Dispute Resolution, Intellectual Property

Domain Name & Cybersquatting Disputes: How INDRP and Courts Protect Trademarks

cybersquatting
01
Dec

Over the last two decades, the internet has transformed the way businesses operate. Today, an organisation’s domain name is often the first thing a consumer comes across. In fact, domain names have become almost equal to a company’s identity because they represent its digital doorway. Brands like Tata, Infosys, Amul, Flipkart, SBI, HDFC, Yahoo, Google and many others rely heavily on their online presence to build trust and maintain visibility. Because of this shift toward digital marketplaces, a new form of misuse has become extremely common: Cybersquatting.

Cybersquatting refers to situations when individuals intentionally register domain names that are identical or confusingly similar to well-known brands. These registrations are not accidental. Cybersquatters knowingly exploit trademarks to mislead customers, divert traffic or later sell the domain to the actual owner for profit. This can happen in many ways: Typo squatting (like flipcart.in instead of flipkart.in), fake “fan sites”, phishing websites pretending to be banks, or simply holding a domain matching a famous brand and demanding money in return.

The risk is especially high for banks and e-commerce platforms, which handle sensitive financial data. Scammers use confusingly similar domain names to run phishing scams, collect card details or mislead users into making payments into fraudulent accounts. Because domain misuse grew rapidly in India, especially with the rise of e-commerce and online banking, the need for a reliable protection system became very clear. To address this, both Indian courts and INDRP (Indian Domain Name Dispute Resolution Policy) under NIXI (National Internet Exchange of India) have developed a strong jurisprudence to tackle cybersquatting. Courts have applied trademark and passing-off principles to protect domain names, while INDRP provides a quick, affordable mechanism for resolving .IN domain disputes. 

cybersquatting

Legal Framework for Domain Name Protection in India

Trademark Act, 1999: Passing-Off & Infringement Principles

Interestingly, the Trademark Act, 1999, does not explicitly include the term “domain name”. However, Indian courts have interpreted the law broadly, recognising that domain names serve the same function as trademarks and identify a business. Because of this, courts protect domain names by applying principles of passing-off and infringement.

One of the earliest judgments highlighting this principle was Yahoo Inc. vs Akash Arora (1999). In that case, the defendant ran a website called ‘yahooindia.com’, which was confusingly similar to the famous trademark ‘Yahoo’. The Delhi HC held that even if a domain name is not registered as a trademark, it still functions as one. Therefore, the court applied passing-off principles and restrained the defendant. This case became a foundational point for domain name protection.

Under this approach, courts check for:

  • Reputation and Goodwill

The complainant must show that their trademark or business name has an established reputation. This doesn’t always require a registered trademark. Even unregistered marks with sufficient goodwill can claim protection. Courts frequently evaluate whether the trademark has goodwill. For example, in Rediff Communication Vs Cyberbooth (2000), the Bombay High Court recognised that ‘rediff.com’ had built strong online goodwill. The defendant had registered ‘radiff.com’, arguing that the difference in spelling was significant. But the court held that the similarity was too close and that the users were likely to be misled. This case confirmed that domain names carry goodwill in the same way trademarks do.

  • Likelihood of confusion

The likelihood of confusion is another major test. If an average internet user mistakenly believes the disputed domain is associated with the original brand, courts treat it as passing off.

A good illustration is Infosys Technologies Ltd. Vs Shailesh Gupta (2002), where ‘infosys.net’ was found to be confusingly similar to ‘Infosys’. Although the defendant claimed to operate an independent platform, the court held that the name itself created immediate confusion given Infosys’s strong reputation. This reinforced the idea that similar domain names can mislead consumers even without identical content.

  • Misrepresentation Leading to Damage

Courts also consider whether the defendant’s domain misrepresents itself and causes damage. For instance, in Tata Sons Ltd. Vs Manu Kosuri (2001), the defendant registered multiple Tata-formative domain names. The Delhi High Court found this to be deliberate misrepresentation because ‘Tata’ is a well-known mark. The act itself was considered harmful and misleading.

From all these cases, one pattern is clear, even without legislative amendments, courts successfully extended trademark laws to domain names.

INDRP(NIXI): A Quick and Accessible Remedy

For .IN domain names, India uses the INDRP, which is a simple, cost-effective, and quicker mechanism than going to court. Many Indian companies use this procedure to recover fraudulent domains.

To succeed under INDRP, the complainant must prove all three conditions:

  • Identical or Confusingly Similar

Panels examine whether the disputed domain name looks or sounds similar to the original trademark. This principle was clearly illustrated in the INDRP case involving SBI and sbi-online.in, where the domain was confusingly similar to the official SBI domain. Because SBI is a widely recognised bank, even minor variations could mislead the public.

Similarly, in the Amul Vs amulmilk.in dispute, the panel held that adding a descriptive word like ‘milk’ did not make the domain legitimate. Since ‘Amul’ is a well-known mark, the domain remained confusingly similar.

  • Lack of Legitimate Interest

Most Cybersquatters cannot show legitimate interest in the domain. For example, in the Reliance Industries INDRP case involving ‘reliancepetroleum.in’, the registrant had no business or reason to use the term ‘reliance’. The panel concluded that the registrant was merely taking advantage of a famous brand name. 

  • Registration or Use in Bad Faith

Bad faith is the heart of INDRP. An example is the HDFC Bank dispute where a domain like ‘hdfcbankloan.in’ was used to mislead people by offering fake loan information. The panel found clear bad faith because the registrant intended to exploit the trust associated with HDFC.

Thus, INDRP offers strong protection, especially for popular Indian brands. 

Intersection with UDRP

If the disputed domain is not a .IN domain (such as .com, .org, .net), then the brand must approach WIPO (World Intellectual Property Organisation) under UDRP. Indian companies have used UDRP effectively for international cybersquatting issues. For instance, brands like Tata, Infosys, Bajaj, Airtel have frequently recovered .com domains through UDRP proceedings by proving similarity, absence of legitimate interest and bad faith. 

UDRP and INDRP operate similarly, but INDRP is limited to Indian domain extensions.

What Counts as “Bad Faith”?

Under both INDRP and Indian court decisions, certain behaviours indicate bad faith. Some common examples include:

  • Intention to sell the Domain

In many cases, Cybersquatters register famous domains hoping to sell them back. Courts treat this as clear bad faith. In Tata Sons vs. Manu Kosuri, the court specifically recognised this tactic.

  • Diverting Internet Traffic for profit

Many Cybersquatters collect internet traffic and earn ad revenue. In the Rediff case, the court emphasised how similar domain names can divert users.

  • Running Fraudulent or Phishing Websites

In disputes involving SBI and HDFC, the use of domains for phishing attacks was considered one of the strongest signs of bad faith.

  • Registering Multiple Famous Marks

The defendant in the Manu Kosuri case registered several domains involving Tata, which indicated a pattern of dishonesty.

  • Typosquatting

The dispute involving Flipkart and “flipcart.in” is a classic example where a slight spelling change created confusion, indicating bad faith. 

  • Misleading Fan Sites

Panels scrutinise ‘fan sites’ carefully. If they contain ads or look official, they are treated as bad faith.

  • Passive Holding

Even if the domain is not actively used, if it is held without a legitimate purpose, especially when the trademark is famous, panels infer bad faith.

Legitimate Interest as a Defence

Registrants sometimes defend themselves by arguing they have a legitimate interest in the domain name. Indian courts and INDRP panels recognise that not every similar domain is registered in bad faith. A person may have a legitimate interest if the domain corresponds to their own business name or surname, or if the word is a common dictionary term that is used in a descriptive manner. However, this defence becomes weak when the trademark in question is well-known, such as Amul, Tata or Infosys.

Some registrants claim to run non-commercial fan sites, but even such fan sites must be genuinely non-commercial and must clearly declare that they are unofficial. If the website contains advertisements, sponsorship links or misleads users into believing it is associated with the original brand, the defence collapses. Prior use is also a factor. If a registrant has been using a domain before the trademark rose to fame, they might succeed in proving legitimate interest. But such instances are rare.

INDRP vs Court Litigation: Which One Works Better?

INDRP is often preferred due to its speed and affordability. Most cases are resolved within 60 to 90 days, and the process does not require detailed oral hearings or complicated procedures. It is ideal for straightforward cases of cybersquatting concerning .IN domains.

However, court litigation remains necessary in complex cases involving fraud, large-scale phishing or repeated misuse. Courts can issue broader remedies, such as injunctions preventing future misuse, and they also have the power to award damages. This was demonstrated in Google LLC vs DRS Logistics (2022), where the Delhi High Court took a strong stand against domain misuse that threatened public trust. Therefore, while INDRP is excellent for quick domain recovery, courts are indispensable for long-term and serious disputes.

Evolution of Cybersquatting from the 1990s to Modern Times

Cybersquatting first emerged in the 1990s when people realised, they could buy domains containing famous brand names and later sell them for profit. These early disputes were relatively simple. There is also the growing trend of registering domain names in regional Indian languages (IDNs) to target users who browse in their native scripts. Social media handle squatting has become common, and companies now also face new threats in the metaverse, where usernames and digital spaces can be misused to mimic real brands. However, cybersquatting today is far more sophisticated.

Modern cybersquatting includes:

  • Phishing portals targeting digital payment users.
  • Fake job websites using well-known IT company names.
  • Misleading customer service pages claiming to represent telecom providers.
  • Websites with AI-generated content mimicking original branding.
  • Registration of domains in regional Indian languages.
  • Social media and metaverse identity squatting.

These new forms of cybersquatting pose risks not only to companies but also to millions of internet users who depend on digital transactions. Because of this, companies must evolve their strategies.

How Indian Companies Can Protect Their Brands Online

Companies today need a combination of preventive measures and responsive strategies. Preventive measures include registering different domain extensions, protecting all variations of their trademarks and using domain monitoring tools that track newly registered domains. It also helps to educate customers about official channels so that they do not fall for fake websites.

When infringement happens, companies typically rely on cease-and-desist notices, INDRP complaints for .IN domains, and UDRP complaints for global domains. In cases involving fraud, litigation becomes necessary, especially when user safety is involved. After recovering a domain, companies should redirect it to the official website, maintain proper renewals, and use technical safeguards such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting and Conformance) for email protection. Maintaining records of previous cybersquatting incidents also helps companies respond more effectively to future threats.

Conclusion

Domain names today hold immense commercial value, and cybersquatting threatens both businesses and users. Indian courts have played a vital role in adapting trademark law to protect domain names, as seen in judgments involving Yahoo, Rediff, Tata, Infosys and others. The INDRP mechanism complements this by offering a faster and more accessible method of resolving disputes related to .IN domains.

As online commerce expands and cybersquatting becomes more complex, companies must remain vigilant. By combining proactive domain registration, legal strategies and technical safeguards, Indian businesses can successfully protect their online identity. Ultimately, the combination of judicial protection and INDRP ensures that domain names remain secure, trustworthy and reflective of genuine brand ownership.

Visit My Legal Pal to protect your brand and domain from copycats and take strict action pursuant to appropriate legal channels

Frequently Asked Questions (FAQs)

Q1. What is cybersquatting and why is it harmful?

Cybersquatting refers to registering a domain name that is identical or confusingly similar to a famous trademark, usually with dishonest intentions. It is harmful because it misleads consumers, damages a brand’s reputation and is often used for phishing, fraud and financial scams.

Q2. Are domain names legally protected in India?

Yes. Indian courts treat domain names like trademarks because they help the public identify a business. Even though the Trademarks Act does not mention domain names specifically, courts have applied trademark and passing-off principles to protect them.

Q3. What is INDRP and when should a brand use it?

INDRP (Indian Domain Name Dispute Resolution Policy) is the official mechanism to resolve disputes relating to .IN domain ends with .in, .co.in, .org.in, etc. INDRP is fast, affordable and does not require court hearings, making it a preferred option for simple cybersquatting cases.

Q4. What do I need to prove to win an INDRP complaint?

To succeed under INDRP, a complainant must prove three things:

  1. The domain name is identical or confusingly similar to their trademark.
  2. The registrant has no legitimate interest in using the domain.
  3. The domain was registered or is being used in bad faith.

If all three are proven, the domain is usually transferred to the complainant.

Q5. When should a company go to court instead of INDRP?

A company should approach the courts when the dispute involves:

  • Fraud or phishing activities
  • Repeat domain misuse
  • Need for damages or compensation
  • A need for broader injunctions covering future behaviour

INDRP only transfers or cancels domains; courts can also award damages and criminal action when needed.

Q6. How can companies protect themselves from cybersquatting?

Companies can reduce risks by registering multiple domain extensions, monitoring new domain registrations, maintaining strong trademark protection, using technical tools to prevent impersonation and taking quick legal action when infringement is detected.

 

 

Author: Kaushiki Dubey, Intern at My Legal Pal

My Legal Pal Team

The My Legal Pal Team is a group of dedicated legal professionals with experience across corporate, commercial, and technology law. The team brings together experts in contracts, intellectual property, data protection, employment law, venture capital, and dispute resolution. Each member contributes practical insights drawn from real client work, ensuring that every piece of content is accurate, helpful, and easy to understand. The team is led by Prakhar Rai, a corporate and technology lawyer known for his work with startups, SMEs, and global businesses. Prakhar has extensive experience in contract drafting, intellectual property management, data protection compliance, venture capital transactions, and white-collar crime matters. He holds a Master of Business Laws from the National Law School of India University, Bangalore, and has advised clients across India, Dubai, the USA, Australia, and Singapore.

Leave a Reply

Your email address will not be published. Required fields are marked *