Site icon SCC Times

Domain Name Fraud | Read How Delhi HC plans to regulate non-compliant Domain Registrars

Prarthana Gupta
Domain Name fraud

Delhi High Court: In a batch of commercial suits, addressing the widespread misuse of well-known trade marks through the registration of fraudulent domain names by unknown entities for impersonation, phishing, sale of counterfeit goods, and other deceptive practices aimed at defrauding consumers, the Single Judge Bench of Prathiba M. Singh, J., passed directions to the Domain Name Registrars (DNRs), Registry Operators, government entities as well as banks to curb such fraudulent activities

I. Directions

Directions to DNRs and Registry Operators

  1. DNRs and Registry Operators were directed not to mask registrant, administrative, or technical contact details by default. Privacy protection was to be offered only as an optional, paid service upon explicit request by the registrant, and not bundled into standard registration packages.

  2. Upon request by entities with legitimate interest, law enforcement agencies, or courts, DNRs were mandated to disclose registrant data within 72 hours in accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. This included names, contact details, addresses, email IDs, phone numbers, and available financial/payment information, along with details of any value-added services.

  3. Domain names found to be infringing or unlawful or restrained by court order, were to be permanently blocked and not released back into the registration pool. Registry Operators were required to ensure uniform implementation across all DNRs.

  4. For well-known, invented, arbitrary, or fanciful trade marks, DNRs were required to give effect to court order restraining not only the specific domain name but also its variants, including different extensions, mirror sites, or alphanumeric variations, and not permit any such alternative registrations.

  5. DNRs were prohibited from suggesting or promoting alternative domain names once an injunction had been issued. Any such conduct would disentitle them from claiming safe harbour protection under Section 79, IT Act.

  6. In cases involving descriptive or generic marks, injunctions were limited to specific domain names, with extension to other domains requiring judicial approval through appropriate procedural mechanisms.

  7. Infringing domain names were to be transferred to the plaintiff or trade mark owner, subject to payment of applicable charges.

  8. Search engines and DNRs were restrained from providing promotional, marketing, or optimisation services to infringing or unlawful domain names.

  9. All DNRs offering services in India were required to appoint Grievance Officers within one month, failing which they would be treated as non-compliant. Service of court orders via email to such officers was deemed sufficient, and insistence on alternative modes such as MLAT would render the DNR non-compliant.

  10. In cases of repeated non-compliance, particularly involving fraud affecting the public, courts could direct blocking of such entities under Section 69-A, IT Act read with the Blocking Rules, 2009.

  11. Registry Operators were directed to implement trade mark clearing house mechanisms and make them accessible to trade mark owners for proactive protection.

  12. DNRs were required to undertake verification of registrant details at the time of registration and periodically thereafter, in line with KYC norms prescribed by CERT-In and consistent with NIXI requirements.

  13. DNRs facilitating domain registrations under the .in registry were directed to share and regularly update registrant data with NIXI within the stipulated time-frame.

Directions to the Government

  1. Conduct stakeholder consultations with DNRs and Registry Operators to explore a regulatory framework for domain name registration similar to that followed by NIXI.

  2. The Government was to consider designating NIXI as a central data repository for registrant information, to be periodically maintained by DNRs and Registry Operators, ensuring accessibility to courts, law enforcement agencies, and government authorities. Alternatively, DNRs could be required to localise such data within India. All data processing was to comply with the DPDP Act.

  3. In cases of non-compliance with court orders or law enforcement requests, MeitY and the DoT were empowered to block the services of such DNRs or Registry Operators under Section 69-A, IT Act, read with the Blocking Rules, 2009.

  4. MeitY, in coordination with NIXI, was directed to engage with ICANN to facilitate access for Indian trade mark owners to Trademark Clearinghouse (TMCH) services on reasonable terms, enabling early detection of infringing domain name registrations globally.

  5. The CGPDTM was advised to publish a list of well-known trade marks along with their official website details to enable public verification and serve as notice to prospective registrants.

Directions qua Dynamic+ injunction

  1. The concept of “Dynamic+ injunctions”, to apply in cases where:

    1. the trade mark appears identically in the domain name;

    2. the trade mark appears with prefixes or suffixes causing confusion; or

    3. the trade mark appears in alphanumeric variations.

  2. Where a legitimate registrant objects to suspension, the DNR may require the intellectual property owner to obtain an appropriate Court order before proceeding further.

Directions to Banks

  1. Implement the “Beneficiary Bank Account Name Lookup” facility in line with the RBI Circular dated 30 December 2024, for all online payments, including UPI platforms such as Google Pay and Paytm.

  2. To comply with the Standard Operating Procedures dated 31 May 2024 issued by the Central Economic Intelligence Bureau for handling and responding to requests from law enforcement agencies.

II. Conclusion

The Court observed that large-scale financial frauds perpetrated by impersonating reputed brands and corporate entities were directly linked to the availability and misuse of fraudulent domain names. It explained that the domain name system operates in a hierarchical structure, with ICANN at the apex, followed by Registry Operators, DNRs, and Registrants, all governed by contractual frameworks such as the Registrar Accreditation Agreements and Registry-Registrar Agreements. These frameworks impose significant obligations on Registry Operators and DNRs to ensure that domain name registrations do not infringe third-party rights. Registry Operators are required to comply with ICANN policies, maintain WHOIS services, observe reserved names, respond to law enforcement requests, and implement rights protection mechanisms, including the Trademark Clearinghouse, to detect potential trade mark conflicts at an early stage.

Similarly, DNRs are obligated to maintain and verify registrant data, provide public access to essential WHOIS/RDDS information, comply with applicable laws, and take prompt action against DNS abuse and illegal activities. They are required to validate registrant contact details and suspend or terminate domain names where false information is provided. The Court emphasised that DNRs play a critical role in maintaining the integrity of the domain name ecosystem; however, the widespread use of privacy protection services has enabled anonymity, allowing perpetrators of illegal activities to conceal their identities. This issue is compounded by the failure of DNRs to collect adequate and verified registrant information, with many registrations being completed using only email addresses, which the Court found insufficient to curb cyber fraud.

In this context, the Court held that DNRs offering services in India must mandatorily collect comprehensive registrant details and undertake e-KYC verification, in line with existing requirements followed by NIXI. It also noted that disclosure of registrant data cannot be denied on a blanket reliance on privacy laws such as GDPR, and that such data, in the Indian context, would be governed by the Digital Personal Data Protection Act, 2023. The Court further highlighted the practical challenges in enforcement, particularly where DNRs operate outside India, making service of court orders and access to registrant information difficult for both intellectual property owners and law enforcement agencies.

To address these concerns, the Court directed that all DNRs must appoint Grievance Officers based in India, in compliance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and make their contact details publicly available to facilitate implementation of court orders and cooperation with law enforcement agencies. It cautioned that failure to comply with court directions could invite stringent measures, including blocking of services in India, particularly in cases involving repeated intellectual property violations and fraud affecting the public at large, thereby impacting public order.

The Court also held that privacy protection should not be offered as a default feature to registrants and must instead be made available only upon specific request. Additionally, it recommended that government bodies, including ministries, tax authorities, and defence and scientific organisations must proactively identify and reserve domain names susceptible to misuse, so as to prevent fraudulent registrations and safeguard public interest.

[Dabur India Ltd. v. Ashok Kumar, 2025 SCC OnLine Del 9651, decided on 24-12-2025]

Advocates who appeared in this case:

For the Plaintiff: Anirudh Bakhru, Ankur Chhibber, Prabhu Tandon, Avijit Sharma, Kripa Pandit, Christopher Thomas, Bhanu Gupta, Archita Mahlawat, Sazid Rayeen, Advocates

For the Respondent: Darpan Wadhwa, C.M. Lall, Senior Advocates, Yashvardhan Singh, Geetanjali Viswanathan, Yash Raj, Kruttika Vijay, Aishwarya Kane, Yash Raj, Alipak Banerjee, Shweta Sahu, Parva Khare, Brijesh Ujjainwal, Pradyumn Sharma, Shivani Chaudhary, Mohd. Kamran, K.G. Gopalakrishnan, Kunwar Raj Singh, Nisha Mohandas, Apoorv Kurup, Kirti Dadheech, Akshay Goel, Shivam Narang, Lalit Kashyap, Shubhendu Anand, Piyush M. Dwivedi, Kushal Gupta, Mohd Umar, Prashant Prakash, Ateev Kumar Mathur, Amol Sharma, Sarfaraz Khan, Abdul Wahid, Rajesh Kumar Gautam, Deepanjal Choudhary, Sanjay Gupta, Tanmay Garg, Aman Siwasiya, Varun Pathak, Thejesh Rajendran, Tanuj Sharma, Vinay Yadav, Ansh Kalra, Divyanshu, Kamna Behrani, Susmit Pushkar, Ananya Mehan, Nirupam Lodha, Kshitij Parashar, Vanshika Thapliyal, Rajesh Kumar Gautam, Likivi K Jakhalu, Dinesh Sharma, Deepak Gogia, Aadhar Nautiyal, Shivangi Kohli, Advocates

Exit mobile version