflare.

kidgorgeous|3 years ago

u can't. just hire a good attorney if it does happen, because you better believe they will have several.

t312227|3 years ago

idk / imho ...

in case: be open selling your domain? just as one possibility to avoid lengthy legal disputes / costly interactions with lawyers!?

you mentioned above, you are "from a poor country" ... several k or even some 2 digit k of us$ / euro - depending on the actual name - might be a decent pain-compensation for "loosing" your domain and carry you further in your country than a stupid personal domain with nice email-addresses attached to it ;))

jsnell|3 years ago

Do not do what this poster advises.

Offering to sell the domain will probably count as evidence that you've registered it in bad faith rather, and make it easier for a trademark owner to win a dispute.

somehnguy|3 years ago

Your advice in how to protect their domain name is be willing to sell it and don’t bother putting up a fight…?

nubinetwork|3 years ago

> I already know of two companies in different countries which have the very same name as I occasionally receive emails written to them on my catch-all email address

If they ever decide to do business in your country, expect them to want their name. They will probably take you and your registrar to court, but in the end, they will have to pay you for the name.

Domains don't cost a lot, but I would just take what they offer you, don't try to fleece them because you got there first.

I would look at another domain name as a fallback should any of this happen, but just keep in mind that it's a possibility.

anonzzzies|3 years ago

‘Their name’

If it’s your family name, what can they do but bleed you in legal costs? It depends on the country maybe, but I would not part with that domain in my country if it’s my family name and registered ages ago (clearly not to try to blackmail that company). Not sure anyone should.

Horrible advice.