Introduction

In an age where the digital presence of businesses is paramount, every click counts. A company’s website is its digital storefront, and maximising traffic is a crucial part of online success. But what happens when potential visitors mistype a website address or a third-party link to an incorrect subdomain? Without the right strategy in place, these users might end up facing an error message which then bounces to a competitor’s website. This is where typo domains and subdomains come into play—a marketing technique that turns misspellings into opportunities. This article covers typo domains.

We work with large publicly listed companies that have to protect their brand identities, so it’s important that they protect that. Some of our clients own thousands of typo domains that cover every potential misspelling you could probably think of. There are normally dedicated teams to manage DNS and traffic routing, which often fall under traffic engineering, edge engineers, or cloud teams.

Many companies buy domains, but then may not have suitable governance in place to manage them all. Brands that are more challenging to spell will often require more typo domains to protect them. 

We support them using the following three ways.

Auto-renewal & Monitoring

Importance of Auto-Renewal: Domain renewals are critical for maintaining an uninterrupted online presence. Neglecting them can lead to website downtime and potential brand damage. Even large organisations have experienced lapses, underlining the importance of a reliable renewal process. In 2015, Google mistakenly let google.com expire, allowing an ex-employee called Sanmay Ved to buy it for $12. The purchase only lasted one minute before the transaction was reversed. Google gave him $6,006.13 (spelling Google) as financial compensation. Microsoft had a similar episode back in 2003 where they forgot to renew hotmail.co.uk.

Implementing a Dual-Layer Renewal System: A two-tiered approach is recommended for managing domain renewals. The primary layer is the auto-renewal feature provided by your domain name provider. This ensures basic protection against domain expiration. The secondary layer involves an internal monitoring system for DNS changes. This system tracks renewals, alerts on upcoming expiration dates, and verifies successful renewals. It serves as an additional safeguard, catching any failures in the auto-renewal process.

Monitoring DNS Changes: In addition to renewal monitoring, it’s important to track changes in DNS records and nameserver updates, especially for domains nearing their renewal dates. This helps in identifying and addressing any inadvertent modifications or issues that might impact website accessibility or performance. Off-the-shelf tooling is available, such as DNSCheck or ZoneWatcher, however, a bidirectional sync needs to be in place to monitor for new DNS records that are not known to third-party systems. Alternatively, enterprise DNS providers such as UltraDNS, Cloudflare and Dyn have public APIs that can be used to integrate with internal monitoring systems.

Connection Issues & SSL Certificates

Ensuring Protocol Accessibility: Make sure that all typo domains are accessible via both HTTP and HTTPS protocols. This prevents connection errors and ensures that visitors reach the intended site regardless of the protocol used.

Regular SSL Certificate Updates: Maintain updated SSL certificates for all domains, including typo variants. Utilise automated tools like Let’s Encrypt for efficient certificate management. NB: Let’s Encrypt offers Domain Validation (DV) certificates but does not offer Organisation Validation (OV) or Extended Validation (EV) because they cannot automate issuance for those types of certificates).

Case Study Analysis: A good example is addidas.com spelled with two “d”, which is a typo of adidas.com. Adidas appears to own the typo domain but has not handled the redirection correctly. The screenshot below shows that Adidas does not redirect the typo domain HTTP or HTTPS to the correct domain and that the HTTP certificate is not valid. An SSL warning screen is shown below.

After accepting the SSL warning, which is deemed “unsafe” addidas.com does eventually redirect to adidas.de. The same is true for adiddas.com with the double “d” on the later part.

Optimising Redirection

Implementing Single-Step Redirection: Reduce the number of redirects from typo domains to the main website. Aim for direct, single-step redirection to enhance user experience and minimise the risk of redirect loops or failures.

To mitigate this, we recommend forwarding the entire URL path and query on to the final destination. This can be achieved by either using scripts to automatically generate Nginx or Apache configuration files upon deployment or by using a reverse proxied dynamic application that can manage through a different backend.

Server Configuration for Redirection

For the purpose of this, we’ll just use a simple Nginx configuration file. It is possible to add multiple subdomain and hosts to a single file, but it can become cumbersome to manage. Instead, one configuration file per subdomain maybe more appropriate.

Redirect http://xample.com to https://www.example.com:

# xample.com.conf
server {
    listen 80;
    server_name xample.com;
    return 301 https://www.example.com$request_uri;

}

Redirect http://www.xample.com to https://www.example.com:

# www.xample.com.conf

server {
    listen 80;
    server_name www.xample.com;
    return 301 https://www.example.com$request_uri;
}

Redirect https://xample.com to https://www.example.com:

You’ll need an SSL certificate for xample.com for this to work properly. Once you have that:

server {
    listen 443 ssl;
    server_name xample.com;
    ssl_certificate /path/to/your/certificate.crt;
    ssl_certificate_key /path/to/your/private.key;
    return 301 https://www.example.com$request_uri;
}

It’s worth considering that the example above only covers for the typos for example.com. There may also be similar typos for each top-level domain, i.e. xample.de, xample.it, xample.fr.

Next…

By having a domain typo strategy in place, we can create test monitoring to ensure that we are monitoring for anomalies.

In Part 2, we shall cover Subdomain Typo strategies.