Skip to content
Brand ProtectorBrand Protector
All posts
Domains·2026-06-11·8 min read

Defensive domain registration: what's worth buying (and what isn't)

Registrars will happily sell you five hundred permutations of your own name, forever. Most of that spend is waste. Here's the math on what defensive registration actually prevents, a three-tier buying framework, and when a watchlist beats a wallet.

Brand Protector teamOperational research

Defensive registration is the rare brand-protection control with a perfect success rate: a permutation you own can never phish a customer, host a counterfeit storefront, or cost you a dispute filing. It is also the control most often oversold. Registrar “brand bundles” will quote you hundreds of permutations at $10–40 a year each, renewing forever, against risks that are mostly theoretical. The right question isn’t “which domains could be abused?” — that’s all of them — it’s “for which domains is prepayment cheaper than detection-plus-response?”

What does the cost-benefit math actually look like?

Put real numbers on both sides of the trade:

  • Owning: wholesale .com pricing is $10.26/year today, rising 7% to $10.97 in November 2026 — call it $12–20 retail with privacy, and more on boutique TLDs. Fifty domains ≈ $750+/year, every year, plus the operational overhead of renewals (a lapsed defensive domain is a gift-wrapped attack surface).
  • Recovering: a UDRP complaint to get one domain transferred starts at $1,500 in WIPO panel fees before counsel, and runs about two months. Registrar abuse reports are free but deliver suspension at best, on the registrar’s timeline. Demand for recovery keeps growing: WIPO handled a record 6,282 domain disputes in 2025.
  • The asymmetry that decides it: one UDRP costs roughly 100 domain-years of registration. So owning wins wherever an attack is plausible enoughthat you’d realistically end up filing — and loses everywhere else, which is most of the permutation space.

Which domains belong in which tier?

Run your domain through a permutation generator (the process is in our typosquatting detection guide), then sort the output into three tiers:

  1. Tier 1 — buy and hold.Exact-match name on the TLDs your customers actually type: .com above all (if you’re on .io, .ai or .co, the .com twin is the single highest-value defensive buy), your top market country codes, and the commerce endings counterfeit storefronts favor — .shop and .store for your exact name. Add any typo that search data shows customers genuinely make. Typical size: 5–20 domains. Redirect them all to your canonical site.
  2. Tier 2 — watch daily. Plausible but lower-probability permutations: hyphenations (your-brand.com), keyword adds (yourbrand-official.com), homoglyph variants, secondary TLDs. Hundreds of candidates. Buying these is where budgets go to die; watching them costs nothing per domain. The watch needs three triggers: registration, DNS resolution, and certificate issuance.
  3. Tier 3 — ignore until they act.The combinatorial long tail — obscure TLDs, double-typos, multi-keyword mashups. No pre-emptive spend, no daily anxiety. They’re only worth attention if one shows up hosting something hostile, at which point it gets the standard takedown treatment.

When does watching beat buying?

Whenever the expected cost of response is lower than the guaranteed cost of ownership. Three situations tip the scale toward watching:

  • The permutation only matters if weaponized. yourbrand-discount.shop harms nobody while unregistered. A daily watch catches it at go-live, and a registrar abuse report handles the hostile case — free until proven dangerous.
  • The space is unboundedly large. You cannot out-buy an attacker who can coin yourbrand-store-2026.xyz faster than you can renew. Past Tier 1, coverage comes from detection breadth, not portfolio breadth.
  • The TLD landscape keeps expanding. ICANN’s next new-gTLD application round — the first since 2012, with applications open April 30 to August 12, 2026 — will eventually add hundreds of new endings, as the 2012 round added over 1,200. A buy-everything strategy compounds in cost with every wave; a watch strategy absorbs new TLDs by adding them to the permutation set.

One honest caveat in the other direction: watching is response, not prevention. For the handful of domains where even a few-hours-live phishing site is intolerable — payment subdomains-lookalikes, your exact name on .com — prevention is worth the prepay. That’s precisely what Tier 1 is for.

What does a defensive-registration plan look like in practice?

The output you want, whether you build it yourself or get it from a tool, is a one-page document: every permutation, its tier, the risk rationale (traffic potential, phishing plausibility, commerce-TLD exposure), and the annual cost of the buy list — reviewed once a year and after every TLD wave or rebrand. The deliverable matters because the failure mode of defensive registration isn’t bad analysis, it’s no analysis: an inherited portfolio of 80 domains nobody can explain, renewing on autopilot, while the permutation that actually gets weaponized was never on the list.

How Brand Protector handles this

Brand Protector generates the full dnstwist-class permutation set for your domain, scores every candidate, and ships the buy-versus-watch recommendation as a risk-ranked, cost-estimated, one-page defensive-registration PDF plan. Everything you don’t buy goes on the daily watch — DNS and certificate monitoring with an alert the moment a permutation goes live — and hostile ones route to the correct registrar abuse desk via WHOIS/RDAP resolution, with triple-validated takedowns you approve before filing. It’s all inside the $199/mo plan (7-day trial, first scan at activation), and the demo shows the plan generated for a real domain. We sell the watching and the takedowns, not the domains — we have no margin on telling you to buy more of them.

Frequently asked questions

What is defensive domain registration?

Defensive domain registration is buying domains you don't intend to use — typos, TLD variants and keyword permutations of your brand — purely so bad actors can't. Owned permutations simply redirect to your real site and need no enforcement, monitoring or legal spend, ever.

How many defensive domains should a brand register?

For most small and mid-size brands, roughly 5 to 20: the exact-match name on the handful of TLDs and typos with real traffic or phishing potential. Beyond that, marginal risk per domain drops fast while renewal costs run forever — the long tail belongs on a daily watchlist, not an invoice.

Is it cheaper to defensively register a domain or take it down later?

Owning is dramatically cheaper per domain — a .com runs about $10–15 a year retail, while recovering one via UDRP starts at $1,500 in WIPO fees plus attorney time, and registrar abuse reports, while free, only suspend. But buying everything is also a losing trade; the math only favors buying for high-risk permutations.

Which TLDs matter most for defensive registration?

Your primary TLD's near neighbors (.com if you're on .io, and vice versa), the commerce endings counterfeiters favor (.shop, .store), your major-market country codes, and any ending where your customers genuinely type. New gTLD waves — ICANN's next application round opened in April 2026 — periodically add candidates worth a one-time review, not a buying spree.

What should I do with the permutations I don't buy?

Watch them. Track registration status, DNS resolution and certificate issuance daily for the full permutation set, and respond the moment one goes live. Watching costs nothing per domain and catches the attacks that matter; pair it with takedown routing for the ones that turn hostile.

Catch the lookalike domain early.

Typosquat prediction, daily DNS watching, and takedowns routed to the right registrar abuse desk — plus a defensive registration plan for your brand.

Start free trialSee lookalike-domain monitoring

7-day free trial · card required, no charge until day 8 · cancel in-app