Our Conversation with Jeanette Eriksson (as featured in World Trademark Review)
by Marco Soares
7 min read
From strategy to execution: the cornerstones of modern online brand protection
We were recently featured in an analysis of modern online brand protection by Jeanette Eriksson, published by World Trademark Review. Jeanette, an industry consultant and Head of Brand Protection at FairWinds, brought together perspectives from across the ecosystem to explore how the domain protection landscape is evolving — from new gTLD launches to AI-driven threats.
Our contribution focused on why lookalike domains are a structural issue, not just a volume problem, and how the “market for lemons” applies to digital trust.
The following reflects our full conversation with Jeanette, including extended responses beyond what was published as part of the WTR article. We cover trademark-based authentication, why enforcement alone isn’t enough, and what it means to give brands a positive signal of truth rather than endlessly chasing fakes.
Full Interview
1. Full name and title, and brief explanation of what it is that you do.
Marco Soares, CEO. I lead Proofmarked, helping brands build trust and prove legitimacy online in a web where impersonation and lookalike domains are increasingly common. My MSc in Game Theory and Behavioural Economics from the University of Amsterdam shaped the innovative systems behind our patented technology, recognized with a Mozilla Builder Award and Digital Security Innovator Award.
2. In your own words, briefly describe why Proofmarked came about, and what it does.
Proofmarked came about because the web is neutral and agnostic by design, so trust online is not guaranteed.
Today, legitimate brands and cybercriminals operate on the same technical playing field. Anyone can register a lookalike domain, obtain a valid TLS certificate, and appear authentic. This creates a persistent information asymmetry where people cannot reliably tell what is real, and brands have no direct way to prove it.
Proofmarked addresses this by flipping the model. Instead of endlessly chasing fake websites, we start by proving what is real. Our B2B2C platform allows organizations to use their registered trademarks to define and authenticate their legitimate digital footprint. That proof is surfaced directly to end-users through a free browser extension, giving people a clear, real-time signal of authenticity at the moment it matters.
At the same time, Proofmarked turns user reporting into verified threat intelligence, enabling faster blocking and takedowns at scale. The result is a positive, human-centric model of trust that gives businesses and people alike a fair advantage over cybercriminals.
3. How does it relate to Trademark Clearinghouse?
Proofmarked and the Trademark Clearinghouse address two sides of the same trust problem.
TMCH provides the foundational step by confirming that an organization is the rightful holder of a registered trademark. Proofmarked integrates this verification as the root of trust for everything that follows.
In that sense, the relationship is symbiotic—two sides of the same coin. TMCH enables trademark owners to secure domains containing their brand during the Sunrise period. Proofmarked addresses the complementary challenge: enabling brands to visibly and verifiably assert their identity on the domains they already control, at any time.
This applies even when the brand name does not appear in the domain itself. Once a trademark is validated, Proofmarked transforms it into a self-sovereign digital identity that brands use to authenticate their legitimate online presence. That proof is then surfaced directly to end-users through our browser extension, turning trademark verification into real-time digital assurance.
4. In your experience and opinion, how big is the issue of lookalike domain names for brands?
Lookalike domain names are not just widespread—they are a symptom of a much deeper structural issue.
The barrier to entry for abuse has collapsed. Phishing-as-a-Service toolkits are inexpensive, widely available, and require little to no technical skills, turning impersonation into a scalable criminal business model. At the same time, attackers increasingly rely on algorithmically generated domains, producing thousands of variants at machine speed.
Because the web is neutral and agnostic by design, the same infrastructure serves legitimate brands and criminals alike. Valid domains, valid TLS certificates, and polished websites are equally accessible to both. This creates a level playing field between "cops and robbers" in an environment that is constantly expanding and changing.
The result is an online "market for lemons", where people cannot reliably distinguish what is trustworthy, brands struggle to prove legitimacy, and trust erodes systemically (Akerlof 1970). Lookalike domains are simply the most visible manifestation of a web that scales deception as easily as authenticity.
5. What industry or industries are the most impacted by this issue?
The most impacted industries are those where brand trust is directly tied to economic value and where users must make rapid online decisions.
Financial services are the clearest example. Banks, payment providers, fintechs, and crypto platforms are persistently targeted because impersonation immediately enables fraud and credential harvesting. Despite heavy investment in security and compliance, these brands still face a basic problem: users cannot reliably verify that a website claiming to represent them is genuine.
E-commerce, retail, and consumer brands face similar exposure. Fake promotions, delivery notifications, and support portals exploit brand recognition, causing both direct fraud and longer-term loss of customer confidence.
Technology and SaaS platforms—particularly identity, password managers, email and collaboration providers—are also disproportionately targeted, as impersonating them grants access to entire downstream ecosystems.
What unites these industries is not just attack volume, but the absence of a native, user-visible way to prove authenticity online. In a neutral web, any recognizable brand becomes a target—which is precisely the gap Proofmarked was designed to fill.
6. In your opinion, what can the domain name industry do to better prevent, manage and remedy the issue of malicious lookalike domain name registrations?
The domain name industry is largely fighting this problem with a whack-a-mole, "chasing after ghosts" approach in an environment that is fundamentally stacked against it.
Most efforts rely on crawling, monitoring, and takedowns—but these systems can only act on what they already know exists. The most damaging threats are often short-lived, algorithmically generated domains that appear and disappear at machine speed. The real risk lies in the unknown unknowns: while attackers operate at industrial scale across an ever-expanding and ever-changing web, defenders are effectively playing a shooter game where only 10% of the enemies are visible on their screens.
This creates systemic uncertainty. With redacted WHOIS data and long chains of delegated trust, legitimacy is difficult to establish with confidence—along with the very real possibility that a domain was unknowingly created by a brand's own regional team. As a result, brands, platforms, and enforcement actors are forced to err on the side of caution to avoid taking down a legitimate website by mistake. The outcome is a classic "market for lemons," where uncertainty allows bad actors to blend in and slows decisive action across the ecosystem.
What's missing is a positive, brand-led signal of truth. The industry needs to complement enforcement with a model that makes it trivial to know what is real upfront—by enabling trademark holders to explicitly declare and authenticate their legitimate domains through market-driven allowlists, surfaced directly to users.
This is where Proofmarked represents a paradigm shift. By allowing trademark holders to prove, in advance, "these are my domains," users no longer have to interpret subtle signals or trust abstract infrastructure. Trust becomes a no-brainer. Authentication moves before and on top of KYC and CIAM—systems that phishing toolkits routinely bypass once users are tricked or compromised.
Rather than chasing every malicious registration, the industry can restore certainty at scale and give brands, users, and infrastructure providers a fair advantage on a web that historically has been ill-equipped to distinguish right from wrong.
7. Explain how fake websites can be taken down faster than through normal abuse reporting.
Traditional abuse reporting is slow because it starts from ambiguity. Reports are assessed individually, evidence must be interpreted, and legitimacy is inferred after harm has already occurred. On a web where attackers operate at machine speed, that uncertainty becomes the primary bottleneck.
Proofmarked reverses this model by starting with verified truth and continuous human visibility. Each brand explicitly defines its legitimate digital footprint through a market-driven allowlist of domains federated to its trademark. Because organizations are fully in the loop, the system already knows what is right before anything goes wrong.
Just as importantly, Proofmarked removes the friction and uncertainty that keep most abuse unreported in the first place. In today's "market for lemons," users routinely encounter suspicious websites but simply walk away—unsure whether what they are seeing is malicious and faced with opaque or burdensome reporting processes. Proofmarked makes legitimacy explicit and reporting effortless. Users no longer guess; they act with confidence at the moment deception is encountered. This converts massive amounts of previously invisible abuse into actionable signals.
When a user reports a suspicious site through the Proofmarked browser extension, the system immediately reconciles it against the brand's allowlist. If a domain is not authorized by the legitimate trademark owner being impersonated, it is simply wrong—not probabilistically suspicious. This eliminates false positives and false negatives and turns user reporting into high-confidence, real-time threat intelligence based on what people are actually seeing, not what bots may or may not have crawled.
That certainty enables action at machine speed. By giving brands real-time visibility into the malicious sites users actually see—rather than what bots and crawlers happen to snapshot—Proofmarked removes unknown unknowns. Verified signals can be shared directly with DNS resolvers, hosting providers, law enforcement, and industry platforms such as Google Safe Browsing, enabling blocking and takedown actions as soon as malicious sites appear, creating network and platform effects that protect the broader ecosystem.
In short, Proofmarked accelerates takedowns by eliminating uncertainty in a "market for lemons." It replaces reactive investigation with a self-reconciling trust system where verified brands define reality—allowing the entire industry to act faster and more confidently against cybercriminals.
Looking Ahead
The challenges outlined in this interview aren't going away. If anything, they're accelerating. But we believe the solution isn't more monitoring or faster takedowns — it's giving brands the ability to prove themselves upfront, and giving users the clarity to act with confidence.
Read the full article on World Trademark Review or LinkedIn.