For years, the playbook was simple: If you don’t own the typo, someone else will.
Registering misspellings of your brand has long been a standard defensive strategy, protecting against phishing, impersonation, and fraud. But following the 2021 changes to the .au licensing rules by auDA, that strategy now sits in a grey area.
What changed
Historically, .au allowed a “close and substantial connection” to a domain name. In practice, this meant brands could justify variations and misspellings as part of a broader defensive portfolio.
The 2021 rules tightened this, particularly where eligibility is based on a trademark, which now requires an exact match. A typo of your brand is, by definition, not an exact match.
What hasn’t changed
From a security perspective, nothing has changed.
Misspelling domains remain one of the most common and effective tools used in phishing and brand abuse. Attackers rely on small variations, like a missing letter or a swapped character, to deceive users.
These are not edge cases. They are everyday threats.
Where the tension sits
What has changed is the compliance landscape.
We are now seeing increased scrutiny around .au registrations, including domains that were registered defensively and in good faith. In some cases, eligibility is being questioned, creating a disconnect between what is good security practice and what may be considered strict policy compliance.
The reality is this:
A domain can be commercially sensible and security critical, while still carrying regulatory risk.
What brands should do next
The response is not to pull back, it is to get smarter.
Review your .au portfolio
Understand how each domain meets eligibility requirements
Do not rely on trademarks alone, consider broader connections
Document why defensive domains exist
Expect more scrutiny, not less
Final thought
The .au namespace is evolving. Defensive strategies that worked five years ago may not stand up today without proper structure behind them.
At Brandsec, we are helping clients navigate this shift, balancing compliance with real-world brand protection. If your organisation holds misspelling domains in .au, now is the time to review and reassess.
Because if you do not control your brand variations, someone else will. And you also need to ensure you can justify owning them.
About brandsec
brandsec is a team of highly experienced domain name management and online brand protection experts. We provide corporate domain name management and brand enforcement services, helping brands eliminate phishing platforms across the internet. Supporting some of the largest brands in the region, we offer innovative solutions to combat threats across multiple industries.
