A team of researchers says a number of domain name parking companies are up to no good.
A group of researchers, mostly from Indiana University, recently presented a study about the “Dark Side of Domain Parking”.
The study (pdf) was presented at USENIX Security Symposium in August, but I just became aware of it today and don’t recall this being covered elsewhere.
The researchers wanted to understand the domain name parking business and if parking companies were up to no good. They concluded that parking companies behave legitimately most of the time, but are involved in illicit activities occasionally to juice their revenues.
To test the parking companies, the researchers registered domains, set up parking accounts, created advertising accounts at various companies, and set up a crawler to visit parked pages (but not click on ads). They often times faked their information to set up these accounts.
In all, they made 24 million visits to over 100,000 parked domain names.
The researchers discovered three main issues:
1. Click Fraud – The researchers found click fraud, but they aren’t referring to domain name owners clicking on their own ads. Instead, they noticed that the ad campaigns the researchers set up at ad networks were charged for click traffic produced by its own crawler, which was designed not to click. The researchers noted that they discovered very little of this click fraud with the tier one ad networks (Google and Bing). They presume that parking companies don’t send fake clicks to these top networks because they’re better at uncovering it.
2. Traffic Spam – When the researchers purchased zero click traffic, they noticed that the originating URL had nothing to do with the bidding keywords specified a lot of the time.
3. Traffic Stealing – Domainers often accuse parking companies of not paying them for clicks received. The researchers found this to be the case, at least with zero click traffic. They were charged for zero click traffic by 7search, but the parking company didn’t credit them with any revenue. (The researchers blame the parking company for this, not 7search). Even if some entity along the chain felt a visit was fraudulent, the advertiser was charged and someone didn’t pass the money on to the domain owner.
Above: diagram of Traffic Stealing from researcher presentation.
The report also touches on something I wrote about a couple months ago: zero click traffic sending visitors to malware sites or other shady sites. The reports claims that at least 3.7% of zero click traffic buyers spread malware. It also points out, like I did, that this hurts the unwitting domain name owner as well.
Which domain name parking companies undertook shady activities? For legal reasons, the researchers anonymized the names of the bad parking companies. But you could probably spend just a few minutes to figure it out.
Here’s a chart showing the issues they found at four specific parking companies, labeled PS5, PS6, PS1 and PS2, and which ad networks these activities involved:
Elsewhere in the report, the researchers disclose that PS6 is TeamInternet’s parking operation. TeamInternet also owns DNTX, so they are mostly being blamed for sending poorly targeted zero click traffic.
If you want to figure out who the others are, this handy chart in the research should help you figure it out:
Note that Above, Rook, Fabulous and InternetTraffic aren’t anonymized because they aren’t specifically called out elsewhere in the report.
Great post Andrew. It’s good to know you keep your finger on the pulse the industry for us. Our parking revenue has stayed the same over the last 12 months with Internet Traffic.
They need to name the companies and start putting and end to what everyone knew was happening for a long time! Name them!! Name and shame.
There’s no need to even name them (PS1-PS6 does that already). It’s simple enough. Simply by visiting WebHosting.info and type in your parking companies DNS and boom, there’s a pretty good idea regarding who’s who.
There’s no more forwarding or redirects so it’s clear as day…..
Common sense.
FYI, the nameserver domain counts are from Feb 2014.
Who do you think is PS1 – PS6 ????
Maybe I’m missing something here, but it appears that they are talking about DomainParking from a few years ago… Most parking companies will force you to use their nameservers – because Google forces them to do so.
And there’s no mention of PPC ads here at all, which is probably still how the majority of domains are being monetized.
The study was performed last year. The report notes that the PPC portion of the fraud is primarily with second tier ad networks, not Google.
Do you think because Google says to use a parking company’s name-servers that the parking companies arent taking under the table? Ha. With the level of non-transparency that is provided by parking companies to those who park with them, there is no wonder that there is shady stuff going on. Who are they accountable to? They’re not audited by anyone. Google? Google can be fooled just like anyone else.
Google does not require that you use a parking company’s name servers. You can use any DNS servers you want. The requirement is that the DNS records of the parked domain must point directly to the parking server.
A few years ago, you were able to park a domain by pointing it to a redirect server, which would redirect to a special URL with the parked domain as one of the parameter values.
So instead of landing on Example.com, the user would be redirected to RedirectServer.com/?domain=example.com. This led to a lot of slop and abuse in the system, so Google disallowed it.
Nowadays, the vast majority of parked domains most likely reside on parking company name servers. But a lot of the high traffic parked domains reside elsewhere.
amongst the major parking companies like Sedo, Bodis, and Parking Crew
etc. I CAN TELL YOU FOR A FACT, THEY DO NOT ENGAGE IN CLICK
FRAUD! Possibly smaller companies who use tier 2 advertising maybe,
but again these companies are few and far between and have pretty
much been weeded out over the last couple of years.
Unfortunately all studies like these do is drive down parking revenue even
further and cast greater suspicion on the remaining few legitimate
parking companies most of which play very fair and honest.
Great report ~ it’s a constant challenge maintaining the velvet rope to a high standard, keeping the goblins out and hair brained upstream monetization schemes out of the mix. I’m incredibly proud of InternetTraffic.com, our upstream provider and the hard work of John Smrekar, James Hatheway, Nic Ruiz and Ryan Smith (on our team) for keeping the wheels on the bus and our reputation sound. It’s not magic. It’s hard work.
Hi Guys,
I wanted to briefly comment on two accusations made here in relation to DNTX:
1.) Click Fraud: They mention tons of click fraud, especially on 0-click, that occurred even though their crawler didn’t click. That is the entire concept of a 0-click: Someone types in a domain name and the click / redirect is automatically triggered. You don’t need to click, the user is redirected to the advertisers domain name. Advertisers are explicitly buying this ad type and are fully aware of that 0-click model so this is far, far away from being click-fraud.
2.) Malware: They claim that DNTX served up malware and has no protection in place against people running malware campaigns. This is absolutely wrong. We do have both: automated and manual verifications in place for campaigns.
Furthermore, our GTCs are very clear:
I explicitly agree NOT to promote any of the following products or landing pages and am aware that violation of this policy will result in suspension of my account without refund of remaining funds:
• Google parked domains
• real cash money games / gambling / casino
• malware / scareware
• phishing
• toolbars / downloads
• explicit and/or illegal content
• landing pages in violation of legal provisions, privacy rights, trademarks and / or third party rights or offend common decency
NO DOWNLOAD COVERAGE OF ANY TYPE WILL BE ACCEPTED IN OUR NETWORK. Any violation in this regard will force us to immediately terminate our partnership agreement.
We have a ton of measures in place to prevent such ads from showing up and shut down any campaign and account we find in violation of our GTCs.
DNTX certainly got a lot of coverage in the video, but this is no surprise. It is by far the most successful tier2 ad network for parked domains and thus obviously had a high representation in their sample.
Cheers
DNTX Support
Thanks for chiming in.
I’d like to clarify how I interpreted the report.
The click fraud reference was not in relation to zero click. That was for PPC. In fact, for Team Internet and DNTX, they didn’t report any click fraud issues.
Their issue with DNTX was two fold:
1. Traffic spam – on zero click traffic, they believe you sent untargeted traffic. For example, if they bid on traffic related to “cars”, then DNTX sent traffic that had nothing to do with that.
2. Malware – which you address.
Thanks a lot for your detailed feedback Andrew!
With regards to traffic spam and untargeted traffic: Keywords on DNTX are matched to keywords the domain name themselves contain. I assume that if they saw such cases it meant that the publisher (aka domain owner) registered a cars related domain name and redirected untargeted traffic to that domain name. Stuff like that is really hard to detect and when we receive notice about this from advertisers, we shut down the domain name and publisher.
I hope this helps.
Cheers
DNTX.com Support
I just re-read their section on traffic spam and I question if their methodology is flawed.
They basically looked at the parked URL and compared it to the target (advertiser URL) and checked if they contained similar keywords/topics. But they made the assumption that the advertiser bought keywords specifically related to their page. I suspect that, in a lot of cases, broad websites (or affiliates) will by cheap, untargeted traffic.
Update: They did, however, have specific examples of traffic spam. They wrote “the traffic we purchased turned out to have nothing to do with the keywords we specified”
The bigger concern from their research, in my opinion, is the malware. I know this is a problem, and all zero click companies need to do a better job screening for this.
And what about the slew of traffic originating from Russia, Ukraine, China and from even Amazon’s AWS(!!) – which is nothing but bot traffic.
They will choose a domain name to target and when you’re domain name gets “shut down” because of these clowns, it becomes blacklisted with Google. Can we say Google? I mean “upstream provider”.. Dont want to piss off Google! Geez.
Why is is the onus on the domain name owner and not on GOOGLE to filter the traffic? Its their ad system. Its their baby. Domain name owners have no control over these bots and they’re becoming more and more vicious.
Lets face it, parking, for what its worth, is a black hole and its unregulated by anyone. Google claims to regulate it but they dont. Eventually its gonna die and thats if it already hasnt died.
I’d like to add my comments since Bodis has been mentioned several times in the report.
I’d like to start by saying that their report mentions assuming and guesswork quite a few times. After reading the report from start to finish, it’s unbelievable that a group of researchers was able to accuse parking companies based on assumptions and lack of technical know-how of certain internal parts in regards to how parking companies and ad networks operate.
First off let me be clear by saying that I agree that the malware download ads have no place in this industry or anywhere on the web for that matter. Having said that, the blame should not be placed on a single company. Eliminating these types of ads is something that needs collaborative effort and needs to be tackled from the ground up. Bodis, does not operate its own direct advertiser network for zeroclick advertisements. We however partner with a few dozen ad networks in the industry to place zeroclick ads on customer parked domains. What makes things more difficult is that each of these ad networks partners with dozens if not hundreds of other ad networks of their own. At the end of the day, if you’re partnering with a dozen or so ad networks, you’re in essence indirectly partnering with almost the entire ad industry. So now you can see that if there’s a malware ad, it’s not the role of just a single company to act on it, but it’s up to the entire ad industry to improve and control these types of issues from reoccuring.
There’s been times we have seen a zeroclick request redirect to a malware advertiser and we immediately acted upon it by identifying which ad network the malware ad is distributed from and contacting them to resolve the matter on their end. Unfortunately technology and ad partnerships haven’t come far enough to the point where we can control what advertisers of our partners we want to use and which we don’t. It’s typically an all or nothing type of deal. And there have been many times we’ve shut off entire ad networks or all of zeroclick across the board for days at a time due to exactly the issue mentioned in the report.
So once again, I stress that this is an issue that needs collaborative effort from the parking company, from the partner ad network, the partner’s partners’ ad networks, and the advertiser. Companies in the ad space have to grow to be more pro-active and technology needs to improve as well that will give everyone better control over ad serving.
The researches also mentions click #s not matching up on parking companies. This comes back to almost the same point I discussed in the last paragraph. With so many ad networks working together and syndicating their ad inventory there are many instances when one ad network in the chain will not credit the other ad network for the visitor for whatever reason, and so forth. Add to that the different ways of counting visitors. For instance, if you ever purchased web hosting you’ll realize in your default Plesk or other control panel the # of page views and visits is always higher than quality analytics such as Google count. There’s so many different methodologies of counting visitors that the numbers will never match up, and the same goes for parking companies and ad networks. I just find it odd that the researches put almost all the blame on just parking companies, and not the ad industry and technology as a whole.
Lastly, I contacted all researchers via email and have yet to get a response. Hopefully I can talk to them about this issue so they can realize that things are not as bad as their assumptions.
wow, I find this article very interesting. It is hard to believe how much parking
revenue has fallen in the past 6 months. On a daily basis i can look into my
various accounts and find atleast a half of dozen clicks that show NO PAYOUT
whatsoever. I just cant help but to wonder if articles like this actually end up
being more harmful than good driving down parking revenues even further.
In the end here really they are not telling us anything new, its just more
negative news concerning the domain industry, and in specific domain
parking. It’s already so bad that If my revenue goes down any further with
Sedo and Bodis, I will end up having to pay them at the end of each month.
It’s ridiculiously crazy just how crooked and unfair everything has gotten.
The domain industry is being ruined move by move lately by all of the big players. I miss the old days when parking companies appreciated your
traffic and actually rewarded domain owners with fair revenue.
Bodis.com I wish I can report the for scamming.
After months of working they said”
After automated system checks and a careful review of your account, our team has determined that the quality of traffic on your account does not meet the standards set by our advertisers and upstream advertisement providers. Unfortunately, due to the low quality traffic levels, any pending earnings have been deducted from your account and credited to our advertisers.
At this time we will be unable to accept this traffic going forward and as a result have suspended this account.
“