Volume 4, Issue 2 June 17, 2009

Download PDF Print Page

Flying Under the Radar

Affiliate Fraud and Cybersquatting


According to the New York Times, the most valuable traffic that a Web site can receive is from “people who arrive at a site by typing its Web address directly into their browsers or clicking on a bookmark”—in other words, traffic that arrives to a site through Direct Navigation1. According to the article, “such visitors, who tend to be repeat customers, linger the longest, spend the most money, and are the most likely to ‘convert’ to buyer.”

People who use direct navigation, type in a brand, combinations of a brand and related products/services, or unbranded keywords into the browser address bar in hopes of finding the most relevant content. It is not uncommon for misspellings to occur when users enter domain names into the address bar. Taking these factors into account, there are an unlimited number of possible domain names that Internet users can type while searching for content.

Cybersquatters—those who register domain names, especially those identical or confusingly similar to existing trademarks, with the intention of reselling them at an inflated price or otherwise profiting from them in bad faith—have long known both the value of direct navigation traffic and the way that direct navigators seek content. Cybersquatters have used this knowledge to actively pursue and register domain names that naturally draw in such traffic.

In the last decade, cybersquatters’ traffic monetization tactic of choice was often to place pay-per-click (PPC) advertisements on landing pages for their domain names. PPC sites offer related sponsored advertisements based on the domain name itself or key terms in the domain name, giving users the ability to click through to the content they are looking for or to be directed to competing products and services. As a result, a domain name containing a variation of a brand name and one of its products/services can be used to host links to the brand’s content, content relevant to the brand’s services, or even content from the brand’s competitors:

Figure 1: Screen capture of the domain
Figure 12: Screen capture of the domain

Because users are often able to reach what they are looking for through PPC sites by selecting one of the ad links shown, the owners of these domains are able to generate revenue whenever visitors “click.” However, even when brand owners receive their rightful traffic through PPC sites, they must pay for this traffic since brands are charged each time a user clicks on their ad hoping to reach their content.

While PPC sites remain a large part of cybersquatting mechanics, there is another, little-known wave of massive-scale online infringement called affiliate fraud that is gathering steam on the Internet. Affiliate fraud earns cybersquatters 50-100 times the fee per action of pay-per-click (PPC) sites and targets brand owners–all undetected. FairWinds Partners, the Internet strategy consulting firm that co-founded CADNA and runs its daily operations, conducted this study to examine the practice of affiliate fraud.

What Is Affiliate Fraud, and How Do Affiliate Fraudsters Make Money?

Some brands offer affiliate programs, which allow third-party Web site owners to post the brands’ links and banners on their site or to send traffic to their site directly through domain forwards; in return, the owner of the site that is hosting the link receives a commission for every click-through that results in a purchase. These affiliate programs are meant to be mutually beneficial; brands get traffic funneled to their sites and their affiliates can earn a commission by providing that service. Typically, affiliates are in violation of the brand’s agreement if they register and enroll trademark-infringing domains.

The revenue potential of affiliate programs ranges according to two factors: the traffic that the Web site receives (the quantity and its quality) and the type of affiliate program that the brand offers. Let’s consider four major models of affiliate programs and how they monetize traffic.

Some brands offer affiliate programs that pay according to the number of visitors that the affiliate directs to their site. In this case, the quantity of the traffic that the Web site receives is the only thing that matters. This is a pay-per-click model, where the number of clicks that a brand’s advertisement gets on an affiliate site translates to the number of visitors that land on the brand’s site. For this model, the volume of traffic that the affiliate site attracts is key—the more traffic that a Web site attracts, the greater the chance that an advertisement will get a high number of clicks. However, affiliates can increase those chances even more by targeting higher quality traffic. In other words, targeting traffic that is more likely to click on the particular advertisements displayed on the affiliate’s site. If the domain name contains words related to the products or services that the brand is advertising, such a domain name will attract Internet users looking for particular content and in turn may result in additional clicks to the target affiliate link. Another strategy is to increase search referred traffic to the site where the affiliate links and display ads are located by improving the content and other qualities that affect SEO scoring. This way, pages will be more favorably indexed and appear higher in search engine results.

Other affiliate programs operate on a pay-per-lead model, which provides compensation for visitors that the affiliate directs to the brand’s site only if that visitor completes some variation of a sign-up form. This form usually requests contact or demographic information but does not involve a purchase or transaction of any kind. This kind of affiliate program model requires traffic that is either particularly committed to finding specific content or is able to be enticed by curiosity or some sort of giveaway—these visitors must be invested enough to be willing to divulge personal information. Some banks, for example, will pay Internet affiliates a commission between $20 and $40 each time a referred visitor submits a credit card application. In other words, the threshold for the quality of the traffic must be higher than that of the pay-per-click model. Once again, affiliates often try to attract higher quality traffic by hosting affiliate advertisements on domain names that are closely related to the brand and/or products and services being advertised.

Finally, affiliate programs that operate on pay-per-sale (also known as pay-per-action) agreements pay a commission on each sale generated by an affiliate. This model is the lowest risk to the brand offering the affiliate program and pays out a percentage of sales to the affiliate partner who generated the lead. The commission an affiliate earns is a function of the volume of purchases made on the site. For example, some Internet retailers offer between 5% and 10% in commissions. If a retailer offers a 10% affiliate commission, that’s $10 per $100 order, the typical order size on many of the most popular Internet retailing sites. These big-ticket programs require high quality traffic, which as we have already mentioned, affiliates attempt to generate through the use of domain names that contain the brand which Internet users are seeking and typing into browsers. Rather than presenting Internet users who type these domain names into browsers with links or ads, affiliates have the domain names resolve directly to the brand site that the user is seeking out. Most Internet affiliate programs prohibit enrollees from using trademark-infringing domain names, yet many are doing just that. Today, some cybersquatters are registering domains that contain a trademark or a typographical variation of one and redirecting visitors to the very Web site that they expect to find.

The best way to understand the practice of affiliate fraud is to actually see how it works. One example is a typo of the large US cable operator “Comcast”—COMCASFT.COM—that usually redirects to a Comcast authorized retailer who pays commissions for referrals in the pay-per-action model. The site does not always resolve, possibly to evade detection. Often times, when you enter COMCASFT.COM, you will see it eventually resolves to An Internet user is rewarded with the content they expect and, unless they look to the address bar again, they will not suspect that anything is amiss. Similarly, a brand owner who is reviewing infringements and simply looking at Web site content may not object to the use when they see that the domain redirects to their own content—especially if they are not aware of affiliate fraud or do not realize the extent of the unjust expense to their company.

Figure 2
Figure 23: Resolution of COMCASFT.COM


“cj: 1735985” identifies who should get paid the commission and—you guessed it—that person is the owner of COMCASFT.COM.

According to Comcast’s affiliate program terms, leads like this are worth as much as a $35 commission:

Figure 3
Figure 34: Comcast Affiliate Program Overview

This is many times more than the 50 cents or less that cybersquatters typically receive per click on the PPC sites that we’re all familiar with.

Unlike redirecting infringing domains to a PPC site loaded with ads, this scam delivers a more fluid online experience and a completely expected result to the end user. End users are less likely to recognize this as an infringement and many will simply assume that the legitimate company has done the redirecting. Others may not even realize that a redirection has occurred.

This is one of the things that makes affiliate fraud so appealing—its ability to evade detection. Not only do Internet users fail to realize that they have happened upon an affiliate site, but in-house counsel, brand protection professionals and companies of all kinds also typically fail to detect this use since a resolution check would confirm that the name is going to the “right” content. It is assumed that because the name resolves to the correct content, the company owns the site and is using it properly. Since resolution checks leave in-house counsel and brand protection companies unaware that this site could potentially be a case of affiliate fraud, they find little need to investigate further.

To better understand the scope and implications of affiliate fraud, we took a look at one domain owner’s portfolio as a sample set. Studying the portfolio of this individual, who is known to have engaged in affiliate fraud, allowed us to draw conclusions about the impact of affiliate fraud in the larger domain name space.


One of FairWinds’ clients provided the portfolio of an individual who has registered many infringing domains and has been known to engage in affiliate fraud. This report listed many of the domain names that had been registered by this individual as of November 2008.

From this list, which contained over 6,000 domain names, a random subset of 500 currently registered domains was reviewed to determine where these domains redirected and what content they displayed.


  • 55% of the domains examined resolved to a URL that contained an affiliate ID
  • 3% of the domains examined were parked by the registrar
  • 6% of the domains examined displayed content indicating that the domain was for sale
  • 8% of the domains examined pointed to PPC sites
  • 10% of the domains examined did not resolve to any content
  • 17% of the domains examined pointed to the logical brand site without an affiliate ID


In order to ascertain the overall prevalence of affiliate fraud, FairWinds conducted analysis to determine the number of domains that resolved and contain an affiliate ID versus the number that resolved and did not contain an affiliate ID. FairWinds then segmented out the domains without an affiliate ID to determine what types of Web sites were being hosted.

Figure 4
Figure 4
Figure 4
Figure 5

Figure 5 represents the domain names that did not have an affiliate ID in their URL based on the content found on their Web sites. “Logical brand site” refers to domain names that resolve to Web sites pertaining to that domain name—for example, a domain name that contains a typo of a brand and resolves to a Web site that contains that brand’s content would be classified under this category (Ex. We are as baffled as you are about why an infringer would resolve a domain to the appropriate brand site with no apparent scheme to monetize the use. If a domain name “does not resolve,” this means that the domain name does not resolve to a Web site with any content. Domains that are “parked by a registrar” resolve to Web sites that advertise that registrar’s services and those that fall under the “domains for sale” category resolve to Web sites that offer the option to purchase that domain.

Considering the fact that PPC sites are often thought to be the most popular tool for monetizing sites (a 2008 CADNA study concluded that 87% of cybersquatting domains are used for PPC), it is significant that just 8% of the total number of examined sites pointed to PPC sites while 55% contained an affiliate ID. While we examined the portfolio of a cybersquatter that is known to conduct affiliate fraud, these percentages suggest that affiliate fraud has a significant, and potentially growing, presence as a monetization tool in the domain name space. As mentioned above, affiliate fraud provides a cybersquatter with the opportunity to earn significantly more than they would earn with a PPC site. Let’s again use COMCASFT.COM as our example.

To calculate the revenue that affiliate fraud on COMCASFT.COM can generate for a cybersquatter, we can look at the affiliate fee that the brand offers, the number of visitors the domain name receives per year, and a conservative estimate of how many of those visitors are likely to convert to a sale:

(Affiliate fee) x (2% conversion) x (yearly traffic) = ($35) x (2% conversion) x (560 visitors) = $392.00 per year

To calculate the revenue that this same domain name could generate if it hosted a PPC site, we can just substitute the click fee for the affiliate fee and we would get the following:

(Revenue per click) x (27% conversion) x (traffic)= (0.50) x (27% conversion) x (560 visitors) = $75.60 per year

Affiliate fraud on COMCASFT.COM is generating 5.6 times the revenue that a PPC site would on that same domain name. We can take a look at another name on the list—CARBKONITE.COM—to see the metrics involved in affiliate fraud with Carbonite. The following formulas were calculated using Carbonite’s annual subscription fee of $55.95 for its online backup service.

Affiliate fraud:

(40% of sale) x (2% conversion) x (traffic) = ($22) x (2% conversion) x (245 visitors) = $107.80 per year

PPC Site:

(Revenue per click) x (27% conversion) x (traffic) = (0.50) x (27% conversion) x (245 visitors) = $33.08 per year

The affiliate fraud site on CARBKONITE.COM is bringing in three times the revenue that a PPC site would if it were hosted on that same domain.

Domain names containing infringements of top retailers vary in value. Those containing common misspellings of the brand or an intuitive combination of the brand and its services or products will garner high levels of traffic, sometimes as many as half a million visitors annually; those that contain unlikely typos will receive minimal traffic. If the traffic across all infringements that plague a top retailer is averaged, each domain name gets about 20,000 visitors annually. Considering this same retailer’s average order size ($100) and the average affiliate commission that such a retailer offers (5%), the typical typo infringement will cost the brand $100,000 in annual commission payments. It is important to note that infringements exist in a spectrum; there are usually only a few prime, heavily trafficked domain names among a multitude that receive little (if any) traffic. The online harm that is incurred through infringement is limited to a very small number of domains and a proper domain name enforcement strategy can enable companies to prioritize these infringements according to which are the most harmful and then pursue them where appropriate.


As cybersquatters evolve and adapt to new opportunities for monetization and exploitation, it is important for brand owners to be one step ahead. Knowing that affiliate fraud provides a lucrative opportunity for cybersquatters and that the practice may gain popularity allows brand owners to take proactive steps to protect their brands.

While there are an endless number of domain names that an Internet user can type into their browser bar while seeking content, only those with the most intuitive brand and product/service combinations and the most common typo mistakes typically receive enough traffic to be of value to their owners. As a result, brands don’t have to worry about enforcing all possible infringements—not only is this not feasible from a monetary and time resource perspective, but it is not necessary for the adequate protection of a brand. Identifying the domains that are the most intuitive to Internet users and the most valuable for fraudsters can help prioritize which domains to register or pursue for recovery. Proper prioritization can only be done through an in-depth understanding of consumer behavior; how infringers select domain names and conduct domain abuse; who the top infringers tend to be; and what avenues are available for recourse. In other words, case-by-case domain analysis by seasoned professionals is the only true way to navigate this space. With such a partnership, brand owners are seeing a drastic reduction in the impact of cybersquatting through targeted domain name reclaim actions resulting in improved efficiency and effectiveness.

Addendum: The data for this study was collected in the beginning of this calendar year and, as we all know, the Internet landscape rapidly changes. As a result, the particular domain names in the data set may not resolve to the same content that they did when the study was first conducted.