Domains of Defamation

The recent expansion of generic Top Level Domains (TLDs) will allow all sorts of opportunities for registration of new internet addresses, especially combined with the introduction of IPv6.

For my non-techie legal readers I will pause to explain what these are. To access a computer on the internet, you obviously need an “address” to find it. The “native” address used by computer equipment is the “IP address” which is a string of numbers. Until recently these have been IPv4, being a set of 4 numbers from 0 to 255 separated by dots, for example “”. Obviously this gives a limited number of addresses (256^4 or 4,294,967,296) – certain ranges were specified for “private networks” meaning that by various technical methods a whole network of computers within an office could share a single IP address for the outside world but the total public numbers were still limited, and running out. Therefore a new version, IPv6, was invented comprising 8 numbers from 0 to 65536 giving 65536^8 addresses, which is an enormous number.

However, trying to remember a number is not easy for most people, so the usual way of finding a computer or resource on the internet is by a name – a URL (Uniform Resource Locator) e.g. The end portion of this, such as “.com” or “.uk” is the TLD. These can be generic i.e. “.com”, “.org”  etc. or country code i.e. “.uk”, “.de”, “.au” etc. Until recently the generic TLDs have been limited to a 22 domains (as opposed to 280 country TLDs), but from 12th January 2012 to 30 May 2012 now anyone who could afford to pay the appropriate fee and run the infrastructure to operate a domain was able to apply for virtually whatever TLD they want. Approximately 2000 applications were made, although some were different persons seeking the same new TLD.

Someone who runs a TLD is a “Registry”, so for example Nominet is the Registry that runs the .uk domain. They run “Name server” computers which provide “DNS records” which are essentially huge tables matching each domain name within their TLD with an IP address and vice versa. Thus one can put “” into the .com Registry DNS and get the IP address back of, and vice versa. Other computers copy these tables (or the portions they are interested in) but the Registry DNS are the “official” or authoratative versions for that domain, and the IP addresses may periodically change, so any change there should be picked up by all the copying machines within a couple of days at most.

Enough technical explanation, on to the law. This expansion of TLDs will raise a host of legal issues. For example, “cybersquatters” registering names within a particular TLD because they think someone else will want it and intend to resell it to them well over the registration costs for a profit. Most new Registries therefore operate a “sunrise period” where applications need to be supported by evidence that one has a legitimate interest in registering that particular address. There is also the problem of other bad faith registrations, taking an address to obtain internet traffic intended for another person or business, whether for fraud, passing off, or other reasons. These are commonplace already and there are various dispute resolution procedures in place. While historically those with deep pockets simply bought up the domains – a lot of public figures have bought .xxx domains of their own names simply to stop anyone else using them – who can afford to buy dozens of variations of names in hundreds of TLDs? On the other hand if a cybersquatter has your first choice name, there will now be a lot more options for an alternative.

A more unusual aspect that arises is defamatory domain names. We’re not looking here at websites with defamatory content, but specifically an address which in itself comprises a defamatory statement. There is no reason to believe that a statement or phrase used as a domain name is any less capable of being held defamatory than the same statement of phrase used in any other context.

Some of the proposed new TLDs are not inherently abusive, but could easily be used as part of an abusive statement. Running through the list of proposed TLDs ( we find .exposed .hot .man .one .porn .sex .sucks .tools .tube .watch and .world all of which could easily be used to conclude an offensive and abusive statement to various degrees. Of course any TLD could have a domain name consisting of an offensive phrase, just some would more easily lend themselves to forming part of the whole statement.

The concept of a domain address being defamatory is not unheard of to date, but it has been rare. There has been one case taken to WIPO on the subject, Beck -v- Eiland-Hall reported at Although this was a question regarding an allegedly defamatory domain name, the actual case appears to have been argued on the basis of trademark of name, presumably due to the peculiarities of US defamation law making it difficult for public figures to succeed in claiming defamation against themselves.

So let us say that someone registers a domain name which you consider is defamatory to you personally, what are your remedies?

Before launching into legal action, it is worthwhile remembering the “Streissand effect”. In essence this is if it becomes known that you are trying to stop people seeing or hearing something, the more people will attempt to access it. Therefore there are cases where fighting against something may “fan the flames” and actually make it more widely known that if you ignored it. Also depending on the claim, ignoring it may well discredit the claim more than fighting it (“treating the comment with the disdain it deserves”) – although some claims may lead people to think “no smoke without fire” if one does not fight them. It all depends on the particular case, but one must think about it before looking at legal redress.

So assuming that the domain name is a defamatory statement, and one does need to take legal action, the first issue is who can one sue and where.

As with all internet legal issues jurisdiction is the complicated point, so first let’s look at the prospective parties. The first and most obvious is the creator of the domain name. This is probably, but not necessarily the “owner”1 of the name. This person is obviously the original author of the statement so if it is defamatory, they are liable.

However, if you apply to create a domain name, this passes through a registrar to the Registry. In most cases the registrar will have an automatic submission service: you go to their website, fill in a form, pay your money and the application is automatically processed and forwarded to the Registry system. The Registry then “publishes” the name on their public DNS table, making it available to anybody querying that server. This may or may not be automatic, but many Registries have a “prohibited word” list so there can be argued to be some form of editorial control going on there. We’ll come back to this point when considering remedies. Once the name is on the DNS, this will automatically be copied to other DNS services around the world, again automatically.

Now another point is the Registry doesn’t just have this list matching domain name with IP address, it also has details of the owner of that address. These may be kept private, or be open to anyone searching the Registry records. The original creator of the domain name can transfer it to someone else. Will the new owner also be liable under defamation? Arguably yes, because they are choosing to associate themselves with the publication of that phrase, and are effectively allowing it to remain on DNS servers.

Another potential party is those who have the offending term on their server DNS table, but this will almost certainly be an automatic mirroring of what is on the Registry DNS table. On this basis they will claim it was an automatic process with no input from themselves so they have no fault in the matter; if the record is removed from the authoritative DNS server, it will thereafter disappear from the mirrors too.

On the other hand anyone who quotes the offending domain name in any form of communication, such as on a webpage, email or orally, is repeating a defamatory statement which is itself an act of defamation, making that person liable (subject to the usual defences of reporting etc).

Now we come to jurisdiction. Each creator of a domain will be domiciled in a jurisdiction; the registrar and Registry may each be domiciled in different jurisdictions. The mirroring DNS servers will be located across the world in different jurisdictions. Persons repeating the statement may also be located in different jurisdictions. Also as a delictual (tort) act, the place when the harm occurs is also grounds for founding jurisdiction.

So for choosing what jurisdiction you want to go for, you obviously want one convenient to yourself. However, this covers not just the ease of raising the action, but also the likelihood of success and perhaps more importantly the ability to enforce the order once it is obtained. The logical locations therefore are the place of domicile of the author/owner (based on the initial locus of the wrong) or the place of domicile of the Registry (where the wrong also occurred and is perpetuated).

The standard remedy for defamation is damages. In Scotland, this is calculated according to the harm done, other jurisdictions may add additional punitive sums.

However, it is also possible to seek an interdict (injunction) against further transmittal of the defamatory phrase. I would argue that this is an ideal remedy to seek against the Registry. If you complain to a Registry about a domain name being registered in bad faith, they will proceed with a dispute resolution service that can ultimately end with the domain in question being transferred to the complainer. However if this is a defamatory phrase, you don’t want to own it, you want to have it deleted from the DNS records, otherwise it will still be there for people to come across. An interdict on the Registry having this phrase on the DNS records would prevent the current owner or anyone else having it published in these records.

Tactically it may be worthwhile having a conditional expenses crave against the Registry – ask for an interdict from having the name in their DNS tables but not seeking expenses unless they oppose the order. Faced with no cost for complying and a legal bill for refusing, they may well choose the inexpensive option. If the details of the owner of the domain name is not public, you can also seek order authorising/requiring disclosure of those details.

An interdict from the DNS tables does not remove ownership of the domain name, but for practical purposes it makes it unusable. Depriving the owner of their property would require justification; if they were being sued in the same action then an order seeking ownership to be removed might be appropriate, but if not there may be arguments that the owner should have the right to argue the case before the court would order the Registry to “confiscate” the name.

Now this interdict would not itself prevent the same phrase being registered on another Registry’s domain2, but for that one proceeds against whoever created or repeated the defamation seeking both compensation and interdict against future repetition on any Registry. However successful that will be comes down to the jurisdiction you choose.

If anyone does come across another case decided anywhere on the subject of a domain name itself being defamatory, it would be great if you could post a comment to point this out. It makes a change from the usual passing off actions.

1. A classical legal analysis of the right to use a domain name would categorise it as a hire/lease rather than ownership, as periodic payment is required to retain the property. However “owner” is the term commonly used.

2. In theory this could be achieved in some jurisdictions, such as England, that allow perpetual injunctions against the world; in practice it will not be enforceable outwith that jurisdiction disregarding issues of prior notice on the person allegedly subject to the order.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s