Do I need to register a lot of redundant domains?

Question

I am asking this question because I find myself occasionally registering redundant domains that relate to my company/service. For example, my company has a .io domain, but I have also registered a few other TLDs like .app, .cloud, .email and .online just in case.I already have a subdomain mail..io but I am about to register mycompany-mail.com because someone else might register and misuse it. I stopped to think if everyone did this or I'm being super paranoid.For the same name, I have more than 20 domains registered while I could have easily settled for subdomains. I have .com as well as .games domain and few more typos and double 'aa' variations, just in case.Please share if you have a similar experience or wisdom. What's the best practice in your opinion?

redis_mlc · Accepted Answer

1) No, you don't need alternate TLDs or mis-spellings.
The exception is if you're a bank, you might want to monitor those.
2) The .io TLD in the past was mismanaged, and has been pwned by security researchers. I don't consider it secure enough for SaaS use, and I won't signup for business services with companies that use it.

DDR0 · Answer

IMO, if you register n domains to keep someone from misusing them, whoever is out for you will will just register the n+1th domain. There's not really much point to having a higher n. Get the .com, maybe one with your country code, maybe the .io.

hayksaakian · Answer

If you're using .anythingbesidescom (for example.io) then get the .com too
Besides that it really doesn't matter unless you're a million dollar brand.
There's better ways to spend $10 in your small business.
If you have a trademark on your brand name, and someone else tries to squat your name in another TLD, file a trademark dispute to force them to release it. (Assuming your trademark isn't a generic word like "apple" where someone could conceivably have something like apple.accounting without being confusingly similar)

Dnguyen · Answer

I think you should focus on making your product as the best instead of worrying about other people leeching off your domain name. If you get that far, you must be doing very well so no need to worry about leechers.

toast0 · Answer

Realistically, you might want three domains.
One that looks nice for your website (ideally .com). One where your service actually runs. One to host user content (so if you insufficiently sanitize something, it can't be used to exfiltrate cookies or whatever from your userfacing domain).
I wouldn't get example-mail.com or example.bike unless those are actually relevant. Only get mispellings if your name is easily mispelled (but then, consider a different name), at least until you have a large number of users or dollars coming in. Each domain is individually inexpensive, but buying a lot isn't, and spending time on it isn't.

farmerdee · Answer

I have actually written a tool to help organisations understand their own digital exposure/privacy. It is very much an MVP but check it out, it should help you with some of your concerns - https://www.privacytrail.com
I think DDR0 makes a strong point, a determined malicious actor will always find a domain you haven't considered so defensively registering dozens of domains is usually only an action taken by large banks or significant brands. Unless you are likely to be impersonated or have a duty of care similar to that of a bank then a single/small number of domains is probably sufficient, especially for a startup. Buying additional domains can be done as you get larger and the threat of impersonation increases.
However, that doesn't mean you shouldn't monitor domain purchases that are similar to your own. Blacklisting domains that you believe have been purchased for nefarious goals can prevent your own employees from being duped in convincing phishing attacks and it is always good to occasionally remind customers/third parties of the domains you operate from.
Anyway, I could waffle about this for ages - there is more info on the above link and you can try your own domain out!

jbc1 · Answer

I think .co is a smart get for any .com's where someone impersonating you could hurt you. Otherwise it's not a concern. Definitely wouldn't worry about the ones you listed.

Brajeshwar · Answer

Wow! I'm on a very similar boat. A few years back, I was able to coax myself that I do not need to go after most of the TLDs. I'm not one of those who trade in domains but I realize I might have spent around $10,000 on domains since I booked my first domain in 2001.
Like other "entrepreneurs", ;-), I also had the tendency to book domains when an idea comes to mind. If nothing else, I usually start writing about the topic and keep it there. I also tend to realize that I might not be pursuing it, and then abandon them.
Of course, the side-effect of this is also that I have sold quite a few domains. A quick calculation on the back of a napkin puts the income to about $25,000+. Two of the most notable ones I remember being a HTML5.(TLD), and a hackathon.(TLD). I remember giving them the grandfathered GSuite, and Twitter handles to the buyers.
Right now, I pretty much own all of the known TLDs for my family name. ;-)

upatricck · Answer

I think many domains for one company might lead to confusion to users.If I received an email from mail-fb.io for example it wouldn't look legit to me. Any of their subdomain would be good.

jaxn · Answer

I have domains based on future plans. So of those plans are now getting implemented much sooner than expected to help our clients get through this crazy situation in the world. Some of those domains are coming in really clutch right now.

robjan · Answer

Just focus on shipping your product. Most products never get any traction and one of the reasons is lack of focus (defending your brand before it's established is hard work). Register your company name as a trademark, if possible.

sriku · Answer

If you only have a couple of domains but you have a trademark on the name, does that help claim other domains when needed?