BRAND INDEX
WCNWCNDOMAIN & NAMESPACE MAP
09 · LEGAL → B
09 · LEGAL & IP
Domain & namespace · B
Holding
the name online.
The name has to be locked everywhere it lives — domains, registrar, social. This cluster secures the namespace and closes the doors typosquatters walk through. Tap any card to open its spec.
PRIMARY
DEFENSIVE
LOCK
SOCIAL
TYPOSQUAT
REDIRECT
42%
NAMESPACE COVERAGE
1 shipped
3 in progress
2 planned
09B01 Primary domain DONE
wcn.network is the one true address. This page defines the canonical domain, how every variant resolves to it, and the security that keeps it from being hijacked.
DOMAINwcn.network HTTPSEnforced HSTSPreloaded WWWRedirects
B01.1 · CANONICAL
One true URL.
wcn.network is canonical; apex and www both resolve there. Links, emails and docs use it consistently so there’s no ambiguity about the real home.
CANONICALwcn.network
APEXResolves
WWWRedirects
USEConsistent
B01.2 · HTTPS & HSTS
Encrypted, enforced.
HTTPS is mandatory, with HSTS preloaded so browsers refuse plain HTTP before they even connect. There is no unencrypted path to the brand.
HTTPSMandatory
HSTSPreloaded
HTTPRefused
CERTAuto-renew
B01.3 · WWW HANDLING
One canonical, no splits.
Exactly one of apex or www serves content; the other 301-redirects. Splitting content across both fragments SEO and confuses users.
SERVESOne host
OTHER301
SPLITAvoided
SEOConsolidated
B01.4 · EMAIL & DNS
Protect the envelope too.
SPF, DKIM and DMARC are set so no one can spoof mail from the domain. DNS is the brand’s perimeter, not an afterthought.
SPFSet
DKIMSigned
DMARCEnforced
SPOOFBlocked
DON'T
×
Don't serve both www and apex — One canonical, one redirect.
×
Don't allow plain HTTP — HTTPS + HSTS, always.
×
Don't skip DMARC — Stop mail spoofing.
×
Don't link inconsistently — Always the canonical URL.
“One address, locked down, is worth a dozen redirects bolted on later.”
09B02 Defensive TLDs WIP
If WCN doesn’t own wcn.com, someone else will — and point it at a scam. Defensive registration holds the obvious variants so they can’t be weaponised against the brand.
HOLD.com · .org · .io USERedirect to canonical RENEWAuto · long-term BASISDefensive
B02.1 · WHICH TLDS
The obvious ones.
The priority set is the TLDs a user might guess or a scammer might grab — .com, .org, .io, plus key regional endings. Coverage is risk-driven, not exhaustive.
CORE.com · .org · .io
REGIONALKey ccTLDs
DRIVENBy risk
NOTEvery TLD
B02.2 · HOLD VS USE
Park, don’t split.
Defensive domains are held and redirected, not used for separate content. The brand lives at one canonical home; the rest just point there.
HELDParked
CONTENTNone
POINTTo canonical
SPLITNever
B02.3 · REDIRECT
All roads home.
Each defensive domain 301-redirects to wcn.network. A user who guesses wrong still lands in the right place, and SEO value consolidates.
RULE301
TARGETCanonical
USERLands right
SEOConsolidates
B02.4 · RENEWAL
Never lapse.
Defensive domains are on long-term auto-renew with the registrar locked. A lapsed defensive domain is worse than never owning it — it’s a handed-over weapon.
RENEWAuto · multi-year
LOCKRegistrar
LAPSENever
CALENDARTracked
DON'T
×
Don't let one lapse — A dropped variant is a weapon.
×
Don't host content on them — Redirect only.
×
Don't chase every TLD — Risk-driven coverage.
×
Don't forget renewals — Long-term auto-renew.
“The domain you don’t own is the one pointed back at you.”
09B03 Registrar lock WIP
Domain hijacking is a quiet catastrophe — lose the domain, lose the brand’s front door. Registrar locks, DNSSEC and account hardening make the domain expensive to steal.
LOCKTransfer DNSSECEnabled REGISTRYLock ACCESS2FA · roles
B03.1 · TRANSFER LOCK
No quiet moves.
The transfer lock prevents the domain being moved to another registrar without explicit unlock. It’s the first and simplest defence against hijack.
BLOCKSTransfers
UNLOCKExplicit
DEFAULTOn
FIRSTDefence
B03.2 · DNSSEC
Signed answers.
DNSSEC cryptographically signs DNS responses so they can’t be forged in transit. It stops attackers from silently redirecting the domain.
SIGNSDNS
STOPSForgery
REDIRECTBlocked
STATUSEnabled
B03.3 · REGISTRY LOCK
The vault tier.
For the primary domain, a registry-level lock adds manual, out-of-band verification before any change. It’s friction by design — reserved for the asset that matters most.
TIERRegistry
VERIFYOut-of-band
CHANGESManual
FORPrimary domain
B03.4 · ACCOUNT SECURITY
Lock the account too.
The registrar account uses 2FA, role-based access and a named owner. Most domain theft is account compromise, not technical attack.
2FARequired
ACCESSRole-based
OWNERNamed
RISKAccount first
DON'T
×
Don't leave transfers unlocked — Lock by default.
×
Don't skip DNSSEC — Sign your answers.
×
Don't share the registrar login — 2FA, roles, named owner.
×
Don't treat it as IT-only — It’s the brand’s front door.
“Losing the domain is losing the brand — lock it like it matters.”
09B04 Social handles WIP
A consistent handle is how people find the real WCN among the impostors. This page locks the namespace across platforms, verifies the real accounts, and reserves the rest.
HANDLE@wcn / @wcnnetwork PLATFORMSAll major VERIFIEDWhere possible RESERVEDFuture
B04.1 · CONSISTENCY
Same handle, every app.
One handle pattern is used everywhere it’s available, with a documented fallback where it’s taken. Consistency is what lets people verify they’ve found the real account.
PATTERNOne
FALLBACKDocumented
SAMEEverywhere
HELPSVerification
B04.2 · VERIFICATION
Prove it’s real.
Official accounts are verified on every platform that offers it. The blue-check or equivalent is a cheap, strong signal against impersonation.
VERIFYAll platforms
SIGNALAnti-impostor
LINKTo wcn.network
MAINTAINOngoing
B04.3 · RESERVATION
Hold the future.
Handles on platforms WCN doesn’t use yet are still reserved. An empty official account beats an active impersonator on a network you join later.
RESERVEUnused platforms
WHYPre-empt squatters
STATEParked
ACTIVATEOn entry
B04.4 · SQUATTER RECOVERY
Take it back.
Where a handle is already squatted, platforms’ trademark processes are used to recover it — another reason the trademark filings in cluster A matter.
PROCESSPlatform TM
NEEDSTrademark
LINKSTo cluster A
LOGCases
DON'T
×
Don't vary the handle — One pattern, documented fallback.
×
Don't skip verification — Verify everywhere offered.
×
Don't ignore unused platforms — Reserve ahead of need.
×
Don't tolerate squatters — Recover via trademark.
“Consistency is how a stranger tells the real account from the fake.”
09B05 Typosquat sweep PLANNED
Attackers register near-misses — wnc.network, wcn.network with a swapped letter — to catch mistyped traffic and run scams. A periodic sweep finds them and shuts the door.
SCOPECommon typos ccTLDSwept ACTIONAcquire / monitor CADENCEQuarterly
B05.1 · COMMON TYPOS
Predictable mistakes.
Most typosquats follow patterns — transposed letters, missing characters, common misspellings. Generating that list is the first step to closing it.
PATTERNSTranspose · drop
LISTGenerated
PRIORITYBy likelihood
STEPFirst
B05.2 · ccTLD SWEEP
Same name, other endings.
Beyond typos, the sweep checks the exact name under many endings — .net, .xyz, country codes — for hostile registrations already live.
CHECKMany TLDs
EXACTName
FINDSLive abuse
WIDEccTLDs
B05.3 · ACQUIRE OR MONITOR
Buy it or watch it.
High-risk near-misses are acquired; lower-risk ones are monitored for hostile use. Not every variant is worth buying — but every one is worth knowing about.
HIGH RISKAcquire
LOW RISKMonitor
HOSTILETakedown
JUDGEMENTPer case
B05.4 · CADENCE
A standing sweep.
The sweep runs quarterly and after any major launch, when scam interest spikes. New variants appear constantly; a one-time check ages out fast.
ROUTINEQuarterly
ALSOPost-launch
WHYSpikes
AGESFast
DON'T
×
Don't sweep once — New variants appear constantly.
×
Don't buy everything — Acquire high-risk, monitor rest.
×
Don't ignore ccTLDs — Scams hide in obscure endings.
×
Don't skip post-launch — Interest spikes after news.
“Every letter you don’t own is a letter someone can weaponise.”
09B06 Redirect map PLANNED
Every domain the brand owns should lead home — cleanly, in one hop, with no loops. The redirect map is the single record of what points where, and the rules that keep it sane.
RULE301 permanent TARGETwcn.network LOOPSNone AUDITQuarterly
B06.1 · THE RULE
Permanent, not temporary.
Defensive and legacy domains use 301 permanent redirects so browsers and search engines learn the canonical home. Temporary 302s leak link value and confuse SEO.
TYPE301
NOT302
LEARNSCanonical
SEOPreserved
B06.2 · THE MAP
One record of all of it.
A single map lists every owned domain and where it points. Without it, redirects accumulate as folklore and no one knows what would break if one changed.
LISTSAll domains
SHOWSTarget each
OWNERDocumented
FOLKLOREAvoided
B06.3 · NO LOOPS
One hop, done.
Redirects resolve in a single hop — never A→B→C. Chains slow load, break on a missing link, and confuse crawlers. The map is checked for them.
HOPSOne
CHAINSForbidden
RISKBreak · slow
CHECKAutomated
B06.4 · AUDIT
Still pointing right.
Quarterly, every redirect is tested end to end. Registrars change, configs drift; the audit catches a defensive domain that quietly stopped resolving.
CADENCEQuarterly
TESTEnd to end
CATCHESDrift
FIXLogged
DON'T
×
Don't use 302s — Permanent 301 for owned domains.
×
Don't chain redirects — One hop to canonical.
×
Don't keep it in someone’s head — One documented map.
×
Don't skip the audit — Test end to end, quarterly.
“A redirect no one maintains is an outage waiting for a date.”
In progress
The name, secured.
The primary domain is live and locked; defensive TLDs, registrar hardening and social handles are in motion. Typosquat sweeps and the redirect map follow.
WCN Domain & Namespace Map · 6 topics · B01–B06
09 · LEGAL · B · v1.0