Doppelganger Domains. Oh, My.

Research sheds light on email security from domain name typos.

A new research report about typosquatting is making waves on mainstream web sites today.

The report covers what researchers at “Information Security Think Tank” Godai Group call Doppelganger Domains. I’ve never heard the term doppelganger applied to domain names before, but the group uses the term to label domain names that are missing a dot.

For example, a doppelganger of us.ibm.com would be usibm.com.

The researchers registered a number of these domain names and started collecting email that was wrongfully sent to them. They collected 120,000 emails over six months.

Ask any domain investor and they’ll tell you this issues isn’t limited to just missing dots. I have some .com domains that have basic web sites (and thus have email turned on) that receive email from people looking for the .net or .org version of the site. These emails have included sensitive information such as social security numbers.

.Com domain owners also see a spike in traffic when a non .com of their domain is active.

What effect will new top level domains have on this security issue? At first I think it will make it a lot worse. I talked to a lawyer once (name withheld) who owned a .pro domain. He said his clients would ask him why he hadn’t responded to their emails, only to find out they sent him mail at mail.pro.com.

Some people will make the argument that .brand domain names will reduce “doppelganger” domains because there will be one less dot. For example, us.ibm.com will become us.ibm. My guess is most people will type in the latter as us.ibm.com anyway.

Will internet users become accustomed to multiple top level domains and eventually pay more attention. Sure they will…eventually.