Which domains should a brand register? A prioritized checklist
Not every domain variation is worth registering. A practical guide to picking the right TLDs and variants for your brand, by budget and risk level.
At minimum, every brand should own its .com and the one or two TLDs most likely to be confused with it in its primary market. Beyond that, prioritization depends on sector, geography, and budget. Registering every conceivable domain variation is not realistic for most organizations, and maintaining fifty low-value domains costs real money every year. This guide breaks the decision into three budget tiers: what to register without question, what to add if you have room, and what belongs to the realm of monitoring rather than ownership.
The domains to register without question (minimal budget)
Three registrations form the non-negotiable baseline for any brand:
1. Your exact name as a .com. Even if you operate under a different TLD (.io, .co, .fr), owning the .com version of your name is essential. Over 70% of direct type-in traffic goes to .com by default. Users who hear your brand name and type it into a browser address bar will try yourcompany.com first. If someone else owns it, you are sending traffic to a competitor or a squatter on a daily basis without knowing it.
2. The ccTLD of your primary market. If you operate primarily in France, the .fr matters. In Germany, .de. In the UK, .co.uk. Users in these markets trust and expect a local TLD. Owning it also gives you SEO advantages for local search and protects your brand in the most commercially relevant jurisdiction.
3. The sector TLD relevant to your business. If you are a technology company, .io is now close to standard. If you run a mobile app, .app is meaningful. If you are in e-commerce, .shop is worth it. These TLDs attract enough direct traffic and brand confusion to justify the cost.
What if your .com is already taken?
This is the most common problem for new brands. Three realistic paths forward:
Buying on the secondary market. Prices range from $500 to hundreds of thousands depending on the domain's age, length, and perceived value. Negotiating directly with the current owner is usually less expensive than going through a broker.
Adding a short qualifier: get[brand].com, [brand]hq.com, [brand]app.com. These work as operating domains but create a permanent second-choice problem if the unqualified .com belongs to someone who confuses users.
Choosing an alternative TLD as your primary domain (.io, .co) while monitoring the .com with Domain Sentinel for expiration. Many domains cycle. If the current holder lets it lapse, you want to be first in line.
Domains to add with an intermediate budget
Once the baseline is covered, the next tier adds meaningful protection without excessive cost.
TLDs that are commonly confused with your primary TLD
| Your primary TLD | Priority additions |
|---|---|
| .com | .net, .co, .org (if non-profit relevant) |
| .io | .com (critical), .ai (if AI/tech) |
| .co | .com (absolutely critical), .net |
| .fr | .com, .eu, .net |
| .de | .com, .eu, .net, .at, .ch |
The .co extension deserves special emphasis: it is so close to .com that even careful users mistype it, and it has been used in documented phishing campaigns. If you operate on .com, register .co even if you never use it.
The two or three most likely typos
Do not try to register every possible typo. For names longer than six characters, focus on the most probable errors: letters that are adjacent on a keyboard (s/a, o/p, i/e/r), common double-letter confusions (newsletter vs newletter), and character reversals. For the name "Syntheria", registering sintheria.com and syntheria.io covers most of the realistic error space without over-spending.
The method: identify the two or three key letters where a mistake produces a pronounceable result. Those are the variants worth registering.
Strategic geographic markets
If you operate or plan to operate in other countries, register the ccTLD even before you launch in that market. At $10-30 per year, ccTLD registration costs less than a fraction of a single customer acquisition cost. Registering .de, .es, .nl, .ca, .au, or .br years before entering those markets is cheap insurance. The cost of a UDRP to recover a .de domain from a squatter who registered it when you announced your European expansion is not.
Domains for advanced protection (full budget)
For established brands or those in sectors with elevated phishing and brand abuse risk.
Emerging sector TLDs
The value of sector TLDs is primarily defensive, not operational. Almost no one navigates to yourcompany.health or yourcompany.finance directly, but registering these blocks a specific attack vector where someone creates a fake support or information site under your brand name. Focus on the TLDs that are already active in your sector: .health, .finance, .legal, .tech, .ai, .cloud, .security. Do not register all of them, just the ones where fake sites would be plausible.
Semantic variants with high phishing potential
These patterns appear repeatedly in real phishing campaigns and fraud support scams. Registering them yourself removes them from the attack surface:
- get[brand].com, try[brand].com, use[brand].com
- [brand]-login.com, [brand]-secure.com, [brand]-account.com
- [brand]official.com, [brand]support.com, [brand]help.com
Not all of these are worth registering for every brand. Focus on the ones that match your product's user behavior. If users regularly log into your product, [brand]-login.com is a real risk. If you have a prominent support channel, [brand]support.com matters.
ccTLDs for new markets before expansion
Six to twelve months before launching in a new country, register the ccTLD. The cost is minimal, the protection is significant. Announcing your entry into the Spanish market without owning [brand].es invites speculation and squatting.
What not to register
Registering everything is a trap. Three categories are not worth the annual renewal cost for most brands:
Exotic TLDs with no real user base (.xyz, .top, .click, .tk) are almost never confused with legitimate domains by the users you care about. The exception: if you have specific evidence that a competitor is running phishing or brand confusion campaigns on these TLDs, register them to neutralize the threat.
Domain variations in languages or markets you have no connection to. Registering [brand].ru without Russian operations is maintenance overhead with no protective value.
Negative variants ([brand]-sucks.com, [brand]-scam.com) are generally protected as free speech in most jurisdictions. Courts have consistently ruled that criticism domains are not infringement. Registering them brings no meaningful protection.
Managing your portfolio over time
Five rules for keeping a domain portfolio from becoming a liability:
Centralize registrations with one or two trusted registrars. Fragmented portfolios across ten different registrars guarantee that something will expire unnoticed.
Enable auto-renewal on every domain that is part of your protection strategy. A lapsed defensive domain that gets picked up by a squatter requires a UDRP to recover, which costs more than years of renewals.
Add all domains in your portfolio to Domain Sentinel so you receive expiration alerts 60 and 30 days in advance. This creates a safety net on top of auto-renewal.
Audit annually. Domains you registered three years ago for a market you did not enter are maintenance costs with no benefit. Remove them rather than renewing out of inertia.
The guiding principle is straightforward: own the five to ten domains that provide genuine protection, monitor the rest. Domain monitoring lets you watch hundreds of variants without registering them. What you cannot register in advance, you can detect quickly enough to respond before real damage occurs. Check whether the priority domains for your brand are still available using Domain Sentinel.
Start with a domain you care about
Look it up for free. If you want alerts when status changes or expiry gets close, create an account. Takes about 30 seconds.