Courtesy of Matt Marshall, I was asked to contribute an article to VentureBeat. You can read my article, “Why do we pay Internet Bad Guys?,” in its entirety over there or below. Matt has some really great stuff on VentureBeat, so go check it out!

Two weeks ago Auren wrote a dead-on post about the Black Hat Tax that really struck a chord with me. I’ve been paying the Tax for five years with my first company, EveryDNS, and for a few months now with my current start-up, OpenDNS. The problem has become much worse in the last few years. Why? Simply put, bad guys are getting paid. Moreover, the Tax is on users as much as its on businesses. Today we see phishing sites, malware and spyware sites growing at an astounding rate.

Consider the example I cite often when discussing the issue with friends: goggle.com (see image below; not providing a link, bad site), the site that might be the most insidious of all typo squatting and malware sites on the Internet. Goggle.com, an obvious typo of google.com, offers an anti-spyware product called SpyBouncer in addition to being filled with pop-up ads (nb: SpyBouncer claims the copyright on the bottom of goggle.com). The website makes a user believe that their computer is currently infected with spyware and that installing SpyBouncer will get rid of it. They say it’s free to try and the program conveniently finds spyware which it will remove for a price, of course.

Symantec and others all claim that this product is a total scam and that it neither detects nor repairs spyware with any accuracy. Thanks to the accidental traffic that lands on goggle.com by unsuspecting users, SpyBouncer has no incentive to make a good product, they can just fool a new batch of users everyday.

Why does a site like goggle.com exist? Because crime pays, but that’s hardly news. Why it doesn’t get shut down by its webhost (DataPipe) is a good question for another time. What I do want to know is… why is SpyBouncer allowed to run Google ads on its Web site (as they do on the top)? Why are these kinds of abusive software programs allowed to purchase AdWords campaigns luring even more users into this trap? Why is Revenue.net paying SpyBouncer to show ads on goggle.com? Why is Google accepting money from fraudulent advertisers which continues the cycle of malware and spyware? This is why users react so negatively to online advertising. It’s not the relevant and unoffensive advertising that they bemoan, it’s the scams and tricks the advertisers and advertising networks spread around the seedier neighborhoods of the Internet.

These kinds of abuse are pretty bad, but what bothers me more is that much of it is being facilitated by companies I respect and admire. People like Ben Edelman have done a lot of research showing the connections between companies like Yahoo and fraudulent advertising practices but that’s not enough. There are so many layers and levels of misdirection that it becomes hard to tell who is paying who and why. As the CEO of a company operating on the Internet, I’m spending money dealing with Internet bad guys who are getting paid to annoy me, my employees and my users. Everyone is wasting their time dealing with this crap while the folks in the money trail keep taking their cut and passing on the buck. When I asked my users what they thought about goggle.com I saw a nearly unanimous response of outrage and frustration. Hundreds of users spoke out on our corporate blog and on sites like Digg.com venting at the absurdity of a site like goggle.com.

It’s time that ad networks cleaned up their act and started being more transparent about fraud and abuse. It’s time security companies started fighting the causes of network abuse and not simply the symptoms. There will always be a Black Hat Tax but right now legitimate companies are making it more expensive. That has to stop.

Cameroon is at it again, wildcarding all of the .cm namespace so they can put advertisements up when you typo .com domains like http://www.google.cm. Since August 9, OpenDNS users have had the option to undo this change and decide how they want it handled. There is an option on our preferences page where you can decide how you want this dealt with for your computer or network.

As a reminder, if you do turn on .cm to .com wildcard filtering, all real .cm domains will still work!. That includes domains like airfrance.cm and others that we listed.

We don’t know why Cameroon (or its operator) is flip-flopping on this one, but I’d encourage you to turn this preference on and leave it on.

Earlier today, Cameroon (or the company acting on their behalf) turned off the wildcarding of non-registered domains within the .cm ccTLD. We’re still learning what’s going on, but at least for the moment, .cm domains resolve as they did before last Friday, August 4, 2006.

The OpenDNS preference introduced yesterday for filtering the .cm wildcarding still works, and will not disrupt any valid domain, whether or not wildcarding is active.

Cameroon, a country on the western coast of Africa recently decided to put a wildcard entry in .cm, their IANA assigned Country-Code Top Level Domain (ccTLD). CNET has a pretty good article covering what they did.

Around the blogosphere people have asked us what we could do to fix it for them. I'm annoyed we have to deal with this, but happy that users are starting to realize that they need the ability to manage their DNS as a part of managing their network. The Cameroonian ccTLD operators (or the business they've outsourced this service to) makes the argument that they are "helping you" find what you're looking for. If they wanted to help you they'd just correct .cm to .com for all domains that didn't exist in the .cm namespace, or do nothing at all.

Some users have asked us how many .cm domains there are and what they might be. We have published a complete list (as of yesterday) of all .cm domains. We've gone through and shown that for such a small ccTLD they've already had quite a few parked domains in their zone. This list is at the bottom of this post. (This data is all public information, don't worry.)

How to act

Decide for yourself how you want .cm to work. With OpenDNS, you have a choice.

• Already using OpenDNS? Head to the Account page.
• Not yet using OpenDNS? Take two minutes and Get Started today.

Mini FAQ

Are you going to show me ads just like the .cm operator does?

No! We're doing this because you shouldn't be punished or distracted because you forgot to type an 'o' when surfing the net. We will seamlessly correct the full URL for you with no ads, popups, or page in the middle. By enabling the feature you know exactly what's going to happen: google.cm is going to take you to google.com.

Will I still get to real .cm domains if I turn on .cm wildcard filtering?

Yes! We will not filter real .cm domains such as www.airfrance.cm and others. It should also be noted we've never filtered any real domains, even with typo correction. The only exception is phishing sites that you've asked us to block.

Will you do this for other wildcarded ccTLDs like .ws, .ph and .cd?

You tell us. We are offering the fix for .cm because our users appreciate that we transparently correct mistyped domains like google.cm to google.com. For other wildcarded ccTLDs, we'll be listening to our users and offering useful choices based on those requests.

What if there are new valid .cm domains? Will those work?

Of course!

What happens if I turn off typo-correction and turn on .cm wildcard filtering?

If you turn off typo correction and turn on .cm wildcard filtering you will get an RCODE=3 DNS response (commonly called NXDOMAIN) as if the wildcard didn't exist. In your browser you'd get the default behavior which is probably either an MSN search page on IE, or a "host not found" page with Firefox.

Again, if you are already using OpenDNS just head to the Account page or take two minutes and Get Started today.

A listing of all .cm domains

Legend

All domains in the Cameroon ccTLD “.cm”

(List accurate as of Tuesday, August 8, 2006)