Building a Domain Dispute Case: Essential Evidence Collection Guide

Understanding Domain Dispute Mechanisms

Domain disputes are resolved through several established mechanisms, each with specific evidence requirements:

• UDRP (Uniform Domain-Name Dispute-Resolution Policy) - administered by WIPO and other approved providers. The UDRP covers generic TLDs (.com, .net, .org, and newer extensions) and requires the complainant to prove three elements: that the domain is identical or confusingly similar to their trademark, that the registrant has no rights or legitimate interests in the domain, and that the domain was registered and is being used in bad faith.
• URS (Uniform Rapid Suspension System) - a faster, lower-cost alternative to UDRP for clear-cut cases of infringement. The URS applies to new gTLDs and has a higher burden of proof - you must demonstrate that your case is not reasonably contestable. Strong evidence is even more critical here because the standard is strict.
• ACPA (Anticybersquatting Consumer Protection Act) - a US federal statute that allows trademark holders to sue cybersquatters in court and potentially recover statutory damages up to $100,000 per domain. ACPA cases require proving bad faith intent to profit from the trademark, which demands thorough documentary evidence.

Regardless of which mechanism you use, the evidence categories are largely the same. Panelists and judges want to see a clear, timestamped record of what the disputed domain showed, who registered it, and how it was being used.

The Five Categories of Domain Dispute Evidence

1. Screenshots of the disputed domain

The most fundamental piece of evidence is a capture of what the disputed domain actually displays. Panelists need to see the website content, parking page, pay-per-click links, redirect behavior, or whatever the registrant has placed at the domain. A single screenshot is rarely enough. You need captures that show the full page content, the URL bar confirming the domain, and ideally the HTML source code that proves the content was actually served from that domain and not fabricated.

Plain browser screenshots are weak evidence in UDRP proceedings. Panelists are aware that images can be altered. Captures that include RFC 3161 trusted timestamps, SHA-256 hashes, and HTML source preservation are substantially more credible and harder to challenge.

2. WHOIS records

WHOIS data reveals the registrant of the domain - or at least the registrar, registration date, expiration date, and name servers. Even when privacy protection hides the registrant identity, the registration and expiration dates are critical for establishing the timeline of bad faith. The registrar information tells you where to send formal complaints and helps identify patterns if the same registrant holds multiple infringing domains.

WHOIS records change. Registrants update their privacy settings, transfer domains between registrars, or modify contact information when they realize a dispute is coming. Capture the WHOIS data as early as possible and preserve it with a trusted timestamp.

3. DNS records

DNS records show where the domain is pointing - the IP address, mail servers, name servers, and any CNAME or TXT records configured for the domain. This evidence is particularly important when the disputed domain redirects to another site, when it is configured to send or receive email (suggesting active impersonation), or when the registrant is using DNS to route traffic through affiliate networks.

Like WHOIS data, DNS records can be changed quickly. A registrant who is using a domain to impersonate your brand may reconfigure the DNS the moment they receive notice of a dispute. Capture DNS records before sending any cease and desist correspondence.

4. Historical captures

A single point-in-time capture shows what the domain looks like today. But panelists often want to understand how the domain has been used over time. Was it immediately used for pay-per-click parking after registration? Did the content change after a cease and desist letter was sent? Has the registrant maintained a pattern of infringing use?

Historical captures from the Wayback Machine can supplement your own evidence, but they are not always available for every domain and every date. Building your own capture history by taking regular, timestamped screenshots is far more reliable. If you begin capturing early and capture consistently, you create a timeline that tells a compelling story to the panel.

5. Correspondence and offers to sell

If the registrant has contacted you offering to sell the domain, responded to your inquiry with a price far exceeding registration costs, or made any statements about their intent, those communications are powerful bad faith evidence. Save emails, capture screenshots of any web-based communication, and preserve any marketplace listings where the domain is offered for sale.

Proving Bad Faith Registration and Use

Bad faith is the most contested element in most domain disputes. UDRP panels look for specific patterns and behaviors, and your evidence should directly address them:

• Pattern of hoarding - if the registrant holds multiple domains corresponding to well-known trademarks, this strongly suggests bad faith. Search for other domains registered by the same entity and capture the WHOIS records and website content for each one. A registrant who owns dozens of trademark-matching domains is hard to defend.
• Similarity to trademarks - capture side-by-side evidence showing your registered trademark and the disputed domain name. Include your trademark registration certificate, the domain registration date (to show the domain was registered after your trademark), and any evidence that the registrant knew of your trademark.
• Intent to sell- capture any "this domain is for sale" pages, marketplace listings on platforms like Sedo, Afternic, or Dan.com, and any correspondence where the registrant solicited or demanded payment. Screenshot the pages with timestamps before the registrant can remove them.
• Pay-per-click monetization - capture the parking page showing pay-per-click links, especially links related to your industry or brand. The HTML source code is particularly important here because it reveals the ad network identifiers and confirms the registrant is generating revenue from traffic intended for your brand.
• Disruption of competitor - if the registrant is a competitor or is using the domain to redirect visitors to a competing business, capture the redirect chain. Document the domain, the redirect destination, and the competing content at the final URL.

Proving Legitimate Interest vs. Bad Faith Use

The registrant will likely argue they have a legitimate interest in the domain. Panelists evaluate several factors, and your evidence should preemptively address the most common defenses:

• No bona fide use - if the domain resolves to a parked page, an error page, or a page with no substantive content, capture it. Multiple captures over weeks or months showing consistent lack of genuine use undercut any claim of legitimate interest.
• No commonly known association - search for evidence that the registrant has never been commonly known by the domain name. Look for their actual business name, their other domains, and any online presence that uses a different name entirely.
• No noncommercial or fair use - if the domain is monetized through advertising, affiliate links, or redirect traffic, it is commercial use. Capture the evidence of monetization, including HTML source code that reveals ad network tags.

The more comprehensive your evidence, the harder it is for the registrant to construct a credible defense. A single screenshot might be explained away. Months of timestamped captures showing consistent parking page content, combined with WHOIS records revealing a pattern of trademark-matching registrations, is difficult to refute.

Evidence Collection Timeline: When and How Often

Timing is critical in domain disputes. Here is a practical timeline for building your evidence file:

• Immediately upon discovery - capture the domain website content, WHOIS records, and DNS records. This is your baseline. Do not send a cease and desist letter before taking these initial captures - the registrant may change the site content or transfer the domain once alerted.
• Weekly for the first month - capture the domain content weekly to establish a pattern of use. If the content is a parking page or shows pay-per-click links, weekly captures demonstrate that this is not a temporary state but ongoing monetization.
• After sending correspondence - capture the domain again immediately before and after sending any cease and desist letter. If the registrant changes the site content in response, that change itself is evidence of awareness of your trademark rights.
• Monthly until filing - continue monthly captures until you file the complaint. Each timestamped capture adds to the weight of your evidence showing sustained bad faith use.
• At the time of filing - take a final set of captures of all relevant evidence - the domain, WHOIS records, DNS records, and any marketplace listings - on the day you file your complaint to show the current state of affairs.

How Snapoena Supports Domain Dispute Evidence Collection

Snapoena is designed to produce evidence that satisfies the authentication, integrity, and timestamp requirements that UDRP panelists and courts expect. For domain disputes specifically, Snapoena provides:

• Timestamped website captures - every capture includes a full-page screenshot, HTML source code, and an RFC 3161 trusted timestamp from an independent authority. The SHA-256 hash ensures that nothing in the capture has been altered after the fact.
• WHOIS record capture - Snapoena captures and preserves WHOIS data alongside your website captures, creating a single evidence record that links the domain content to its registration details.
• DNS record documentation - DNS records are captured and included in your evidence bundle, documenting the technical infrastructure behind the domain at the time of capture.
• Evidence bundles - each capture produces a downloadable ZIP containing the screenshot, HTML source, PDF report, cryptographic hash, and trusted timestamp - a complete evidence package ready to attach to your UDRP complaint.
• UDRP package generation - Snapoena can compile multiple captures, WHOIS snapshots, and DNS records into a structured evidence package formatted for UDRP filings, with an index that maps each exhibit to the relevant element of the complaint.
• Automated recurring captures - set up scheduled captures through the Snapoena API to automatically monitor a disputed domain on a daily or weekly basis. This builds your evidence timeline without manual effort and ensures you never miss a content change.

Step-by-Step: Preparing a UDRP Complaint with Web Evidence

Here is a practical workflow for building your UDRP evidence file from discovery to filing:

1. Initial capture - capture the disputed domain using Snapoena. This produces a timestamped screenshot, HTML source, and RFC 3161 timestamp. Do this before any contact with the registrant.
2. WHOIS and DNS snapshot - capture the WHOIS record and DNS records for the disputed domain. Note the registration date, registrar, and name servers. If privacy protection is enabled, document that as well.
3. Trademark documentation - gather your trademark registration certificates, dates of first use, and any evidence of brand recognition. These are not web captures but will accompany your web evidence in the complaint.
4. Pattern research - search for other domains registered by the same entity. Use reverse WHOIS lookup tools and capture any additional infringing domains you find. Each one strengthens the bad faith argument.
5. Set up recurring captures - configure weekly automated captures of the disputed domain through the Snapoena API. This builds your evidence timeline automatically.
6. Capture marketplace listings - if the domain is listed for sale on Sedo, Afternic, Dan.com, or any other marketplace, capture those listing pages with timestamps. These are direct evidence of intent to profit.
7. Send and document correspondence - if you choose to send a cease and desist letter, capture the domain immediately before sending. After sending, continue your regular capture schedule. Any content changes in response to your letter are relevant evidence.
8. Compile the evidence package - use Snapoena to generate a UDRP evidence package that organizes your captures chronologically and maps each exhibit to the three elements of the complaint: confusing similarity, lack of rights or legitimate interests, and bad faith registration and use.
9. Final captures at filing - on the day you file, take a fresh set of captures of the domain, WHOIS records, and DNS records. Include these as the most current state of affairs in your complaint.
10. File with the provider - submit your complaint to WIPO, NAF, or another approved UDRP provider. Attach the Snapoena evidence bundles as exhibits. The RFC 3161 timestamps and SHA-256 hashes provide independent verification that panelists can rely on.

The Bottom Line

Domain disputes are won or lost on evidence. The three-element test in UDRP proceedings - confusing similarity, lack of legitimate interest, and bad faith - requires documented proof at every step. Plain screenshots without metadata or timestamps leave gaps that respondents will exploit.

Start collecting evidence the moment you discover the infringing domain. Capture before you communicate. Capture consistently over time. And capture with tools that produce independently verifiable records - cryptographic hashes, trusted timestamps, and preserved source code - that panelists can examine and trust.

The registrant can delete a parked page, change DNS records, or update WHOIS information overnight. Your evidence needs to already be preserved before that happens.