Skip to content

Domain Typo Squatting: Where there is trust, there is an exploit

McAffee has an opinion, and if you trust them for your AntiVirus and personal computer “security”, that opinion is now shaping your Internet experience.

Hacking credo: where there is trust, there is an exploit. It goes way back. The art of the con… find or create a point of trust, and you have opportunity to misdirect. So when I see a “computer security firm” expressing opinions like I see in this so-called “study”, I worry.

McAffee says it decided to study typo squatting, the practice of registering domains that are typos of existing domain, in order to serve the direct trafic that comes when people mis-type the domain name in the browser location bar. The trite example is someone intends to go to but types Whomever registered is said to be “typosquatting”. Typically the typo domain has a page of ads on it.

What bothers me about poorly done “research” like this McAffee report, is the bias. I can’t get past the obvious bias. It’s not just bad, sloppy research, but it is clearly agenda driven. McAffee has an opinion, and by claiming to base that opinion in fact or research, they feel justified to impose controls via their security products. Typo domains will be flagged as suspect, not to be trusted, based on McAffee’s determination. But I see that bias because I am active in the domain and web publishing worlds. I am quite sure the public will not see the bias so easily.
Consider for yourself the domain Before you look, what would you expect to appear there? Most would say a web site about cruises. Some would guess a parked page. It doesn’t really matter because it is what it is, and because this Internet thing is a free market, anyone with an idea can pursue the rights to publish on the domain. It might cost money to secure the rights, but if it’s a good business idea, well, that’s how markets work. And if there is an opportunity on a typo domain, that, too is handled by the market.
Actually is indeed a website about cruises. Now, consider, a common typo of What would you expect to find at Most would say a parked page, as you might find with the typical typo squatter. Well, it’s a cruise web site.  Go figure.

Actually, it is a partially built cruise website, representative of a domainer exploring the frontier beyond parked pages, with actual content. Many links are broken,  and it is search driven to a large degree. But is it worthy of censorship by products like McAffee’s antivirus and security products?  If it was a parked page yesterday, and is a half-built content site today, what might it be tomorrow? If you use McAffee, you may never know. McAffee says it’s a “typo squatter” when actually it’s a webmaster just like every other site on the Internet. A web master publishing content…working through the steps to publish and tune a website to serve the audience for commercial gain. Why is McAffee judging intent and censoring the web?
Were there is trust there s an exploit. McAffee has trust for its antivirus products, and now they expand to include “safe Internet surfing” and impose editorial opinion and exploit the trust for commercial gain. The generic domain has some trust, which is exploited by the typo squatter at Which is more evil? I think the average surfer hitting will figure out if the site is devoid of value for themselves. They can also decide if the ads are good things to click. But I don’t think they will ever recognize that a company like McAffee is censoring their Internet experience based on sloppy research and opinion.
An example statement from that McAffee report (bold added):

In general, we have erred on the side of caution when deciding whether a site is typo-squatting. Our signature based methodology described earlier is designed to reduce false positives – sites that are incorrectly flagged as typo-squatters. More specifically, if a site does not include a signature of a known domain parking company, we do not flag the site as a typo-squatter even though the site may in fact be attempting to profit from brand name confusion.

Bingo. In other words, even after all this “research” into what is and what is not typo squatting and how typo squatting is good or bad for consumers, the bottom line is McAffee’s products will only flag domains owned by the major parking companies as suspect, unworthy, “yellow”, unsafe, etc. See the bias?
Editor’s Note: I purposefully misspelled McAffee throughout this article because I wanted to.


  1. Patrick McDermott wrote:


    The term Typosquater is so often misused and applied unjustly epecially by covetous
    parties who try to “steal” domains through the legal process.

    Example: Pirelli Tire with their Pzero trademark tried to steal the and domains from their respective owners.

    Pirelli claimed in it’s arbitration filings that zero is “identical or confusingly similar” to its Pzero TM.

    They succeeded in the case but failed in the case.

    See: ( (

    I believe your example of using is an example of this misapplication..

    Cruise is 100% generic and if used in it’s descriptive sense -for cruise travel-
    is not legally protected unless combined with some other element.

    If I registered which is obviously a typo of ,I would be a Typosquater.

    If I registered -a typo of the 100% generic word Mortgages – how
    would that make me a Typosquater? Yes! No!

    If Citibank registered the typo domain, would that make THEM
    a Typosquater?

    No, because there is no intent to deceive.

    IMHO, registering a typo of a generic word like Cruise is no different than registering the correct spelling in another extension.

    You are not intending to deceive or violating anyone’s rights.

    Of course, you could become the victim of Trademark overreach.

    By the way, I purposefully misspelled Typosquater throughout because
    I wanted to. :-)

    Enjoyed your article.


    Sunday, December 16, 2007 at 2:10 pm | Permalink
  2. Awaken wrote:

    Hi John,

    I definitely understand your position on this. I think that the article was more focused on “branded” domain names, as opposed to generic names. If I have a company, and I roll out a product called the “iphone”, then yes I believe that I should have the right to any traffic that is generated based on that name or common mutations of that name. Especially if that name has been trademarked by me. But, for something like “”; it’s a generic word that can be found in the dictionary, and in my opinion I have just as much a right to own that name, and any of its typos, as the next man. I think this is where the line gets blurry for Mcafee. If they place just as much bias on generic “dictionary” phrases as they do with trademarked brand names, then they are, as you mention, seriously handicapping the web user experience.

    It’s a balancing act that needs to be approached with detail, otherwise there will definitely be some collateral damage. I think a good solution to this problem would be education. We should educate trademark/business owners on the value of purchasing their own domain name misspellings. If they understood how much money they’re leaving on the table, they would think twice about ignoring typos. We’ve moved ahead on this front, but not as fast as we should be.

    Monday, December 17, 2007 at 11:29 am | Permalink
  3. john andrews wrote:

    @Awaken: I agree trademarked are different in some ways, but there are also separate/related issues with trademarks. For exampe, when Apple named it’s iphone someone already owned and in fact was a popular trend among domain speculators just as represents “digital”. What gives Apple the right to “decide to own the trademark family? They can’t, you might say, but how many companies have indeed tried to do just that? See the comment about Pirelli, and the story of Nissan, and many, many more.

    One could argue that the corporations are just “trying whatever regardless of rights, because they might win some of it” and guess what, that’s what domainers are doing.

    I think the law about confusingly similar is ok, but the cost of arguing is too high and the cost of domains is too low. Should CocaCola spent $7 for and stop registering domains, assuming every other variant that might be confusingly similar will be defacto left unregistered by the fair marketplace? Or should they proactively establish their trademark by registering variants? Oh, and if cybersquatters face a $100k fine, what sort of fine should Pirelli face for going after and as part of their PZero brand protection?

    Monday, December 17, 2007 at 7:50 pm | Permalink
  4. Dan Perry wrote:

    In addition, it’s a tough game to play. I’ve heard of a company owning over a thousand domains, and still not being able to cover all the bases.

    Wednesday, December 19, 2007 at 12:19 pm | Permalink
  5. Paul McAffee-er-McAfee wrote:

    Did you purposely misspell the name of such a well-known antivirus software company as McAfee? Talk about typos. But then I realized you probably did it on purpose, so we could all go to and see the typo squatter site at that URL. :)

    Wednesday, December 19, 2007 at 12:48 pm | Permalink