Inside domain name disputes: what registrars notice that others miss
Recent figures from the World Intellectual Property Organization (WIPO) reveal a clear shift in domain name disputes. Today, the issue is no longer primarily about traffic diversion, but rather identity theft. Fake official websites, cloned login pages, and phishing campaigns illustrate how domain names have become a central tool in social engineering attacks.
« WIPO reached a new milestone in 2025, handling more than 6,200 domain name disputes, the highest volume ever recorded.”»
This trend is further driven by the rise of new technologies and the increasing professionalization of cybercrime. As highlighted by our cybersecurity partner Group-IB in its High-Tech Crime Trends Report 2026.
These developments underscore the growing complexity of managing domain-related threats. Addressing these risks requires companies to adopt informed strategies, while also posing significant challenges for the professionals responsible for handling them.
This is a topic Emilie Ogez, Digital Brand Protection & Security Strategist, frequently encounters in her discussions with industry professionals. To provide a more practical perspective, she shares insights drawn from her own experience and discussions with industy experts. She spoke with her colleague, Head of Legal at Gandi, to explore operational realities, the challenges faced by registrars, and our day-to-day approach to these situations.
This discussion aims to deliver practical, actionable insights for those dealing with these issues.
What is the role of a registrar?
A registrar is a company that offers domain name registration services (TLDs) to individuals and/or organizations. To provide these services, it must obtain accreditation. One step involves signing a Registrar Accreditation Agreement (RAA) with ICANN for gTLDs and/or a Registry-Registrar Agreement (RRA) with the relevant registry, depending on the TLD.
It is worth noting that, in most cases, domain names are allocated on a “first come, first served” basis.
However, there are exceptions, including: certain reserved TLDs subject to specific conditions; the activation of blocking services (such as Global Block); or the existence of a trademark registered with the Trademark Clearinghouse (TMCH), which may benefit from priority registration during launch phases.
What are the responsibilities, obligations, and limits of a registrar?
The RAA and/or RRA form the contractual framework defining the obligations of the parties. Registrars must comply with these agreements, as well as with applicable local laws, particularly regarding the liability of online intermediaries.
This framework includes obligations such as :
➝ Validating contact data (where applicable)
➝ Managing domain name transfers
➝ Retaining certain registrant data
➝ Complying with dispute resolution procedures
➝ Depositing certain data with an escrow agent
Depending on the TLD, obligations may vary, but registrars are generally responsible for:
➝ ➝ Enabling the registering, renewing, transferring, or deleting of domain names
➝ Collecting, maintaining, and protecting registrant data
➝ Providing information on pricing, dispute procedures, and deadlines
➝ Supplying WHOIS data
➝ Handling abuse reports
Regarding abuse reports, registrars are required to receive and address DNS abuse (Section 3.18 of the RAA), including malware, botnets, phishing, pharming, and certain types of spam. It is important to distinguish between the roles of registrars and hosting providers, as they are subject to different liability regimes.
Registrars are bound by registry policies and do not “own” domain names. They may be audited by registries or ICANN. While they can act in cases of abuse, they are generally not responsible for the content hosted on associated websites.
They cannot prevent a domain transfer or refuse to provide an authorization code, except in specific cases.
These exceptions include:
➝ Ongoing disputes (UDRP proceedings, court decisions, etc.)
➝ Activation of a Registry Lock
➝ Suspicion of fraud (compromised account, hijacking attempts, identity theft, deepfakes, etc.)
➝ Breach of contractual terms (illegal content, phishing, scams, etc.)
What are the consequences of failing to comply with these limitations?
A registrar does not have the authority to resolve disputes between private parties. It is neither a judge of infringement nor a court of law.
Its primary obligation is to register a domain name for any individual or legal entity that requests it, in accordance with the “first come, first served” principle mentioned above. A registrar that acts outside its responsibilities or established rules exposes itself to liability and potential sanctions, including loss of accreditation by the registry (or ICANN) and/or civil liability.
However, when a registrar also acts as a hosting provider, the liability regime applicable to hosting providers applies (notably under national laws implementing European directives*). In such cases, it must act promptly upon notification of illegal content. Its responsibility is therefore broader, as it is considered to have greater capacity to intervene at the content level.
That said, it still has no general obligation to monitor content. This extended liability regime for hosting providers is also reflected in Section 512 of the Digital Millennium Copyright Act (Safe Harbor). As a result, registrars are generally considered “third parties” to allegedly infringing content and are not the appropriate recipients for requests to remove such content.
The registry, on the other hand, has authority over the TLD and operates under its own liability framework, supplemented in France by Article L.45-6 of the Postal and Electronic Communications Code. This article specifies the circumstances under which the registry may be asked to delete or transfer a domain name to a third party.
How is Gandi addressing these challenges today?
Under the European directive** and the Digital Operational Resilience Act (DORA)***, and in a context of rising cyber risks and hacking attempts (+107% data theft, +173% payment fraud, +70% phishing between 2024 and 2025, and a 33% increase in cybercrime-related losses between 2023 and 2024, reaching $16 trillion in the United States), Gandi reaffirms its commitment to a safer Internet, for both its customers and users.
Our R&D programs and Trust & Safety policy are designed to anticipate threats and various forms of abuse. However, Gandi remains bound by the regulatory framework outlined above. If we go beyond our strict legal responsibilities, we do so within our contractual obligations, primarily based on our terms of service.
Management has also empowered teams to define criteria for identifying potentially abusive behavior upstream. Domain name registration requests are analyzed using multiple indicators before being approved or rejected.
Finally, our R&D project “Themis,” conducted in partnership with the French National Centre for Scientific Research (CNRS, LIb6 laboratory) and Anemod, aims to detect patterns of abuse related to domain names (such as typosquatting and phishing), as well as fake news and AI-generated content.
In 2025, Gandi received 25,390 reports for a portfolio of over 2.3 million domain names, 200,000 websites, and more than 300,000 email accounts (Gandi Transparency Report 2025), demonstrating both the quality of its services and its commitment to combating abuse. We also intervened to block more than 60 million phishing and spam emails.
*Law of European Directive 2000/31/EC of 8 June 2000
(https://eur-lex.europa.eu/TodayOJ/index.html?uri=CELEX:32000L0031)
**NIS2 European Directive
(https://eur-lex.europa.eu/legal-content/FR/LSU/?uri=oj:JOL_2022_333_R_0002)
***Digital Operational Resilience Act (DORA)
(https://eur-lex.europa.eu/eli/reg/2022/2554/oj/eng)
Sources:
Cybermalveillance Activity Report 2025, available at:
https://www.cybermalveillance.gouv.fr/tous-nos-contenus/actualites/rapport-activite-2025
FBI Internet Crime Report 2024:
https://www.ic3.gov/AnnualReport/Reports/2024_IC3Report.pdf
Transparency Report 2025: https://www.gandi.net/en/digital-service-act-transparency-report
