March 2026: brand protection teams can lock down marks in ICANN DNS, yet a parallel naming market keeps growing outside that system. An onchain top-level domain (TLD) such as .l'oréal can exist outside ICANN and be offered through Freename, where naming rights tie to blockchain records, not the IANA root.

That separation creates a practical question for global brands like L'Oréal Groupe: who controls the name in Web3 when the usual guardrails don't apply. In checks of Freename's available signals, including Freename Whois and public blockchain data, there's no public record showing .l'oréal as registered, owned, or held by L'Oréal, or by any identifiable private wallet. That absence doesn't prove the TLD doesn't exist or can't be claimed, it highlights how hard it can be to verify control in this channel with the tools most corporate teams use.

This is the Web3 brand protection gap in plain terms: a brand may have strong coverage in traditional domains, trademarks, and enforcement, while an onchain namespace with the same string sits outside the process and outside standard discovery. Even when nothing malicious is proven, uncertainty itself becomes risk because attackers don't need a press release to start testing user trust.

What's at stake isn't hype, it's basics: consumer confusion, phishing paths that look "official" in wallets or browsers, fake storefronts tied to token-gated links, and long-run control of naming rights if Web3 naming becomes normalized. For a group built on trust and distribution at scale, the real issue is governance, who can register, who can resolve, and who can revoke when something goes wrong.

What an onchain TLD is, and why it doesn't follow the usual domain rules

An onchain top-level domain (TLD) looks like a normal internet suffix, but it runs on a different set of rails. Instead of living in the ICANN-managed DNS root, it exists as a blockchain asset with rules set by smart contracts and platform policies.

That difference matters for brand protection because the familiar cues people trust still apply. When someone sees a name like .l'oréal, they often read it as official. Yet onchain, the rights can sit with a private wallet, outside the usual corporate playbook.

Freename in plain English: buy once, mint onchain, then control what gets issued under it

Freename functions like a Web3 alternative registry where anyone can register custom TLDs outside the ICANN root. The simplest way to think about it is as a naming system where the "registry" role can be purchased, then enforced by onchain ownership instead of contractual DNS controls.

The typical flow is straightforward:

1. Register the TLD on Freename: You pick a string, pay, and the platform recognizes you as the holder for that TLD within its system.
2. Mint it to a wallet: The TLD can be minted onchain, which turns control into a blockchain-tracked asset held by a specific wallet address.
3. Set records: The holder can point names to wallet addresses, websites (often via decentralized hosting), or other records supported by the system.
4. Issue second-level names: If you hold the TLD, you can also sell or assign names under it (for example, careers.l'oréal), depending on the platform's rules and your settings.

In other words, owning the onchain TLD means controlling the namespace beneath it. That control is not theoretical. It is represented by onchain state that can be checked using the Freename Whois and then validated through public blockchain explorers, where transactions and current holding wallets are visible.

For .l'oréal, Freename Whois and public chain data point to control by an independent onchain investor, not the brand group.

Why .l'oréal can exist even if it never appears in ICANN systems

Two naming worlds can run in parallel because they answer to different sources of truth. ICANN TLDs resolve through the global DNS root and its contracted registries. Onchain TLDs resolve through blockchain records and the apps that choose to read them. There is no built-in coordination layer that prevents the same string from existing in both places.

That means string uniqueness is not universal. It is scoped. A name can be "taken" onchain while a similar or even identical name exists in ICANN DNS, and neither system automatically flags a conflict.

Resolution then becomes a tooling question. In a standard browser, an onchain TLD usually won't resolve without help. Users may need a browser extension, a gateway, or a resolver service that translates onchain records into something a browser can load. However, many wallets and Web3 apps can read supported naming records more directly, because they already operate around blockchain identifiers.

So where does the risk show up first? Often in places that do not look like web browsing at all: payment flows, token-gated links, and wallet address resolution. If a user sees a request like "send USDC to payments.l'oréal" inside a Web3 interface, the name can look official at a glance. The user may never ask whether it sits in ICANN DNS, because the app never mentions DNS in the first place.

The practical conflict is not technical coexistence, it's human interpretation. The string looks the same, while the trust signals behind it do not.

The brand confusion problem: a familiar name, a different rulebook

Consumers have been trained for decades to treat a brand-like domain as a sign of control. The mental model is simple: if the name matches the brand, the brand must own it. That assumption holds more often in ICANN DNS because brands can buy domains, file disputes, and use registrar relationships to secure portfolios.

Onchain flips that expectation. A TLD can be held by a wallet that has no corporate link to the brand, and the platform's transfer mechanics can make ownership change fast. In the case of .l'oréal on Freename, the namespace is controlled by a private wallet identified via the Freename Whois, not by L'Oréal Groupe.

The confusion risk grows because distribution is frictionless. A second-level name under a branded onchain TLD can spread before most people understand what they are seeing:

• Social posts can share a clean-looking name that reads like an official campaign URL.
• QR codes can push users straight into a wallet or dApp flow where the resolver accepts the name.
• Influencer links can normalize the string through repetition, even if the underlying rights sit elsewhere.

Browser support does not have to be universal for impact to show up. If even a narrow slice of users sees these names inside Web3 apps, the brand surface area expands. The rulebook also changes: enforcement is less about registrar paperwork and more about tracing wallet control, platform policies, and how resolvers treat naming records.

A brand team can lock down .loreal in ICANN and still face a separate problem: onchain names that look close enough to borrow trust, while living outside the controls they already know.

What the Freename and blockchain trail shows about .l'oréal today

With an onchain TLD like .l'oréal on Freename, the record of control doesn't sit in registrar emails or ICANN paperwork. It sits in a mix of platform-facing signals (like Freename Whois) and public blockchain state. That changes how you verify custody, and it also changes what you can't prove from the outside.

For this investigation, the key point is simple: the available Freename and blockchain signals tie control of .l'oréal to a private wallet identified via the Freename Whois, with no public evidence that L'Oréal Groupe holds custody onchain. That's not a claim about motive. It's a custody finding, and custody is the first question brand teams need answered.

In Web3 naming, you rarely get a company name. You get a wallet, a contract, and a history.

What can be verified, and what can't, when a TLD is an onchain asset

When a TLD is represented onchain, the evidence shifts from contracts and invoices to public ledgers. Even if you never learn who sits behind a wallet, you can still confirm who controls the asset right now, and how control moved over time.

Here's what is typically observable onchain (and therefore useful in a risk review):

• Current holding wallet: The address that controls the TLD token or registry rights at present.
• Transaction history: Transfers between wallets, dates, and the direction of movement.
• Minting event: When the asset was created onchain, including the originating transaction.
• Contract address: The smart contract that defines how the asset behaves (and what actions are allowed).
• Operational activity: Signals that the holder is setting records, issuing names, or interacting with the contract.

In contrast, these are the unknowns you cannot prove from chain data alone:

• Real-world identity: A wallet address is not a legal name, and it may never be linked.
• Intent: A quiet wallet could be a collector, a speculator, or someone planning abuse later.
• Offchain agreements: Side letters, platform-side arrangements, or private sales can exist without public proof.
• Corporate relationships: An employee, agency, or vendor could hold a wallet, but you can't assume that link.

Still, this is not academic. If a branded onchain TLD is not in corporate custody, that's a governance gap you can measure. Even without knowing who the holder is, you can document that the asset is not controlled by brand security, legal, or IT, and that alone changes the risk posture.

Why the holder is described as an independent onchain investor

This reporting uses a neutral label because the public record supports wallet control, not a verified person or organization. Naming a wallet holder as a specific individual or tying them to a company without proof would be speculation, and it would blur the line between evidence and inference.

Two signals drive the phrasing:

• Freename Whois can indicate which wallet currently controls the TLD within the Freename system.
• Public wallet activity can show how that wallet interacts with the asset (for example, receiving it, holding it, or moving it).

What those signals do not provide is a verified corporate link to L'Oréal Groupe. If the chain trail doesn't show corporate custody, and there's no public confirmation from the brand, the most accurate description is also the simplest one: an independent onchain investor (or, when focusing on mechanics, a private wallet identified via the Freename Whois).

That wording matters because it keeps the analysis anchored to what can be proven. It also keeps the focus where it belongs, on custody and capability, not personal attribution.

What control of a Web3 TLD allows, even without building a website

Control of an onchain TLD is closer to controlling a namespace than owning a single domain. Even if the holder never publishes a traditional website, they can still create useful, and sometimes risky, touchpoints that borrow trust from the string itself.

If you control .l'oréal, you can typically:

• Issue second-level domains under the TLD, such as careers.l'oréal, rewards.l'oréal, or support.l'oréal.
• Sell or transfer those names to other wallets, depending on the platform's features and the holder's settings.
• Set resolution records that point names to content endpoints, decentralized storage, or other destinations supported by resolvers.
• Assign wallet addresses to names, so a payment request can read like, "Send to payments.l'oréal." If that sounds like a phishing primitive, it's because naming has always been a shortcut for trust.

This is a capability set, not an accusation. The risk comes from how little time it takes to operationalize. A holder can mint and list subdomains quickly, then circulate them in social posts, QR codes, DMs, or within Web3 apps that resolve these names automatically. In that environment, the first moment of "proof" is often user behavior, not a browser padlock.

For a brand protection team, the practical takeaway is that inactivity on the open web doesn't equal safety. Namespace control can stay dormant until the day it's used, and by then, cleanup is harder because the "registrar" is a wallet.

The Web3 brand protection gap at L'Oréal Groupe: where traditional defenses stop working

L'Oréal Groupe can do everything a modern brand protection program is supposed to do and still face a blind spot: onchain naming systems don't follow the same rules as trademarks, ICANN domains, app stores, or social platforms. That's the gap exposed by .l'oréal on Freename, a Web3 alternative DNS registry outside ICANN, where control is tied to blockchain records.

In this channel, a familiar brand string can sit in a namespace the company doesn't administer, with ownership verifiable via the Freename Whois and publicly available blockchain data. The issue isn't that Web3 replaces Web2. It's that trust signals travel across both, while enforcement tools often don't.

If your controls assume a registrar, a takedown form, and a known operator, onchain naming will regularly break that model.

Trademarks protect brands in commerce, but they don't block first-come onchain registrations

Trademarks are powerful, but they're often misunderstood as a universal "lock" on a name. In reality, a trademark gives rights tied to commercial use and likelihood of confusion. It doesn't automatically reserve matching strings across every naming system that might exist.

Onchain namespaces, including Freename-registered TLDs, typically allocate names through a different mechanism: first-come registration governed by platform rules and smart contracts. That's closer to buying a plot of land than getting a court order. The system checks who paid and who holds the asset, not who owns a mark in a trademark office database.

A simple example makes the split clear. L'Oréal can own trademark rights in L'Oréal for cosmetics, beauty retail, and related services, yet a third party can still register .l'oréal on Freename if the platform allows it and the name is available at the time. The trademark doesn't stop the registration event from happening. It only becomes relevant later, if the name gets used in a way that creates confusion or unfairly rides on brand trust.

So what happens next if a conflict emerges? Enforcement becomes a separate process, and outcomes can vary depending on the facts and the venue:

• Platform policy route: Some platforms have trademark complaint paths, but the standards and remedies differ (suspension, transfer, metadata changes, or no action).
• Legal route: A brand can pursue claims tied to infringement, passing off, or unfair competition, but jurisdiction and defendant identification can complicate timelines.
• Resolver and distribution route: Even if a platform acts, third-party resolvers, wallets, and aggregators may show cached or mirrored data for a period.

None of this means trademarks are weak. It means they're not an onchain allocation system. The result is a predictable gap: registration can occur first, and rights arguments often come later.

Why Web2 domain monitoring misses onchain namespaces

Most enterprise monitoring programs were built for the surfaces that drove abuse for the last 20 years. That usually means:

• ICANN DNS (new registrations, typo-squats, look-alike domains)
• App stores (copycat apps and keyword stuffing)
• Social platforms (impersonation handles, paid ads, fake pages)
• Marketplaces (counterfeit listings)

Those programs can be mature, well-funded, and staffed by experienced teams. The problem is coverage. Onchain namespaces don't reliably appear in the same feeds, the same databases, or the same enforcement queues. A Freename-registered TLD can sit outside the daily workflow because it isn't in zone file access, registrar alerts, or legacy brand-protection dashboards.

Onchain monitoring also asks for different technical methods. Instead of watching registrars and web hosting, teams need visibility into:

• Chain monitoring for minting events, transfers, and contract interactions tied to a namespace
• Registry lookups that reflect platform-side control signals (for example, Freename Whois)
• Wallet clustering to connect related holdings and activity patterns across multiple names
• Resolver mapping to learn where and how a name becomes usable in wallets, browsers, and dApps

This is how the gap persists even with a strong internal program. A team might aggressively police loreal- typos in .com and take down fake Instagram accounts quickly, yet still miss that .l'oréal is controlled on Freename by a private wallet identified via the Freename Whois. That wallet can issue second-level names, test messages in niche communities, and refine lures without ever touching the open web.

The operational reality is uncomfortable but simple: if the monitoring scope excludes onchain registries, the brand surface area expands without detection. You can't respond to what you can't see.

The real risk is consumer harm: phishing, fake promos, and payment misdirection

The highest-impact outcomes here don't depend on ideology or hype. They depend on basic human behavior. People scan quickly, trust familiar names, and act fast when a deal feels urgent. Onchain names that look official can fit neatly into that pattern, especially inside Web3-native flows where users already expect to connect wallets and approve transactions.

Misuse scenarios are easy to imagine without stretching the facts:

• Fake product drops: A page or link branded as an "exclusive launch" routes shoppers to a checkout that collects payment, personal data, or wallet approvals.
• Discount scams: A "friends and family" style code pushes a limited-time offer, but the link resolves to a counterfeit store or a wallet-draining prompt.
• Customer support impersonation: A "support" identity uses a look-alike onchain name to request screenshots, seed phrases, or "verification" payments.
• Payment misdirection: A request like "send USDC to refunds.l'oréal" can redirect funds to an attacker-controlled address if the name resolves inside a wallet UI.

One scenario maps tightly to beauty shopping behavior because it mirrors what real campaigns already do. Picture a timed promo shared through an influencer channel: "Use my code for early access, only 30 minutes." The link points to a name under .l'oréal, and the landing page asks the user to connect a wallet to "claim" a perk. In that moment, the shopper isn't comparing DNS roots. They're reacting to urgency and familiarity, and the string does a lot of trust work.

None of this requires a mainstream browser to resolve the name. It can play out through QR codes, link-in-bio pages, DMs, and wallet interfaces that display onchain names as readable identities.

The practical risk isn't that consumers understand Web3. The risk is that they don't need to, because the name looks like it belongs to the brand.

How other consumer brands are approaching Web3 naming and trust signals

In Web3 naming, the risk pattern looks familiar. A trusted brand string appears, the user assumes it's official, and the decision gets made in seconds. Consumer brands that take this seriously tend to treat onchain names less like marketing assets and more like storefront signage. If the sign can be hung by anyone, the first move is to control as many signs as possible, then teach customers what "real" looks like.

Just as important, these programs are not only legal or technical. They're communication programs, because most users won't inspect smart contracts or trace wallet histories before clicking.

What "claim early" looks like in practice, and why it reduces future costs

"Claim early" usually means defensive registrations across the naming surfaces where confusion can happen, including onchain TLD marketplaces such as Freename. The goal is basic: keep obvious brand identifiers out of third-party hands, then lock them down so they can't be quietly re-sold or re-purposed later.

In practice, teams tend to build a short list of strings that matter most, then register them in clusters:

• Core brand strings: the exact brand name (including punctuation and diacritics where supported).
• Common misspellings and look-alikes: the kinds of typos customers make under time pressure.
• Key product lines and campaigns: hero products, loyalty programs, customer support, careers, and payments related terms.
• Geography and language variants: a few high-risk markets, plus transliterations if relevant.

Next comes the unglamorous part: governance. A defensive portfolio works only if it's controlled, documented, and hard to "walk off" with. That often includes using a dedicated corporate wallet, restricting transfer rights where possible, and keeping an internal map of what was claimed and why.

Cost is the quiet driver here. What's cheaper, a small set of planned registrations today, or an urgent recovery effort later when a confusing name is already circulating? The latter tends to include outside counsel, internal incident time, and customer support load, even before any formal dispute starts.

Defensive registration isn't speculation, it's loss prevention. The win is fewer places for impostors to stand.

Proof-of-ownership signals that help customers tell real from fake

Onchain naming creates a new trust problem: customers can't rely on the browser bar the way they do in traditional DNS. So brands that operate comfortably in crypto-adjacent spaces often publish simple, repeatable proof signals, then stick to them.

The strongest patterns are public, consistent, and easy to screenshot:

• Publish official wallet addresses in a stable location (for example, a corporate site page that rarely changes).
• Use signed messages to prove a wallet controls a name or an account, then archive the proof where users can check it.
• Link from verified social accounts to the official naming policy and the official wallet list, then keep those links current.
• Adopt a naming convention that's hard to mimic casually (for example, always using the same structure for support, careers, and rewards).
• Repeat the rules inside campaigns so users see them at the moment of decision, not after something goes wrong.

This is communication work as much as security work. A brand can do everything "right" onchain and still lose customers if the instructions are buried. If a shopper sees rewards.brand in a wallet, what should they check first, the name, the wallet address, or the brand's verified social bio? The brand should answer that question clearly, every time, in the same words.

Consistency also helps internal teams. When marketing, legal, and security share one playbook, customer-facing staff can respond faster when a fake appears.

What L'Oréal's public Web3 experiments suggest, and what they don't prove

L'Oréal Groupe has shown public interest in Web3 and digital identity, mainly through brand activations and selective investment. These efforts suggest organizational awareness of how digital tokens can act as access keys and how virtual identity can influence consumer behavior. Still, none of this, by itself, proves the group runs a coordinated onchain naming or onchain TLD strategy on Freename.

Public examples from recent years sit mostly in the NFT and metaverse category:

• Yves Saint Laurent Beauté ran NFT-related campaigns tied to access and product experiences, including the "Golden Blocks" drop and a later NFT sale connected to Black Opium, with product redemption and charity elements reported at the time.
• Mugler ran a limited NFT drop tied to the Angel fragrance anniversary.
• Through its venture fund BOLD, L'Oréal took a minority stake in Digital Village, positioned as a metaverse-as-a-service and NFT tooling provider for brands.
• L'Oréal also participated in partnerships such as Ready Player Me for avatar hair experiences, alongside broader metaverse showcases around Paris Fashion Week programming.

Those moves point to a practical thesis: identity, access, and authenticity can be packaged into digital objects. However, NFT drops and metaverse pilots don't automatically translate into naming controls, because naming demands a different discipline. It's inventory management, monitoring, and a public verification posture that stays in place after the campaign ends.

So what can be said safely? L'Oréal understands the consumer side of digital identity. What can't be assumed is that this understanding has been applied to Freename-registered onchain TLD custody, or to a defensive registration program that closes the gap highlighted by .l'oréal being held by a private wallet identified via the Freename Whois.

A practical response plan for L'Oréal: close the gap without overreacting

If .l'oréal is registered on Freename and held by a private wallet identified via the Freename Whois, the goal isn't drama, it's control. A good plan treats Web3 naming like any other channel where identity gets abused: you inventory what matters, assign owners, set custody rules, then monitor and act fast when needed. The difference is speed. Onchain assets move quickly, and confusion spreads faster than a legal memo.

First, confirm scope: map the onchain names that matter most to the business

Start with a priority list that matches how consumers actually search, click, and pay. Think of this as putting official signage in a warehouse before someone else prints look-alike signs and tapes them to the doors. If the business can't agree on which names matter most, how will it decide what to defend first when an abuse case hits?

Build a practical inventory in tiers:

• Core brand: l'oréal, loreal, and the most common spacing and punctuation variants you see in the wild.
• Key marques: the brand family that drives revenue and high-volume customer support, not every legacy label on day one.
• Major product lines and programs: hero franchises, loyalty concepts, "rewards," "club," "members," "pro," "careers," "support," and "payments" style strings because they map to high-risk fraud paths.
• Campaign slogans and seasonal tags: keep these time-boxed. Add them when a campaign launches, retire them when it ends.
• Common typos: obvious misspellings and keyboard adjacency errors, because scammers love "good enough" names.

Language coverage matters because Freename strings can include characters that change how a name looks to the eye. Focus first on high-risk markets and languages where L'Oréal sees heavy e-commerce traffic and frequent impersonation attempts. Then add diacritics (like é), plus look-alike characters that can mimic Latin letters. A name can look "right" in a wallet UI even when it is not.

Just as important, assign internal owners so this inventory stays current. A workable model uses three lanes:

• Legal owns trademark alignment and enforcement posture.
• Security owns monitoring, evidence capture, and incident response.
• Digital and IT owns official web properties, redirects, and customer-facing verification pages.

Without named owners, inventories rot. With owners, they turn into a living map of what must stay out of hostile hands on Freename.

Next, decide a custody model for Web3 assets that your auditors can live with

Custody is the hinge point. If a Freename TLD or related onchain name sits in an ad hoc wallet, everything else becomes fragile, including enforcement, continuity, and audit comfort. The custody model should answer one question clearly: who can take irreversible actions (transfer, mint, issue subdomains, revoke, or update records), and under what approval steps?

Keep the decision simple and operational. Most corporate teams choose one of these paths:

1. Corporate-controlled wallet: the company holds keys under its own controls. This can work well if the organization already runs crypto custody for treasury, payments, or pilots.
2. Third-party custody: a regulated custodian or enterprise wallet provider holds keys under contract. This can reduce key-person risk, but it adds vendor dependency.
3. Multi-signature approvals: require multiple approvers for high-impact actions. Multi-sig can sit on top of either corporate self-custody or a provider.

Multi-sig is often the sweet spot for brand protection because it matches how brands already approve sensitive moves. No single person should be able to transfer a branded Freename TLD or quietly issue risky subdomains. If a marketing lead wants a short-lived campaign name, the workflow should require security and legal sign-off, even when the request feels urgent.

Key management basics make or break the program:

• Store recovery materials in enterprise-grade secure storage, not in personal devices.
• Separate day-to-day operators from ultimate owners, so routine updates don't require "root" access.
• Set documented rotation and offboarding steps for anyone with signing rights.

Tie custody to clear operating rights:

• Who can mint new names under the TLD, if that feature exists in the Freename setup?
• Who can issue subdomains (for example, support.l'oréal) and set resolution records?
• Who can revoke or freeze names when fraud emerges and consumers face harm?

Auditors don't need perfection. They need a clear control story that matches the company's risk profile, and they need evidence that the process runs the same way every time.

Then, set monitoring and enforcement playbooks that fit onchain realities

Onchain brand abuse doesn't wait for office hours. Monitoring has to run continuously, and the playbook must assume that the first signal could be a mint, a listing, or a new second-level registration under a risky Freename TLD. If your team learns about a fake only after customers complain, the response clock already started.

Set monitoring around three streams:

• Mints and transfers: watch for activity connected to branded Freename TLDs and close variants, including movement between wallets.
• Sales and listings: track when names appear for sale, change price, or move marketplaces, because that often signals intent to monetize confusion.
• New second-level registrations under risky TLDs: prioritize strings tied to money and support (pay, refund, airdrop, support, careers, verify), since those appear in real fraud.

Once you detect something, speed and documentation matter more than perfect certainty. A practical escalation flow looks like this:

1. Capture evidence fast: screenshots, timestamps, transaction hashes, Freename Whois output, wallet addresses, and any landing pages or resolver behavior.
2. Assess consumer harm: is it impersonation, payment misdirection, credential theft, or just a parked asset? Harm level decides urgency.
3. Contact the platform where possible: report through Freename channels and any marketplace or resolver surfaces distributing the name.
4. Coordinate internally: legal for claims strategy, security for incident handling, comms for customer messaging, and customer care for inbound volume.
5. Consider legal routes based on jurisdiction and harm: if the abuse targets consumers in a specific country, align to the jurisdictions where enforcement is realistic and fast.

Because the current holder of .l'oréal is an independent onchain investor (verifiable via Freename Whois and public blockchain data), enforcement strategy should separate custody from conduct. Custody alone creates a governance gap, but legal urgency often depends on use and harm. That distinction keeps the company measured, while still ready to act.

Treat every case like it may end up in front of counsel or a regulator. If it isn't documented, it didn't happen.

Finally, communicate clearly so customers know what official looks like

Monitoring and enforcement help, but they don't solve the day-to-day trust problem. Customers need a simple way to check what is real, especially when a name looks official inside a wallet or a Web3 app. Silence creates room for impostors, because scammers fill the gap with confident claims and clean-looking names.

Publish a single official verification page that lists:

• Official domains used for campaigns and commerce.
• Official wallet addresses used for payments, NFTs, or brand activations.
• Official rules for how L'Oréal will contact customers (and what it will never ask for).

Make that page easy to find. Link it from verified social accounts, and keep the link stable. If marketing runs a Web3-related activation, the campaign page should point back to the verification page, not the other way around. Consistency trains customers.

Customer support scripts also reduce fraud, but only if they're direct and repeated. Equip support teams with short language they can reuse under pressure:

• What's official: "We only use the wallet addresses listed on our verification page."
• What's never official: "We will never ask for seed phrases, remote access, or 'verification' payments."
• What to do next: "If you see a name like support.l'oréal, check our verification page before you click or send funds."

A good script includes one simple question customers can ask themselves mid-transaction, such as "Does this wallet address match the one on the official page?" That question slows the moment just enough to prevent mistakes, and it works even when a Freename name looks persuasive.

Clear communication doesn't concede anything about Freename ownership. It protects customers now, while the organization closes the operational gap behind the scenes.

Conclusion

.l'oréal sits in a parallel naming system on Freename, outside ICANN DNS, where ownership and updates track to wallets and smart contracts. The core gap is custody. Based on the signals discussed in this report, there's no public, verifiable evidence that L'Oréal Groupe controls the .l'oréal onchain TLD, and the record points to control outside the group (either by an independent onchain investor or a private wallet that cannot be tied to the company through public data).

That matters because traditional defenses don't automatically carry over. A strong trademark portfolio, a locked-down DNS estate, and mature takedown workflows can still miss a branded namespace that resolves inside wallets, dApps, and Web3 link flows. When a user sees a prompt like "send funds to payments.l'oréal," what would they check first if the browser bar is not part of the moment?

The measured next step is an audit, not a panic. Map Freename and other onchain namespaces that could confuse customers, assign a custody owner, and publish a clear policy that states what L'Oréal will, and won't, use for Web3 identity. Thanks for reading, what standard should global brands set for public proof of onchain name control before abuse forces the issue?