Is Cybersquatting Legal?

Securing the right domain name is a big part of building your brand online. But what happens if someone else registers a domain name that’s the same as your brand (or confusingly close) and tries to profit from it?

This is where “cybersquatting” comes in. If you’ve discovered a parked page, a sham “lookalike” store or a domain registered by someone who’s offered to sell it to you at an inflated price, you’re in the right place.

In this guide, we’ll explain what cybersquatting is in Australia, whether it’s legal, and the practical steps to stop it and recover your domain. We’ll also share proactive tips to protect your brand before issues arise.

What Is Cybersquatting In Australia?

Cybersquatting is when a person registers, uses or sells a domain name in bad faith to profit from someone else’s brand, trade mark or reputation.

Common signs include:

• Registering your brand or a confusingly similar variant as a domain (with .com, .com.au, .au or other endings)
• Offering to sell the domain back to you for an inflated price
• Displaying ads, counterfeit products or a “coming soon” page to leverage your traffic
• Diverting customers to a competitor or a phishing site

In the .au space, there are specific eligibility rules and dispute processes that make cybersquatting harder, but it still happens. Good news: there are established mechanisms to address it quickly and cost-effectively.

Is Cybersquatting Legal Under Australian Law?

Cybersquatting itself isn’t a single standalone offence, but a range of Australian laws and domain policies make it unlawful or actionable in practice.

Trade Mark Infringement

If you have a registered trade mark, using a confusingly similar domain for similar goods or services can infringe your rights under the Trade Marks Act 1995 (Cth). A registered mark is powerful evidence when you challenge a bad-faith registration, whether through a domain dispute process or in court. If you haven’t already, consider applying to register your trade mark to strengthen your position.

Misleading Or Deceptive Conduct

Using a domain to pass off as your business, divert customers or create confusion can breach section 18 of the Australian Consumer Law (ACL). You may have claims for misleading or deceptive conduct and passing off, even without a registered trade mark. For more detail on this prohibition, see section 18 of the ACL in plain English.

.au Domain Eligibility And Bad Faith

For .au domains, the .au Domain Administration (auDA) rules require eligibility (for example, an Australian presence) and truthful information when registering. The .au Dispute Resolution Policy (auDRP) and related rules allow you to challenge a domain where it’s identical or confusingly similar to your name or mark, the registrant has no legitimate interest, and it was registered or used in bad faith. Global domains (like .com) can be challenged under the UDRP on similar grounds.

Bottom line: cybersquatting is generally not “legal” in effect. You can usually take action using trade mark law, the ACL and the auDRP/UDRP policies.

How Do You Stop Cybersquatting? (Step-By-Step)

Here’s a practical path we often recommend. You don’t have to do everything at once - the right path depends on your goals, budget and timing.

1) Gather Evidence

• Take dated screenshots of the website, ads, sales pages and any misleading claims.
• Record Whois/registrant details, registration date and any communications you’ve received.
• Note customer confusion (support emails, returns, complaints) linked to the domain.

This evidence supports any demand letter, dispute complaint or court action.

2) Confirm Your Rights

• List your brand assets (name, logo, taglines) and how/when you’ve used them.
• Check your trade mark status. If you haven’t filed, consider filing now - it strengthens your hand and protects you going forward. If you need help with classes and coverage, review trade mark classes before filing.

3) Send A Cease And Desist Letter

A well-drafted letter can be a quick, low-cost way to resolve the issue. It outlines your rights, the infringement, and the steps required (for example, transfer the domain, stop using the brand, hand over social handles). For structure and tone, see our guide to creating a cease and desist letter.

4) File An auDRP Or UDRP Complaint

If the domain holder doesn’t cooperate, the next step is often a domain dispute. For .au domains, you can file under the auDRP; for .com and many other TLDs, use the UDRP. These processes are paper-based, relatively fast and focus on three questions:

• Is the domain identical or confusingly similar to your name or trade mark?
• Does the registrant have rights or legitimate interests in it?
• Was it registered or used in bad faith?

Remedies typically include cancellation or transfer of the domain.

5) Consider Court Action (If Needed)

For more serious harm (counterfeits, fraud, persistent misuse), you may seek court orders for trade mark infringement, misleading conduct and passing off, plus damages or an account of profits. Litigation is slower and more expensive than a domain dispute, so it’s often reserved for high-impact cases.

6) Secure The Transfer And Lock Down Your Brand

Once you’ve resolved the dispute, complete the domain transfer quickly and update your DNS. Then tighten up your brand protection strategy so you’re less exposed next time (more on prevention below).

Can You Get The Domain Back? (Remedies And Processes)

Yes - the most common remedy is transfer of the domain to you. Here’s how different options typically play out.

Cease And Desist Resolution

Many matters resolve with a clear demand letter. The registrant may agree to transfer the domain for no cost or a modest fee. This is quickest when your rights are obvious (strong brand recognition, registered trade mark, clear bad faith).

auDRP And UDRP Outcomes

Where you succeed in an auDRP/UDRP complaint, the panel will order cancellation or transfer of the domain. You won’t get monetary damages in these processes - the focus is on control of the domain name. Transfers usually complete within a couple of weeks after the decision.

Court Orders And Damages

Courts can grant injunctions (to stop use), damages or an account of profits (to strip the benefit gained), delivery up or destruction of infringing materials, and declarations. This route may also support claims relating to broader conduct (e.g. copying website content, false endorsements, counterfeit goods).

Contract Claims (If There’s An Agreement)

Sometimes there’s a contract in the background - for example, a reseller or former contractor registered a domain and refused to hand it over. If an agreement governs domain ownership or transfer, you may also rely on breach of contract in addition to IP and ACL claims.

How To Prevent Cybersquatting Before It Starts

Prevention is cheaper than a dispute. A few simple moves can save you time and cost down the track.

Register Your Core Domains Early

Register key variants (e.g. .com.au, .au, .com) at launch. If your brand is short or generic, consider defensive registrations for obvious misspellings. Where a third party needs to hold a domain for you (e.g. agency or IT provider), use a clear Domain Name Licence so ownership and transfer obligations are black-and-white.

Protect Your Brand With Trade Marks

Trade marks are your strongest tool against cybersquatting and copycats. File for your brand name and logo in the right classes as early as possible - it’s faster to enforce when you already have a registration. If you’re at the filing stage, our team can help you choose the right coverage and file your application.

Use Clear IP Ownership In Contracts

When you work with agencies, distributors or partners, include IP clauses that make it clear who owns your brand and any domains, and who can register or administer them. If you’re licensing brand use, an IP Licence should set boundaries and termination rights.

Monitor And Act Quickly

Set up alerts for new domain registrations and brand mentions. If you spot a problem, act early - a prompt cease and desist can stop harm before it escalates.

Align Your Web And Legal Foundations

As you scale, revisit your broader IP and online compliance. This often includes a trade mark strategy, website policies, and internal processes for approvals and renewals. Where you handle customer data, make sure your privacy settings and disclosures are up to date (your public-facing Privacy Policy and your behind-the-scenes practices both matter). If you need holistic support across these areas, our IP lawyers can help set up a brand protection plan that fits your business.

Common Questions About Cybersquatting

Do I Need A Registered Trade Mark To File A Domain Dispute?

No, but it helps. Under the auDRP/UDRP, you can rely on registered trade marks or “unregistered” (common law) rights built through use. A registration is faster to prove and usually strengthens your case, which is why many businesses file to register their trade mark as part of their enforcement plan.

What If The Domain Is A Fair Use (Like A Fan Or Critique Site)?

Legitimate non-commercial use can sometimes be a defence, but it depends on the facts. Using your brand name to confuse, sell competing goods, run ads or impersonate your business is unlikely to be “fair use.”

We Hired An Agency And They Registered Our Domain. Who Owns It?

It depends on the agreement and whose details appear as the registrant. A clear Domain Name Licence or contract clause that says domains are registered in your name (with administrative access for the agency) avoids disputes later.

Can I Claim Money In An auDRP/UDRP?

No - those processes usually only provide cancellation or transfer. If you want damages or broader relief (e.g. injunctions), you’ll need to consider court proceedings.

How Long Does It Take To Recover A Domain?

Demand letters can resolve issues in days or weeks. auDRP/UDRP complaints often take a couple of months from filing to transfer. Court action takes longer and varies widely.

Key Takeaways

• Cybersquatting involves registering or using a domain in bad faith to profit from your brand - and it’s generally actionable in Australia under trade mark law, the ACL and domain dispute policies.
• Strong trade mark rights make enforcement faster and easier, so consider filing for your brand early and in the right classes.
• If you’re targeted, gather evidence, assess your rights, send a targeted demand, and escalate to an auDRP/UDRP or court if needed.
• The usual remedy is transfer of the domain; damages are generally only available through court action, not via auDRP/UDRP.
• Prevent problems by registering key domain variants, using a clear Domain Name Licence where third parties are involved, and implementing a trade mark and monitoring strategy.
• Getting tailored legal support early can save time and cost - and help you lock down your brand as you grow.

If you’d like a consultation about cybersquatting, domain disputes or brand protection in Australia, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.