The Delhi High Court's judgment in Dabur India Limited v Ashok Kumar on fraudulent domain name registration is best understood as a judicial response to the changing anatomy of digital fraud. The Court was confronted with an ecosystem in which impersonation websites, fake investment portals, and cloned brand identities proliferate at scale, often vanishing and reappearing faster than traditional legal remedies can respond. Against this reality, the judgment, authored by Justice Prathiba M. Singh, marks an important shift: from episodic, defendant-specific relief to systemic, forward-looking intervention aimed at disabling fraud infrastructure itself.
Systemic relief envisaged
The proceedings were triggered by a series of suits filed by corporate entities such as Dabur India Ltd., which drew the Court's attention to a proliferating ecosystem of deceptive websites operating under domain names closely resembling well-known brands. These websites were functioning as active instruments of fraud, offering fake distributorships, spurious franchise opportunities, sham recruitment drives, and fabricated investment schemes. Victims were persuaded to pay “processing fees”, “security deposits”, or “initial investments”, often running into lakhs of rupees, before the websites vanished without trace.
In such cases, Registrant information is routinely false or masked, rendering post-facto identification ineffective. Privacy-protection services and proxy registrations ensured that even when victims or companies attempted to identify the operators, the trail went cold. By the time a complaint was filed or an injunction obtained, the perpetrators had already migrated to a fresh domain, often with a minor variation in spelling or suffix.
Digital arrest scams, which have recently drawn the Supreme Court's attention, often rely on websites purporting to belong to law enforcement agencies or government departments, lending a veneer of authority to coercive video calls and payment demands. The High Court took cognisance of this in Paragraph 214 thus: “Providing domain names such as Government of India, Supreme Court of India, Delhi High Court, Income Tax Department is not merely violative of IP rights but in effect an encouragement for indulging in unlawful activity. Such acts of Domain Name Registrars (DNRs) would also impinge upon the sovereignty and integrity of the country.”
The judgment dismantles the long-standing assumption that domain registration is a low-risk activity requiring minimal oversight. In doing so, it also challenges the default masking of registrant details under the banner of privacy. While the Court did not dismiss privacy concerns outright, it held that automatic concealment of identity, without robust verification, cannot be justified when it repeatedly shields fraudsters from accountability.
The High Court expressly recognised that insisting on conventional injunctions limited to named domain names would amount to a game of whack-a-mole, structurally incapable of addressing the harm. In legal and regulatory discourse, “whack-a-mole” is used metaphorically to describe a problem that reappears in new forms as quickly as it is addressed, rendering case-by-case or reactive responses ineffective. Courts and regulators use the expression to criticise remedies that target individual instances of misconduct without addressing the underlying system that enables repetition.
It is in this context that the Court endorsed dynamic and extended injunctions as a necessary evolution of equitable relief in the digital age.
By approving injunctions that travel beyond the specific domain names pleaded in the suit to cover future variants, mirror domains, and functionally identical infringing registrations, the Court affirmed that remedies must be calibrated to the modus operandi of fraud itself. This endorsement of dynamic injunctions signals judicial acceptance that when infringement and fraud are systemic, relief must be equally systemic. By permitting injunctions that automatically apply to future domains bearing similar deceptive characteristics, the Court has attempted to disrupt this churn-and-replace model that has allowed online fraud to flourish.
The Court's reasoning also reflects a nuanced understanding of how public trust operates in digital spaces. Trust online is not built through physical cues but through symbols such as URLs, logos, and domain extensions. A convincing domain name can neutralise scepticism even among otherwise cautious users. This is why the Court's intervention matters not only for brand owners, but for ordinary citizens navigating an increasingly hostile digital environment.
Blanket safe harbour denied
The High Court found that non-implementation of steps to prevent trademark infringement coupled with various means and methods adopted by DNRs to maximize their revenues would actually lead to non-grant of safe harbour protection. The High Court warned that DNRs would be liable to be treated as infringers, against whom reliefs would be liable to be claimed. In an appropriate case, they could be held to be liable to pay monetary damages as well, it added.
The High Court held that where DNRs continue to permit registrations based on minimal verification, masked identities, or demonstrably false details, despite clear evidence of recurring misuse, such conduct ceases to be neutral. The Court's reasoning locates responsibility not in intent, but in structural capacity: Registrars are best placed to prevent harm at the point of entry, and failure to do so attracts legal consequences. The Court's direction to DNRs offering their services in India to collect the details of the Registrants and perform a e-KYC verification in the manner in which National Internet Exchange of India (NIXI) already mandates in India and disclose information about rogue Registrants to authorities within 72 hours of request should be understood in this context.
The judgment records that DNRs continue to generate profits for selling domain names which may result in widespread injury to the public at large. It points out that out of 1132 infringement of domain names - barring one or two - no bonafide Registrant has come forward claiming any legitimate right to use the infringed domain names. None of the Registrants who faced complaints participated in the High Court's proceedings since 2022.
The judgment takes a serious note of DNRs and Registry Operators, operating from foreign shores, and refusing to comply with Court's directions. The DNRs argued that non-compliance of orders of the Court would not satisfy the high threshold of 'public order' which is one of the grounds upon which the blocking order can be issued. They relied in support of broader protections as Intermediary on the decisions of the Supreme Court in Shreya Singhal and in Visaka Industries.
The High Court distinguished these decisions by explaining that the Supreme Court's tests in these cases would apply only to individual cases of mere IP infringement which may not satisfy the high threshold of public order, as the same may not have disturbed the society at large. In the case before it, the High Court noted that there is consistent violation of IP rights along with attempts to defraud innocent public of their hard earned monies and also assist in commission of offences, with a significant impact upon the society at large. The High Court reasoned that if the consumers cannot trust the authenticity of the website or domain name they have accessed, then it would definitely disturb the economic interests of the businesses and also create disturbance to members of the general public and society. Therefore, it justified its direction to block the services of non-compliant DNRs.
Dynamic obligation
A crucial doctrinal contribution of the judgment lies in its rejection of static compliance, an approach to legal and regulatory compliance in which an entity treats its obligations as fixed, checklist-based, and frozen in time, rather than as duties that must evolve with changing risks, technologies, and patterns of misuse. The Court implicitly recognised that due diligence is not a fixed checklist frozen in time, but a dynamic obligation that must respond to evolving threats. Practices that may once have sufficed in a relatively benign internet environment cannot be mechanically defended once fraud patterns are well-documented and pervasive. In this sense, the judgment aligns with a broader trend in digital regulation that treats foreseeability of harm as a trigger for enhanced preventive responsibility.
Relevance for other digital gatekeepers
Just as DNRs control the creation of online identities, banks control the creation of payee relationships. Beneficiary addition is not a neutral background process; it is the last point at which irreversible loss can realistically be prevented. When banks permit instant beneficiary activation based solely on OTP confirmation, without contextual risk assessment, they effectively prioritise convenience over protection. The High Court has successfully persuaded the Reserve Bank of India to introduce beneficiary name lookup facility in all payment modes of the banks. It remains to be seen whether this helps to prevent fraud.
The judgment's emphasis on dynamic responsibility strengthens the argument that banks cannot rely indefinitely on legacy design choices. A legacy design choice refers to a system, process or feature that was designed and implemented in an earlier technological or risk environment and then carried forward unchanged, even though the conditions that justified it no longer exist.
The judgment reflects a growing judicial willingness to move beyond reactive enforcement and towards structural remedies. Its reasoning foregrounds a simple but powerful proposition: when harm is predictable and prevention is possible, design choices matter.
Author is a former employee of National Informatics Centre
Views Are Personal