May 04, 2007, Top-level tampering, By Charles Miller

The Computer Corner

Top-level tampering
By Charles Miller, May 4, 2007

Nobody knows for sure how many, but every day a billion internet users type in billions of web site addresses as they surf the World Wide Web. Many thousands of these internet surfers who are not very good typists sometimes end up on the wrong side of the planet.

Every country on earth has an internet “Country Code Top-Level Domain (ccTLD) of its own. Every internet user in San Miguel has seen web sites using the Mexican top level domain “.mx.” Other frequently-encountered top level domains are .fr for France and .uk for England.

Any internet user who types in the wrong URL (Uniform Resource Locator) or web site address is going to end up on the wrong web site. Type in the wrong top level domain and you will end up in the wrong country.

The West African nation of Cameroon has been experimenting with ways to turn users’ typographical errors into cash. The ccTLD for Cameroon is .cm which is one mistyped letter away from the ubiquitous dot com. That one omitted letter from .com is potentially an advertising gold mine and they have jumped on it.

Apparently, there are many thousands of internet users who each day forget to type the “O” in “.com.” Everyone who does this gets a free trip to West Africa.

What Cameroon has done is to “wildcard” their ccTLD. The wildcard feature means that rather than returning an error message, the user will be taken to agoga.com. As a result, any misspelling of any .com domain name as .cm takes the user to a page full of advertisements from Cameroon.

Believe it or not, there is already a name for this practice. It is referred to as “typosquatting” and is practiced by people who buy up misspellings of popular web sites in order to capitalize on mistyped names to generate advertising revenue.

In the US, some forms of typosquatting were outlawed by the “Truth in Domain Names Act” which made it illegal to intentionally misdirect children to pornographic sites. Under this law in 2004, one typosquatter was sentenced to 30 months in prison for refusing to stop redirecting dinseyland.com to a porn site.

But back to the practice of wildcarding. Domain Name Servers (DNS) are those computers that translate alpha addresses such as “yahoo.com” to the numeric equivalent 216.109.112.135. When an address does not exist, the DNS server returns an error saying the page does not exist. What Cameroon has done is hijack this error message and send the user to their advertising page agoga.com instead.

Aside from just being an annoyance, the wildcard and its failure to return an error message for non-existent domains can mess up anti-spam software that verifies the validity of the sending domain.

The internet governing body ICANN took action against VeriSign Inc. in 2003, when that company introduced wildcards to the .com and .net domains. For a time, when you mistyped any name you would be taken to VeriSign’s web site.

VeriSign was forced to stop that practice but dealing with a sovereign country is a different matter. It seems that ICANN has formal relationships with the internet authorities of many countries, but Cameroon is not one of them. Whoops.

What this means is that careless typist who leave the “O” out of “.com” are going to detour through the African sub-continent.

Charles Miller is a freelance computer consultant, a frequent visitor to San Miguel since 1981 and now practically a full-time resident. He may be contacted at 044-415-101-8528 or email FAQ@SMAguru.com.