What is Domain Squatting and How to Protect Your Brand

You search for your business name with a different domain extension and discover someone else already owns it. They're not using it for anything legitimate — maybe it's parked with ads, maybe it redirects to a competitor, or maybe it's hosting a crude clone of your website. Welcome to domain squatting.

Domain squatting — also called cybersquatting — is one of the most persistent threats in online brand protection. It's been around since the earliest days of the commercial internet, and in 2026 it's more prevalent than ever, fuelled by the explosion of new top-level domains and the near-zero cost of domain registration.

This guide explains what domain squatting is, the different forms it takes, your legal options, and — most importantly — the practical steps you can take to protect your brand right now.

Domain Squatting Defined

Domain squatting is the practice of registering, trafficking in, or using a domain name with the intent to profit from someone else's trademark or brand. The squatter typically has no legitimate interest in the domain — their goal is to exploit the value of an existing brand.

The concept is straightforward: brand names have value, and domain names are first-come-first-served. A squatter registers a domain containing your brand name before you do (or registers a variation you haven't covered), then leverages that ownership for financial gain.

Domain squatting is distinct from domain speculation (also called "domaining"), where people register generic or descriptive domains like bestcoffee.com as investments. The legal and ethical line is crossed when the domain targets a specific brand or trademark.

The 6 Types of Domain Squatting

1. Classic Cybersquatting

Registering the exact brand name under a different TLD. If you own yourbrand.com, a squatter registers yourbrand.net, yourbrand.io, or yourbrand.shop. The goal is usually to sell the domain back to you at an inflated price, or to monetise traffic through parked ads.

2. Typosquatting

Registering common misspellings of your domain to capture traffic from users who make typing errors. We've written a complete guide to typosquatting that covers the five major subtypes — character omission, transposition, homoglyphs, TLD variation, and combosquatting.

3. Reverse Domain Squatting

An unusual variant where a trademark holder attempts to claim a domain that was legitimately registered before the trademark existed. While less common, it highlights the complexity of domain ownership disputes and the importance of early domain registration when building a brand.

4. Domain Hijacking

A more aggressive form where an attacker gains unauthorised access to your domain registrar account and transfers ownership of your actual domain. This typically involves social engineering the registrar's support team, exploiting weak account credentials, or compromising the email address associated with the domain. Domain hijacking is distinct from squatting in that it targets domains you already own.

5. Domain Kiting and Tasting

Domain kiting exploits the five-day grace period that most registrars offer for new registrations. A squatter registers a domain, monitors its traffic during the grace period, and either keeps it (if it generates revenue) or cancels and re-registers it before the fee kicks in. While registries have cracked down on this practice, it still occurs in various forms.

6. Gripe Sites

Registering domains like yourbrand-sucks.com or yourbrand-scam.com to host negative content about your brand. These occupy a legal grey area — in many jurisdictions, criticism is protected speech, making takedown efforts complicated even when the content is defamatory.

Legal Remedies for Domain Squatting

If you discover that someone is squatting on a domain related to your brand, several legal avenues exist:

UDRP (Uniform Domain-Name Dispute-Resolution Policy)

UDRP is the most commonly used mechanism for recovering squatted domains. Administered by WIPO (World Intellectual Property Organization) and other approved providers, UDRP proceedings are faster and cheaper than litigation — typically resolving within 60 days at a cost of $1,500–$5,000.

To succeed in a UDRP complaint, you must demonstrate three things:

1. The domain is identical or confusingly similar to your trademark
2. The registrant has no legitimate interest in the domain
3. The domain was registered and is being used in bad faith

ACPA (Anticybersquatting Consumer Protection Act)

In the United States, the ACPA provides a federal cause of action against cybersquatters. Unlike UDRP, ACPA allows for monetary damages — up to $100,000 per domain in statutory damages. It's a more powerful tool but requires filing a federal lawsuit, making it significantly more expensive and time-consuming.

URS (Uniform Rapid Suspension System)

URS is a faster, lower-cost alternative to UDRP, designed for clear-cut cases of cybersquatting in new gTLDs. The process typically costs around $375 and resolves within about 20 days. However, URS only suspends the domain (rather than transferring it to you), and the evidentiary standard is higher.

Practical Protection Strategies

Legal remedies are important, but they're reactive — you're already playing catch-up. The most effective protection combines preventive measures with continuous monitoring.

Register Defensively

Secure your brand name across the most common TLDs before squatters do. At minimum, consider registering .com, .net, .org, your country-code TLD, and the most common typos of your primary domain. Point them all to your main site or a landing page.

Trademark Your Brand

Having a registered trademark dramatically strengthens your position in any domain dispute. UDRP, ACPA, and URS all require evidence of trademark rights. Without a registration, you're relying on common law rights, which are harder to prove and vary by jurisdiction.

Lock Your Domain

Enable registrar lock (also called transfer lock) on your primary domains to prevent unauthorised transfers. Use two-factor authentication on your registrar account, and consider registry lock services for your most critical domains — these require manual verification for any changes, making hijacking nearly impossible.

Monitor Continuously

This is where most businesses fall short. Defensive registration and legal remedies address known threats, but the domain landscape changes constantly. New squatting domains are registered every day. Without continuous monitoring, you're relying on luck to discover them — typically through customer complaints or security incidents, by which point the damage is done.

Read our guide on how to check if someone registered a domain similar to yours for specific techniques, from manual WHOIS lookups to automated scanning.

How DoppelDown Helps You Fight Domain Squatting

DoppelDown was purpose-built for businesses that want to stay ahead of domain squatters without dedicating a full-time team to the problem. Here's what it provides:

• Automated detection: Continuous scanning of new domain registrations across all major TLDs, catching squatting attempts within hours of registration
• Comprehensive coverage: Detection spans classic cybersquatting, typosquatting, homoglyphs, combosquatting, and TLD variations — all from a single dashboard
• Risk-prioritised alerts: Not every squatted domain is an active threat. DoppelDown analyses hosting, DNS, email configuration, and web content to surface the domains that pose real danger to your business
• Affordable for SMBs: Enterprise-grade monitoring at a price that makes sense for small and growing businesses. Check our pricing page for details

Take Action Before Squatters Do

Domain squatting is a numbers game — and the numbers favour the attacker. There are over 1,500 TLDs and infinite possible misspellings of your brand. You can't register them all. But you can watch them all.

Start monitoring your brand with DoppelDown today — free, no credit card required. See exactly who's squatting on your brand, assess the risk, and take action before your customers pay the price.