What’s In A Name: The State of Typo-Squatting 2007
By the end of 2007, at least
8,000 URLs using the word iphone will be registered, according to a well known domain
expert. The most
valuable – iphone.com – is owned by Apple itself, but when Steve
Jobs announced the product early in 2007, Apple didn’t own the iphone
domain yet. One expert estimates that Apple paid at least $1 million
to buy that piece of valuable Web real estate.
Among the 8,000 registered
URLs incorporating iphone are community fan sites,
rumor and hack sites and, of course, scam sites. Freeappleiphonesnow
dot com claims to offer free iPhones and variants that don’t even
exist (like the iPhone “shuffle” and “nano”.) The URL is nothing
more than a redirect to royalsweeps dot com. When we tested the site, we received debt consolidation offers,
get rich quick solicitations, “free” cell phone prizes and other
Many of the iphone-related
domains are misspellings, or typos. Iohone dot com, for example, was registered on January 9, 2007, the day Apple
officially announced the iPhone. In August 2007, the site consisted
of pay-per-click ads for iPhone-related Web sites.
Table of Contents
Study in Other Languages
Typo- and Cyber-squatting on the rise
Apple is not alone in enduring
an explosion of 3rd party domain registrations related to
a trademarked product. Typo-squatting, the practice of registering domains
using common misspellings of popular brands, products and people in
order to profit from consumer typing errors, is increasing dramatically.
Cybersquatting cases filed
with the World Intellectual Property Organization’s (WIPO) arbitration system increased
20% in 2005 and another 25%
Microsoft says that “on an average day more than
2,000 domain names are registered that contain Microsoft trademark terms.”
According to the US Government
Accounting Office, at least 8.65% of all domain
names are registered
with false or incomplete Whois information, a practice that makes domain
More recently, in September
2007, the managers of the .eu top level domain suspended 10,000
by a Chinese woman who was accused of being a cyber-squatter.
In an effort to further quantify
and understand this phenomenon, McAfee studied 1.9 million typographical
variations of 2,771 of the most popular and well known Web sites.
Of these, we found 127,381 suspected typo-squatters.
Among McAfee’s key findings
are the following:
- Typo-squatting is vast and common, affecting every segment of the Web. 7.2% of the possible typographical errors we studied were actively squatting. In other words, a typical consumer who misspells a popular Web site URL has a 1 in 14 chance of landing at a likely typo-squatter site.
- The five most highly squatted categories are game sites (14.0%), airlines (11.4%), main stream media company sites (10.8%), adult sites (10.2%) and technology and Web 2.0 related sites (9.6%).
- Children’s sites are highly targeted by typo squatters. The average for the category is 8.4% and 24 of the top most squatted sites are children’s properties for kids 12 and under. Add in sites like MySpace and Miniclip and more than 60 of the top most squatted sites are properties that appeal to the 18 and under demographic.
- Squatters follow consumer crowds. Popular, consumer-focused Web sites typically attract more squatters than business to business sites or niche content sites.
- The incidence of pornographic content on non-adult typo-squatted sites is just 2.4%, suggesting improvement since previous studies by other researchers.
- Automated ad syndication services like Google’s AdSense enable a significant minority of typo-squatter sites to generate revenue. Google-enabled advertising shows up on 19.3% of all suspected typo-squatter sites in this study. Yahoo-enabled advertising shows up on 4.4% of all suspected typo-squatter sites.
- The increasing use of automation to buy and sell vast numbers of domains, combined with a 5-day free trial (known as “tasting”) for new registrations to top level domains like dot-com appear to be two significant factors in the rapid growth of typo-squatting.
- At 3.4%, sites popular outside the U.S. are less than half as likely to be typo-squatted as overall sites.
- The five non-U.S. countries most likely to have popular sites squatted are the United Kingdom (7.7%), Portugal (6.5%), Spain (5.9%), France (5.4%), and Italy (4.1%).
- The five non-U.S. countries least likely to have popular sites squatted are the Netherlands (1.5%), Israel (1.1%), Denmark (1.0%), Brazil (0.9%) and Finland (0.1%).
- The top five parking companies, ranked by the percentage of squatters parked by them, are Information (28.5%), Hitfarm (11.3%), Domainsponsor (2.9%), Sedo (2.5%) and GoDaddy (2.3%). Together, the top five park 47.5% of the squatters we discovered.
First, McAfee collected a list
of sites based on the most popular and common sites visited by typical
consumers. A total of 2,771 target sites were collected from a
variety of different sources, including:
- Yahoo! Buzz
- Google Zeitgeist
- McAfee’s own site popularity data
- Suggestions from McAfee’s world wide staff
Then, McAfee generated permutations
(different misspellings) of each of the 2,771 target domains.
Among the eight methods we used to generate permutations were:
- Swapped Characters – Swap characters one at a time. Example: yuotube.com.
- Replaced Characters – Replace characters one at a time. Example: wschovia.com.
- Inserted Characters – Insert one character. Example: Newgroounds.com.
- Deleted Character – Remove one character at a time. Example: cartonnetwork.com.
- Missing dot – Remove the dot between the “www” and the domain. Example: wwwmicrosoft.com.
We typically generated 500+
permutations for a 5-letter domain and 800+ permutations for a 10-letter
Next, we surfed to each of
these 1,920,256 permutations. If the permutation resolved to a live
Web site within a certain amount of time, we marked the site as “live”
and then tested the site’s content for the presence of a parking company
signature – short pieces of text (often, URLs) that indicate a site
is hosted by a well known parking company that serves pay per click
For some categories, we used
our judgment to select the target domain. For example, in the celebrity
category, we used firstnamelastname.com as a proxy for the celebrity’s
official Web site. In some cases (e.g. parishilton.com) the proxy and
official site are one in the same. In other cases (e.g. tomcruise.com)
the actual site does not currently serve content. We used this method
to simulate what we believe to be a typical consumer's effort to directly
navigate to the celebrity’s home page.
In a related issue, we occasionally
substituted re-directed domains for the final domain. For example, we
tested http://playhousedisney.com rather than http://atv.disney.go.com
Rankings by Category
McAfee divided the 2,771 target
domains into categories like Children and Shopping. This categorization
was based both on classifications by 3rd parties like Hitwise
as well as the judgment of McAfee staff. McAfee staff also broke out
more than 500 of these domains for their popularity in a variety of
We then ranked these categorized
domains by the “percentage of suspected squatters detected.”
That figure is calculated by dividing the base domain’s number of
suspected squatted sites by the base domain’s total number of sites
checked. This ratio represents the likelihood of a typical consumer
landing at a squatted site after mistyping the base domain.
Most Frequently Squatted Categories
|Rank||Category||Average % Squatters||# of Suspected Squatters||# of Sites Checked|
|Top 100 sites||22.4%|
results, click here.
Sample site: McAfee.com
Here’s how our methodology
works, using our own site as an example: We tested 507 variations on
McAfee.com. Our results show that our homepage has been typo-squatted
74 times, a rate of 14.6%. The prevalence of squatters of our homepage
is in the second decile (top 13%) of the 2,771 sites we ranked. Typos
of McAfee.com are parked with every major parking service.
Adding to the complexity of
this issue, some parked pages include advertisements from legitimate
McAfee affiliates. Like others, McAfee is in the process of addressing
how our affiliates use search tools to promote McAfee, but it is a complex
challenge which takes time.
The Economics of Typo-Squatting: Why it Works
Most commonly, typo-squatters
make money by putting pay-per-click ads on their domains. The
ads are typically generated by keywords related to the misspelled product.
For iPhone typos, one might see ads for cell phone accessories, ring
tones or calling plans.
Profitable typo-squatting is
built click by click, penny by penny. No single misspelled domain will
generate enough profit to provide a living to the domain speculator.
But a large portfolio of even slightly profitable domains can generate
significant income, as this example demonstrates:
Graphic Source: McAfee
- The domain speculator buys two misspelled domains for $6 each.
- He registers the two sites with a so-called Domain Monetization company – a parking company that automates the process of serving advertising to those sites.
- After a 5 day “tasting period,” he returns the less successful one for a full refund.
- The parking company uses an automated advertising syndication service like Google AdSense to serve ads to visitors who mistype the intended URL.
- Meanwhile, the true domain’s owner has often contracted with Google to serve his ads on what he hopes are appropriate sites.
- For every visitor who clicks on one of those ads on the parked, misspelled page, the domain’s owner pays the ad syndicator. In our example, we’ll assume a common cost per click rate of $0.20, but actual rates can become significantly higher (several dollars or more per click) for specialty categories.
- The syndicator splits this advertising revenue 50/50 with the parking company.
- The parking company then splits his 50% with the domain speculator.
- Net: the domain speculator earns $.05 (25% of the $.20 paid by the real domain’s owner) for each click consumers make on the squatted domain.
- To break even on his annual $6 investment, he needs 120 total clicks, or about one click every three days.
- If he gets 1 click per day, he makes $12.25 per year.
- If he grows his portfolio to 1,000 sites, he makes $12,250.
- If he grows his portfolio to 10,000 sites, he makes $122,500.
While it is often immediately
obvious that a typo squatted domain is not the intended destination,
some visitors still click on ads rather than navigate away from the
typo site. In fact, the mere existence of the typo squatted domain is
proof of this. If the site did not generate enough revenue to at least
cover the cost of registering the domain, the squatter would abandon
The economics of typo-squatting
lead some analysts to describe this as a phenomenon of the long tail, the concept that the ease of Web
navigation enables even the most rarefied content or product to earn
some small amount of traffic and therefore, revenue. Professional domainers,
including those who register typographic errors, often hold domain portfolios
in the thousands
or more. Individual domains may return only a few dollars a month.
But multiplied by the thousands, those few dollars can become significant.
What is driving the increase in typo-squatting
According to WIPO, a number of factors are driving the
increase in typo-squatting, including:
- New top level domains increase the amount of Web real estate available for squatting.
- Automated registration tools allow for easy and inexpensive registration of expired or new domains.
- The proliferation of parking portal sites and their increasing back end sophistication make it easy to generate pay-per-click revenue from squatted sites.
- Expanded use of 'Whois' privacy services makes it more expensive and time consuming for complainants to get relief. This reduces legal exposure to squatters.
- Each of these factors encourages additional professional domain name dealers to enter the business, which increases squatting activity.
The role of tasting
WIPO and others point to “domain
name tasting” as one of the most significant drivers of growth in
squatting. Tasting “is a practice in which a person
or entity (who may be affiliated with a registrar) registers a domain
name for a five-day grace period without payment of the registration
fee, and parks it on a pay-per-click website monitored for revenue...
Only those domain names generating significant traffic are permanently
registered. As a result of computer applications, tens of millions of
domain names are temporarily registered on this basis each month.”
“The abuse is huge. Over 750K domains were registered in one day the other week! Then almost all were deleted in the 5 day free abuse period.”
Jay Westerdal, Name Intelligence, Inc. as quoted by Mark Monitor
The number of tasted domains
is exploding. In 2006, the Washington Post reported:
“Of the 30 million dot-com
names registered worldwide last month, more than 90 percent were dropped,
according to domain name registrar GoDaddy.com. As a whole, the Internet
has only 54 million active .com and .net addresses, according to VeriSign
In fact, on
August 12, 2007, Jay Westerdal, a well-read domain industry expert exclaimed:
“Today was the largest
Domain Tasting day ever. We recorded over 8 Million Transactions today.
This is a new high. We have never seen 8 Million transactions on one
day before. That would be either an add or delete. Over 99 percent of
these transactions are completely free and use the 5 day grace period
to test domain names for traffic before they are purchase for a long
term buy. Sometimes organizations will taste a domain name for multiple
5 day windows. They can tie up a domain for a long time and test it
longer. Domain Tasting seems to be getting worse, the number of transactions
continues to grow. I can see a day when more domain names exist in the
5 day grace period then exist as real registrations.”
Tasting is not, in and of itself,
nefarious. In fact, one of the reasons for allowing “tasting” was originally to protect consumers who accidentally
purchased a domain they didn’t want. And many domainers use it to
test “generic” domains like “comfortableshoes.com.” Still, many domainers, both big and small players, are troubled
What is undeniable is that
tasting is an extremely effective risk minimization tool. And it seems
non-controversial to say that without tasting or with some limits (like
imposing a small fee per tasted domain) typo-squatting would be less
The role of
Search Engine Publishing Platforms
If tasting enables typo-squatters
to minimize risk, paid search syndication by the major search engines
provides a turnkey way for typo-squatters to earn revenue.
McAfee’s research shows that
almost a quarter of all suspected typo-squatted pages use Google or
Yahoo! advertising. Our research confirms the anecdotal evidence that the ease of using Google’s
ad syndication program helps makes typo-squatting profitable.
a twist of the tables, though, Google
has fought typo-squatters
of its own domain. We’re not surprised. Our research ranks Google.com
as the 15th most typo-squatted domain we studied with 32.2%
of its 289 permutations hosted by live parking pages. Ironically,
we detected Google syndication text on 43 of those pages.
The role of parking companies
Parking companies are another
vital link in the typo-squatter value chain. Parking companies act as
middle men between site owners and advertising publishing platforms
(who are themselves middle men between the advertiser and the parking
company). By providing a turnkey service, parking companies enable
the owners of large domain portfolios to reduce the cost of generating
advertising and servings those ads. Without these automated services,
the small profit generated by a single typo-squatter site would be eaten
up by infrastructure costs.
The major parking companies
publicly condemn typo-squatting. In a recent “year in review,” Sedo,
one of the biggest players in the industry, lamented the persistence of typo-squatting.
“Perhaps the greatest disappointment of 2006 was that despite all the progress we’ve made and the success we’ve shared, the Domaining community has yet to gain control of their seedy underbelly. Despite increasing crackdowns, there are still a frighteningly large number of people choosing to chase the quick and dirty buck via typosquatting, cyber-squatting, or click fraud, rather than building a legitimate domain portfolio. Perhaps even more disturbing, there are still companies willing to service these individuals.”
-- Sedo’s year in review article
But our research shows that
even these top players continue to profit from typo-squatting. In our
tests, the top five parking companies, ranked by the percentage of squatters
parked by them, were Information (28.5%), Hitfarm (11.3%), Domainsponsor
(2.9%), Sedo (2.5%) and GoDaddy (2.3%).
The decline in adult content on typo-squatters
The incidence of adult content
typo-squatters on brand name or children’s sites appears to have improved.
Although McAfee has not studied this particular topic before, both Microsoft and Ben
Edelman, a noted
researcher on Web safety issues and an advisor to McAfee, found numerous
examples of adult content on misspelled domains, including children’s
Still, the problem persists.
2.4% of the typo-squatter sites we tested include some adult content.
Some of these sites are squatters of children’s properties.
Discussion of our methodology
In general, we have erred on
the side of caution when deciding whether a site is typo-squatting.
Our signature based methodology described earlier is designed to reduce
false positives – sites that are incorrectly flagged as typo-squatters.
More specifically, if a site does not include a signature of a known
domain parking company, we do not flag the site as a typo-squatter even
though the site may in fact be attempting to profit from brand name
In addition, McAfee SiteAdvisor only tests permutations of the keyword itself. We do not test for phrases or word combinations that include a trademarked name. For example, SiteAdvisor data does not include either of the following sites:
Both include the word Valium,
a trademarked drug manufactured by Roche Pharmaceuticals. The sites
are parked with information.com and domainsponsor.com, two well known
domain parking services and both include pay per click ads related to
We also did not test the content
of parking sites for advertising relevance. This means that we will
mark a site as a typo squatter even if it shows ads that are unrelated
to the “target” company.
We did not test top level domains.
For example, a common typo for dot-com sites is to type “.co,” the
top level domain for Columbia, and “.cm,” the top level domain for
Some companies, like Yahoo, were smart enough to register this common typo back in 1994 and the URL seamlessly redirects to the Yahoo homepage. Others were not as prescient.
More broadly, Kevin Ham, an
extremely successful domainer profiled by Paul Sloan earlier this year, struck a deal with
the government of Cameroon to re-direct un-registered “.cm” typos
to an ad-filled parking page owned by him. This wildcarding of the .cm
domain is quite controversial.
We did not rank 2-letter domains like American Airlines (aa.com) General Electric (ge.com). While we found many probable typo-squatters on 2-letter typo’s, we did not think we could fairly attribute them to one brand or another.
Overall, we believe our approach
underestimates the number of actual typo-squatters by a significant
Web experts use a variety of
criteria to determine whether a site is a cyber- or typo-squatter. Among
the tests typically used to determine whether a site has been registered
- The site owner offers to sell the domain to the complainant or competitor of the complainant at a price well above the holder’s actual expenses.
- The site uses false or masked Whois information to mask the identity of the owner.
- The site includes adult content.
- The site owner displays a pattern of registering the trademarks of others.
- The site tries to attract customers by creating brand confusion.
In the United States, the Anticybersquatting
Consumer Protection Act
(ACPA) defines cyber-squatting as the act of registering a domain name
of another’s trademark with the intent to profit from it. Typo-squatting
is not defined in the ACPA, but it’s commonly understood to be a type
of cyber-squatting where a typographical error of a brand name domain
is registered in an effort to profit.
There is no single definition
of typo-squatting used internationally.
For example, in 2003, Korea (.kr), a country with one of the world’s
highest broadband penetration rates, enacted cyber-squatting legislation
governing the .kr top level domain.
In Japan (.jp), some cyber-squatting rules
were put into place in 2000.
China (.cn) recently narrowed its cyber-squatting rules to pertain only to those who sell the squatted domains to competitors companies.
The United Kingdom (.uk) doesn’t have a cyber- or typo-squatting
law on the books, but does give brands and other marks holder broad
protections, even against URL owners who do not actively try to profit
from the domain.
- the disputed domain name is the same or such as to mislead with respect to a trade mark on which the claimant claims rights, or with respect to the claimant's name and surname; and that
- the existing assignee (hereinafter referred to as the "defendant") has no right or title with respect to the disputed domain name; and, finally, that
- the domain name has been registered and is used in bad faith. If the claimant proves the co-existence of the ...conditions above, the disputed domain name shall be transferred to the claimant.
Like the UK, Germany (.de)
does not have a law particular to typo-squatting, but rights holders
may draw precedent from a variety of cases across commercial and trademark
Sites popular in non-US countries
tend to be less frequently squatted as the following chart makes clear.
Whether this is due to different regulations or some other reason requires
|Squatter Frequency for Selected Countries|
|Rank||Category||Average % Squatters||# of Suspected Squatters||# of Sites Checked|
complete results, click here.
In the United States and internationally,
trademark holders can go to court to contest a typo-squatter. They can
also avail themselves of arbitration. For example, the World Intellectual
Property Organization (WIPO) offers a Trademark Domain Name Dispute Resolution Service.
Similarly, trademark holders
seeking relief against typo-squatters using the .biz, .com, .info, .name,
.net, and .org top-level domains, can avail themselves of the Uniform
The proliferation of squatters,
the difficulty inherent in cross-jurisdictional disputes and the high
cost of arbitration and litigation make it difficult at best for mark
holders to dispute each and every case of squatting.
Interestingly, a WIPO decision from 2006 holds that domains speculators
who use automated registration software without checking to see if the
site infringes on another’s marks could represent bad faith "willful
blindness". These kinds of decisions could lead to changes in the domaining
Other Methods for Combating Typo-Squatting
In the absence of remedial
action taken at the legal or registrar level, there are other ways to
take on typo-squatting. McAfee is not the first or only company to
try to assist consumers and businesses in the fight against malicious
OpenDNS is a free filter that re-routes some
typos and provides other related domain services like anti-phishing.
For example, OpenDNS will automatically re-route craigslist.OG to craigslist.ORG.
The service appears to be limited however, to typo domains that aren’t
live or are unregistered. For example, the service does not re-direct
users away from a parked typo domain like microSIFT dot com.
Many search engines now routinely
offer alternatives for common misspellings, reducing the likelihood
of landing at a typo site by accident.
Internet service providers
like Earthlink and Charter provide a similar
McAfee believes that part of
the Web reputation service provided by its SiteAdvisor tool is to let
consumers know if we believe a domain is trying to capture traffic intended
for a different domain.
McAfee has chosen to rate yellow
(or “caution”) any site that triggers our typo-squatter criteria.
This rating is lower than our red (or “warning”) label.
McAfee could but does not currently
re-direct traffic away from typo-squatted domains for users of its SiteAdvisor
critics are troubled
by re-direction and argue that ISPs and search engines that show ads
pegged to the intended keyword profit from consumer typos in much the
same way that the site squatters do.
In our opinion, re-direction
can be helpful to both consumers and intended sites, as long as the
intended site is prominently featured on the redirection page.
Other research and efforts
- Microsoft offers a free tool that allows interested individuals to find and analyze squatters.
- F-Secure looked at squatters who targeted the security industry.
- CitizenHawk, a private company focused on selling typo-squatter detection and remediation services, was founded just over one year ago.
- In July 2007, a new organization called Coalition Against Domain Name Abuse (CADNA) was founded to lobby for new laws in both the United States and internationally to make typo-squatting more difficult and less profitable.
“If domain names did not act as a badge of origin for a business, where would the profit be in cyber squatting?”
Mark Bender, Professor of Commercial Law, Monash University (Australia)
Product development and brand
building is at the heart of our economic system. Companies invest time
and money into building their products and brands. By contrast, typo-squatters
use automated tools to siphon potential customers and profit off the
brands built by others. In our view, typo-squatting generates clear-cut
winners and losers.
- Consumers lose time when they must re-type or re-click to get to their intended destination and they lose money if they get sidetracked into making an unwise purchase.
- Brands that have invested heavily to build well-known names and marks lose money when their potential customers are re-directed away from their product Web sites, or when they have to pay the typo-squatter for traffic re-directed to the proper domain.
- Large Companies lose when they must wage expensive arbitration or litigation battles against alleged squatters.
- Small Companies lose because they can’t afford to even initiate legal action.
- Domain speculators win when unwitting consumers click on ads they see on the typo-squatted site.
- Parking companies win by splitting the ad revenue generated by that traffic.
- Search engines win by also splitting the ad revenue generated by that traffic.
- Registrars generate revenue when domain speculators register and keep the thousands of domain variations required for the speculator to generate significant income.
Clearly, typo-squatting affects
everyone who spends any time or earns their living on the Internet.
Some in the industry dispute
the negative cast being given to domaining. A senior executive for Sedo,
a major parking service, was quoted saying that “We want those pages
to function as alternatives to search engines.''
To be clear, though, McAfee
does not rate yellow a generic site like cellphone.com or typos of
generic keywords like lirics.com. We reserve our yellow rating for typo-squatters
of well-known brands, companies and sites.
Ultimately, in our view, typo-squatters
fail the added-value test. Parked typo sites filled with pay-per click
ads don’t help the consumer find the site he was actually looking
for. And they don’t help the company build and brand their product
in the way they see fit.
results, click here.