Module 8 · Lesson 6
Case Studies: Brand Protection Wins and Failures
⏱ 13 min
Four real cases: a UDRP win (with case numbers), a defensive registration failure, a smart tiered strategy that cut costs by 70%, and the Sunrise period abuse that shows how the safeguards can be gamed.
Case Studies: Brand Protection Wins and Failures
WIPO publishes all its UDRP decisions publicly. That makes it possible to study both the wins and the failures with actual case numbers, actual facts, and actual outcomes. I've supplemented the public cases with patterns from my own experience, the strategic failures I've observed don't make it into WIPO's database, because they never became disputes.
Case 1: The Clean UDRP Win
WIPO Case No. D2019-1617, Volkswagen AG v. Domains by Proxy, LLC / G.k. P.K.
A registrant registered a typosquatted variation of Volkswagen's brand in a generic TLD, pointing it to a page with competitor advertising. Volkswagen's team filed UDRP with WIPO.
The case is textbook for what a strong UDRP complaint looks like:
- Volkswagen has one of the most recognized trademark registrations in the world, registered across dozens of jurisdictions
- The domain name was identical to a Volkswagen trademark string with minor modification
- The site served competing automotive advertising, classic pay-per-click (PPC) parking designed to generate revenue from Volkswagen's brand reputation
- The registrant defaulted (didn't respond), which is common in clear-cut cybersquatting
Panel decision: transfer granted. Elapsed time from filing to decision: 5 weeks.
The lesson here isn't that Volkswagen won, they were always going to win this one. The lesson is the process: the monitoring team spotted the domain, internal IP counsel evaluated it, the complaint was filed with complete evidence, and six weeks later it was done. The system works when you work it correctly.
For brands with less recognition than Volkswagen, the same outcome is achievable if the trademark registration is solid and the evidence of bad faith is clear. WIPO case D2018-0454 (Marriott International v. Domain Admin) is another clean example with a mid-sized brand getting a clear-cut win against a PPC parking operation.
Case 2: The Defensive Registration Failure
This case doesn't have a WIPO number, because the brand never recovered the domains through UDRP. It became a monitoring and incident response story instead.
A mid-sized European e-commerce brand, I'll call them Brand X, as identifying them serves no purpose here, made a reasonable defensive registration decision in 2015. They registered their brand name across 80 TLDs, covering .com, most major gTLDs, and their top 10 market ccTLDs. Budget: approximately $4,000/year. They renewed everything annually.
In 2021, a phishing campaign targeted their customers using brandx-support.online. The attackers set up a convincing fake support portal, harvested customer credentials, and the campaign ran for approximately six weeks before a customer flagged it to Brand X's actual support team.
Post-incident analysis: Brand X had registered brandx.online but not brandx-support.online. The defensive registration strategy had focused on exact-match registrations, not on compound strings. The attackers used a compound string (brand + support keyword) that was outside the registered portfolio.
Two things went wrong simultaneously. First, the defensive registration strategy gave the brand false confidence, they believed they had covered .online because they had registered brandx.online. Second, there was no active phishing monitoring on Brand X's domains or brand string. The attack ran for six weeks undetected internally.
The remediation cost, incident response, customer notification, credential reset tooling, regulatory reporting, exceeded $200,000. The defensive registration portfolio cost was $4,000/year. But neither the portfolio nor its absence was the primary issue. The absence of monitoring was.
The correct defense against brandx-support.online was not registering all compound strings (there are infinite compound possibilities). It was monitoring for new registrations containing "brandx" as a substring, which would have surfaced brandx-support.online within 24 hours of its registration, three weeks before the first phishing email went out.
Case 3: The Efficient Tiered Strategy
A software company with operations in 15 countries came to a review process with a domain portfolio they'd built reactively over a decade. They had ~600 domains. Annual cost: roughly $22,000. No formal strategy, registrations had accumulated through "grab it just in case" decisions made by different teams over the years.
The audit found:
- 180 domains with no DNS configuration at all, never set up, serving NXDOMAIN
- 65 domains redirecting to the same destination as 30 other domains they already owned
- 40 domains in TLDs where the company had no trademark registration and no realistic enforcement path
- 12 domains registered in languages the company had never marketed in
After rationalizing the portfolio down to 210 domains (Tier 1 and Tier 2 only) and implementing zone-file monitoring for new registrations containing their brand string, their annual spend dropped from $22,000 to approximately $8,000 ($4,200 in registrations + $3,800 in monitoring). In the 18 months following, their monitoring caught 11 infringing registrations. They filed UDRP on 3 (clear bad faith cases), sent C&Ds on 5 (mixed results, 3 removed the content, 2 ignored it and had no content worth pursuing), and bought 1 directly for $350 because the registrant was willing to sell.
Total enforcement cost over 18 months: ~$7,500 for UDRP filings plus minor C&D cost. Total savings vs previous approach: ~$14,000/year in registration costs, plus the operational overhead reduction.
This is the 70% cost reduction referenced in the module description. It's achievable for most companies that have built defensive portfolios reactively. The key is honest auditing, most portfolios have significant dead weight.
Case 4: The Sunrise Period Abuse
This is the case I find most cynical, and I've seen variants of it more than once from the registrar side.
The TMCH Sunrise period is designed to give trademark holders priority registration access before a new TLD opens to general registration. The assumption is that trademark holders are brands protecting their legitimate interests.
The gaming works like this: an individual or company registers trademarks, sometimes in obscure national trademark offices with minimal examination requirements, specifically to enroll them in TMCH. The registered mark might be a common English word, a geographic term, or a short string with broad applicability. Once the mark is in TMCH, it qualifies for Sunrise registration in new gTLDs.
In some cases these speculators then register strings during Sunrise across dozens of new gTLD launches, building a portfolio of high-value domain names that the actual relevant brands then have to fight for through UDRP, at UDRP cost and timelines, despite theoretically having prior Sunrise protection.
WIPO and ICANN have documented this pattern. WIPO case D2014-1084 (JWC Entertainment LLC v. Dorine James) involves a Sunrise dispute where the legitimacy of the underlying trademark registration was questioned. The TMCH's verification process has improved since the first gTLD round, but the incentive structure remains: if you can get a trademark registration, you can use it for Sunrise access.
For legitimate brands, the lesson is: enroll in TMCH early, monitor ICANN's new TLD launch calendar, and use Sunrise periods actively. Don't assume that because you have the obvious trademark, the domain will be available when the TLD launches. Someone may have gotten there first with a questionable registration.
Key Takeaways
- Clean UDRP wins require strong trademark registration, clear evidence of bad faith, and complete documentation. The process takes 5-8 weeks and costs $1,500-2,000. It works.
- Defensive registration portfolios create false confidence if they're not paired with monitoring. Attackers use compound strings and variations that no pre-registration strategy covers completely.
- Portfolio audits consistently find 30-50% of defensive registrations with no strategic value. The cost of carrying dead weight adds up.
- Sunrise period abuse happens. Enroll in TMCH and monitor new TLD launch calendars proactively. Don't assume your trademark protects you automatically.
- Monitoring is the single intervention with the best ROI. Every other strategy depends on knowing the problem exists.
Further Reading
- WIPO UDRP case search: wipo.int/amc/en/domains/search
- ICANN TMCH Sunrise dispute procedures: trademark-clearinghouse.com/content/sunrise-dispute-procedures
- WIPO Overview 3.0, Section 3.3 (bad faith through PPC parking): wipo.int/amc/en/domains/search/overview3.0
Up Next
Lesson 07: The registries and registrars. Who takes brand protection seriously, what good abuse response looks like, and how to reach the right person when a domain needs to come down quickly.