How to Handle Parked Domains pmiquel November 22, 2024

How to Handle Parked Domains

What is a Parked Domain?

Many brands are unsure about parked domains with names similar to their own. Some customers approach us about parked domains that could easily be mistaken for theirs and request that we have those domains taken down.

Unfortunately, the process isn’t straightforward. If a domain shows no content, proving that someone uses it for bad purposes becomes hard. It is also difficult to show that the owner has harmful intentions.

Fortunately, there are steps brands can take to reduce the risks posed by parked domains. We have assisted several brands in navigating these complex issues with brand impersonation.

A parked domain, or domain alias, is a registered URL that does not link to a real website or content. Often, such a domain shows a generic registrar page or an error that indicates the site cannot be reached.

While these domains may seem harmless, they can still threaten your brand and impact your customers. Ignoring them is not an option. The good news is that automating the monitoring of these domains is simple and effective. This is a great first step to stay ahead of fraudsters who might exploit them.

The ICANNWiki defines a parked domain as a URL that does not have content. An individual registers a parked domain but does not typically include original digital content. 

Domains may be parked because:

  • The registrant wants to generate revenue by publishing advertising content
  • A website is still in development
  • The registrant wants to reserve a domain for future use
  • The domain name has expired
  • The registrant wants to prevent malicious actors from registering the domain

Often, these benign domains show a generic message from the registrar. You may also see a simple “this site cannot be reached” message when you visit.

Parked Domains

The majority of parked domains remain benign or eventually become legitimate websites. However, in 2020, Emotet, one of the most prevalent malware, used parked domains as a distribution channel. 

Scammers employ domain parking in their fraudulent schemes for several reasons, including:

  • Redirecting to malicious pages/content
  • Eventually publishing malicious content on the domain itself (e.g., a phishing page)
  • Appearing as a legitimate sender of phishing emails

Scammers also use this method to circumvent detection. Some domain monitoring solutions assess newly registered domains for a limited time, eventually discontinuing them from regular scans. As you might imagine, that’s the perfect time for a fraudster to launch a phishing site.

Brands come to us because they see an MX record linked to a parked domain. This domain has a name similar to their brand. It’s reasonable to think that the owner of the parked domain is sending phishing messages. These messages pretend to be from the brand.

A mail exchange record (MX record) is part of the Domain Name System that identifies e-mail servers on the Internet. An MX record defines the host/server that will accept e-mail sent to its associated domain.

A parked domain with an MX record can send an email from that domain for phishing purposes. A parked domain does not always show content. Because of this, it may seem safe to someone who is not experienced.

Brands often ask us about these protocols, and they can easily feel confused about what they can and cannot do. To stop email forgery, use three important protocols. These are Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC).

Unfortunately, SPF, DKIM, and DMARC only help reduce the risk of someone sending fake emails from your domain. They do not prevent someone from sending emails from a different domain, which could be mistaken for yours.

Options for Dealing with Parked Domains

One of the top 25 U.S. banks recently approached Allure Security for help with several parked domains. They believed the domains were a precursor to or actively phishing their customers via email.

Since the parked domains did not publish content, registrars and hosts did not take action against them. They were not breaking any established “rules of the Internet.” And there’s no evidence of malicious intent.

A Uniform Domain Name Dispute Resolution Policy (UDRP) filing requires that the complainant (filer) prove that the owner of the disputed domain is using that domain “in bad faith.” The definition of bad faith describes it as “taking unfair advantage of or otherwise abusing a complainant’s mark.”According to the policy, evidence typically consists of dated screenshots of the offending website. In most parked domains, users cannot find any content to screenshot. This makes gathering evidence difficult.

The UDRP process takes time – at least 60 days in most cases. Every day, that a phishing domain can stay online, the more risk of victims, fraud, and damage to your brand.

Three options are available to the brand owner:

  1. UDRP filing – Look for the contact information of the owner of a parked domain. This can be difficult and is getting more complicated. After finding it, send them a letter.
    • Wait (up to) 20 days for them to respond
    • Wait (at least) another 40 days for arbitration of your case. All the while, you will pay fees to lawyers and arbiters.
    • Risk losing your original case
    • Repeat again. It’s inexpensive for scammers to move on to the next domain again and again.
    • This is not a good approach to potential or active phishing threats. It’s reactive, expensive, and never-ending.
  2. Continual monitoring – Keep a constant eye on any parked domain. If it transitions into a scam, you can take action immediately. This is an imperative aspect of best practice.
  3. Ignore themThis is just a bad idea. You know that ignoring parked domains can have serious consequences.

Responding to Parked Domains

Recap

Despite the challenges and seeming futility of combatting suspicious parked domains, brands can take steps to mitigate the risk. Most importantly, please don’t ignore them. A parked domain may transform into a malicious site at any time. Visibility alone is helpful.

Steps brands can take to respond to problematic parked domains include:

  1. Understand that contacting registrars or hosting providers about a parked domain will not be helpful.
  2. Automate monitoring parked domains with regular frequency. Be ready to take action immediately if/when malicious content is posted
  3. Add the domain to your blocklist for the mailers you control. This only protects employees within your “walled garden” and not customers outside its walls
  4. Make it clear to customers where to send examples of emails so that you can gather evidence – but don’t rely on this.

In short, it is important to keep an eye on suspicious parked domains. They can quickly become a threat to your brand and customers.

Related Articles