Verisign, Typosquatting and GDPR

Founded in 1995, Verisign has operated as a business entity for over 24 years, overseeing a diverse array of network infrastructures, including two of the internet's thirteen root nameservers. In addition, they offer a range of digital security services and are considered to be the stewards of the internet. They are the owner of the trademark “VERISIGN,” maintaining the exclusive right to use it in commerce. So, when the domain was registered by a mysterious entity to a registrar located in Russia, Verisign took notice.

Verisign alleges the rogue domain, intentionally registered as a common misspelling of another legitimate Verisign domain,, not only infringes on their trademarked name, a violation under the Lanham Act, but was deliberately registered for the purpose of attacking the security and stability of the internet infrastructure and the public that uses it through a tactic called typosquatting. Verisign alleges the domain was clearly registered in bad faith with the intent to confuse, mislead and ultimately misdirect unsuspecting internet users away from Verisign’s legitimate sites, a violation of the Anti-Cybersquatting Consumer Protection Act (ACPA).

Intent on stopping the squatter, Verisign set out to find who owned the domain and shut it down. Unfortunately, in a post GDPR world, as Verisign discovered, finding out who owns domains is much more difficult. As a result of GDPR and privacy concerns, registrars within the EU have the option to keep all personal information hidden from view, shielded behind the registrar hosting the domain. Because the rogue site was registered in Russia, it fell under GDPR protection, meaning that without expressed consent from the registrant, it would be impossible for Verisign to ever know exactly who registered the infringing domain, and subsequently, who to hold legally responsible.

Unable to produce an actual defendant, Verisign was forced to go to court alone to request a temporary restraining order against the domain itself. In the case, VERISIGN, INC. v., a domain name, -and- JOHN DOE ,Verisign requested the court systems issue an injunction for relief under the ACPA.

Luckily, the court agreed that the entire situation was suspect, granting Verisign a temporary restraining order against the unknown owner of the domain. Verisign quickly put the domain into a registry hold status, rendering it unusable and  potentially preventing any deliberate misuse.

As cybercriminals continue to get smarter, using legal loopholes and grey areas in the law to hide their activities from those that would stop them, having protections in place before there’s a problem remains the single best way to keep your valuable IP safe.[1] Implementing a robust and comprehensive brand protection strategy with programs like domain registration monitoring and website monitoring can help alert you to potential issues before there’s a problem.

[1] This blog post provides generalized information and does not constitute legal advice or an attorney-client communication. Each situation is unique and requires consultation with suitable professionals.

Subscribe To Our Blog