The "Online Soul" of Business: Delhi High Court Issues Landmark Directives Against Domain Name Fraud

The Delhi High Court, in a comprehensive judgment delivered by Justice Prathiba M. Singh, has addressed the systemic crisis of fraudulent domain name registrations and online impersonation. In Dabur India Limited vs. Ashok Kumar and Ors. , the Court recognized that in the digital age, domain names constitute the "online soul" of a business, and their misuse is not merely an intellectual property issue but a grave threat to consumer safety and the integrity of the financial system.

The Anatomy of a Digital Fraud

The litigation began as a typical trademark infringement suit filed by Dabur India Limited, but it rapidly expanded into a broader inquiry into how anonymous registrants use well-known brands to entice consumers. These fraudulent websites—often using suffixes or mirroring official Dabur branding—solicit payments under the guise of distributorships and dealership opportunities, disappearing as soon as funds are siphoned into untraceable bank accounts.

Justice Singh observed that the standard WHOIS verification mechanisms were failing, with registrars often providing "privacy protection" as a default shield, leaving brand owners and Law Enforcement Agencies (LEAs) in a perpetual "whack-a-mole" scenario.

A Multi-Stakeholder Intervention

Moving beyond standard injunctions, the Court initiated a series of meetings involving multiple stakeholders: * Banking Reforms: Acknowledging that innocent victims had no way to verify the beneficiary of their payments, the Court mandated the introduction of the 'Beneficiary Bank Account Name Lookup' facility. Effective April 1, 2025, this ensures remitters can verify account names before transferring funds. * Law Enforcement Coordination: The Court solidified the Standard Operating Procedure (SOP) established by the Central Economic Intelligence Bureau, making it mandatory for all banks to provide timely information to LEAs upon request, thereby cutting through the "privacy" obfuscation used by fraudsters. * Intermediary Accountability: Emphasizing that protection for intermediaries under Section 79 of the IT Act is "measured" and not a "blanket immunity," the Court ruled that DNRs (Domain Name Registrars) cannot shield themselves when they are, in fact, monetizing infringing marks through premium registration tiers and search-optimization services.

The "Dynamic Plus" Injunction

In one of the most critical aspects of the ruling, the Court granted a "Dynamic + Injunction." This allows the Plaintiff to implead mirror, redirect, or alphanumeric variations of the infringing websites simply by filing an affidavit with the Joint Registrar, thereby sparing the Court from repeated litigation for every new iteration of a rogue website.

The judgment also clarified that privacy features should be opt-in, not default, stating: > "The privacy protection features adopted by DNRs... is acting as a cloak to hide the identity of those perpetrating illegal and unlawful acts on the internet."

Key Observations

• On the nature of Domain Names: "A domain name is the address of a business/individual/entity on the internet. The website built on the domain name is like a shop being built at the physical address of a business."
• On the Responsibility of DNRs: "If the algorithm works in such a manner that there is a possibility of infringing alternative domain names being made available to an aspiring registrant, the DNR has to discontinue the use of such algorithm."
• On the Right to Privacy: "While respect has to be given to privacy, the same need not be as a default position... Any third party who has a legitimate interest can always approach the DNR... to obtain the access to personal data."

Practical Implications

This judgment signals a transformation in digital enforcement in India. By shifting the burden back to DNRs to verify registrants and by streamlining banking protocols to expose the identity behind financial transactions, the Court has effectively narrowed the safe harbor for those masquerading as intermediaries while actively facilitating fraud.

For the future, the Court has directed MeitY and DoT to consider a central data repository for domain name registrants—potentially under NIXI—to bridge the gap between global, anonymous registration services and India's sovereign interest in maintaining digital order and consumer protection.

The case underscores a vital shift in jurisprudence: the "law of the internet" is no longer a wild west but is increasingly being governed by the same rules of identity, traceability, and accountability required in the physical world.