2026 Domain Trends: Protecting Brands and Preventing Fraud

Disclaimer: Please be advised that this recorded webinar has been edited from its original format, which may have included a product demo and other engagement features. To set up a live demo, please complete the form above on our website. If you currently are not on our website and are watching this on our YouTube channel, there's a link to the website in the description of this video. Thank you.

Christy: Hello, everyone, and welcome to today's webinar, "2026 Domain Trends: Protecting Brands and Preventing Fraud." My name is Christy DeMaio Ziegler, and I will be your moderator.

Joining us today is Quinn Taggart. Quinn is a product coach for Digital Brand Services and assists clients in the areas of online brand and cybersecurity strategy. Quinn has been with CSC for over 20 years, and his wealth of knowledge and experience is appreciated by brand owners as he helps them to better understand their evolving digital asset portfolio and minimizes their risk.

And with that, let's welcome Quinn.

Quinn: Thanks, Christy, for getting us started on yet another webinar in our series. This particular webinar is kind of highlighting the results and trends as part of that report, but we're going to recap a few things. So we're going to look at the structure for domain handling, communications, and internal structure within your organization. We'll do a little quick recap on the domain name life cycle. I use this slide and series of slides a lot on most of my webinars for a couple of reasons. One is that sometimes people forget how things go when it goes along with the domains. And so it's always good to just recap about that.

We'll look at the balance of domain industry pieces. We'll look at global versus regional portfolios. There's a big difference between the two of those. And then we'll touch on some online fraud. And then we're going to do a spotlight on .ai, and that seems to be the hot button domain TLD topic of the day. And then we'll look at that and how that taps into our trends.

So a little different from the strategy webinar that we've done in the last little while, the 201 and 401 series and the like. This one hinges on our Domain Name Trends 2026 report.

So the first thing up is internal structure. One of the key aspects of being able to manage domains effectively internally is to make sure you're engaging the right stakeholders and making sure, of course, that everybody does their part when it comes to domain name management overall. Everybody has got a little piece to play in all of this, of course. The folks in marketing are typically looking at SEO and traffic. The folks in legal are ultimately tasked with protecting the brands overall and the intellectual property in general. The security folks, of course, are trying to make sure that your customer base aren't experiencing any potential phishing attacks or impersonations, counterfeit goods, and all of that sort of thing. And it really ties back into domains in general.

And then the other aspect is the IT side of things. Of course, keep the lights on, make sure things are moving, sites are live, email is flowing. And then it all hinges back into your domain administrators. Now we know from experience that in a lot of organizations, your domain administrators aren't necessarily a full-time job. Typically, there are other things for them to be doing within the organization. It could be somebody in marketing that's also looking after things. It could be somebody in legal that's also looking after things and so on. But at the end of the day, whoever is tasked with handling the domain administration overall, that's the person that's going to be the linchpin in this aspect.

Now we recommend, of course, that you put together a rather formal digital governance council, which would comprise of the appropriate stakeholders from all these different teams. Your internal structure might be a little different. Possibly security is lumped in with IT. Whatever the case may be, the idea is to make sure that the stakeholders are communicating, everybody understands their role and what it has to play when it comes to domain management overall.

So this is a slide I like to use a lot. In this particular aspect, we want to look at things on the domain name life cycle from a couple of different angles. And one of the key aspects, when it comes to domains, is that you don't technically own a domain name. You're leasing the domain name. As long as you keep making the payments, it's yours to do with as you please. You're going to back that up probably with a trademark or a link to a brand so that you've got some defense and the like. But at the end of the day, you're only leasing it.

So when we get past the active part of this circle, and we go into expired and redemption grace period, and so on, once that domain goes back out into the wild, anybody else can pick that up. And that's an important aspect to remember. A lot of folks are keeping an eye on budget right now. So they're looking at possibly purging domain names out of their inventory. There are risks that are associated with that activity. But one of the key aspects of it, of course, is that once the domains get back out into the wild, somebody else can pick those up. Not all domains that get picked up after the fact end up getting weaponized, but the risk is there. So you want to make sure you educate yourself on what's going to be important overall and what your penchant for risk is overall.

At a high level, portfolios can be divided into two main buckets. You've got your offensive bucket and your defensive bucket. So the offensive bucket makes sense. These are ones that are in use. They've got original content on them. You might be using them for email, internal intranet sites, and so on. Anything that's going to put those names in use is likely going to put them into the offensive bucket.

And then the defensive bucket, these support your brand protection online of your core brands. Most folks will be securing typos and other types of variations. And usually, the mentality behind it is that so third parties can't own them and then, of course, take advantage of using those against you.

Now there's a bunch of different schools of thought on what do you do with defensive domain names. Do you make them live? Do you redirect them? How do you want to handle them? That's a personal choice. So it's up to you internally to kind of decide how you want to handle that. Most folks are in a bit of a hybrid-type scenario. Some of their defensive domains are pointing over to live content, and others not necessarily. But the key factor is that you want to make sure that you're documenting why you have them. It'll come in handy down the road.

And, of course, one of the big keys in all of this is keeping the balance. So typically, we're going to look at three main PIPs when it comes to keeping the balance on your domain inventory. We're going to look at what your budget restraints are going to be. Everybody has got budget restraints. There's only so much money to go around. And since COVID has struck, most people are looking hard at their budgets and trying to find ways to save money. I get that.

But it also ties back into what your penchant for risk is going to be. Do you consider yourself risk-averse, or do you consider yourself risk takers? More than likely somewhere in between.

And then, of course, the third PIP is your monitoring and enforcement side of things. Some folks just do word of mouth, and as people find infringements, they're made aware of them and they deal with them. Other folks have more of a robust monitoring and enforcement package in play, proactively looking at how their brands are being represented online, any third-party infringements that might crop up, and how, of course, those are being used.

So you can kind of cheat on one of these aspects. But in order to do that, of course, you're going to have to up your game on the other side of it. You want to reduce your budget? Great. You might have to increase your penchant for risk and be more of a risk taker rather than being highly risk-averse in order to be able to compensate for that. Each one of these adjustments that you make is going to come out a bit of a cost on the other side of things.

So one of the key things is, of course, prioritization of your enforcement activities. You may get 100 or 200 results in the run of a month. Well, you can't chase 100 or 200 results. Your legal team just isn't capable of being able to do that. So you've got to find a way to prioritize those types of infringements in order to be able to make sure that you're attacking back at the best of the worst, if you want to put it that way.

So when we look at the trends, one of the key aspects is looking at things from whatever level is going to make the most sense for you. So from a global level, here at CSC, when we look at availability reporting and portfolio analysis pieces for our clients, we like to look at things from a global level and then potentially regionalize from there. But it's no surprise when we look at the top TLDs in play when it comes to registrations, .com and .net are still number one and two, followed by the other gTLDs of .org, .info, and .biz.

But when it comes to the country code registrations, the ccTLDs, these are the ones that represent each individual country on a global scale. The first consideration is usually, "Hey, am I doing business in that country? And if I am, perhaps for my core brands, I should have a corresponding domain name that goes along with it." That drops it into the offensive budget.

But also, too, when it comes to the country codes, a lot of the registrations have to do with risk. And as we mentioned before, what's your penchant for risk? If you consider yourself risk-averse, you may want to shore up some country code registrations in adjacent markets or in riskier countries in order to be able to make sure that you're protecting your brand online and allowing yourself a little bit of area for future growth. Looking at your five-year plan, where are you planning on selling into?

Things that are e-comm and online it's like, "All right. I'm a global company. Do I need everything?" No, you don't. And you likely don't qualify for everything. Last time I looked, if you were to buy one of every extension that's actually available, it's a $400,000 to $600,000 bill. Nobody has got that kind of budget laying around doing nothing. And also, too, in some of the countries, you need a local company, or you need a local trademark in order to be able to qualify. There's a variety of different moving parts that kind of impact your registration strategy in that regard.

But one of the key things in looking at this is, is there a risk in not owning some of these extensions, i.e., are they commonly used by the bad actors? And that's where the defensive side of things is going to come into play.

Now when we start to look at things from a regional perspective, okay, globally, .com, .net, .co.uk, .org, and .info are your top five. But when you look at companies that are based out of EMEA, Europe, Middle East, and Africa, that's when you start to find things kind of go a little off kilter. Not a surprise that .com, .co.uk, .net, and those are all still in the top 10, as it were. But you can see where things kind of jiggle around a little bit, and it makes sense. It makes sense. People in Europe are likely going to want to look at a .co.uk or an .fr or .de way before they want to look at maybe even .net, .org, .info, .biz, or other country code registrations on top of that.

Now where it really starts to peel out is when we start lumping in the other regions that go along with it. But for your end, you want to make sure that you're taking into consideration who your target audience is, their locations, how search is going to react for you, and then, of course, whether your key properties are ready for the localized traffic.

So as most of you know, Google will give preference to a localized country code registration domain if it has unique content indexed, and they can search based on that. So I'm in Canada. So if I go into Google, and I go looking for Amazon, as an example, default will come up with amazon.ca on top. Why? Because I'm in Canada. That's what I'm searching for. If I go to amazon.ca, at least I know I'll be shipping in my home country and it'll be in my currency. If I was in the U.S., it would come up with amazon.com. These are the kinds of things you need to think about in order to be able to drive traffic properly through your inventory.

So when we do add in APAC and North America, you can see where the lines really start to get out of hand, and things start dropping around and rearranging things on top of everything else. Although not a surprise that .com and .net are number one and two on the North American side. But then it starts to really make a mess above and beyond that. So you really want to take into consideration where your target audience is, and then shore up the necessary registrations that go along with that.

The new gTLDs, well, this is another wrinkle when it comes to your domain registration strategy, because a lot of the new gTLDs, which were launched in 2012, I believe, are keyword-oriented domains that we would have normally married as keywords with clients' key brands and then made .coms or whatever out of them at some point. So if the brand was ABC, we might have done abconline.com or abcshop.com or shopabc.com. Now you've got a .shop and a .store and a .online, and these have been around for a while.

But when we look at registration volumes on a global scale, .xyz starts at the top. Why? I don't know. They gave a whole bunch of them away at one point, and I thought, "All right. Well, that'll fix itself when renewals come around." And then people kept renewing them. I don't see it myself, but okay. And then you get .top, .shop, .online, and .store. Totally understand those.

But when we look at the corporate side of things, we'll see a bit of a mix between offensive and defensive. We see .app, .online, .shop, .xyz, and .sucks. So, certainly, .app, .online, and .shop, those are your offensive domains. Those are ones we would expect to see live content on and tying directly back in with some sort of a brand or service within the organization. .xyz and .sucks, more of a defensive posture when it comes to that part of it.

But .com is still king of the hill as we would expect. And the churn is the other aspect when we start to look towards comparing new gTLDs with "the regular stuff." Hey, Round 2 for new gTLDs is coming up, starting on April the 30th. It's going to be a real interesting thing to watch.

So when we look at fraud as it relates to domain online activity, the common extensions that we're seeing, of course, .com is still king no matter what you do, whether it's legitimate registrations or even in the fraud side. And a lot of that's got to do with sheer volume. One of the key aspects, when you look at fraud or third-party registrations as a whole, whether they're speculating and trying to sell them, or whether or not they're actually utilizing them for things like pay-per-click or weaponizing them, .com is a common target simply because of three main things.

One, of course, is that when you look at it from the third-party perspective, they're cheap. They're easy to get. There are no rules. And then the third tenet for most of the third parties is, "How am I going to get my money back?" And if they're speculating and putting them up for sale, sure, that's one way to get your money back. They put up pay-per-click, they're trying to slice and dice a few cents here and a few cents there. And then, of course, if they're going to weaponize those, .com is more widely respected and recognized by the individual people online. So if it's a .com, you get a better chance possibly of being able to fool your target audience.

But there are some other commonly used extensions when it comes to fraud. Things like .cc, .co, .tv, these are what we classify as vanity TLDs or quasi-TLDs. And these are country domains that are used like global ones, but on top of that, too, is the power of association. .tv is the best and most prolific example, when it comes to that. And we'll talk about that here on the next slide.

So those vanity domains are a bit of a hidden threat of sorts over the years. A lot of these are unrestricted, meaning there are no rules to pick them up. Anybody can buy them. They are typically a little bit more expensive than a basic .com. But they've had a secondary purpose. Even though they are related to specific countries, like .co for Colombia, .cm for Cameroon, .tv for Tuvalu, and so on, they've had some associations driven against them over the years that caused people to associate them with other things, and that's the popularity that goes along with it.

We certainly have seen that with .ai. But over the years, some of the other ones that have come along, .cc for credit card, .ws for website, .am and .fm for radio. .co and .cm were heavily marketed as typos for .com. And that's when direct navigation was a big thing. It's not as much anymore, but it still can give that quick look association and maybe help out somebody on a bit of a phishing attack. But .ai certainly is top of people's minds right now.

Speaking of. ai, and we look at their registration volumes between 2018 and 2025, it did not take them long to jump from a modest 50,000 registrations all the way up to, at the end of 2025, well over a million. So they've had exponential growth over the years. It'd be interesting to see what it looks like in a few years when it comes to renewal time. But, certainly, they've experienced that exponential growth. But as the .ai registrations have pretty well skyrocketed, so have infringements and the UDRP cases that go along with it.

Now back in 2023, for our Domain Security Report, we did a bit of a highlight on .ai registrations against the Forbes Global 2000, which is the target of our Domain Security Report. And I refreshed it a bit before we got into this webinar. And we can see that in the overall scheme of things, the landscape has changed quite a bit. Third-party registrations are up. Availability is also up. But the company-owned registrations have gone down.

Now, in thinking of that, some of the corporations might have looked at it as, "Our .ai is a bit of a flash in the pan. We picked it up. We don't really need it. We're not using it. We're not doing AI. Why do we have to keep it?" And so they've churned them out, cycled them out, but turned around and third parties are picking them up. That could be dangerous down the road.

So when we look at a base strategy internally, and this is just a mock here. This doesn't represent anybody in particular. But your basic strategy is going to include, of course, your basic gTLDs, U.S. and Canada if you're a domestic or North American company. Mexico, United Kingdom, France, and Germany are the more popular ccTLDs that go along with things, also, for the most part, unrestricted. Or if they do require local presence, we can help.

And then you start to add in a little bit of the optional or risky ones. So your .ai. Don't forget, China and Russia are very risky extensions. And most of the risk associated with them comes with the high infringement piece, but also, too, in how you can defend yourself, even though you have trademarks and intellectual property rights. Russia essentially has no dispute resolution process. China still works on a bit of a clock. You only have so much time to pursue an infringement before time runs out and you're stuck messing with it. Some of the other ones are part of WIPO and that makes life easier, but they're still in that vanity category.

So you really need to kind of step back for a second and say, "All right, fine. Again, what's our penchant for risk? Balance that back with our budget that's available. Are we doing any monitoring? How is that all going to factor in when we're trying to keep the balance?"

So the key takeaways, maintain some lines of communications internally. It's very, very, very important making sure that all the stakeholders are engaged. Make sure you've got a coordinated approach to domain name management. Make sure your legal team is keeping you up to date on any potential trademark filings. There are a lot of differences between trademarks and domain names. And one of the big ones, of course, is timing. Trademarks can take a couple of years to be registered. But at the end of the day, domains are first come, first served. That's a big difference when you're starting to look at shoring things up. If you waited until your trademark is registered, it's likely too late. You won't get the domains that you want.

And one of the key things, of course, is to establish processes to review your strategy on a regular basis. It's really important to review things on a regular basis to make sure that you're up to date. What was relevant a few years ago might not be as relevant today. Everything is cyclical when it's domains. You'll notice a lot of our best practice guides, logos, and widgets are all circular in size and shape. There's a reason for that, and that's because domain names are a cyclical event.