The Internet is a vast place. It is estimated that there are close to 2 billion websites online in 2022. Each of these websites has a unique hostname, or ‘domain’, that can be resolved into an IP address.

Whilst anyone can access these websites, one should note that some domains are more ‘valuable’ than others. Domains that include relevant keywords are more likely to show at the top of search engine results, directing more traffic to those sites. For example, a Google search for “how to make a voicemail” may direct you to websites with the word ‘voicemail’ in the domain name.

Many companies looking to establish their digital presence will also select domains that are similar to their trading names. This makes it easier for their target audience to discover their website. Consequently, this has driven the price of ‘relevant’ domains to extortionate levels. In fact, in 2019 the domain ‘’ sold for a whopping $30 million!

Sadly, in such a high-value market, there are malicious actors that intend to abuse this system for their own gain. This article will cover the basics of what domain squatting is, how you can prevent it, or how you may retrieve a domain that is being held hostage.


What is domain squatting?

To understand what domain squatting is, we must first talk about the practice of ‘domain flipping’. This is where relevant domains are bought by investors, who intend to either use or sell that domain later. Advocates of this business model claim it is a perfectly legitimate business practice, no matter how irritating it may be for companies.

Domain squatting, or cybersquatting, is where entities register domains under bad faith business practices. Unlike domain flipping, domain squatting is illegal (more on that later).

How do domain squatters operate?

Domain squatting comes in a wide variety of forms. To protect yourself from squatting, it is important to learn the techniques that bad faith actors use.

You should also note that domain squatters act with different intentions. Generally, they can be split into two broad categories:

Opportunistic domain squatting

Opportunistic domain squatters deliberately target companies by registering domain names that share the name of that targeted company. The aim is to charge those companies ridiculously inflated prices to buy the domain off them.

This form of squatting is particularly effective where companies do not use an email hosting service. In these cases, losing the domain name could also mean losing the company email. Conglomerates and large businesses are often more willing to pay ransom to domain squatters to mitigate damage that may be done.

Typical practices of opportunistic domain squatters include:

  • Taking domains that include the names of newly registered companies.
  • Monitoring domains held by companies that are set to soon expire, so that the domain may be ‘stolen’ from that company. The dates of expiry may be collected on a single data ingestion framework for the domain squatter to scour for targets.


Malicious domain squatting

Malicious domain squatters operate in a similar way to opportunistic domain squatters. However, the intention here is far worse: to defraud that company by diverting its web traffic to their site. This may be to steal the digital presence and market share of that company, or to scam that company’s employees and customers.

Typical practices of malicious domain squatters include:

  • Typosquatting – where a domain similar to the targeted name is registered, but with a misspelled word. The hope is that people make that same spelling mistake when searching for the targeted company.
  • Homophone squatting – where a domain similar to the targeted name is registered, but with a similar-sounding word. The hope is that text-to-speech assistants like Google Assistant erroneously point people to that website.
  • TLD squatting – where an identical domain to a pre-existing domain is registered on another top-level domain. This means that the URL looks exactly the same except for the TLD (such as .com, .org, or The hope here is that visitors are unaware of which domain is the legitimate version.
  • Level squatting – where a website domain includes the targeted domain name as a subdomain. This means that the latter part of the URL appears identical to the legitimate website. The hope here is that visitors using mobile devices cannot see the full domain, and think they are on the correct site. To protect yourself from mobile level squatting, you may consider using a mobile browser that has been tested on a stringent testing app store.

In any case, opportunistic and malicious domain squatting are harmful to companies. In the best-case scenario, targeted companies must either give in to the squatter’s ransom or settle for a less-relevant domain name. In the worst-case scenario, the brands of targeted companies are ruined by their association with fraudulent actors, undermining user experience.

Is domain squatting legal?

In short, domain squatting is illegal in the USA under the Anticybersquatting Consumer Protection Act (ACPA).

However, the question of where ‘domaining’ ends and ‘domain squatting’ begins is a tough question to answer. For a claim under the ACPA to be successful, two main criteria must be met:

  1. The squatted domain must be “identical or confusingly similar to a trademark or service mark of another that is distinctive at the time of registration”.
  2. The domain squatter must be acting “with the bad-faith intent to profit”.

This means that for an ACPA lawsuit to succeed, the claimant must usually own a ‘distinctive trademark’ under which the domain falls. Beyond this, the onus lies on the claimant to prove that the squatter is acting with bad-faith intent, which can be tricky to argue.


How can you prevent domain squatting?

The best way to mitigate the harm caused by domain squatters is to simply take preventative action to stop that domain from being taken in the first place.

Here are our top tips for preventing domain squatting:

  • Buy domains only from accredited domain name registrars (this will protect you from phishing scams).
  • Register your preferred domain as early as possible. Domain squatters have been known to scour recently searched domain names to assist them in identifying targets. For this reason, you should register your domain quickly, even if you do not intend on hosting the website yet.
  • Register similar domains to your preferred domain. It’s now common practice for companies to register their domain under alternative TLDs (such as .com, .org, or This offers that company an extra layer of protection against squatters, even if it may seem time-consuming and costly.
  • Go one step further and register commonly misspelled versions of your domain name.
  • Work with a domain ownership protection service. Not only can they set up an automatic domain renewal system, but they can alert you to cyber attacks by squatters. Most of these services use contact center technologies to provide 24/7 support in these circumstances.
  • Register a trademark for your company’s name or domain name. This will afford you greater legal protections and make your case against domain squatters stronger should you need to litigate.

How can you reclaim squatted domain names?

Has your preferred domain name been taken already? Well, there are several approaches you can take to reclaiming the squatted domain name:

Wait for the domain ownership to expire

The cheapest option for reclaiming a squatted domain is to simply wait for the squatter’s ownership to expire. This is often the predicament that companies find themselves in – where they have a weak legal claim to the domain and refuse to pay ransom to the squatter.

The best approach here is to seem disinterested by choosing to register another domain. Then the squatter believes their chances of winning the ransom to be slim, and they won’t bother to renew the domain. At this point, you can swoop in and take it right back, simple right?

Sadly, this approach comes with several drawbacks that reduce the effectiveness of such a strategy:

  • Firstly, you may be waiting for a long time for the domain to become available. Domain names are typically registered for periods of 1-10 years. In the busy world of Ecommerce, you could be missing out on huge lost profits in that time.
  • Domain squatters often use automatic renewal services to reclaim their domain names. As such, you may be waiting for years just for the squatter to renew it at the last moment. This means there is never any guarantee that you will get the opportunity to register it on the displayed expiry date.
  • Third parties may see value in the squatter’s held domain names and choose to pursue it for themselves. In this case, they may choose to negotiate with the squatter or launch a bid to register the domain upon expiry. This means you may be inadvertently allowing a competitor to take your preferred domain name, potentially harming your business.


Choose to negotiate

If the above drawbacks of playing the waiting game don’t appeal to you, another option is to enter negotiations with the squatter.

For domain squatters, money is often the sole interest behind their dodgy business practices. That means that they may always choose to sell the domain to you if you can offer them a high price.

Unfortunately, you shouldn’t expect squatters to be reasonable in their negotiations. They will likely be asking for a massively inflated price than the market rate. If you do choose to go down this route, certainly be sure to practice your online sales coaching for the best negotiation techniques!

In worst-case scenarios, they may even use this as an opportunity to defraud your company and refuse to transfer ownership. Not only that, engaging in negotiation sends a signal to squatters that you are a prime target for attack. You may find that after paying ransom for a preferred domain, other similar domains are also snatched up by squatters. This is an attempt to squeeze yet more money out of you due to your willingness to give in to demands.


Take legal action

Note to reader: this article does not constitute legal advice. Always seek legal counsel before choosing to engage in legal proceedings.

Finally, there is always the option of taking legal action against the domain squatter to redress the issue. There are two approaches that you may take here:

Go through the federal courts system

As mentioned earlier, domain squatting is illegal in American jurisdictions under the ACPA. This means that claimants may file lawsuits within the federal courts to evict the squatter from their chosen domain.

However, these lawsuits are lengthy, expensive, and risky for claimants to engage in. If the claim fails, the claimant company must foot the bill for the court costs and legal advice, making it a risky strategy. Ask anyone versed in digital signatures law, and you will hear just how cumbersome digital claims can be.

Furthermore, the intention to enter legal proceedings may send the wrong message to domain squatters. For example, it may be interpreted as a particularly high-value domain, causing the squatter to raise their asking price. So, if you do not have a concrete argument, pursuing legal redress under the ACPA may not be in your best interests.

Go through the ICANN

The ICANN stands for the ‘Internet Corporation of Assigned Names and Numbers’. It is a non-profit entity that helps govern the security and stability of the Internet (and all associated metaverses).

One of the ICANN’s responsibilities is governing registered domains. They have a means of redress titled the ‘Uniform Domain Name Dispute Resolution Policy’ (UDNDPR). Under this policy, they work with several domain name registrars to evict squatters from ill-gotten domains.

If you feel that you have a strong case for claiming a domain, you may consider going to the ICANN before going to the federal courts. This approach comes with several positives:

  • Cases are adjudicated by specialists selected by the ICANN, who are experts in their field.
  • The UDNDPR can resolve disputes much faster than the lengthy courts system.
  • Launching an appeal via the ICANN is significantly cheaper than litigating in court.


By now, you should have a good idea of what domain squatting is and the various techniques bad-faith actors employ. Understanding the mind of cyber criminals is crucial in establishing a comprehensive threat defense.

Should you find your preferred domain name taken by a squatter, consider all alternatives before pursuing expensive legal proceedings. Often, the most effective defense is to be aware of, and prepared for, a domain squatting attack in the first place.

Page metadata

Page Title Domain Squatting: What to do if Your Domain is Held Hostage
Meta Description This article will cover what domain squatting is, the techniques used by domain squatters, and how you can counter them!



Grace Lau – Director of Growth Content, Dialpad

Grace Lau is the Director of Growth Content at Dialpad. Dialpad customer service chatbot helps for better and easier team collaboration. She has over 10 years of experience in content writing and strategy. Currently, she is responsible for leading branded and editorial content strategies, partnering with SEO and Ops teams to build and nurture content. Grace Lau also published articles for domains such as UpCity and Soundstripe. Here is her LinkedIn.

Headshot: Image

Pin It on Pinterest

Share This