Cybersquatting occurs when someone registers, maintains, or uses a domain name that incorporates a third-party trademark (or something similar), usually in bad faith —to resell the domain, divert traffic, “hold” the trademark hostage, or exploit someone else’s reputation.
This type of abuse can become a gateway to fraud , reputational damage, and loss of revenue. The good news is that there are well-established legal and administrative avenues to respond, and when properly executed, they tend to be quick and effective.
Below is an overview of the most widely used “toolkit” in the world (UDRP/ICANN, ACPA/USA, European procedures and the Brazilian model).
1) UDRP (ICANN): the “global standard” for domain disputes for .com, .net, and many other domains.
UDRP (Uniform Domain Name Dispute Resolution Policy) is an administrative procedure created by ICANN and incorporated into the registration agreement of several TLDs (especially gTLDs such as .com, .net, .org ). It was adopted by ICANN in 1999 and became operational after the approval of the implementation documents that year.
To win a Trademark Protection Law (UDRP), the claimant (trademark owner) needs to demonstrate three classic elements :
- The domain name is identical or confusingly similar to the trademark;
- The registrant has no legitimate rights or interests in the domain;
- The domain has been registered and is being used in bad faith .
UDRP is managed by global service providers such as WIPO , which maintains guidelines and consolidates recurring understandings (which increases predictability).
Available remedies (important limitation): In UDRP, there is no compensation . The panel can basically determine domain transfer or cancellation (or deny the request).
This makes UDRP particularly useful when the priority is to seize control from the infringer and regain control , at a lower cost and in less time than legal action.
Where UDRP shines (in practice):
- “hostage domain” for resale;
- Parked pages with ads, redirects, and traffic capture;
- Domains that mimic trademarks for opportunistic purposes. Even without an active website, in certain circumstances, the term “passive holding” appears frequently in administrative case law.
2) ACPA (USA): When does it make sense to go to court?
In the United States, the ACPA (Anti-Cybersquatting Consumer Protection Act) , incorporated into the Lanham Act (15 USC § 1125(d)), creates grounds for action against those who register/use domains with “bad faith intent to profit” based on a distinctive/famous trademark. The text of the law enumerates factors for assessing this bad faith.
ACPA can be especially interesting when:
- You need judicial protection (orders, broader production of evidence);
- The case involves damages , or a stronger deterrent strategy ;
- There are scenarios where the UDRP doesn’t cover things well (for example, certain complex disputes, or when you want to go beyond a simple transfer/cancellation).
The Senate legislative report that accompanied the ACPA helps to understand the logic of “bad faith intent to profit” and the non-exhaustive list of factors.
3) Europe: ADR for .EU and national mechanisms
In the European Union, the .eu domain has an Alternative Dispute Resolution ( ADR ) dispute resolution pathway — with its own provider options and rules. EURid advises that disputes can be taken to ADR (generally faster/online) or to court, and ADR usually requires “prior right” and proof of abusive/speculative nature of the registration.
Meanwhile, countries have their own mechanisms (e.g., the .uk domain uses Nominet ‘s DRS ).
For brands operating in Europe, this matters because the mix of enforcement channels depends on the TLD used by the infringer.
4) Brazil: SACI-Adm for .br domains
In Brazil, disputes over “.br” domains can be handled by SACI-Adm , an administrative system of Registro.br focused on resolving conflicts related to domain names under “.br”.
In practice, it serves a similar role to the UDRP: an administrative procedure to address abusive registration and obtain measures such as transfer/cancellation within the “.br” ecosystem.
How to proceed when an infringing domain name appears.
1. Preserve evidence : screenshots, URLs, email headers (if any), redirects, WHOIS/registration information, creation date, and any attempts to sell the domain.
2. Classify the case : is it phishing/BEC (maximum urgency) or is it a “parked/hostage domain”? This changes the strategy and tone of the notifications.
3. Choose the appropriate route via the TLD :
- .com/.net/.org → UDRP tends to be the efficient way;
- .eu → ADR .eu;
- .br → SACI-Adm;
- US in need of stronger remedies → consider applying for ACPA.
3. Prepare the “document” with the 3 elements (UDRP/SACI) or with the factors of bad faith (ACPA) , including trademark, proof of use, and demonstration of the abusive purpose.
4. Act quickly : the sooner you act, the less damage is done and the greater the chance of stopping campaigns before they escalate.
If you need help, Observster offers a notification service that helps your company identify and respond to abusive sign-ups before they become a bigger problem. This protects your brand, reduces risks, and maintains a secure digital presence.
