What is Domain Squatting? How to Protect Your Brand

Domain squatting is registering a domain you don't legitimately own, in bad faith, to either extract a ransom from the rightful owner or to deceive their visitors. It's been around since the mid-1990s; in 2026 it's still common enough that big brands have full-time legal teams handling UDRP filings.

Here's what to know.

The three main flavors

1. Cybersquatting

Registering a domain that matches a known trademark, in bad faith. Example:

• You launch "Acme Corp" with acme.com. A squatter registers acme.io, acme.net, acme.app and waits for you to want them.
• Demands $5,000-$50,000 to release each.

This is the original, classic squatting. It's illegal under US law (ACPA — Anticybersquatting Consumer Protection Act of 1999) and under the ICANN UDRP policy.

2. Typosquatting

Registering common misspellings of popular domains.

• gogle.com (single missing 'o')
• facebok.com
• amazn.com

Visitors who mistype land at the squatter's site. Common monetization:

• Display ads (visitor leaves immediately, squatter earns the ad-click cents)
• Phishing pages mimicking the real brand to steal credentials
• "You've won an iPhone" scam pages
• Redirect to competitor sites (paid affiliate revenue)

3. Brand-jacking / cousin-domain squatting

Registering close variants that aren't strictly trademarks but are confusingly similar.

• acme-support.com (your support team isn't there)
• acme-payments.com (phishing target for your customers)
• getacme.com (looks legitimate, isn't yours)

This is harder to fight because it's not strict trademark infringement. You'd argue "consumer confusion" in any dispute.

Real examples (anonymized)

• A small SaaS company we know launched in 2024 at usenovel.com. Within 30 days, novel.app, novel.io, novel-ai.com, novelhq.com, getnovel.com, and novelapp.com were all registered by various squatters. Recovering all of them via UDRP would cost ~$10,000+ and 6-12 months of legal time. They picked their battles — recovered novel.app (most likely to confuse customers), let the others go.

• A big-brand fintech, name withheld, has a full-time team that files ~50 UDRP complaints per year. Cost ~$75,000/year in filing fees and legal time. They consider it a baseline cost of having a known brand.

The lesson: the bigger your brand, the more squatters target you, the more expensive defense becomes.

Defense: register defensively from day one

The cheapest protection is buying the domains yourself before squatters do:

• Your exact brand on .com, .net, .org, .us — ~₹1,646/year at REXO HOST
• Common typos of your brand, if it has any — ~₹399 each
• Hyphenated variants if your brand is two words
• The plural form if your brand is a singular noun

For a unique invented brand (like "Stripe", "Slack", "Notion"), defense is cheap — only a few variants to register. For a generic-word brand ("Best Pizza", "Quick Cars"), defense is essentially impossible — every variant you can think of, someone else already registered.

This is one reason why invented brand names are strategically better than descriptive ones — they're easier to defend.

Recovery via UDRP (if it happens)

If a squatter registers your trademark and refuses to release it:

Step 1 — Document your trademark

You need a registered trademark (or strong common-law trademark) that predates the squatter's registration. Register your trademark BEFORE you publicize your brand.

Step 2 — File a UDRP complaint

UDRP (Uniform Domain-Name Dispute-Resolution Policy) is administered by WIPO and a few other arbitration providers. Filing fees: ~$1,500-$2,000 per domain.

You file a complaint stating:

• The domain is identical or confusingly similar to your trademark
• The registrant has no legitimate interest in the domain
• The registrant registered + uses it in bad faith

Step 3 — Squatter has 20 days to respond

If they don't respond, you usually win by default. If they do respond, the panel reviews evidence and rules within 2-3 months.

Step 4 — Domain transfers to you (if you win)

The decision is binding on the registrar. The domain transfers to your account within 10 days. You pay the standard 1-year renewal at your new registrar.

UDRP wins ~85% of the time when the trademark is clear and the registrant has no legitimate use.

Recovery via court (the nuclear option)

For high-value cases, you can sue under ACPA (US) or equivalent laws in your country. Process is more expensive ($20,000-$100,000+), takes longer (6-18 months), but offers more remedies (statutory damages up to $100,000 per domain).

Only worth it for very high-value domains. UDRP is the practical option for almost every dispute.

Frequently asked questions

Is "domain squatting" the same as "domain investing"?

No, important distinction. Domain investing means buying generic / dictionary-word domains and reselling them legitimately (e.g., pizza.com was bought by an investor in 1994, sold for $2.6M in 2008). Squatting specifically means bad-faith registration of trademarks. The line is fuzzy in practice.

Can I get a domain back without UDRP if the squatter is reasonable?

Yes — many "squatters" are just opportunists who'll sell for a few hundred to a few thousand dollars. Email them with a polite offer. If they accept, use a domain escrow service (Escrow.com is the standard) for safe transfer.

What if a competitor (not a squatter) owns my brand domain?

UDRP requires "bad faith" — competitive use isn't necessarily bad faith. If a competitor genuinely uses the domain for their business and registered before your trademark, you probably can't recover. Consult a trademark lawyer.

How do I know if a domain is squatting or just unused?

Check WHOIS history (services like DomainTools). If the domain was registered shortly after your brand became known and has never had a working site, that's suggestive of squatting. If it predates your brand, harder case.

Can REXO HOST help with squatting issues?

If the squatted domain is at REXO HOST, we comply with valid UDRP decisions. If it's at another registrar, you go through their abuse process or directly to WIPO. We can advise on the playbook — WhatsApp us.

Defensive registration today

Search your brand across .com, .net, .org, .us at REXO HOST — register the ones you don't already have. ~₹1,646/year for all four = cheap insurance against squatting.