Domain names in the time of COVID 19 – EURid steps up scrutiny

It is not surprising that the use of COVID-19 related domain names has increased significantly in recent months. Some unscrupulous individuals and organisations have sought to exploit the public demand for coronavirus-related information, products and services by setting up phishing attacks and creating websites to sell unauthorised medical products and equipment (see EMA warning).  As a consequence, in March 2020 EURid (the .eu domain name registrar) updated its pre-registration algorithm checks to identify those applications which incorporate COVID-19 related keywords.  This development is interesting for tech businesses, as in the so-called 'wild west' of domain name registration, it would be very useful if EURid pre-registration algorithm checks could also identify those applications which purport to misuse trade mark rights.   

EURid uses a pre-registration system called Abuse, Prevention and Early Warning System (APEWS).  Traditionally, the APEWS has focused on patterns in application data (including registrant data and name servers) to identify malicious domain name applications.  That is, by using quantitative analysis, the APEWS flags those domains that are likely to have been applied for by malicious actors, with less attention being placed on the content of the actual domain to be registered.  Under these EURid measures, registrants of domain names flagged up by APEWS are required to ‘explain’ their domain within seven days - i.e. confirming it was registered in ‘good faith’.  For brand owners, EURid's inclusion of COVID-19 related terms in its algorithm represents a welcome first step to a more qualitative approach to domain name applications.

To some extent, this change by EURid is following in the footsteps of Nominet (the .uk domain registrar) who in July 2018 introduced the Domain Watch system to help it identify which domain name applications are likely to be used for phishing. Those applications which look suspicious are suspended until the registrant provides Nominet with evidence of good intentions regarding use of the domain name. According to Nominet, most applications caught by Domain Watch are not pursued.  Nominet has also recently announced that it is adding new keywords to the Domain Watch algorithm, such as ‘coronavirus’ or ‘covid19’ as, unsurprisingly, there has been a rapid upswing in domain name registrations containing these virus-related terms.

The measures introduced by EURid are currently in place until the end of June 2020, and will be reviewed quarterly.  Introduction of further keyword detection processes by EURid is a move that would be widely welcomed by tech businesses. A return to a purely quantitative analysis would indeed be a missed opportunity.

Thank you very much to Calum Scott for his research in preparing this blog.