
Ask HN: Do I need to register a lot of redundant domains? - njsubedi
I am asking this question because I find myself occasionally registering redundant domains that relate to my company&#x2F;service. For example, my company has a .io domain, but I have also registered a few other TLDs like .app, .cloud, .email and .online just in case.<p>I already have a subdomain mail.&lt;example&gt;.io but I am about to register mycompany-mail.com because someone else might register and misuse it. I stopped to think if everyone did this or I&#x27;m being super paranoid.<p>For the same &lt;example&gt; name, I have more than 20 domains registered while I could have easily settled for subdomains. I have &lt;examplegames&gt;.com as well as &lt;example&gt;.games domain and few more typos and double &#x27;aa&#x27; variations, just in case.<p>Please share if you have a similar experience or wisdom. What&#x27;s the best practice in your opinion?
======
redis_mlc
1) No, you don't need alternate TLDs or mis-spellings.

The exception is if you're a bank, you might want to monitor those.

2) The .io TLD in the past was mismanaged, and has been pwned by security
researchers. I don't consider it secure enough for SaaS use, and I won't
signup for business services with companies that use it.

~~~
Artemix
Another huge issue with the `.io` domain is about
[ethics]([http://www.thedarksideof.io/](http://www.thedarksideof.io/)).

~~~
farmerdee
Had no idea about this, thanks

------
DDR0
IMO, if you register n domains to keep someone from misusing them, whoever is
out for you will will just register the n+1th domain. There's not really much
point to having a higher n. Get the .com, maybe one with your country code,
maybe the .io.

------
hayksaakian
If you're using .anythingbesidescom (for example.io) then get the .com too

Besides that it really doesn't matter unless you're a million dollar brand.

There's better ways to spend $10 in your small business.

If you have a trademark on your brand name, and someone else tries to squat
your name in another TLD, file a trademark dispute to force them to release
it. (Assuming your trademark isn't a generic word like "apple" where someone
could conceivably have something like apple.accounting without being
confusingly similar)

------
Dnguyen
I think you should focus on making your product as the best instead of
worrying about other people leeching off your domain name. If you get that
far, you must be doing very well so no need to worry about leechers.

------
toast0
Realistically, you might want three domains.

One that looks nice for your website (ideally .com). One where your service
actually runs. One to host user content (so if you insufficiently sanitize
something, it can't be used to exfiltrate cookies or whatever from your
userfacing domain).

I wouldn't get example-mail.com or example.bike unless those are actually
relevant. Only get mispellings if your name is easily mispelled (but then,
consider a different name), at least until you have a large number of users or
dollars coming in. Each domain is individually inexpensive, but buying a lot
isn't, and spending time on it isn't.

------
farmerdee
I have actually written a tool to help organisations understand their own
digital exposure/privacy. It is very much an MVP but check it out, it should
help you with some of your concerns -
[https://www.privacytrail.com](https://www.privacytrail.com)

I think DDR0 makes a strong point, a determined malicious actor will always
find a domain you haven't considered so defensively registering dozens of
domains is usually only an action taken by large banks or significant brands.
Unless you are likely to be impersonated or have a duty of care similar to
that of a bank then a single/small number of domains is probably sufficient,
especially for a startup. Buying additional domains can be done as you get
larger and the threat of impersonation increases.

However, that doesn't mean you shouldn't monitor domain purchases that are
similar to your own. Blacklisting domains that you believe have been purchased
for nefarious goals can prevent your own employees from being duped in
convincing phishing attacks and it is always good to occasionally remind
customers/third parties of the domains you operate from.

Anyway, I could waffle about this for ages - there is more info on the above
link and you can try your own domain out!

------
jbc1
I think .co is a smart get for any .com's where someone impersonating you
could hurt you. Otherwise it's not a concern. Definitely wouldn't worry about
the ones you listed.

------
Brajeshwar
Wow! I'm on a very similar boat. A few years back, I was able to coax myself
that I do not need to go after most of the TLDs. I'm not one of those who
trade in domains but I realize I might have spent around $10,000 on domains
since I booked my first domain in 2001.

Like other "entrepreneurs", ;-), I also had the tendency to book domains when
an idea comes to mind. If nothing else, I usually start writing about the
topic and keep it there. I also tend to realize that I might not be pursuing
it, and then abandon them.

Of course, the side-effect of this is also that I have sold quite a few
domains. A quick calculation on the back of a napkin puts the income to about
$25,000+. Two of the most notable ones I remember being a HTML5.(TLD), and a
hackathon.(TLD). I remember giving them the grandfathered GSuite, and Twitter
handles to the buyers.

Right now, I pretty much own all of the known TLDs for my family name. ;-)

------
upatricck
I think many domains for one company might lead to confusion to users.

If I received an email from mail-fb.io for example it wouldn't look legit to
me. Any of their subdomain would be good.

~~~
Kkoala
That's funny because FB uses facebookmail.com for some communication for
example, recruiting

------
jaxn
I have domains based on future plans. So of those plans are now getting
implemented much sooner than expected to help our clients get through this
crazy situation in the world. Some of those domains are coming in really
clutch right now.

------
robjan
Just focus on shipping your product. Most products never get any traction and
one of the reasons is lack of focus (defending your brand before it's
established is hard work). Register your company name as a trademark, if
possible.

------
sriku
If you only have a couple of domains but you have a trademark on the name,
does that help claim other domains when needed?

