governance
Domain Seizures and Disputes
How governments seize domain names, how disputes are resolved, and why the location of a registry determines who has power over your domain
Your domain exists at the pleasure of a registry
A domain name is not property you own outright — it is a lease from a registry, subject to the laws of the jurisdiction where that registry operates. For .com and .net, that jurisdiction is the United States, because VeriSign (the registry) is a US company. This gives the US government unique power to seize any .com or .net domain, regardless of where the domain owner is located.
US government domain seizures
Legal mechanisms
The US government uses several legal tools to seize domains:
- Civil asset forfeiture — domains seized as instrumentalities of crime under 18 U.S.C. Section 981
- Criminal seizure warrants — issued by federal courts upon probable cause
- OFAC sanctions — domains associated with sanctioned entities are seized or frozen
The Department of Justice works with domain registries (primarily VeriSign) to redirect seized domains to government seizure notices. The process typically happens ex parte — without the domain owner’s participation.
Operation In Our Sites
Launched in June 2010 by Immigration and Customs Enforcement (ICE), this ongoing operation targets counterfeiting and piracy domains. By 2018, over 1 million domain names had been seized in combined criminal and civil actions. ICE seizure banners were viewed over 122 million times.
Notable errors occurred: three domains (dajaz1.com, rojadirecta.com, rojadirecta.org) were seized by mistake and later returned.
Major seizure cases
| Case | Year | Details |
|---|---|---|
| Megaupload | 2012 | megaupload.com seized; 150M registered users; alleged $500M+ in copyright damages |
| Silk Road | 2013 | First major darknet market; $1B+ in Bitcoin seized |
| Backpage.com | 2018 | 93-count indictment; facilitating prostitution |
| Iranian media | 2021 | PressTV.com and 32 other domains seized under IRGC sanctions |
| Russian disinformation | 2024 | 32 domains alleged to be Russian propaganda targeting US elections |
| LabHost | 2024 | Spoofing service that created 40,000+ fake websites affecting 1M+ victims |
Sanctions-based seizures
US OFAC sanctions have been used to seize domains belonging to entities in Iran, Syria, and other sanctioned countries. In 2013, over 700 domains linked to the Syrian Electronic Army were seized. In June 2021, the US seized PressTV.com and 32 other Iranian media domains.
These seizures demonstrate the tension between DNS as a global system and the jurisdictional reality that major TLD registries operate under US law.
International operations
Europol coordination
International law enforcement increasingly coordinates domain seizures across borders:
Operation PowerOFF (2024–2025): Targeting DDoS-for-hire services. In December 2024, Europol dismantled 27 DDoS attack platforms across 15 nations. In May 2025, 300 servers were seized and $3.5 million in cryptocurrency confiscated.
Operation RapTOR: Joint operation between ICE, Europol, and JCODE that dismantled darknet marketplaces including Nemesis, Tor2Door, Bohemia, and Kingdom Markets.
The UDRP: domain name disputes
Not all domain conflicts involve law enforcement. The Uniform Domain-Name Dispute-Resolution Policy (UDRP), administered by ICANN, handles disputes between trademark holders and domain registrants.
Under UDRP, a trademark holder can challenge a domain registration if:
- The domain is identical or confusingly similar to their trademark
- The registrant has no legitimate interest in the domain
- The domain was registered and is being used in bad faith
UDRP proceedings are decided by arbitration panels (typically WIPO or the Forum). Decisions are rendered in approximately 60 days — far faster than court proceedings. The remedy is limited: the panel can order the domain transferred or cancelled, but cannot award damages.
Common UDRP scenarios include cybersquatting (registering famousbrand.com to sell it back), typosquatting (gogle.com), and domain parking on trademarked terms.
DNS-level blocking by court order
A growing trend: courts ordering DNS resolvers (not just registries) to block specific domains.
The Quad9 case
Sony Music sued DNS resolver Quad9 in Germany to force blocking of piracy domains. The case tested whether a DNS resolver — which merely translates names to addresses — bears liability for the content at those addresses. The Dresden Higher Regional Court ruled in favor of Quad9 in 2023, finding DNS resolvers not liable for copyright infringement.
France and Portugal
In June 2024, a French court ordered the blocking of 117 illegal sports streaming domains. Rather than comply, OpenDNS withdrew from France entirely, making the service unreachable for all French users. A similar situation occurred in Portugal. In May 2025, five VPN providers were ordered to block 203 piracy domains in France.
Italy’s Piracy Shield
Italy’s automated Piracy Shield system requires ISPs to block reported domains within 30 minutes. In October 2024, the system accidentally blocked Google Drive and YouTube for hours after a rights holder submitted a blocking request for a Google CDN subdomain. DNS caching extended the effects into the next day.
The jurisdictional reality
The power to seize or block a domain ultimately comes down to jurisdiction over the registry:
| TLD | Registry | Jurisdiction | Seizure authority |
|---|---|---|---|
| .com | VeriSign | United States | US DOJ, OFAC |
| .net | VeriSign | United States | US DOJ, OFAC |
| .org | Public Interest Registry | United States | US DOJ, OFAC |
| .io | Identity Digital | United States | US DOJ |
| .de | DENIC | Germany | German courts |
| .ru | Coordination Center for TLD RU | Russia | Russian courts, Roskomnadzor |
Country-code TLDs (ccTLDs) are generally subject to the laws of their respective countries. This is why some organizations — particularly those operating in legally sensitive areas — choose ccTLDs from jurisdictions with strong free speech protections (like .is for Iceland, Freedom House score 94/100).
Controversies
Due process: Domain seizures often happen before any conviction — effectively punishing the owner before trial.
Extraterritorial reach: The US can seize any .com domain regardless of where the owner is located, raising sovereignty concerns.
Collateral damage: Seizing a domain on shared hosting can affect innocent websites. Blocking an IP range for one site can take down hundreds.
Chilling effects: The threat of seizure discourages legitimate speech and commerce, particularly for entities in sanctioned countries who are effectively locked out of the .com namespace.
The domain name system was designed to be a neutral technical infrastructure — a global directory that means the same thing everywhere. Domain seizures, court-ordered blocking, and sanctions enforcement reveal the gap between that design ideal and the legal reality that every domain exists within a jurisdiction, and every registry answers to a government.