Home / Blogs

Microsoft Choking Domain Parking Business Practices?

In a follow up to Microsoft's Strider URL Tracer tool released a few months ago, SecurityFocus is running an article which takes a closer look at how Microsoft's free Strider URL Tracer with Typo-Patrol is aimed at fighting typo-squatters and domain parking abuse. From the article:

"In most cases, the typo domain is not even selling a product or service itself. The typo domain makes its money from syndicated advertising such as Google's AdSense program. The typo-squatter simply parks the domain and the only content on the site ends up being the ads served from a syndicated advertising program.

With ad syndication, context-sensitive ads are displayed that are based on the overall content of the target web site. When a URL is typed into the address bar or clicked on, the Web browser is instructed to retrieve data from a third-party URL. The third-party URL, using information it knows about the target URL, and possibly combined with details about the user, then serves contextual ads that are relevant to the site or user.

In theory, there is nothing wrong with this practice. If I am visiting a site about golfing, it makes sense that I would want to see advertising that has to do with golfing as well, as opposed to ads about the latest cholesterol drug or mail-order DVD service.

Some domain owners abuse the ad syndication system, however, by simply parking the domains so that the only content on the site to begin with is from the syndicated ads. These sites provide no real value and serve no better purpose than to generate ad revenue for the domain owner. With domain registrations as low as $7, the domain could pay for itself with as little as one unique visitor every 2 days.


To try to identify and combat this type of systematic typo-squatting and abuse of the syndicated advertising system, Microsoft's Cybersecurity and Systems Management research group developed the Strider Typo-Patrol tool."

Microsoft Research maintaining a website on the project defines Strider URL Tracer with Typo-Patrol as follows:

"When a user visits a Web site, her browser may be instructed to visit other third-party domains without her knowledge. Some of these third-party domains raise security, privacy, and safety concerns. The Strider URL Tracer, available for download, is a tool that reveals these third-party domains, and it includes a Typo-Patrol feature that generates and scans sites that capitalize on inadvertent URL misspellings, a process known as typo-squatting. The tool also enables parents to block typo-squatting domains that serve adult ads on typos of children's Web sites."

By CircleID Reporter

Related topics: DNS, Privacy, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:


Re: Microsoft Choking Domain Parking Business Practices? Frank Schilling  –  Jan 02, 2007 9:13 PM PST

While it might seem admirable that Microsoft wants to "help" the Internet's users find the things they are looking for, I do not sleep better knowing that Microsoft gets to be the final arbiter of what a Typo is.

Poignant and meaningful domain-names in the coveted dot-com space are few in 2007, so creativity is the order of the day. Against that backdrop: is Orbitz.com a Typo of Orbits.com? It certainly looks like a Typo. 'Orbitz' is a made up word after-all and the "s" is immediately adjacent to the "z" on my QWERTY keyboard. If Orbitz.com the travel site started challenging a Microsoft travel business would Microsoft's browser updates tell me to avoid the Orbitz.com travel site and offer me the Microsoft alternative? What if the "Strider tool" took any parked "Strider Typo" domain-name featuring Google AdSense advertising or Google Search and pointed it to Microsoft's MSN search results? Where exactly is "the line" and should Microsoft (of all companies) be allowed to call it?

Type any random: jksajsahfkjsha768.com name in your address bar and watch what comes up.  If you're using Internet Explorer you will see Microsoft's MSN gateway page where Microsoft gets to serve you a search box and some links in a valiant effort to make money by selling your eyeballs to somebody. This example works on 'Strider' Typo style names too.

Nobody wants a company with the ulterior-motive of selling browser error-traffic to their paid-search advertising network to be the judge, jury and executioner of the content (or lack of content) they see on the net. This is such an obviously self-serving piece of Microsoft Software.

Re: Microsoft Choking Domain Parking Business Practices? Daniel R. Tobias  –  Jan 11, 2007 3:17 PM PST

Although I'm a Microsoft-hater myself, I don't see anything inherently "evil" about what they did here.  As far as I can see, this tool is something you need to specifically download from their site, and is not pushed on you in a system update or a default installation; thus, it's not much different from the many tools that can be obtained for browsers such as Firefox that do various things that alter your browsing experience (such as GreaseMonkey, a Firefox plugin that lets you automatically rewrite site content).  Now, if M$ starts forcing or sneaking such "utilities" on people, that would be cause for concern, but for their research department to simply make it available as an experimental add-on isn't really a problem.

Re: Microsoft Choking Domain Parking Business Practices? Frank Schilling  –  Jan 11, 2007 5:52 PM PST

I'm not a Microsoft hater, in fact I use many of their products. I just don't like the double standard here.  Microsoft makes money from selling advertising on browser typos by sending non-resolving domain names (in their browser) to its MSN gateway page. Then it invents a piece of software to combat 'these typo bad guys' who are building a dam up the river, taking their typo traffic stream away. Again, what if MSFT decided to take competing website traffic because it controls the browser?! That strider thing worked great and nobody complained, so let’s kick it up a notch: Website 'X' wasn't "useful" enough so we took you directly to a "better page" on the MSN network.  Microsoft is in a position of great power by virtue of their browser and with great power comes great responsibility to allow all kinds of business to flourish. If Microsoft wants to stop typos of 'Bank of America' or 'Nintendo' with some software I'm all for it, but don't let me see that unregistered typo domain name ultimately resolve through their browser to an MSN gateway page where Microsoft makes money by selling advertising (as happens now). It would be very simple for Microsoft to insert 'content judging' software such as this strider tool into subsequent versions of their browser. The more they probe and push in that direction without anybody saying anything, the more the free Internet becomes some Microsoft intranet. I'm sure Bill would like nothing more than if we all just watched Channel-One and didn’t venture out much ... R-o-s-e-b-u-d.  :)

Re: Microsoft Choking Domain Parking Business Practices? Daniel R. Tobias  –  Jan 11, 2007 8:06 PM PST

Then use Mozilla… I do!

Re: Microsoft Choking Domain Parking Business Practices? Suresh Ramasubramanian  –  Jan 11, 2007 10:44 PM PST


Whether this is a Citizen Gates move by Microsoft or not .. as long as they make typosquatting unpopular, that's quite fine

This is going to turn into a very interesting way to ruin the domain monetization racket, I see ..

Re: Microsoft Choking Domain Parking Business Practices? Frank Schilling  –  Jan 12, 2007 6:22 AM PST

What is a typo Suresh? Is Flickr.com a typo of Flicker.com? ..  If Flickr.com (the website) were a startup competing with Flicker.com the established Microsoft URL would strider flag it?  Is it fair that Microsoft gets to decide?

Re: Microsoft Choking Domain Parking Business Practices? Suresh Ramasubramanian  –  Jan 12, 2007 6:40 AM PST

Let us examine intent here.  Is MS' intent

1. Getting into the typo monetization racket themselves and using their near monopoly on the browser market to crowd others out?


2. Participate in what they see as brand / trademark protection and anti phishing initiatives?  (they are quite active in several organizations that do one or both of these - the Anti Phishing Working Group for example)

2 is what Strider is billed as so far.  Have you seen it doing 1, or have you seen that documented anywhere on microsoft's site, or is this the standard slippery slope "they COULD easily do this" argument?

Re: Microsoft Choking Domain Parking Business Practices? Frank Schilling  –  Jan 12, 2007 7:00 AM PST

Neither. This is the: "What flavor do you want you Typosquatting" speech Suresh.

Do you want:

A) the little guy who runs out and registers bankofamericanewyork.com and puts up paid listings for "bank of america" making money every time somebody clicks?

or do you want:

B) Microsoft error traffic MSN gateway where Microsoft puts up paid listings for "bank of america" making money every time somebody clicks?

The fact that Microsoft is a multibillion dollar corporation not intending to engage in Typosaquatting is a moot point as that is exactly what they are doing in 93% of the World's browsers.

I would prefer neither and if their Strider Tool held their own browser to the same high standard as it holds these neer do well typosquatters then I would not be writing this post.

Re: Microsoft Choking Domain Parking Business Practices? Daniel R. Tobias  –  Jan 12, 2007 4:47 PM PST

Actually, a growing number of people are using better browsers than the crappy one from Microsoft. One of my sites, Dan's Mail Format Site, had 45% of its traffic from users of Gecko-based (Mozilla) browsers (mostly Firefox), and only 43% from MSIE, over the last 9 days or so.  Granted, that's a "techie" site, but even non-techie sites are getting double-digit percentages for Gecko/Mozilla/Firefox; the sites where I work are presently running around 15% Gecko and 78% MSIE (with various others including Opera and Safari making up the balance).

To post comments, please login or create an account.

Related Blogs

Related News


Industry Updates – Sponsored Posts

Afilias Supports the CrypTech Project - Ambitious Hardware Encryption Effort to Protect User Privacy

Public Sector Experiences Largest Increase in DDoS Attacks (Verisign's Q4 2014 DDoS Trends)

Help Ensure the Availability and Security of Your Enterprise DNS with Verisign Recursive DNS

Verisign iDefense 2015 Cyber-Threats and Trends

What's in Your Attack Surface?

Join Paul Vixie & Robert Edmonds at the Upcoming Distinguished Speaker Series

Q3 2014 DDoS Trends: Attacks Exceeding 10 Gbps on the Rise

LogicBoxes Announces Automation Solutions for ccTLD

3 Questions to Ask Your DNS Host About DDoS

Introducing Our Special Edition Managed DNS Service for Top-Level Domain Operators

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

Neustar to Build Multiple Tbps DDoS Mitigation Platform

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

New gTLDs and Best Practices for Domain Management Policies (Video)

Nominum Announces Future Ready DNS

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

Video Interviews from ICANN 50 in London

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

3 Questions to Ask Your DNS Host about Lowering DDoS Risks

Sponsored Topics

Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines


Sponsored by


Sponsored by

DNS Security

Sponsored by