Renew your domain or lose your voice

Google a campus newsroom, click the first result, and you expect to land on a student newspaper’s website. In early January 2026, that assumption failed a lot of readers interested in the goings-on at the University of Colorado Boulder.

At CU Boulder, the student paper CU Independent migrated to a new web address in 2024. But its old domain didn’t just fade away. Rather, it re-appeared in fall 2025 wearing familiar branding and publishing a stream of AI-generated clickbait. The result wasn’t mere “tech trouble,” but something more nefarious: a hijacking that siphoned trust from real student journalism and redirected attention to a copycat’s front door.

On Jan. 5, The Denver Post reported that searching “CU Independent” brought up the old domain as the first search result — now a copycat site producing what appears to be AI-generated sludge — while the real newsroom’s current site sat just below it. So not only had the domain buyer begun impersonating the paper, but they were beating it at attracting clicks, eyeballs, and favorable search engine optimization rankings.

On Jan. 13, The Washington Post reported that after the CU Independent migrated to its current site in 2024, student journalists had to pursue arbitration regarding the hijacking of their old domain. That process can cost around $1,500. FIRE’s Student Press Freedom Initiative (SPFI) is stepping in to help the CU Independent, but the stakes are high. According to the Post, the old domain reportedly sold for $26,000.

In other words, a lapse in renewal or ownership created an opportunity for impersonation, AI made filling the counterfeit site effortless, and cleaning it up became quite expensive for the student journalists on the other side.

The CU Independent isn’t alone. In fact, such hostile takeovers of student news websites have become a common trend. The University of Houston–Clear Lake’s student paper, The Signal, for example, says their hijacked former domain is now hosting Korean-language gambling content, the kind of whiplash that instantly confuses readers and corrodes credibility.

If your audience can’t reliably find you, your speech and press freedoms are consigned to the realm of the hypothetical. Your domain name is distribution infrastructure — the modern equivalent of a printing press, newsrack, or broadcast signal. Lose it, and someone else can speak as you.

A hijacked or lapsed domain can silence a student press in myriad ways. The first is by causing confusion. Readers may land on the fake site, with the old domain, before the actual site, with the new domain (often because search results reward older and more familiar URLs). It can also chill sources. Tips, especially for sensitive stories, might dry up when the public can’t tell what’s real and who they can trust. A hijacked domain can also discredit: fake “reporting” can be laundered through your name and reputation. AI makes it easy to flood the zone with plausible-looking junk.

How to get an impersonating domain back

If someone buys an expired domain and uses it for something totally unrelated — no attempt to look like you, no attempt to mislead your readers — that’s often simply how the domain marketplace works. Annoying? Maybe. But not necessarily illegal.

But if someone buys your expired domain and uses it to impersonate your publication — by copying your branding, mimicking your design, or trying to confuse the public into thinking their site is your newsroom — that can implicate real legal protections: trademark and unfair competition, trade dress, and copyright (if they’re reusing your original content or design elements). Federal law also has a specific tool for bad-faith domain registrations meant to mislead: the Anti-Cybersquatting Consumer Protection Act (15 U.S.C. § 1125(d)).

Here’s the catch: even when you have viable claims, going straight to court is usually slow and expensive. That’s one reason the domain system has developed its own, heavily used remedy: arbitration. Through processes like the UDRP (Uniform Domain-Name Dispute-Resolution Policy), a rightful claimant can argue that a domain was registered and used in bad faith, and if they win, the domain is typically transferred back.

That’s why the private remedy is often the first stop. It tends to be cheaper and faster than litigation, and it’s built for the domain context. You’re not trying to squeeze a DNS problem into a courtroom-shaped box if you don’t have to.

If you’re a student editor dealing with this right now, the key points are:

• You may not need a lawyer to file an arbitration complaint, but having one may be helpful and valuable. (Call the SPFI hotline!) 
• Speed matters. The longer a hijacked domain stays active, the more it trains your audience — and search engines — to trust the counterfeit.
• Document everything: screenshots, timestamps, examples of copied branding, and any evidence readers are being misled.
• Consider parallel steps: if the impostor is using your copyrighted content, a DMCA takedown to the hosting provider can sometimes reduce harm quickly, even while a domain dispute proceeds.

FIRE’s Student Press Freedom Initiative (SPFI) can also help student journalists think through options and connect the dots on next steps, because the most important thing is stopping the bleeding: restoring a clear path for readers and sources to reach the real newsroom. SPFI was able to assist the CU Independent in pursuing arbitration, and may be able to help your newsroom, too.

How to avoid losing the domain in the first place

The cheapest win here is not letting the domain lapse in the first place. ICANN (the nonprofit that coordinates the domain name system) puts it plainly: if you don’t renew, you risk losing your domain — and ICANN generally doesn’t have authority to simply hand an expired domain back to you.

That’s why “domain hygiene” matters. It’s a low-cost defense that doesn’t depend on winning a fight after the damage is done. Here’s the practical playbook student editors can implement today:

1) Renew early, and systematize renewal.
Don’t leave renewal to memory. Track expiration dates, use registrar auto-renewal wherever possible, and take renewal reminders seriously. Keep payment info current. Put renewal dates on a shared newsroom calendar that outlasts graduating staff. If your registrar supports it and your budget allows, consider multi-year registration (many domains can be registered for up to 10 years).

2) Treat your registrar account like your printing press (because it is).
Enable multi-factor authentication where available. Use a strong, unique password (ideally via a password manager). Keep account recovery options current.

3) Add a domain transfer lock.
Ask your registrar to apply a transfer lock to reduce unauthorized transfers or deletions.

4) Use the “separate email” trick.
Register with an email address not connected to the domain itself. If someone takes over and edits registration data, you may need independent proof you were the prior registrant.

5) Don’t get phished out of your own newsroom.
Be skeptical of emails that pressure you to “renew now.” If something looks off, contact your registrar directly through known channels. (ICANN itself doesn’t email you to collect fees or manage your domain.)

6) If something goes wrong, move fast.
Act immediately and contact your registrar. Delays can make recovery harder, especially if the domain is transferred again. If you believe a transfer was unauthorized, there are complaint processes that may help — but timeliness matters.

Where the First Amendment fits into this (and where it doesn’t)

It’s tempting to frame a hijacked domain as a pure “free speech” problem. In one sense, it is: a hostile actor doesn’t need a censor’s badge to shut student journalists out of their own community. They just need your expired domain.

But it’s also important not to overstate the First Amendment stakes.

Most domain-related disputes don’t involve the government restricting speech. Rather, they’re about private infrastructure (registrars, hosting providers, search algorithms, etcetera) deciding what happens next — often through contracts and internal processes. That’s why the First Amendment usually isn’t the best means of redress. The Constitution constrains the government. It doesn’t automatically unwind the consequences of private control over speech infrastructure. Moreover, purchasing and using a domain itself is an act of protected First Amendment expression, absent specific harms.

One reason federal law in this area looks underdeveloped is that the domain name system built its own widely used (and successful) remedy outside the courts through arbitration. Remember our old friend the UDRP? While not federal court, this process can get your domain back. A great example is the UDRP proceeding Bebidas Fruki S.A. v. Wendy Webbe, Ancient Holdings. The trademark owner (a Brazilian beverage company) had previously recovered “fruki.com” in an earlier UDRP matter, then lost it again after failing to renew — and the domain was later re-registered and used for pay-per-click/parking and listed “for sale.” The WIPO panel found bad-faith registration and use and ordered the domain transferred back to the brand owner. 

Still, arbitration isn’t the only means of redress. Even when a registrant claims “parody,” trademark and cybersquatting statutes can still bite if the domain name creates confusion before a reader ever sees a disclaimer. In PETA v. Doughney, the defendant registered “peta.org” and argued his “People Eating Tasty Animals” site was protected parody, but the Fourth Circuit emphasized that a parody has to send two messages at once: what “it is” and what “it isn’t.” A domain name that simply copies the mark doesn’t convey the “it isn’t” message simultaneously. The court upheld liability, rejecting the parody defense where the confusion happens at the URL level.

Impersonation isn’t automatically protected just because it involves “speech.” If someone is confusing the public, trading on your reputation, copying your protected creative work, or registering a domain in bad faith to mislead, that can cross into recognized legal harms. On the other hand, the Supreme Court has treated “false speech” — standing alone — differently.

In the “false speech” case United States v. Alvarez, the Supreme Court struck down the Stolen Valor Act, protecting false claims and specific instances of impersonation absent legally cognizable harms. Alvarez cautions against assuming the government can criminalize falsehoods just because they’re false, absent something like fraud. But that doesn’t mean impersonation is necessarily legal, and it doesn’t mean intellectual property and consumer protection claims evaporate. It means the legal question turns on what the bad actor is doing and what harm it causes — and the most common path to a remedy for student newsrooms facing such questions amidst hostile website takeovers is often the domain system’s own arbitration process, not a sweeping constitutional claim.

Student press freedom isn’t only about what you’re allowed to publish. It’s about whether your community can reliably find you. Renew early, lock it down, and keep your platform in student hands. If you’re already dealing with impersonation, a domain takeover, or a platform fight that’s threatening student journalism on your campus, don’t go it alone — bring in experienced media-law help as early as possible.

FIRE’s Student Press Freedom Initiative (SPFI) defends free press on campus by advocating for the rights of student journalists at colleges and universities across the country and offers helpful resources on student press censorship and information on the role of student media. If you face censorship, call 717-734-SPFI (7734) for guidance, resources, and answers to your legal questions.