Google has recently announced some changes to their search and prioritisation algorithms, intended to tackle the problem of ‘spammy, low-quality content’ in search results. Of particular interest are the improvements to the process of handling ‘expired domain abuse’ – in particular, the addition of options to their spam reporting tool – in response to the previous practice of infringers purchasing expired domains and posting new spam content.

The reasons for repurposing domains can include taking advantage of the higher level of trust associated with the content previously present on the site, to boost the search ranking of the new material[1]^{,[2],[3],[4],[5]}. This spam content can take a number of forms, including adult or gambling-related material, or blog-style sites promoting third-party content. The use of the practice to promote sites offering the sale of counterfeit goods has also been noted[6]^,[7]. This issue also presents the possibility for increasing the effectiveness of more egregious types of abuse, such as explicit brand impersonation.

As a simple case study into the potential scale of the issue, we have looked at instances of re-registered domains across the .app, .biz and .blog TLDs. These specific extensions were selected due to the fact that they are ‘mid-sized’, popular TLDs[8] with low-cost, low-restriction registration options, which are generally ‘well-trusted’ by general Internet users[9]^,[10], but (paradoxically) also include one example (.app) which has previously been noted as being particularly prone to infringement and abuse[11].

In order to carry out the analysis, we consider the set of those domains which were registered between the 3rd and the 10th June 2024, based on a comparison of zone files. Of these, we then consider the subset which had also previously been actively registered as of Q3 2023 (i.e. instances of re-registrations). The statistics for these are shown in Table 1.

Table 1: Numbers of registered domains (total as of the 10th June 2024), new registrations, and re-registrations for the three TLDs

Of the re-registrations, we then consider those which resolve to live sites (also as of the 10th June 2024). These are associated with a range of content types, including large numbers resolving just to placeholder or error pages, sites featuring pay-per-click (PPC) links, or pages offering the domains for sale. However, for the analysis, we focus on the subset resolving to ‘spammy’ content. This determination is – of course – somewhat subjective, but essentially considers material which appears non-legitimate and/or appears to be unrelated to the name of the domain in question. The ‘hit-rate’ for re-registrations featuring spam content was greatest for .biz (58 identified examples, compared with 5 for .blog, and 4 for .app). It is also worth noting that – particularly for .app – significant numbers of the re-registrations had actually gone dead again by the time of analysis. Many of these featured long, pseudo-random domain names and may be associated with automated registrations used for malicious or infringing purposes[12].

Figure 1 shows four examples of .biz domains featuring ‘spammy’ content (e.g. adult or gambling/gaming-related material or random blog content) which had (according to information from archive.org) previously resolved to live, apparently legitimate content (for companies or organisations for whom the domain name itself has specific relevance). Some of these domains have long histories, going back a decade or more. They are therefore potentially examples of domains which have been re-registered to take advantage of the previous level of trust in the websites, and their consequent boosted search-engine rankings. Furthermore, some have been re-registered multiple times since their original incarnation. It is also worth noting that, amongst the dataset, we see numerous instances of repeated use of similar site templates, suggesting potential serial infringement by particular entities.

Figure 1: Examples of re-registered .biz domains now resolving to ‘spammy’ content

The scale of the issue indicates the potential for subsequent abuse and, perhaps even more concerningly, the misplaced belief that the new material has a definitive link with the previous legitimate content. Brand owners should bear this in mind when allowing domains to lapse – which might take place as part of a domain portfolio rationalisation project.

Overall, the Google reporting tool should be welcomed by brand owners. Alongside mechanisms such as the UDRP to address the underlying domain itself, the reporting tool provides another low-cost way of addressing IP infringement in the web and domain space.

[1] https://blog.google/products/search/google-search-update-march-2024/

[2] https://www.thedomains.com/2024/05/30/google-adds-expired-domains-abuse-to-their-report-spam-tools/

[3] https://www.craigcampbellseo.com/do-expired-domains-still-work/

[4] https://www.seroundtable.com/google-report-spam-tool-adds-options-37479.html

[5] https://web.swipeinsight.app/posts/google-s-spam-tool-now-flags-site-reputation-expired-domains-abuse-6732

[6] https://www.burges-salmon.com/news-and-insight/legal-updates/popular-expired-domain-names-are-being-re-registered-for-the-sale-of-counterfeit-goods

[7] https://euipo.europa.eu/tunnel-web/secure/webdav/guest/document_library/observatory/resources/Research_on_Online_Business_Models_IBM/Research_on_Online_Business_Models_IBM_en.pdf

[8] https://research.domaintools.com/statistics/tld-counts/

[9] https://growthbadger.com/top-level-domains/

[10] https://www.wpbeginner.com/showcase/top-domain-name-extension-list/

[11] https://circleid.com/posts/20230117-the-highest-threat-tlds-part-2

[12] https://www.iamstobbs.com/opinion/the-randomest-domain-names-entropy-as-an-indicator-of-tld-threat-level