The Typo Millionaires

The sordid history of the oldest scam on the Internet—and how to kill it off once and for all.

There’s one Internet scam that’s unavoidable, at least if your typing is as bad as mine. For almost as long as the Web has existed, there’s been a thriving economy of sites, services, and software vying to grab you as soon as your mistype a URL. When I worked at HotBot a decade ago, part of my job was to handle the angry, confused callers who stumbled into the parallel universes of htobot.com and hotbto.com. At a boom-era party in Silicon Valley, I met a woman who’d goosed her income by developing software that took a list of the most-visited Web sites, calculated the most likely typos that surfers would make trying to reach them, and automatically registered those domains if they were available. She then raked it in by serving ads to the accidental tourists who landed on her sites.

Various studies have estimated that 10 percent to 20 percent of all hand-entered URLs are mistyped, adding up to at least 20 million wrong numbers per day. From my own experience that sounds about right—I can spell just fine but I leave out characters, transpose them, or hit the wrong key at least 10 times a day. No wonder wave after wave of entrepreneurs have fought to tap that flow and turn it into cash. And you know what type of entrepreneur. Typo traffic supposedly generated a million bucks a year for John “Cupcake Party” Zuccarini, a Florida man who registered as many as 3,000 typos of popular domains. God bless American entrepreneurs, I say, but Zuccarini made the mistake of serving porn to kids who misspelled sites like cartoonnetwork.com. He was arrested in 2003 for “us[ing] a misleading Web address to draw children to pornography.”

I’d never suggest that steal.com exists solely to grab dyslexic Slate readers, but who are the folks at wwwslate.com kidding? Shoe shoppers who mistype www.zappos.com as wwwzappos.com get pictures of women who are wearing shoes but not much else. Then there are sites like whitehouse.com—right spelling, wrong URL. The site’s owner told the Associated Press last year that he decided to sell his famous porn site because his son was getting old enough to start asking questions. As of right now, the front page hints that “Something big is coming.”

There’s another typo-squatting game that only the big guys can play. In 2001, Microsoft rejiggered Internet Explorer so that if you type in a URL that doesn’t exist, the browser will redirect you to a Microsoft page. The current version says something like, “We can’t find srate.com,” with a tempting search box immediately below it—a blatant ploy to drive traffic to MSN Search. When I finally found the menu in Explorer that lets me pick a different search engine for the site-not-found page, Google is conspicuously excluded—you can’t even add it as a write-in.

Techies rage that this is Microsoft evil incarnate, but at least it’s possible to make Google your default search engine. It’s much worse when a real monopoly tries to grab your traffic with a system you can’t reconfigure. In 2003, VeriSign, the company in charge of .com and .net domain names, added a wildcard entry to their database that matched any domain that wasn’t already registered. Any user who requested a nonexistent domain got a VeriSign page instead, and the company planned to sell links to the correct sites on this landing page. You probably don’t remember the episode, because a day later the geeks who maintain the Net’s domain-name server software released an emergency upgrade that neutered VeriSign’s plans.

Like a germ that keeps mutating, there’s a new typo-grabbing trick out there that’s harder to kill. Paxfire, a Reston, Va., startup headed by former USA Today tech reporter Mark Lewyn, has figured out where to put the intercept system so no one can shut it down—your ISP. If your service provider signs up with Paxfire, requests to nonexistent sites will send you to a Paxfire-powered page full of ads. Don’t like it? Fine, just switch to another ISP—the market will decide! Of course, switching ISPs is more painful than having your typos redirected. My last move took so long I ended up stealing Wi-Fi from the neighbors for weeks. ISPs that serve Paxfire pages will lose some customers, but not most of them. It’s more convenient to bellyache about those damn ads every day than to go without broadband for a week.

So, are we just doomed to suffer one typo traffic scam after another? Only until someone makes a software program that lets me control what to do with my typos. Here’s a simple design spec. First, intercept obvious, punctuation-challenged goofs like wwwslate.com. Second, recognize when a URL isn’t resolved by domain-name servers by detecting when Internet Explorer, Paxfire, or any other known culprit tries to serve a landing page. Third, keep a database of typo-trap URLs like htobot.com. And lastly, I should be able to manually configure the software to handle my habitual mistakes—whenever I type markrobinson.com, give me markrobinson.org instead. It’s so obvious that I’m tempted to download the Firefox source code and take a whack at doing this myself. Too bad the only thing worse than my typing is my programming.