Any ideas how a website can protect itself in this situation?

useful tools to monitor "evil domains that look like yours"

https://github.com/UndeadSec/EvilURL - Generate unicode evil domains for IDN Homograph Attack and detect them.

https://github.com/elceef/dnstwist - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage

Then, either buy (if you can afford them all) or block them (don't serve your pages to these domains )