Porn Sites Hijack Expired Domain Names

11/03/2002 Written by Carolyn Duffy Marsan, Network World

The number of domain names being allowed to expire – intentionally or accidentally – is at an all-time high. Now shady middlemen called traffic aggregators are increasingly buying these names and redirecting corresponding Web traffic to other sites, primarily porn and gambling venues.

Organizations as varied as the Boston Philharmonic Orchestra and the Dutch government have seen their expired domain names snapped up by traffic aggregators and redirected to porn sites. Others, including the United Nations and the U.S. Department of Education, have received irate e-mails from online customers complaining about undetected links to porn sites.

“The links caused a hell of a stir,” says Edward Loeb, a program manager with Allied Technology Group, a contractor that operates the U.S. Department of Education’s Web site. “The public is not at all happy to find…their taxpayers’ dollars spent on Web sites that link to pornography. It was quite an embarrassment to us.”

Tracking Tools Help

Using an early version of a new tool called LinkScan 9.0, Loeb found 15 links to porn sites buried among the 65,000 internal and external links on the Department of Education’s Web site.

The links were to two domains that had changed ownership from educational outfits to traffic aggregators.

Marketers of link-checking software such as LinkScan are updating their offerings with the capability to check links for adult content.

“We just started seeing this trend in the last three months,” says Michael Weider, chair of Watchfire, which sells a Web site quality-assessment tool called WebXM that identifies unintentional links to adult content. He says some companies have as many as 200 of these potentially embarrassing URLs buried within their content.

The problem has gotten serious enough that the Internet Corporation for Assigned Names and Numbers recently issued a proposal to create a 30-day waiting period before expiring domain names can be resold. ICANN’s policy paper says that in recent months it has seen “a rising tide” of complaints related to domain names inadvertently changing ownership.

Embarrassing Slip
The situation can prove embarrassing for companies.

Consider what happened to The Special Interest Group on CD/DVD Applications and Technology, a 15-year-old nonprofit organization. The group, which held its last conference in 1999, accidentally let its domain name – www.sigcat.org – expire.

In December, Domains For Sale, an Estonian traffic aggregator with an Illinois telephone number, purchased SIGCAT’s domain name and now redirects traffic to a porn operator named Adult City.

“We found out about a month ago that the site looked a lot different than it used to,” says Jerry McFaul, a U.S. Geological Survey employee and founder of SIGCAT. Renewing the domain name “fell through the cracks. We had a Webmaster in one state, an ISP in another state, and we were here in Virginia. Each of us thought the other was covering the renewal.”

McFaul says he contacted Domains For Sale and was told he could buy back the domain name but “not to bid anything under $1000.” Because the group is nonprofit, he decided not to spend the money. Instead, SIGCAT is evolving into a new organization, the DVD Association, with a new Web site: www.dvda.org.

Domains For Sale did not respond to phone calls for this story.

The SIGCAT snafu also tripped up Amtower & Company, an Ashton, Maryland provider of direct-marketing services to the federal government. Amtower had links to www.sigcat.org on some of its business-to-government Web sites.

Company President Mark Amtower says he had “not a clue” that he was linking to a porn site.

“I own about 300 different [business-to-government] URLs,” he says. “I damn well don’t want one of them linked to porno.”

Big (if Shady) Business
SIGCAT isn’t the only organization to have its expired domain name purchased by Domains for Sale or its sister companies, which include Triple Zero Networks and The Hostmaster. These companies all have addresses in the former Soviet Union and the same telephone number in Illinois.

They have purchased many formerly reputable domain names, including can2k.com, which Industry Canada originally used to explain the millennium bug; wsodc.org, which was used by the Washington Symphony Orchestra; and climatechange2000.org, which the Dutch government used to publicize a meeting of the United Nations Framework Convention on Climate Change in 2000.

The number of expired domain names rose from 750,000 per month in August 2001 to more than 2,250,000 per month in December 2001, according to SnapNames.

Traffic aggregators like Domains for Sale purchase dozens of expiring domain names with active traffic each month and redirect them to gambling or porn sites, which in turn pay the traffic aggregators for each customer that originates from the redirected URL. Typically domain names are sold for $35 a year.

The identification and purchase of expired domain names has gotten easier in the last year, thanks to the availability of automated services that track and purchase expiring names. These services, from companies such as SnapNames, Dotster, and Enom, are increasingly used by traffic aggregators. Other companies, such as Exody.com, LocalWhois.com, and Domains bot.com, provide traffic aggregators with lists of soon-to-expire names.

“The people who are interested in dropped names are primarily the traffic aggregators,” says Matt Stearn, a vice president at Enom. “They’ll buy from one to 50 names on any particular day.”

Regulatory Tightrope
Regulating this situation is tricky for ICANN, which must protect the free-speech rights of porn operators while ensuring that domain-name holders are given proper notification and enough time to renew their names.

In its policy paper, ICANN says most of the problems are caused by the inattention of domain name holders who forget to renew registrations. Companies often fail to receive notification of a pending domain name expiration because the e-mail address listed at the time of the registration is no longer valid.

Currently deleted names are available for resale immediately or, in some cases, after a five-day registry hold.

ICANN proposes deleted names be put on hold for 30 days before resale, giving registrars and domain name holders time to correct mistaken deletions. The delay would serve as a “last resort” notification to a Web site operator that a name had expired because the name wouldn’t resolve during the 30 days prior to the name’s availability for resale. The proposal would apply to names ending in .com, .net, .org, .biz, .info, and .name.

Mopping Up
In the meantime, Webmasters are stuck cleaning up the mess that inappropriate links cause.

Jan Golinski, Webmaster for the U.N.‘s Framework Convention on Climate Change, discovered in November that his site inadvertently linked to adult content. The site had links to climatechange2000.org. The Dutch government failed to renew the domain name registration, so a traffic aggregator snapped it up and redirected the traffic to Adult City’s Web site.

“I deleted everything that was connected to climatechange2000.org,” Golinski says. He also established a new policy about external links. Still, Golinski says the new linking policy wouldn’t have prevented the recent fiasco.

Loeb, who operates the U.S. Department of Education’s Web site, says the only way to be sure that you’re not linking to adult content is to use link-checking software. The latest versions of these packages range in price from $1000 to $75,000.

“It’s worth it to have this kind of a tool because the cost of being wrong is too high,” Loeb adds.