Look up a site report: Go

• McAfee Home
• Contact us
• Terms of service
• Privacy policy

 
Caption: Example of a typical typo-squatter page using an “iPhone” misspelling 

Typo- and Cyber-squatting on the rise 

Apple is not alone in enduring an explosion of 3^rd party domain registrations related to a trademarked product. Typo-squatting, the practice of registering domains using common misspellings of popular brands, products and people in order to profit from consumer typing errors, is increasing dramatically.  

Cybersquatting cases filed with the World Intellectual Property Organization’s (WIPO) arbitration system increased 20% in 2005 and another 25% in 2006.  

Microsoft says that “on an average day more than 2,000 domain names are registered that contain Microsoft trademark terms.”  

According to the US Government Accounting Office, at least 8.65% of all domain names are registered with false or incomplete Whois information, a practice that makes domain squatting easier.  

More recently, in September 2007, the managers of the .eu top level domain suspended 10,000 domains registered by a Chinese woman who was accused of being a cyber-squatter.  

Key Findings 

In an effort to further quantify and understand this phenomenon, McAfee studied 1.9 million typographical variations of 2,771 of the most popular and well known Web sites.  Of these, we found 127,381 suspected typo-squatters. 

Among McAfee’s key findings are the following: 

• Typo-squatting is vast and common, affecting every segment of the Web. 7.2% of the possible typographical errors we studied were actively squatting. In other words, a typical consumer who misspells a popular Web site URL has a 1 in 14 chance of landing at a likely typo-squatter site.
• The five most highly squatted categories are game sites (14.0%), airlines (11.4%), main stream media company sites (10.8%), adult sites (10.2%) and technology and Web 2.0 related sites (9.6%).
• Children’s sites are highly targeted by typo squatters. The average for the category is 8.4% and 24 of the top most squatted sites are children’s properties for kids 12 and under. Add in sites like MySpace and Miniclip and more than 60 of the top most squatted sites are properties that appeal to the 18 and under demographic.
• Squatters follow consumer crowds. Popular, consumer-focused Web sites typically attract more squatters than business to business sites or niche content sites.
• The incidence of pornographic content on non-adult typo-squatted sites is just 2.4%, suggesting improvement since previous studies by other researchers.
• Automated ad syndication services like Google’s AdSense enable a significant minority of typo-squatter sites to generate revenue. Google-enabled advertising shows up on 19.3% of all suspected typo-squatter sites in this study. Yahoo-enabled advertising shows up on 4.4% of all suspected typo-squatter sites.
• The increasing use of automation to buy and sell vast numbers of domains, combined with a 5-day free trial (known as “tasting”) for new registrations to top level domains like dot-com appear to be two significant factors in the rapid growth of typo-squatting.
• At 3.4%, sites popular outside the U.S. are less than half as likely to be typo-squatted as overall sites.
• The five non-U.S. countries most likely to have popular sites squatted are the United Kingdom (7.7%), Portugal (6.5%), Spain (5.9%), France (5.4%), and Italy (4.1%).
• The five non-U.S. countries least likely to have popular sites squatted are the Netherlands (1.5%), Israel (1.1%), Denmark (1.0%), Brazil (0.9%) and Finland (0.1%).
• The top five parking companies, ranked by the percentage of squatters parked by them, are Information (28.5%), Hitfarm (11.3%), Domainsponsor (2.9%), Sedo (2.5%) and GoDaddy (2.3%). Together, the top five park 47.5% of the squatters we discovered.

 

Methodology 

First, McAfee collected a list of sites based on the most popular and common sites visited by typical consumers.  A total of 2,771 target sites were collected from a variety of different sources, including: 

• Hitwise
• Yahoo! Buzz
• Nielsen
• Billboard
• Google Zeitgeist
• McAfee’s own site popularity data
• Suggestions from McAfee’s world wide staff

 

Then, McAfee generated permutations (different misspellings) of each of the 2,771 target domains.   Among the eight methods we used to generate permutations were: 

• Swapped Characters – Swap characters one at a time. Example: yuotube.com.
• Replaced Characters – Replace characters one at a time. Example: wschovia.com.
• Inserted Characters – Insert one character. Example: Newgroounds.com.
• Deleted Character – Remove one character at a time. Example: cartonnetwork.com.
• Missing dot – Remove the dot between the “www” and the domain. Example: wwwmicrosoft.com.

 

We typically generated 500+ permutations for a 5-letter domain and 800+ permutations for a 10-letter domain. 

Next, we surfed to each of these 1,920,256 permutations. If the permutation resolved to a live Web site within a certain amount of time, we marked the site as “live” and then tested the site’s content for the presence of a parking company signature – short pieces of text (often, URLs) that indicate a site is hosted by a well known parking company that serves pay per click advertising.   

For some categories, we used our judgment to select the target domain. For example, in the celebrity category, we used firstnamelastname.com as a proxy for the celebrity’s official Web site. In some cases (e.g. parishilton.com) the proxy and official site are one in the same. In other cases (e.g. tomcruise.com) the actual site does not currently serve content. We used this method to simulate what we believe to be a typical consumer's effort to directly navigate to the celebrity’s home page. 

In a related issue, we occasionally substituted re-directed domains for the final domain. For example, we tested http://playhousedisney.com rather than http://atv.disney.go.com/playhouse/index.html or http://disney.go.com/playhouse. Likewise, we tested http://bigbrother.com.au rather than http://bigbrother.3mobile.com.au to which it resolves. 

Rankings by Category 

McAfee divided the 2,771 target domains into categories like Children and Shopping. This categorization was based both on classifications by 3^rd parties like Hitwise as well as the judgment of McAfee staff. McAfee staff also broke out more than 500 of these domains for their popularity in a variety of non-U.S. countries.  

We then ranked these categorized domains by the “percentage of suspected squatters detected.”  That figure is calculated by dividing the base domain’s number of suspected squatted sites by the base domain’s total number of sites checked.  This ratio represents the likelihood of a typical consumer landing at a squatted site after mistyping the base domain. 
 

 

For complete results, click here.  

Sample site: McAfee.com 

Here’s how our methodology works, using our own site as an example: We tested 507 variations on McAfee.com. Our results show that our homepage has been typo-squatted 74 times, a rate of 14.6%. The prevalence of squatters of our homepage is in the second decile (top 13%) of the 2,771 sites we ranked. Typos of McAfee.com are parked with every major parking service.  

Caption: Example of a suspected McAfee typo-squatter parked with trafficz 

Adding to the complexity of this issue, some parked pages include advertisements from legitimate McAfee affiliates. Like others, McAfee is in the process of addressing how our affiliates use search tools to promote McAfee, but it is a complex challenge which takes time. 

The Economics of Typo-Squatting: Why it Works 

Most commonly, typo-squatters make money by putting pay-per-click ads on their domains.  The ads are typically generated by keywords related to the misspelled product. For iPhone typos, one might see ads for cell phone accessories, ring tones or calling plans.   

Profitable typo-squatting is built click by click, penny by penny. No single misspelled domain will generate enough profit to provide a living to the domain speculator. But a large portfolio of even slightly profitable domains can generate significant income, as this example demonstrates: 

Graphic Source: McAfee 

• The domain speculator buys two misspelled domains for $6 each.
• He registers the two sites with a so-called Domain Monetization company – a parking company that automates the process of serving advertising to those sites.
• After a 5 day “tasting period,” he returns the less successful one for a full refund.
• The parking company uses an automated advertising syndication service like Google AdSense to serve ads to visitors who mistype the intended URL.
• Meanwhile, the true domain’s owner has often contracted with Google to serve his ads on what he hopes are appropriate sites.
• For every visitor who clicks on one of those ads on the parked, misspelled page, the domain’s owner pays the ad syndicator.  In our example, we’ll assume a common cost per click rate of $0.20, but actual rates can become significantly higher (several dollars or more per click) for specialty categories.
• The syndicator splits this advertising revenue 50/50 with the parking company.
• The parking company then splits his 50% with the domain speculator.
• Net: the domain speculator earns $.05 (25% of the $.20 paid by the real domain’s owner) for each click consumers make on the squatted domain.
• To break even on his annual $6 investment, he needs 120 total clicks, or about one click every three days.
• If he gets 1 click per day, he makes $12.25 per year.
• If he grows his portfolio to 1,000 sites, he makes $12,250.
• If he grows his portfolio to 10,000 sites, he makes $122,500. 

 

While it is often immediately obvious that a typo squatted domain is not the intended destination, some visitors still click on ads rather than navigate away from the typo site. In fact, the mere existence of the typo squatted domain is proof of this. If the site did not generate enough revenue to at least cover the cost of registering the domain, the squatter would abandon the site. 

The economics of typo-squatting lead some analysts to describe this as a phenomenon of the long tail, the concept that the ease of Web navigation enables even the most rarefied content or product to earn some small amount of traffic and therefore, revenue. Professional domainers, including those who register typographic errors, often hold domain portfolios in the thousands or more. Individual domains may return only a few dollars a month. But multiplied by the thousands, those few dollars can become significant. 

What is driving the increase in typo-squatting 

General trends 

According to WIPO, a number of factors are driving the increase in typo-squatting, including: 

• New top level domains increase the amount of Web real estate available for squatting.
• Automated registration tools allow for easy and inexpensive registration of expired or new domains.
• The proliferation of parking portal sites and their increasing back end sophistication make it easy to generate pay-per-click revenue from squatted sites.
• Expanded use of 'Whois' privacy services makes it more expensive and time consuming for complainants to get relief. This reduces legal exposure to squatters.
• Each of these factors encourages additional professional domain name dealers to enter the business, which increases squatting activity.

 

The role of tasting 
 

WIPO and others point to “domain name tasting” as one of the most significant drivers of growth in squatting. Tasting “is a practice in which a person or entity (who may be affiliated with a registrar) registers a domain name for a five-day grace period without payment of the registration fee, and parks it on a pay-per-click website monitored for revenue... Only those domain names generating significant traffic are permanently registered. As a result of computer applications, tens of millions of domain names are temporarily registered on this basis each month.”  

“The abuse is huge. Over 750K domains were registered in one day the other week! Then almost all were deleted in the 5 day free abuse period.”

      -- Jay Westerdal, Name Intelligence, Inc. as quoted by Mark Monitor  
 

The number of tasted domains is exploding. In 2006, the Washington Post reported: 

“Of the 30 million dot-com names registered worldwide last month, more than 90 percent were dropped, according to domain name registrar GoDaddy.com. As a whole, the Internet has only 54 million active .com and .net addresses, according to VeriSign Inc.” 

In fact, on August 12, 2007, Jay Westerdal, a well-read domain industry expert exclaimed:  

“Today was the largest Domain Tasting day ever. We recorded over 8 Million Transactions today. This is a new high. We have never seen 8 Million transactions on one day before. That would be either an add or delete. Over 99 percent of these transactions are completely free and use the 5 day grace period to test domain names for traffic before they are purchase for a long term buy. Sometimes organizations will taste a domain name for multiple 5 day windows. They can tie up a domain for a long time and test it longer. Domain Tasting seems to be getting worse, the number of transactions continues to grow. I can see a day when more domain names exist in the 5 day grace period then exist as real registrations.” 
 

Tasting is not, in and of itself, nefarious. In fact, one of the reasons for allowing “tasting” was originally to protect consumers who accidentally purchased a domain they didn’t want. And many domainers use it to test “generic” domains like “comfortableshoes.com.” Still, many domainers, both big and small players, are troubled by tasting. 

What is undeniable is that tasting is an extremely effective risk minimization tool. And it seems non-controversial to say that without tasting or with some limits (like imposing a small fee per tasted domain) typo-squatting would be less common.  

The role of Search Engine Publishing Platforms 

If tasting enables typo-squatters to minimize risk, paid search syndication by the major search engines provides a turnkey way for  typo-squatters to earn revenue. 

McAfee’s research shows that almost a quarter of all suspected typo-squatted pages use Google or Yahoo! advertising. Our research confirms the anecdotal evidence that the ease of using Google’s ad syndication program helps makes typo-squatting profitable.  

In a twist of the tables, though, Google has fought typo-squatters of its own domain. We’re not surprised. Our research ranks Google.com as the 15^th most typo-squatted domain we studied with 32.2% of its 289 permutations hosted by live parking pages.  Ironically, we detected Google syndication text on 43 of those pages. 

The role of parking companies 

Parking companies are another vital link in the typo-squatter value chain. Parking companies act as middle men between site owners and advertising publishing platforms (who are themselves middle men between the advertiser and the parking company). By providing a turnkey service, parking companies enable the owners of large domain portfolios to reduce the cost of generating advertising and servings those ads. Without these automated services, the small profit generated by a single typo-squatter site would be eaten up by infrastructure costs.  

The major parking companies publicly condemn typo-squatting. In a recent “year in review,” Sedo, one of the biggest players in the industry, lamented the persistence of typo-squatting. 

“Perhaps the greatest disappointment of 2006 was that despite all the progress we’ve made and the success we’ve shared, the Domaining community has yet to gain control of their seedy underbelly. Despite increasing crackdowns, there are still a frighteningly large number of people choosing to chase the quick and dirty buck via typosquatting, cyber-squatting, or click fraud, rather than building a legitimate domain portfolio. Perhaps even more disturbing, there are still companies willing to service these individuals.”

            -- Sedo’s year in review article  

But our research shows that even these top players continue to profit from typo-squatting. In our tests, the top five parking companies, ranked by the percentage of squatters parked by them, were Information (28.5%), Hitfarm (11.3%), Domainsponsor (2.9%), Sedo (2.5%) and GoDaddy (2.3%).  

The decline in adult content on typo-squatters 

The incidence of adult content typo-squatters on brand name or children’s sites appears to have improved. Although McAfee has not studied this particular topic before, both Microsoft and Ben Edelman, a noted researcher on Web safety issues and an advisor to McAfee, found numerous examples of adult content on misspelled domains, including children’s properties.  

Still, the problem persists. 2.4% of the typo-squatter sites we tested include some adult content.  Some of these sites are squatters of children’s properties. 

Indianchild.com, a site devoted to Indian children, shares the same address, less an “a”, with indinchild dot com, an adult typo squatter. 
 

 

 
Caption Example where the URL for these two sites is identical except for a missing “a” 

This same content is served to americasgirl dot com, a URL remarkably similar to the popular high-end doll home page of americangirl.com. 
 

 

 
Caption: Example where identical adult content is delivered for a similar American Girl URL 
 

Discussion of our methodology 

In general, we have erred on the side of caution when deciding whether a site is typo-squatting. Our signature based methodology described earlier is designed to reduce false positives – sites that are incorrectly flagged as typo-squatters. More specifically, if a site does not include a signature of a known domain parking company, we do not flag the site as a typo-squatter even though the site may in fact be attempting to profit from brand name confusion.  

In addition, McAfee SiteAdvisor only tests permutations of the keyword itself. We do not test for phrases or word combinations that include a trademarked name. For example, SiteAdvisor data does not include either of the following sites:

• http://www.cheapvalium.com
• http://www.buyvalium.com

 

Both include the word Valium, a trademarked drug manufactured by Roche Pharmaceuticals. The sites are parked with information.com and domainsponsor.com, two well known domain parking services and both include pay per click ads related to the drug. 

We also did not test the content of parking sites for advertising relevance. This means that we will mark a site as a typo squatter even if it shows ads that are unrelated to the “target” company.   

Wildcarding 

We did not test top level domains. For example, a common typo for dot-com sites is to type “.co,” the top level domain for Columbia, and “.cm,” the top level domain for Cameroon.   

Some companies, like Yahoo, were smart enough to register this common typo back in 1994 and the URL seamlessly redirects to the Yahoo homepage. Others were not as prescient.

 
Caption: Example where Microsoft has advertised on a dot-cm squatter of itself. 
 

 
Caption: Example where Google.cm re-directs to this site which resulted in 482 spammy e-mails 

More broadly, Kevin Ham, an extremely successful domainer profiled by Paul Sloan earlier this year, struck a deal with the government of Cameroon to re-direct un-registered “.cm” typos to an ad-filled parking page owned by him. This wildcarding of the .cm domain is quite controversial.  

 
Caption: Example of where Webkinz.cm (a typo of a children’s site) re-directs to an Agoga parking page 

Two-Letter Domains 

We did not rank 2-letter domains like American Airlines (aa.com) General Electric (ge.com). While we found many probable typo-squatters on 2-letter typo’s, we did not think we could fairly attribute them to one brand or another.

Overall, we believe our approach underestimates the number of actual typo-squatters by a significant factor.  

Defining Typo-Squatting 

Web experts use a variety of criteria to determine whether a site is a cyber- or typo-squatter. Among the tests typically used to determine whether a site has been registered maliciously are: 

• The site owner offers to sell the domain to the complainant or competitor of the complainant at a price well above the holder’s actual expenses.
• The site uses false or masked Whois information to mask the identity of the owner.
• The site includes adult content.
• The site owner displays a pattern of registering the trademarks of others.
• The site tries to attract customers by creating brand confusion.

 

United State Definitions 

In the United States, the Anticybersquatting Consumer Protection Act (ACPA) defines cyber-squatting as the act of registering a domain name of another’s trademark with the intent to profit from it. Typo-squatting is not defined in the ACPA, but it’s commonly understood to be a type of cyber-squatting where a typographical error of a brand name domain is registered in an effort to profit. 

International Definitions 

There is no single definition of typo-squatting used internationally.  

For example, in 2003, Korea (.kr), a country with one of the world’s highest broadband penetration rates, enacted cyber-squatting legislation governing the .kr top level domain.  

In Japan (.jp), some cyber-squatting rules were put into place in 2000.  

China (.cn) recently narrowed its cyber-squatting rules to pertain only to those who sell the squatted domains to competitors companies.  

The United Kingdom (.uk) doesn’t have a cyber- or typo-squatting law on the books, but does give brands and other marks holder broad protections, even against URL owners who do not actively try to profit from the domain.  

Italy (.it) maintains a central registry and a well documented dispute process covering any URL where: 

1. the disputed domain name is the same or such as to mislead with respect to a trade mark on which the claimant claims rights, or with respect to the claimant's name and surname; and that
2. the existing assignee (hereinafter referred to as the "defendant") has no right or title with respect to the disputed domain name; and, finally, that
3. the domain name has been registered and is used in bad faith. If the claimant proves the co-existence of the ...conditions above, the disputed domain name shall be transferred to the claimant.

 

Like the UK, Germany (.de) does not have a law particular to typo-squatting, but rights holders may draw precedent from a variety of cases across commercial and trademark law. 

Sites popular in non-US countries tend to be less frequently squatted as the following chart makes clear. Whether this is due to different regulations or some other reason requires further study. 

 

For complete results, click here.  

Legal Relief 

In the United States and internationally, trademark holders can go to court to contest a typo-squatter. They can also avail themselves of arbitration. For example, the World Intellectual Property Organization (WIPO) offers a Trademark Domain Name Dispute Resolution Service.  

Similarly, trademark holders seeking relief against typo-squatters using the .biz, .com, .info, .name, .net, and .org top-level domains, can avail themselves of the Uniform Domain-Name Dispute-Resolution Policy (UDRP).  

The proliferation of squatters, the difficulty inherent in cross-jurisdictional disputes and the high cost of arbitration and litigation make it difficult at best for mark holders to dispute each and every case of squatting. 

Willful Blindness 

Interestingly, a WIPO decision from 2006 holds that domains speculators who use automated registration software without checking to see if the site infringes on another’s marks could represent bad faith "willful blindness". These kinds of decisions could lead to changes in the domaining process. 

Other Methods for Combating Typo-Squatting 

In the absence of remedial action taken at the legal or registrar level, there are other ways to take on typo-squatting. McAfee is not the first or only company to try to assist consumers and businesses in the fight against malicious typo-squatting.  

OpenDNS is a free filter that re-routes some typos and provides other related domain services like anti-phishing.  For example, OpenDNS will automatically re-route craigslist.OG to craigslist.ORG. The service appears to be limited however, to typo domains that aren’t live or are unregistered. For example, the service does not re-direct users away from a parked typo domain like microSIFT dot com.  

Many search engines now routinely offer alternatives for common misspellings, reducing the likelihood of landing at a typo site by accident. 

 

 
Caption: Examples of  search engines suggesting alternatives to misspellings like “amrica” 

Internet service providers like Earthlink and Charter provide a similar service.  

McAfee believes that part of the Web reputation service provided by its SiteAdvisor tool is to let consumers know if we believe a domain is trying to capture traffic intended for a different domain.  

McAfee has chosen to rate yellow (or “caution”) any site that triggers our typo-squatter criteria. This rating is lower than our red (or “warning”) label.  

McAfee could but does not currently re-direct traffic away from typo-squatted domains for users of its SiteAdvisor software.  

Some critics are troubled by re-direction and argue that ISPs and search engines that show ads pegged to the intended keyword profit from consumer typos in much the same way that the site squatters do.  

In our opinion, re-direction can be helpful to both consumers and intended sites, as long as the intended site is prominently featured on the redirection page. 

Other research and efforts include: 

• Microsoft offers a free tool that allows interested individuals to find and analyze squatters.

 

• F-Secure looked at squatters who targeted the security industry.

 

• CitizenHawk, a private company focused on selling typo-squatter detection and remediation services, was founded just over one year ago.

 

• In July 2007, a new organization called Coalition Against Domain Name Abuse (CADNA) was founded to lobby for new laws in both the United States and internationally to make typo-squatting more difficult and less profitable.

 

Conclusions 

“If domain names did not act as a badge of origin for a business, where would the profit be in cyber squatting?”

      -- Mark Bender, Professor of Commercial Law, Monash University (Australia) 

Product development and brand building is at the heart of our economic system. Companies invest time and money into building their products and brands. By contrast, typo-squatters use automated tools to siphon potential customers and profit off the brands built by others. In our view, typo-squatting generates clear-cut winners and losers. 

Losers

• Consumers lose time when they must re-type or re-click to get to their intended destination and they lose money if they get sidetracked into making an unwise purchase.
• Brands that have invested heavily to build well-known names and marks lose money when their potential customers are re-directed away from their product Web sites, or when they have to pay the typo-squatter for traffic re-directed to the proper domain.
• Large Companies lose when they must wage expensive arbitration or litigation battles against alleged squatters.
• Small Companies lose because they can’t afford to even initiate legal action.

 

Winners

• Domain speculators win when unwitting consumers click on ads they see on the typo-squatted site.
• Parking companies win by splitting the ad revenue generated by that traffic.
• Search engines win by also splitting the ad revenue generated by that traffic.
• Registrars generate revenue when domain speculators register and keep the thousands of domain variations required for the speculator to generate significant income.

 

Clearly, typo-squatting affects everyone who spends any time or earns their living on the Internet.  

The surge in typo-squatting is contributing to whiffs of parasitism associated with the booming business of buying and selling domain real estate.  

Some in the industry dispute the negative cast being given to domaining. A senior executive for Sedo, a major parking service, was quoted saying that “We want those pages to function as alternatives to search engines.''  

To be clear, though, McAfee does not rate yellow a generic site like cellphone.com or typos of generic keywords like lirics.com. We reserve our yellow rating for typo-squatters of well-known brands, companies and sites. 

Ultimately, in our view, typo-squatters fail the added-value test. Parked typo sites filled with pay-per click ads don’t help the consumer find the site he was actually looking for. And they don’t help the company build and brand their product in the way they see fit.  
 

For complete results, click here.