What Is UDRP? Domain Name Dispute Resolution Explained
UDRP explained for domain owners and investors: the three elements a complainant must prove, the process and timeline, outcomes, UDRP vs URS vs court, and how to respond.
- guide
If you own domain names long enough, you will eventually hear about the UDRP — usually because someone is threatening to use it against you, or because you are wondering whether a name in your portfolio is safe to hold. For domain investors, understanding the UDRP is not optional. It is the single most common way a domain you registered can be taken away from you without a courtroom.
This guide explains what the UDRP is, when it applies, what a complainant actually has to prove, how the process works, and how owners of valuable names can both avoid and respond to a complaint.
Not legal advice. This article is general information for domain owners, not legal advice. The UDRP is a legal-procedural mechanism, and outcomes turn on specific facts. If you receive a complaint or are considering filing one, consult a qualified attorney.
What Is the UDRP?
The UDRP — the Uniform Domain-Name Dispute-Resolution Policy (in German, UDRP-Verfahren) — is a policy created by ICANN in 1999 to resolve disputes over domain names that allegedly infringe someone's trademark. Every accredited registrar requires you to agree to the UDRP when you register a domain. That agreement is why a private arbitration panel, rather than a national court, can order your domain transferred away.
The UDRP exists to deal with cybersquatting: registering a domain that matches someone else's brand in order to profit from it. It is deliberately narrow. It is not a tool for resolving every disagreement about who "deserves" a name. It targets bad-faith registration of trademark-infringing domains, and nothing more.
The UDRP applies to all generic top-level domains (.com, .net, .org, and the newer gTLDs) and to country-code TLDs whose operators have voluntarily adopted it. Many ccTLDs run their own separate dispute policies instead.
The Three Elements a Complainant Must Prove
A UDRP complaint does not succeed just because a brand owner is unhappy. The complainant must prove all three of the following elements. If even one fails, the complaint is denied and the domain stays with its registrant.
-
Identical or confusingly similar. The domain is identical or confusingly similar to a trademark or service mark in which the complainant has rights. In practice this first element functions mostly as a standing requirement — it confirms the complainant actually owns a relevant mark.
-
No rights or legitimate interests. The registrant has no rights or legitimate interests in the domain. Once the complainant makes a credible case here, the burden effectively shifts to the registrant to show a legitimate interest — for example, that they are using the name for a genuine business, a descriptive term, or non-commercial speech.
-
Registered and used in bad faith. The domain was both registered in bad faith and is being used in bad faith. This conjunctive "and" is the most important word in the entire policy for domain investors. A name registered years before a complainant's trademark even existed generally cannot have been registered in bad faith — you cannot target a brand that did not yet exist.
That third element is where most defensible portfolios survive. The UDRP recognizes specific bad-faith patterns: registering a name primarily to sell it to the trademark owner at an inflated price, registering to block the brand from owning its own name (as part of a pattern), registering to disrupt a competitor, or using the name to attract traffic by creating confusion with the mark.
Crucially, owning and offering generic or descriptive domains for sale is not, by itself, bad faith. Domain investing is a legitimate business. The line is intent: were you trading in dictionary words and brandable terms, or were you targeting a specific brand?
The UDRP Process and Timeline
The process is administrative arbitration, not litigation. It is conducted almost entirely in writing, with no live hearings in the typical case.
-
Filing. The complainant files with an ICANN-approved dispute-resolution provider. The two main ones are the World Intellectual Property Organization (WIPO) — the largest provider — and FORUM (formerly the National Arbitration Forum).
-
Notification and lock. The registrar locks the domain so it cannot be transferred or changed during the dispute, and the registrant (respondent) is formally notified.
-
Response. The respondent typically has 20 days to file a response defending their rights to the name. Missing this deadline is one of the most common ways registrants lose names they could have kept.
-
Panel appointment. A one- or three-member panel is appointed. The complainant pays the provider's fees; a respondent who wants a three-member panel shares in that cost.
-
Decision. The panel issues a written decision, generally within 14 days of appointment. End to end, a single-member case typically runs around 60 days, and a three-member case around 75 days.
The standard of proof is the civil "preponderance of the evidence" — more likely than not — applied across all three elements.
Possible Outcomes
UDRP remedies are narrow by design. A panel can order only:
- Transfer of the domain to the complainant, or
- Cancellation of the domain, or
- Denial of the complaint, leaving the domain with the registrant.
That is the entire menu. There are no monetary damages, no attorney's fees, and no injunctions under the UDRP. A losing registrant does not pay the complainant money; they lose the name (or keep it). If either side wants damages or a binding judgment, they have to go to court — the UDRP is not a substitute for litigation, and a losing party can usually file a lawsuit to challenge the result.
UDRP vs URS vs Court
Three different mechanisms address domain disputes, and they are easy to confuse.
| UDRP | URS | Court litigation | |
|---|---|---|---|
| Purpose | Cybersquatting disputes | Clear-cut cybersquatting only | Any domain or trademark claim |
| Applies to | gTLDs + adopting ccTLDs | New gTLDs only (not .com/.net) | Any domain |
| Burden of proof | Preponderance of evidence | Clear and convincing evidence | Varies by jurisdiction |
| Speed | ~60–75 days | ~3 weeks | Months to years |
| Outcome | Transfer or cancellation | Temporary suspension only | Damages, transfer, injunctions |
| Cost | Moderate | Low | High |
The URS (Uniform Rapid Suspension) is the fast, cheap cousin of the UDRP, built only for new gTLDs and only for obvious abuse. Its highest burden of proof ("clear and convincing") and its limited remedy matter: a winning URS complainant only gets the domain suspended for the rest of its registration term — they do not get it transferred to them. For .com and .net, the URS is not even available, so the UDRP remains the primary tool.
Court litigation (in the U.S., often under the Anticybersquatting Consumer Protection Act) is slower and far more expensive, but it is the only path to monetary damages — and the only forum that can be binding.
Reverse Domain Name Hijacking
The UDRP cuts both ways. If a complainant abuses the process — filing in bad faith to try to wrest a legitimately held name from its owner — a panel can make a formal finding of Reverse Domain Name Hijacking (RDNH), defined as "using the Policy in bad faith to attempt to deprive a registered domain-name holder of a domain name."
An RDNH finding does not award the registrant any money, but it is a public rebuke that can damage the complainant's credibility in future disputes and litigation. For a domain investor with a clearly legitimate registration, raising RDNH in a response is a meaningful defensive tool against a brand owner trying to use the UDRP as a cheap shortcut to a name they did not buy in time.
How Domain Owners and Investors Can Avoid and Respond to Complaints
Avoiding complaints starts at registration. Before you register or buy a name, ask whether it targets an existing brand. Practical habits that keep a portfolio defensible:
- Stick to generic, descriptive, and brandable terms rather than registering near-matches of existing trademarks.
- Document your registration date and your reasoning. Because bad faith generally must exist at registration, proof that a name predates a trademark — or that you bought it for its dictionary meaning — is often dispositive.
- Avoid PPC parking pages that show ads competing with the trademark owner. That kind of use is frequently cited as evidence of bad faith, even for an otherwise generic name.
- Be careful about how you respond to inbound offers. Demanding a large sum from a brand owner who approaches you can be twisted into "registered primarily to sell to the trademark owner."
If you receive a complaint, do not ignore it. The single biggest avoidable loss is a default — missing the ~20-day response window. A well-documented response showing a legitimate interest and a good-faith registration date wins many cases. This is the point to bring in counsel.
It is also worth understanding that a UDRP transfer is a different problem from a security hijack. One is a legal process you can respond to; the other is an attack you have to prevent. Both can cost you a name, and a serious owner plans for each.
What UDRP Means for Valuable and Tokenized Domains
For high-value names, a UDRP complaint is an existential risk — and it is one reason provenance and clear records matter so much when you sell a domain you own. A clean registration history and a legitimate-use story are assets that protect the name's value.
This is also where tokenized domains fit into the picture. Tokenization changes who provably controls a name and creates a durable, on-chain record of ownership and transfers — useful provenance if a registration date or chain of custody is ever questioned. It does not, however, place a domain outside the UDRP: the underlying name still lives in the DNS under an accredited registrar, and the UDRP still applies. Tokenization strengthens your evidence and your control; it does not exempt you from trademark law.
Namefi tokenizes the registrant relationship while keeping the domain fully ICANN-compliant, so owners get on-chain provenance and self-custody without stepping outside the system that the UDRP governs. The goal is simple: own valuable names with stronger records and cleaner control, while staying squarely within the rules.
Frequently Asked Questions
What is the UDRP?
The Uniform Domain-Name Dispute-Resolution Policy is an ICANN policy, created in 1999, that lets trademark owners challenge domain registrations that infringe their marks through private arbitration instead of court. Every registrant agrees to it when registering a domain.
What are the three elements of a UDRP complaint?
The complainant must prove all three: (1) the domain is identical or confusingly similar to their trademark; (2) the registrant has no rights or legitimate interests in the domain; and (3) the domain was both registered and used in bad faith. Failing any one element defeats the complaint.
How long does a UDRP case take?
A single-member panel case typically runs about 60 days from filing to decision, and a three-member case about 75 days. The respondent generally has 20 days to file a response, and the panel issues its decision within roughly 14 days of being appointed.
What outcomes are possible under the UDRP?
A panel can order the domain transferred to the complainant, cancelled, or it can deny the complaint and leave the name with the registrant. There are no monetary damages or attorney's fees under the UDRP.
What is the difference between UDRP and URS?
The URS (Uniform Rapid Suspension) is faster and cheaper but applies only to new gTLDs, requires a higher "clear and convincing" standard of proof, and only suspends the domain rather than transferring it. The UDRP applies more broadly (including .com) and can result in transfer or cancellation.
Can a UDRP complaint be filed in bad faith?
Yes. If a complainant abuses the process to try to take a legitimately held name, a panel can find Reverse Domain Name Hijacking (RDNH) — a formal, public finding that the complaint was brought in bad faith.
Does tokenizing a domain protect it from the UDRP?
No. Tokenization improves provenance, control, and self-custody, but the underlying domain still operates under an ICANN-accredited registrar, so the UDRP still applies. Tokenization can strengthen your evidence; it does not exempt a name from trademark law.
Sources: ICANN — Uniform Domain-Name Dispute-Resolution Policy; WIPO — Guide to the UDRP. This article is general information, not legal advice.
About the author(s)
Related guides
- How to Name Your Project: A Founder's Field GuideA practical, research-backed guide for founders naming a project, product, or company: clear it legally, make it easy to say, generate strong candidates, check it across cultures, and run the searches that matter before you commit.
- .ai vs .io: Which Domain Is Right for Your AI or Tech Startup?.ai vs .io for your startup? Compare origins, Google SEO treatment, pricing, branding signals, and the .io Chagos question, plus a clear decision guide and FAQ.
- Domain Escrow Explained: How Safe Domain Transactions WorkA plain-English guide to escrow and domain escrow — what an escrow account is, how escrow works step by step in a domain sale, why it matters for avoiding fraud, traditional escrow services vs. the modern tokenized approach, and how smart contracts can replace escrow with atomic on-chain settlement.
- Premium Web3 TLDs: A 2026 Guide to the Most Valuable Tokenized Domain ExtensionsA clear 2026 guide to premium Web3 TLDs—what "Web3 TLD" really means, why tokenized ICANN extensions like .com, .ai, and .io beat blockchain-only names, and which domain extensions hold the most value.