LATEST NEWS
How industry shifts, emerging threats and new opportunities are reshaping online brand protection
This article was originally published on WIPR. The complete original version is available here.
With a fresh application window for new TLDs on the horizon at ICANN, Jeanette Eriksson – a longtime domain name strategy and online brand protection expert – analyses the interests of key stakeholder groups, surveys emerging domain abuse trends, tools and rights-protection mechanisms, and identifies crucial factors for brands to consider in relation to online branding and domain strategy.
What happens over the next few years will greatly influence online brand protection, and understanding the forces behind the changes is the first step toward navigating them well.
The first part of this three-part series examines the current moment – specifically:
1. where ICANN stands in the new TLDs programme;
2. the stance of each major stakeholder group;
3. how abuse and AI are reshaping conversations; and
4. what all of this means for brands.
The next round of new TLDs
The starting point is that the next round is coming and will inevitably affect the domain name landscape that brand owners must operate in. Of particular interest is that the Applicant Guidebook (AGB) was adopted in November 2025, and ICANN has signalled an opening of the application window in April 2026.
One of the biggest differences from the last round is the sheer amount of work done in preparation for the launch of the programme. Years were spent developing both the policy and the implementation guidance, in a deliberate attempt to avoid the late-stage surprises that frustrated so many the last time. Lack of predictability causes issues with planning and budgeting for marketing efforts and implementation on registry and registrar levels, which affects what is presented and how towards individuals and brands.
That maturity is especially visible in how dotBrand applicants are treated. In 2012, brands applied first and learned their classification status later. Now, the dotBrand designation is built directly into the application structure.
This change “allows applicants to prepare more effectively, plan their operations with confidence, and make informed strategic decisions from the outset”, explains Thomas Wells, VP of consulting services at FairWinds (now part of Com Laude).
Another example of a notable change is how contention sets are handled. In 2012, multiple applicants for the same string could talk to one another, explore deals or form joint ventures.
That is banned in this round. FairWinds director of consulting and policy Alexandra Zins notes: “Applicants should identify possible sources of contention now and leverage every possible avenue to avoid it. Otherwise, you risk ending up in an ICANN-hosted auction.”
These examples illustrate that while the programme is more predictable in structure, that predictability also comes with new demands.
In other words: for those considering applying for a dotBrand or a generic string, preparation is essential.
Stakeholder perspectives and why that matters
To further understand what this round means for brands, it helps to consider the evolving roles and perspectives of key stakeholder groups: registrars; registries; the brand protection community; and the general public. Their priorities often differ, and that influences everything from pricing to abuse response.
Ben Crawford, CEO of Com Laude, provides a clear takeaway from the last round, highlighting the importance of registry efforts to promote and position their string(s).
“The last round was largely driven by false beliefs and fears,” Crawford says. “Many registries believed that their string of letters right of the dot would in itself be sufficient to drive registrations. In reality, the string itself ended up playing very little role – the winners were the best marketers.”
The need for sharper marketing strategies and use cases from the registry operators will not only be helpful for registrars, but also for brand owners and brand protection advisers when updating their strategies.
This is a shift from the otherwise more operational and technical function of registries.
There is also a growing trend showing a stronger focus on a namespace’s health and registry abuse-management efforts. It is precisely here that traditional roles of registries and registrars sometimes struggle to align with each other and the expectations of brand owners.
The aim to provide quality TLDs – displayed pedagogically alongside relevant services – and the increased focus on namespace health and industry abuse management efforts, all indicate that we are headed in a positive direction. Shifting the focus from registration volume to abuse levels and renewal rates is good news for both brand owners and the domain name industry as a whole.
Overly focusing on the number of registered domains in a namespace as the primary indicator of registry/TLD ‘success’ encourages price-dumping, which in turn invites large amounts of abuse, which brand owners are subsequently forced to deal with through excessive defensive registrations or enforcement. Worse yet, it undermines the business and brand value that domain names carry and the credibility of the industry.
The increased attention to monitoring and efficient abuse management will over time result in a wider variety of registry-specific initiatives or registry/registrar abuse reporting functions that brand owners can utilise, provided that the abuse falls within the accepted scope (more on this later).
Outlining such options, together with the differences between them, and aligning them with a particular brand’s risk tolerance and overall strategy, is a task well-suited for brand protection advisers.
Regular consumers, on the other hand, do not care about the inner workings between ICANN, registrars and registries; they simply care about whether a website is legitimate or if they have been deceived. Domains are still powerful trust signals, and when trust breaks, it is the brand, not the registry or registrar, that pays the ultimate price.
Abuse trends
Let’s look at abuse trends, and how this is connected to AI and the launch of new gTLDs.
Phishing attacks and other domain abuse have been a growing and persistent issue. For instance, Interisle’s Phishing Landscape 2025 report found that the number of unique domain names reported for phishing increased by 38% over last year to the highest number seen in five years. The study also reveals new gTLDs’ prominent role, as they account for 51% of all phishing domains reported. Further, the highest levels of phishing occur in – unsurprisingly – low-cost TLDs and with registrars offering bulk registration services.
Going into the next round, this has highlighted the need for industry initiatives to more effectively prevent abuse before it happens, at the point of registration, as well as collaboration to improve mitigation efforts after the fact.
We have seen some practical progress in this regard. For instance, in April 2024, new DNS abuse contractual obligations took effect for registries and registrars.
Managing and preventing abuse when the namespace grows
With an expansion of the namespace, comes expansion of the risk surface. This is true for brands, but it is also true for registries and registrars, which now must shoulder more abuse-related work without necessarily seeing a corresponding increase in revenue.
From a registrar’s perspective, two challenges arise:
– the quality of abuse reports; and
– the cost of handling them.
Transparency is something that has been requested by the IP community, due to frustration over varying and taxing reporting formats across providers and a lack of feedback as to exactly why a report remained unactioned.
However, interacting with each report in that way is, at present, something further added to the workload of registrars already feeling stretched.
Registries, too, are exploring different approaches. Some place blocking front and centre, while others emphasise meaningful use and other kinds of proactive abuse management over blanket blocks.
While the common theme is more attention being paid to abuse management, discussions about who is actually responsible for what and when continue.
How responsibility is spread among registrars, registries and hosting providers is growing increasingly important with the launch of new TLDs and the impacts of AI, putting into question whether the adopted definition of ‘DNS abuse’ is too narrow in today’s landscape – something we’ll have a closer look at shortly.
AI and domain names
AI has fundamentally altered the speed, scale and sophistication of brand abuse online, and, with the coming launch of new gTLDs, the arena for it will expand significantly.
AI has dramatically lowered the cost and effort required to produce convincing impersonation sites, phishing pages and networks of ‘splogs’. Brand protection vendors have responded with AI-driven monitoring systems and watch services.
AI also touches portfolio management and strategy. According to Shane Layman, manager of Global Industry Relations at Markmonitor, “increased usage of artificial or augmented intelligence in portfolio management and optimisation can assist brand owners with knowing what they can do with their portfolio and how they can better plan for the future”.
“AI helps with identifying gaps in brand protection strategies and optimising your portfolio,” Layman says.
Further, AI-driven search and answer engines are changing how users find information online.
Chris Niemi, manager of strategic initiatives at Markmonitor, points out the rise of concepts such as Answer Engine Optimisation (AEO). He notes that dotBrand TLDs may help companies adapt to this new environment, as they can structure content and identity around a clear, trusted namespace.
There is also the question of whether it makes sense to try to keep AI out. Tim Brown, head of brand protection at Com Laude, lists five prominent risk factors: overconfidence; lack of transparency; data bias; data security; and complacency.
As Brown notes, AI can make good processes faster or bad ones worse, and the takeaway is that human oversight remains essential.
DNS abuse versus ‘content’ abuse
‘DNS abuse’ refers to the misuse of the Domain Name System itself and is limited to phishing, malware, botnets, pharming and spam.
Content abuse, by contrast, refers to otherwise harmful or illegal material hosted on websites, even if the domain name played a role in pointing users there.
Today, with little to no barrier to entry and commonly low costs, fraudulent sites such as impersonation sites, splogs and fraudulent storefronts with AI-generated text across several domains can appear overnight.
On the other hand, brand owners tasked with enforcing these sites struggle with registries, registrars and hosts all trying to stay within their long-time established lanes to avoid risking overreach, due-process violations, or being accused of censoring free speech.
In other words, what’s notable when observing AI’s impact on domain name and online brand protection is not merely the speed at which it evolves, but that it is revealing fault lines between industry stakeholders whose perspectives and ideas about roles and responsibility can differ greatly.
This has placed renewed focus on an old debate: who carries responsibility for harder-to-define abuse cases that fall outside of the current definition of ‘DNS abuse’, or when one of the providers in the chain fails to take the appropriate action?
Brand owners argue that infringement and consumer deception are intertwined with DNS abuse in practice. The GNSO Intellectual Property Constituency (IPC), for example, stressed “significant overlap between online intellectual property infringement and DNS abuse” and urged that policies recognise that overlap, rather than wall it off as ‘content’.
Registries and registrars have, in turn, pointed to costs and operational complexity, arguing that they only have access to the blunt tool of suspending the domain name and, as such, the entire website, possibly therefore removing also non-abusive content.
While, at present, there is no contractual obligation for registries or registrars to take action on abuse reports relating to common abuse situations that fall outside of the ‘DNS abuse’ definition, this does not mean that they can’t take action.
In fact, certain registrars and registries have very well-developed abuse reporting systems that, granted certain key evidence and declarations are provided, will take action on abuse instances that fall into the categories of impersonation and trademark infringement.
The current definition of ‘DNS abuse’ may make sense on paper (DNS versus content layer) but in reality, a phishing site, for example, is content abuse and abuse where the domain name is used as a tool. The whole point is a deceptive domain combined with fraudulent content.
Similarly, a splog scheme that misuses and impersonates a brand does so by registering specifically chosen domain names to deceive and attract internet users who can then be taken advantage of in various malicious ways. Again, the combination of using a domain name (or several of them at once) to engage in abusive behaviour is key.
Therefore, when offshore hosting providers, commonly referred to as takedown-resistant in online forums, are used by these bad actors, and the host inevitably fails to take action absent local court orders, or when a registrant jumps between hosts, should the registrar or registry step in?
The question of whether registrars and registries need to invest in dedicated resources to manage, evaluate and address this wider scope of abusive use of domain names may thus not seem far-fetched in theory, although it certainly introduces a shift in roles that, again, more than likely becomes hard to implement for many providers from a financial and business standpoint.
These are not new tensions. What is new is the speed with which they are now unfolding.
In other words, AI is already impacting domain strategy and brand protection. What remains to be fully agreed upon is not necessarily ‘if’ responsibility should expand, but ‘how’ and ‘how far’.
As these discussions continue, brands are recommended to ensure that they are engaged with portfolio managers and brand protection advisers who not only maintain their domain portfolio but also understand the inner workings of the industry that ultimately impact both online strategy and enforcement tactics.
Evolving domain strategy
Yes, the next round of new gTLDs arrives in 2026, but there is more: AI-driven threats and opportunities, evolving abuse obligations, increasing strategic registry and registrar behaviour, and a growing suite of domain-protection considerations. For brands, this means that domain strategy is now about:
– industry understanding and influence;
– informed investment;
– predictive intelligence; and
– balancing monitoring, blocking, portfolio management, enforcement and, where appropriate, dotBrand ownership.
Those looking for one-size-fits-all, cookie-cutter strategy and enforcement will find themselves struggling. While automation and AI can aid, they require human expertise to take full advantage of them, and a deep understanding of the state of the space that we are trying to navigate.
As far as dotBrands go, the decision to apply or not apply is one that requires careful consideration and preferably the assistance of an experienced adviser. Regardless of the final decision, there is great value in ensuring that it is informed and well documented, all of which we will dive deeper into in the second article of this series.
The third part of this series will look beyond dotBrand and explore how the findings from this article can be used by brands, how to navigate online brand protection as new gTLDs launch, trends and tools for enforcement and monitoring, and more.