What is OpenDNS? OpenDNS helps you navigate the Internet in a safer, faster, smarter and more reliable way. Our service is free and requires nothing to download. OpenDNS doesn’t replace your existing Internet connection, it just makes it better. Get started.

Let me introduce goggle.com (no link — they are a malware source and a domain typosquatter to boot)!

So what if this happens: My sister Annie (super smart girl) is out surfing the net and she types in or clicks a link for http://www.goggle.com/ — a one-letter typo of http://www.google.com/ (“squatting” on the typo). Easy mistake, could happen to anyone. Unfortunately for Annie she doesn’t get the OpenDNS automatic redirection to google.com or even our search results page[1]. Instead, she is taken to a site, purporting to be an anti-spyware site, which starts to try and destroy her computer and create hours of tech support work for her brother (me). It has popups, automatic downloads and is just generally representative of the lamest parts of the Internet.

Here’s a screenshot:


Right now, even with OpenDNS, my sister still gets to goggle.com — this bothers me. My goal at OpenDNS is to give you choice, not to be a censor. So I don’t want to block goggle.com outright, nor do I want to try and decide what you want. Instead, I want to give you choices. That’s what OpenDNS is: a rock-solid reliable DNS platform with the tools on top to let you manage your network how you want. If you don’t want to manage your DNS, I want our defaults to be the best they can be, which is why I need your input.

I want to know what you think we should do.

  1. Should we silently redirect to google.com?
  2. Should we take you to a page that says: “This site is lame, click here to Google” so you know what’s happening?
  3. Should we just send you off to goggle.com ignoring the consequences?

No matter what we do, we’ll leave the choice in your hands, but I’m curious what our users think the best way to handle cases like this are.

How would you want it to work? How would you want it to work for your sister?

Leave your comments below.

1: Just a sidenote here. While OpenDNS corrects a lot of typos we don’t (yet) correct typos of domains which can legitimately be registered.

Update: Oops, I forgot to mention a thanks to OpenDNS user Danny for emailing in about goggle.com. Thanks Danny! ๐Ÿ™‚

  • Erik Swanson

    Option 2 would be the best, in my opinion.

    It’d be helpful if the gateway could also include a screenshot of the “blocked” page, so that a decision to bypass the “block” would be a little more informed than just “This probably isn’t the page you were looking for.”

  • Ervin J

    You should redirect to a warning page, that would offer the user a choice between continuing to google.com and accessing the unsafe site. Something like this: http://channel9.msdn.com/photos/Block_Page_small_1.png .

    Once you start taking redirect decisions for your users, it’s a slippery slope.

  • I agree with Ervin J – put up a transition page that gives the user an option on where to go (and maybe even keep track of the total times each link is clicked) and the user can decide.

  • Aashish

    Yes. The best way would be
    1. To warn the user that the typo leads to a unsafe site (while giving him the opportunity to continue if he/she wants to) i.e. http://www.goggle.com is unsafe site
    2. Also present the user with the second option (correcting the typo) i.e. were you looking for http://www.google.com

    You can also add your OpenDNS header / footer to the page and even ads like you do on the search page (just don’t overdo it).

  • Personally: redirect silently.
    Safe: redirect to a page explaining the suspicions or facts, and offer links to relevant search terms, the corrected typo link, and the actual link.

  • I agree with Ervin, redirect to an arbitrary page, that would offer a choice, or, since I think that malware should be blocked, I think that goggle should redirect to the search page (with google being the first link [if that is at all possible].

    I dont think that we need sites like goggle plaguing the internet.

    You will do whatever you feel is right, cause that is the power of OpenDNS.

  • Bob Jones

    Option 2.

  • Anyone who has done some kind of tech support before would greatly appreciate a warning page being displayed. It would also be cool if you could have a “Remember this choice” feature that would set a cookie and if the user ever makes the same mistake it will automatically redirect them.

  • I agree with Ervin. A simple page giving the user an option to continue but recommending they don’t. Maybe add a “remember my choice” link so if the user NEEDS (for whatever twisted reason) to use a particular site they can without future nagging. Also, a button to report a mistakenly marked page would be convenient and may help improve the quality of the phishing database.


  • Sal

    these guys are not cybersquatters. Goggle is a dictionary word, a generic term, which they can do whatever they wish to do with it. Unlike Google, these gusy are not in the search industry. There’s zero confusion here.
    Learn or consult with a trademark attorney before blaming someone for something they are not guilty of.

  • BklynKid

    Just fix for us what is obviously a typo.

    Option 1 would be the best IMO.

    I love OpenDNS!

  • In this case, I think that option 3 is the best. Once a user goes to that site, there will be no confuson between this a Google.

    I think that the silent redirection should happen when the the site is attemptiong to trick the user.

  • Sal,

    You’re missing the point. It’s a spyware distribution site setup to catch typos of google. If it were a site about goggles we wouldn’t be having this discussion.

    Just like they have a right to put up spyware (a questionable right at best) my users have the right to choose not to view that crap. They’ve never been given that choice before because DNS has been a black box. Now we’re opening it up a bit and they can decide what they want. Like a firewall, like a spam-filter. It’s the natural course of things on the Internet. Be as open as possible, but keep out what you know to be junk.

    It is the users who are asking for this — I just want to know the best way to let them do this? And don’t worry, our service is a fast and reliable DNS. Everything else is a feature on top. You can choose to not enable it if you want to visit spyware sites; that’s okay too. ๐Ÿ™‚


  • What’s interesting is that there’s a posting on http://blog.washingtonpost.com/securityfix/ today called “Google to Warn of ‘Badware’ Sites” which reads in part:

    “Google said today that it has started warning Web surfers when they click on search results that may lead to sites that try to install spyware or adware on their computers. If you do a Google search for “Asta-Killer,” for example, then click on any of the top links that show up, Google will present you with a page [ http://www.google.ca/interstitial?url=http://asta-killer.com/ ] that says “Warning — the site you are about to visit may harm your computer!” Users are then given the option to continue to the site in question or find out more about the warning at StopBadware.org, By the way, that site does indeed throw a kitchen sink full of junk at your browser, so you’re probably better off heeding the warning.”

  • Option 2 with an option to save a cookie and not show option 2 and do either 1 or 3.

  • BrendanC

    I agree too that there should…

    a) be a choice
    b) be a recommendation that the page you went to is not kosher
    and c) automatically redirect to the page that isn’t malicious after 1 minute

  • Colin M

    Unless you want to be sued, I’d suggest you leave it how it is. What if, for example, new.net (the people that have all those fake TLDs), started having their plugin move real TLDs to fake sites? Not good. Speaking of which, do you guys plan to incorporate new.net domains into OpenDNS?

  • I’m just glad there are people like yourself making a difference and trying to do the right thing.

  • Tom

    I agree that you should do SOMETHING. Silent redirect would be great in this case.. But that would only work with specific case by case incidents. A redirect with a landing page that states the site could be infected or pose a security threat then that would work too. But for goggle.com it would be better to just silently redirect.

  • Block it at first, explain to the user what the website is, and give them a choice to go to Google.com or continue to Goggle.com IMHO ๐Ÿ™‚

    – Josh

  • Anonymous

    Why not do a mixture of # 1 and 2? I think something like this would be slick: Show http://www.google.com inside of a frame and put a thin “information bar” style frame on top that says “goggle.com is a known typo-squatter. However, if you meant to go to goggle.com, click [here]. [close this frame]”.

    Kind of like how google image search works when you click an image search result.

  • Tom

    Option 2.

  • BugSaif

    Option 2

  • I believe in option 3. Even though the user may not want to visit goggle.com very often it doesnt mean the site should be censored off the internet. Such a precident can have a negative effect on the face of the internet. If a major ISP were to adopt that policy it could mean the end of competitive sites with similar wordings, etc. Similar to what Net Neutrality tries to preserve, in a way.

  • drk

    My preference would be a page that said “you have entered a URL that … .. did you mean to type http://www.google.com (or whatever)?

    Pbe be warned that is and is a source of malware and a typosquatter and may cause your computer harm.

    Click here to continue to or to continue to the real site.

    In my mind covert blocking without informing the consumer is nothing more than misdirection and censorship – no matter how well intentioned – and the consumer should always be given the choice of continuing to the site they have chosen – if they want to

    no site should be blocked because of content – no matter how repugnant we find it ourselves – that way lies net-censorship and your favourite site might be next

  • Option 2 methinks, just make sure the links are big and clear and if you can, make it so whacking Enter/Return sends you to Google.

  • Seif

    I think that doing a transition page is the best way to go. I’m glad to see that people are feeling that goggle.com is an outrageous act on a typo.

  • andrewcool

    Is it possible to make it into like a page, where we get a choice of where we want to go.

    That would be the best choice.

  • Pingback: Speed up your internet, quickly. at Carbonite Life()

  • Why can’t you let people decide for themselves
    – If they want to be guided by the hand in the wild and dangerous world of the internet, then they will have to install a program on their computer that guides them.

    An DNS service is (to me) only (and nothing else) than a switch, translating an URL to an IP.
    All other work are to be done on the client computer.

    I don’t need another “Big brother” watching over me.

  • I think you should do option 2. Everyone is happy to not get spyware unless they explicitly go there, and you aren’t censoring the internet from people (playing big brother.)

  • I think a simple redirect to google.com is best. ๐Ÿ™‚

  • I saw this article on digg and have to put in my two cents.

    just redirect it without anyone (besides the B****rds who set up the site) noticing. it’d be the best way to go because nobody wants to have that much s*** on thier computer without thier permission.

  • Rasmus Larsen

    I think a version of the 1st or 2nd solution is best. This gives all the not so tech-savvy users typoing google.com a chance to survive goggle.com (especially if they’re using IE).

  • toph

    The gateway idea def. be informative in it though

  • Brendan McClure

    New option: Have an additional category of redirects from squatter sites that can be disabled from the Preferences menu (not sure what the default should be, still a touchy issue). That way everyone can make their own personal decision.
    [ by the way, just learned of this site from this discussion, linked to on digg. Started using the service a moment ago, quite spiffy! ]

  • I am somewhat of an expert on the mistakes that can be made between Google and goggle. I have been using this user name for about 8 years, long before I had even heard of Google.com. As Google is now my preferred search engine I often ended up at goggle.com due to the fact the word is drummed into my head. I can safely say I have never wanted to go to goggle.com. I have actually gone to the “extreme” step of adding a redirect to my hosts file to fix this problem.

    For all possible typos you should offer the user a transition page. If you automatically redirect users away from any legally registered domain you open yourself up to all the pitfalls other censors faces. Just look at the backlash Google has taken over the China issue. Will you redirect Chinas users onto government preferred sites because the Chinese government tells you the correct domain is considered a typo in their country?

    You should also offer the ability to easily bypass the filtering. You could bypass any filtering by adding a prefix to a URL. This prefix would normally cause a DNS error but, hello, what sort of company are you again? I.E. you could enter “http://goto=www.goggle.com/” to go straight to the website, bypassing the openDNS filtering. “http://redirect=www.goggle.com/” could be used to access the redirection page if you have clicked the remember this choice option in the past.

  • Jona

    Option 1.

  • Stevieo

    I would like to see these guys blocked. I can’t believe they get away with such blatent rip-off. But I’m sure you would ultimately get litigated.

    However, if we, as users agree to terms of service that explicitely state ‘we allow you to exercise discretion and disallow the display of certains sites that you deam as misleading or sources of spyware’, then the issue should never go to court. However, trial system has a bad record of throwing out frivelous litigation and trial judges dont’ really understand the tubes (internet).

    I really don’t want your wonderful service to be hurt by having to battle with the evil folks out there. However, I don’t like the cookie idea because I never allow cookies on my PC.

    I wouldn’t mind you having multiple DNS services, with varrying degrees of domain name filtering. So someone wishing to be prompted (to choose) can have that option.

  • I prefer Aashish solution above: Give us both a warning and a choice

    Thanks for a great service btw!

  • Hugh M


  • I think option one is the best way to go, there is no legit reason for anybody to be going to goggle.com (you want a pair of goggles? yeah right). I wouldn’t mind the redirect, although to be honest i just use the search feature in my browser instead.

  • I totally agree that malware/adaware sites should be shut down with no warning to the owner of the domain or hosting.

    As for goggle.com I’m not sure but I think there’s a rule somewhere stating you must allow users the option whether or not to download thier nonsense. This site just pops up spyware.exe with no prior warning. I’m sure a lot of people have downloaded this after believing their false testimonies.

    NoAdaware. It should be illegal to promote yourself as an anti-spyware company, tricking people, and wrecking innocent user’s computers.

    Go for the kill. I say redirect it straight to google.com. Forget a ‘this site is lame’ splash page before redirection. We don’t want any memory of this spyware company.


  • Nolihc

    I don’t think it is your job to say something is ethical or not, censoring is bad. Redirection from not excisiting domainextensions is the reason for using openDNS.

  • In cases where the domain is mispelled but has been registered I think an intermediary page is the best option to take.

    Thanks for asking!

  • elmimmo

    NOBODY will be wanting to go to gOggle.com voluntarily. I understand that the difference between good censorship and bad censorship is separated by a very blurred line.

    However, in this specific case, do not even bother mentioning the surfer he made a mistake. gOgle does not even deserve that kind of publicity. Just silently redirect them to gOOgle.

  • phated

    A site that read “Did you mean ‘www.google.com’?” – a lร  Google – would work best. IMHO.

  • jay

    How about just using a sandbox for the Web broser to fight these attacks?
    Nobody is going to get rid of typos. Just ask any English teachre (:-)).

    Here is our contribution


    See if goggle.com can hack you with SpyWall protecting you.

  • Definately option 2, BUT, it should explain why the site is bad, and not re-direct automatically. Tell people they are entering things wrong and it could be a bad move. Tell them all about it, then offer a link to both sites. You’d hope that they would read it, understand, and then in future go to the right place first time. You can’t save people from themselves, but you can at least inform those who can be informed!

  • JF

    Option 1 or 2, please

  • Moritz

    just curious: if you redirect the dns entry for goggle.com to a page displaying a warning – how can the user access the goggle.com page if he really wants to? because the A record would still point to your warning page?

  • Choice is always good. Informed choice is better. Most users (I’m thinking of my mom here) want neither, and telling them about malware, etc., will only confuse.

    I understand the implications of just silently redirecting, but in this case, who would want to go to goggle anyway? OpenDNS (the Internet equivalent on neighborhood watch?) has safety listed as a primary concern on its front page: if you guys and the the people who choose to use your service want that safety (like I do), then silently redirect.

  • Linh Dang

    Warning page is good, but should not become the usual

  • Danny

    I vote for option 2 – just use the standard openDNS phishing page, but add a link to google.

    btw – just setup openDNS on my home network tonight, and it’s awesome. Great job guys

  • outsider

    What is OpenDNS?
    Do everybody get it (OpenDNS) automatically?
    I would like to venture into goggle.com but won’t dare – just in case I accidentally clicked more than once and become infected.
    Please tell me, OpenDNS, if it were save to venture into goggle.com?

  • Definately number 2. Choice is good. You can’t just go around deciding what people want and redirecting them, but at the same time most people probably do want google.com. I would invision showing the page at gogle.com but putting a banner across the top of it saying “Did you mean google.com?, Click here”. Similar to what google itself does with a misspelled item.

  • Ben

    i like the idea of an opendns header

  • thoughtcube

    I vote for option #2.

    Something along: “You asked for goggle.com, but you should know that it is a dangerous site that thrives on people reaching it because of typos.

    If you wanted to reach the search engine Google, click here.

    If you want to visit goggle.com despite our warning, click here.”

  • Just do what google does for spelling errors. Display the results, with a little bar on top that says “Did you mean http://www.gooogle.com

  • My personal choice would be for option 2. I would be happy with option 1, but 2 seems the safest.

  • It would also be cool to have a link to a removal tool in the warning page.

  • LJ

    Definitely option 2. I think you’re being very sensible and mature about the whole issue, which is admirable considering the amount of hassle they’ve caused you.

    @Sal, the legality of the domain is not in question. However, it’s very similar to one of the most common websites on the internet, and the vast majority of the traffic on that site will be due to a misspelling.
    In normal cases, you’d leave users to realise their mistake and just correct the typo, but Goggle’s website is obviously filth and attempts to install spyware/adware without asking. A single typo could result in hours of tech issues.

  • Jernej

    just make a hosts entry and redirect to some warning page stored on hdd.

  • Murder death kill!

  • Zufoo

    I would prefer a warning page like Ervin J said.

    The problem with just silently redirecting is that the user may continue to visit google.com by entering goggle.com so if they ever use someone elses computer who doesn’t use OpenDNS or start giving out URL’s to their friends they could be forwarding people to spyware sites without knowing.

  • Dave

    Option 2.

    Two links, one to google.com and one to goggle.com.
    Also something like a 5 second auto redirect to google.com could also be nice.

    But then again Option 1 is also a safe bet.

    Maybe you guys could setup two sets of DNS servers? One set that employs option 1 and another that uses option 2.

  • Pat Villani

    I have to agree with others in that redirect is a bad choice. Someone may have legitimate reasons to go to such a site, i.e., testing malware prevention software, research for an article such as this, etc. The warning page is best, and I suggest tracking hits/choices made and placing links to these statistics on the warning page. It will be fun to watch the effectiveness of the warning page.

  • Jamie Thompson

    Why not make an Iframed page, with a heading like an interestrial al in the iframe saying this iste is blah blah blah…. Click to go to Google Search Engine. Of course in the Iframe load up goggle.

  • Strike one: three pop-ups blocked right off the bat
    Strike two: unrequested prompt to download ‘noadware.exe’
    Strike three: ugly, ugly frameset that apparantly hasn’t been updated since ยฉ2004

    If anyone actually wanted to go here, they’d go to the company’s real site: NoAdware.net (which is also phishy-smelling).

    To me, this is THE classic example. This should be listed as a feature on the front-page. I mean, I set my grandma up with OpenDNS. If Grandma went to goggle.com now, she’d end up crying. Anything that makes Grandma NOT cry is a good idea.

  • Anonymous Coward

    I suggest “2a”. That is, take me directly to google, but put up a frame at the top that says:

    “OpenDNS thinks you probably wanted to go to Google, so we brought you there.
    Click here to remove this frame.

    Click here to really go to Goggle.com.”

    This provides what the user wants without any additional work, and gives the option to do just what was requested.


    I think this would be a good idea where a site could be accidentally typed wrong and the result could be a bad or stupid site. I love OpenDNS and can’t wait to see what is instore for the future!

    Keep up the great work!

  • Hey, that’s why we are using OpenDNS, right.
    If we didn’t want to be protected from that crap,
    we would use our ISP’s DNS settings.
    Still, would prefer option 2, give us the option to continue.
    Love what google is doing for the malware sites, too bad they only use an interstitial for the main link though, and not for the snippet links they put below the main link.

  • J

    I would like the filter page suggested by the other readers to be implemented, I think it allows protection but also freedom of choice.

  • Esrun

    This is ridiculous, it is not your right nor job to even be considering editing any access to sites because you don’t feel they’re appropriate. The bottom line is you cannot police the whole internet so you would be targeting sites unfairly. How you can straight out call this a typo domain squatter I don’t understand! “Goggle” is actually a real word as found in the dictionary.

  • WhizzMan

    Just make sure your sister doesn’t have an open/flawed computer system, if I visit this site using a non-windows computer, nothing bad happens. Don’t try to fix this by blocking a list of thousands of sites that change daily, fix the cause, an unsafe computer.

  • null

    Use different configs for different nameservers. Then each user can choose what kind of “help” they want just by picking the appropriate server for their network config.

  • Terry Rich

    If you are going to have a page saying “This is not the page you were looking for” you DEFINATELY need to get permission from Lucasfilms to have a picture of Obi Wan Kenobi. Oh, and the 2nd option seems the best.

  • I would say option 3.

    People need to be educated, not nursed. We have probably all been infected with spyware at some time or another, but then we’ve learned something from that experience and moved on. It’s terribly irritating but nevertheless I think internet users should educated to take the decision whether to install something from an unknown site.

    The warning is not a bad idea, but there is a problem with that solution, because as soon you start warning people, they will expect to get warned when they stumple upon a dangerous site. By placing warnings a few websites, you might actually approve of the rest in the users eyes. “Hey, i wasn’t warned, how was I to know that it was a bad site?”…

    I vote for solution 3. I believe that even my sister will someday learn not to download malicious software from the internet.

  • Hey.

    I’d block goggle.com.

  • Shawn

    In my opinion you should warn of the dangers and then give the option of what to do next. Save all us from having to sort it out for people who know no better, the poor souls.

    A girl last night told me “I never know what to do so I just click OK or install and hope for the best”, a warning would have saved her PC from spyware/malware a thousand times over. Not to mention the fact that it might actually help to teach these people what to trust.

    Good luck!

  • Yeah, I’d go for option number 2.

    Then people realise that they’ve made a typo, and think ‘whoops – wake up self’.

  • James Olson

    It should be redirected, it’s obviously a trap set for malware to be installed. You’d be protecting people from possibly harmful code being installed on thier computer. What’s the point of an alternative to DNS, if it doesn’t fix some of the flaws the current system has?

  • CptAJ

    You should leave them alone. Its their domain, they can do whatever they please. You’re not “opening” up anything. You’re censoring.

    Stop fu**ing up our internet.

  • David, you already know what a fan I am of OpenDNS. I want OpenDNS to become as effective as possible while making sure it never oversteps any boundaries (as arbitrary as those are at the moment, and you are discovering them very diplomatically and democratically).

    I am reminded of SORBS. For a while I would implement and recommend implementation of its use to anyone administering SMTP servers. There is no question that a dramatic reduction of SPAM will be the result, but the unfortunate by-product is the percentage of false positives. Their de-listing services are far from perfect. If anyone wants to wreak havoc on you, they can just list your IPs as dynamic or report a message as spam – it has happened all too often to mail servers we have maintained.

    We could debate the relative merits of SORBS for a long time, but suffice it to say that I will never recommend its use again because of how it takes control away from the users and in many cases simply gives them absolutely no option at all. I just don’t ever want that to happen to OpenDNS. Keep the users informed, give them options. ๐Ÿ™‚

    Thanks for keeping your dialogue open, guys!

  • amk29j

    What about those bars that IE started using for ActiveX controls and stuff at the top of the browser. Firefox has them too for pop-ups, i think. If someone visits goggle.com goggle.com SHOLD load but the little bar should come down and say “WARNING” and explain the site is bad and then “Did you mean google.com? Click here to redirect” or something like that.

  • Considering all inputs as given, I would stick to option 2.

    The user would therefore be informed that they might not be going to the intended site. After all, Google is the most popular search engine on the Web by a long way and is more likely to get a visit than goggle.com. However, goggle.com does need to be checked by an unbiased third-party who specialises in malware sites and once that is confirmed, the solution can be implemented.

    By using this option, we are protecting user’s best interests while keeping them informed of what is happening.

  • Jake

    I Think that You should just leave it the way it is. However if you contact the webmaster of goggle.com and they are willing to participate in adding a front page to their site, that will redirect to google.com then fine, hopefully they will do this. Adding the site for them, without their permission isn’t fair to them, whether or not their site is worth anything. The people at goggle.com have paid for their domain, and shouldn’t be CENSORED just because we like google.com better.

  • I would silently redirect to google.com ๐Ÿ™‚

  • Ron

    Option 2. Let us be INFORMED users, not a captive of OpenDNS.

  • Peterix

    You should add all three possibilities to http://www.opendns.com/prefs/ ( using some kind of dropdown list or something ) and make the second default.

  • Jordan

    in a perfect world, this site should be disabled.
    however, we are nowhere near that ๐Ÿ™‚

    a DNS hosting service has absolutely no rights to censor bad sites. First of all, if you were to do *anything*, the domain owners would move the domain, thereby doing absolutely nothing; at least I would think that they would.

    Secondly, we are in an interesting position here; mixing two issues; accused “typosquatting” which they are NOT guilty of; and submitting adware, which they ARE guilty of; I think submitting and distributing adware is against some law; I could be wrong though. If in your TOS it says you may not host domains that are distributing or submitting, linking or anything of the sort to adware, then you can terminate their service.

    I am in the domain biz myself; owning a name like goggle.com is completely and undeniably legal; regardless of it’s typo status to google.com. I tend to focus on the more generic stuff though, that has no connection with any such sites. This site seems to be taking advantage of google’s traffic as they are really doing nothing with the name’s inherrent generic purpose (goggle’s) so maybe they would lose in a URDP; though legally they probably should not.

    the people behind this site are bad; but the only thing you can do is maybe terminate their service; you have NO rights to do anything else.

    I wish things were different, but they are not.

    If you were to do anything different you could be sued; ironic, but possible.

    My suggestion would be to pass this information on to google; have them deal with it.

    Good Luck. I’m sorry that my insights could not be more positive with regards to stopping these idiots, but I figured I would just share my honest thoughts. It’s unfortunate that the laws protect people like this but there is only so much that can be done.

  • Make it go to a page that has google in an iframe and a link to goggle outside of it. in white. on a white background. Muhahah

  • jo

    Option 2 definitely. Not your place to redirect links. Also, what if http://goggle.com gets sold / tranferred to a goggle mfr co? You don’t want to keep track of the changes in DNS at that level.

  • Michael Linton

    Good article, I think you should have a warning page detailing goggle and what it does then off the choice to go to google.com or goggle.com some users may actually wish to visit a malware breeding ground

  • Hugh

    Would it be possible to offer the user the choice and then additional choices that can be remembered?

    A series of checkboxes:

    1- Please remember this choice and direct me to google.com automatically in the future for this misspelling
    2- Please remember this choice, and re-direct me for all sites that opendns deems to be typosquatters and/or dangerous in the future
    3- Please send me to http://www.goggle.com and remember this choice- I’ll deal with the consequences

    Maybe some other choices, but those to start with seem like a good idea.

    Good luck!

  • SamE

    #2, please: Allow us the privilage think for ourselves.

  • Brandon

    I agree with option number two.

  • carrickr

    I’m sorry but the entire redirect silently sounds about on par with the Chinese DNS restrictions and stuff like that. I know blocking one malware site is far from censoring the internet, but I dislike the idea of it all the same.

    I would vote for a warning page myself.

    Really though this is not something DNS should be fixing. User education is the only way to stop with the malware. Sure you can save them from goggle.com, but there are still six million other hostile sites out there.

  • Jon Brightwell

    it should be a browser blacklist and not DNS side. However, an extension to firefox that links to a dynamic blacklist is not a bad idea

  • Daza

    I support option 2. If for example you redirected silently, person “A” using OpenDNS would obviously get sent to Google.com . Person “B” using their default DNS would get a different result. When person “B” tries to ask person “A” why, and assuming person “A” does not know they are using OpenDNS, confusion may arrise.

    Plus, it’s always good to know things are working. I feel much better knowing that my anti-virus software has stopped, cleaned or deleted a virus, as opposed to silently solving the issue and not telling me.


  • Carl M

    Either port it to a warning page, or send it to Google.com. Also, contact that owners ISP and report them as hosting a malicious website and get the site removed from the internet.

    I never understood how ISPs let people host that kinda crap on their space. I am a victim of such a site, and had to totally wipe and reload my box once because the virii was so darn bad that I could not get rid of it, period . So I’d like to see these kind of sites GONE!!

    Another thought is that if Net Neutrality passes, and the net really is split, the side of the internet we’ll be left with, will be full of this crap. Best t start fighting against it now.

  • #2 ๐Ÿ™‚

  • tturow

    Provide a warning page.

  • Personally I would have to go with option three. Not because I support goggle.com or anything of the sort, rather I believe that the internet ought to carry zero sensors. The internet is about freedom, and redirecting away from goggle.com (despite how corrupt they may be) takes away the purpose of goggle.com

  • It’s clear that the page has 0 utility for anyone. That being said, obviously you don’t want to prevent the page from being accessed.

    A page that shows a thumbnail of the page, explains what it does, and offers the user the chance to go ahead or the ability to head over to google would be perfect.

  • bMan

    You are on the edge of a slippery slope. Currently the end user is ultimately responsible for whatever he/she types in his URL line, whether it’s Google or Goggle or news or kiddie porn. As soon as you “override” the end user’s decision, even with the best of intentions, you have just exposed yourself to incredible potential liability. The courts have always assumed that whenever a user enters a URL address into their browser, their ISP will take them there “no questions asked”. Now you’ve just tossed that assumption aside. I’m not a lawyer, but if I was — and if I had a client charged with doing something illegal via the internet — you can bet I’d subpoena you to testify in court that your “service” did not invisibly redirect my client’s innocent URL request to something nefarious. Lawyers and the courts have been fairly naive when prosecuting and defending internet -related crimes, but that won’t last forever. And if you start redirecting search requests for any reason, you can expect to see the inside of a lot of courtrooms in the future.

  • I like the idea of combining option 2 with a cookie to remember the choice.
    I’ve helped far too many novice and casual users who have inadvertently been to these look-a-like pages and been infected and would appreciate the reduction in work load ๐Ÿ˜‰

  • I think that Option 2 is the best. Of course – it’d probably also be good to give them a link to direct them to goggle.com – should they really wish. You can have the two options read “Go to Google” or “Open the Can of Worms” ๐Ÿ™‚

  • Alt

    I recommend option 2. Dont let these type of people on the internet.

  • MikeOR

    DNS is not the place to fix this. DNS needs to be neutral. Whilst this site is a real pain, the solution may be to get the registrars to act against bad sites. They are a major source of the pollution on the internet and whilst some of them notably Tucows and Go Daddy are very responsible, there are a few bad actors allowing the spammers and malware artists to run free.

  • bMan

    One more thing — the owners of Goggle.com are obviously trying to force Google.com to buy them out by making their “typo” page as offensive to Google as possible.

  • Chris

    Option 2 is the best. It alerts the person that there is potential problem and then allows them to take the action that they believe is the best.

    I’ve been discussing the pros and cons of using OpenDNS with friends and collegues and we think its great, but we need to see that its actually blocking content, these types of pages would be great in proving that something is happening.

  • RES

    F**k Goggle.com redirect to Google.com

  • James

    Option 1 please

  • Silently redirect. Domain squatters of any kind aren’t really doing the internet any good, and malicious tricks like this need to be stopped.

    I thought the bigger companies like Google and Microsoft started going after squatters like this? I have no idea what’s involved in an operation like that, but it sounds like they could use all the help they can get.

    Silently redirect. Wait – scratch that. Redirect and make a huge deal out of it. After all, this has been dugg; ‘silent’ probably isn’t possible anymore anyway. Redirect, and make a huge deal out of it. Let jerks like this know we’re sick of their tricks and the headaches they cause.

  • I have not had time to read all the commnets on this topic but as I read a few of them a thought came to mind. When is typo not a typo? Allow me to explain.

    My wife and I run a small online business at http://www.serendipity-crafts.com, why the hyphen you might ask. When we decided to start our online store we checked the name availabilty, it was available, but I hesitated for 2 days before purchasing. When I did purchase it was taken. GRRR. Anyways, long story short there are 2 Serendipity Crafts and we coexist. We share cyberspace, redirect potential customers via links and are happy.

    So what would OpenDNS do in my case? Would they decide that the hyphen is a typo and redirect my customers? Or would my customers have to constantly put up with an error page everytime they typed in my address.

    One of the early commenters said that this was a slippery slope…I totally agree. Your actions could impact many indivduals who don’t have the clout of Google.

    Just my 2 cents.


    ps…perhaps OpenDMS could just redirect just http://www.goggle.com and call it a day.

  • Silently redirecting is very bad. I mean, silently redirecting is more of a “hijacking” type thing than “domain squatting” could ever be. That’s censorship. That’s taking control away from the user.

    Either have some sort of warning – ala option 2 – or don’t get involved in deciding what you think users meant to do.

    If you were to do option 2 – you should supply some sort of screenshot of the two websites you are making them choose between. With a frame or some sort of web 2.0 version of an iframe.

  • Bobby

    Option 2 would be best!

  • Grant

    I think its really important that opendns gives people the choice… I think a transition page would be really great.

    You have to address the following points: would you do this for each malware site. What happens if a site has just been hacked? and was hosting malware for more than 3 days. I would also thing that you should let the site know that they are being blocked so if its a case of a hack that they can take action to get rid of the malware.

    I believe in giving users the choice, however informing sites that you are blocking them is just as important. give them the option to clean up / dehack themselves before you institute a block.

  • OrthoPod

    I vote for option 2. It does the right thing for the users without taking control away from them.

  • Trampish

    A page that says, Goggle.com is a harmful website. Did you mean Google.com? Click here or wait while we redirect your browser.

  • RM

    I don’t see how you have any legal right to redirect customers away from goggle.com no matter your feelings on their business model.

    What they are doing is really no different then drug stores making cheaper versions of brand names with similar labels so people are tricked into trusting them, except that goggle.com is not going to a search engine so people don’t get the product they want in the end.

    Putting a warning page up creates a serious detriment to goggle.com’s business for which I believe you are liable and they would be in their right to pursue opendns for damages.

  • Stuart

    My *personal* option would be #3 as I do not like someone deciding what’s best for me!

    However, I wouldn’t mind too much if I was taken to an option page first, and this option would most certainly help out those less “‘net savvy” (like some of the folks I end up providing support to!). You’d need to make the message nice and clear, providing either a screenshot or a description of the sites involved. I wouldn’t bother storing this in a cookie, though…

    Option #1 is a complete no-no – unless you wish to be accused of AOL-style tactics! ๐Ÿ˜‰

    ps. Great service guys!

  • Zaxcom

    I vote for option 2.

    These sound-a-like, typo websites are bad news, one wrong letter and you have a hard drive of garbage.

    In fact with two internet surfing teenagers in my house I have already gone and blocked goggle from my router so I dont end up with trashed PC’s if they mistype when doing a search.

  • Nathan

    Definately something similar to option 2. I still want the choice to go to a site even if it’s a trashy one ๐Ÿ™‚ Or mabye give each user the option of choosing between the 3 different options with 2 being the default. Plus you could put ads on those pages and make more mulah. Good for everyone.

  • John Wells

    Give a choice, asking the user if he or she intended to type Goggle or Google. Explain what each site is in simple and clear terms. If the user clicks on Goggle, show a warning before proceeding.

  • Pingback: Fred’s Journal » Archive » OpenDNS, a Better and Safer DNS Network()

  • #2 with option to remember the choice in the future.

  • owine

    i want my sister to get malware.

  • Option 2

    Should we take you to a page that says: โ€œThis site is lame, click here to Googleโ€ so you know whatโ€™s happening?

  • David K

    Option 1 for me as long as you ask us for each and every site you do this for. Sites like Goggle.com shouldn’t exist and you can do a lot to make them that way.

  • Bog

    Send me to goggle.com. It’s not the job of the name servers to decide how web sites use DNS.

  • A page with a “Click here to return to the intended domain.” and a link a link saying “Did you mean http://www.google.com.” would work just fine. I wouldn’t mind that on several pages – the malware ones most definitely. Maybe even another OpenDNS server can have even more typo correction with a frame at the top that is very small for control (settings and incase you visit a page that was spelled wrong and while the site is legitimate at the top it would still ask “Did you mean”).

  • anonymous

    So what happens when a legitimate person or business buys goggle.com and this whole fiasco is long forgotten? Do they have to go through the hassle of getting their new, real website white-listed on your family friendly DisneyInternet? Option 3. The Internet is not about censorship or making decisions for people.

  • Jeff

    Redirect to Google. Problem solved. This site doesn’t deserve the traffic it gets due to bad typing. It has nothing to do with goggles, and is an opportunistic trap. I would like to be redirected, personally.

  • Chris

    Option 1 or 2 either works.

  • Option 1, redirect silently.

  • Delucious

    Option 2.
    WITH the option to the correct web site or still continue with the typed web site.

  • #2 – informed choice is the best option

  • Gary

    Option 2 with an indication of what percent of the requests are for
    Google.com and goggle.com. This will give the user a good hint if it was typo. The mini page and a choice would also help.

  • Relnah

    Option 2.
    That is, warn me but let me have the final say in where I want to go.

  • You shouldn’t do anything. Despite the fact that the goggle.com owners are a bunch of douchebags, if you start “interfering” with websites through DNS, you will open up a whole new can of worms. When you are re-directing websites through DNS, you could start getting “censorship” allegations thrown your way.

    A better solution to malware sites would be to create a “warning list” of sites (maybe a FireFox extension) that would warn you (via an audible warning plus an alert box) stating that the site is listed under the “black list”.

    Good luck with OpenDNS.

  • Let us know its a dodgy site, provide a link to goggle if we want it and a link to google.com. But make sure that it says why we have been directed to this page!

  • I would show a warning page similar to the phishing filter and then allow the user to decide if they want to continue or go onto the “most similar suitable site”?

  • ricky chiu

    as much as i hate this site and everything it represents, OpenDNS should be neutral, who’s to say that just because billboard.com and billboards.com should be merged just because one sounds like the other and the top music tracking site should take preference just because it is more popular. its a slippery slope.

  • david

    Option 2, but the warning page must be equipped with an obvious feedback mechanism so that both the page owner(s) and users can “vote” for the legitimacy of the page.

    Option 4: provide OpenDNS users with the choice of options 1, 2 or 3?

  • mordes

    I would vote for the 2a option and a cookie to allow or disallow automatic redirecting… mom proof the computer (my grandmother gets it just fine my mom is the luddite in our family)

  • Option 1

    Excellent template.

  • This is a no-brainer .. option 2.

  • Couldn’t you just do:


    OpenDNS as determined the page you are about to enter is unsafe.

    Click here to move to Google.com Search

    Click here to continue to the site you requested.

  • CrazyLiberal

    I’m against any change, no warning not changes. Heres are the primary reasons.

    1. Unexpected behavior. If I really did want to go to goggle.com (or any other site thats handled this way, why should I be adversely effected)

    2. Slippery slope. WHo decides what domains are bad? When does MS get into the frey and claim any non-MS site is bad?

    3. Non-HTTP traffic. What about SMTP? SSH? how do you handle the myriad of ‘other ports? What should have when I send an email to john@gmial.com? I don’t think this idea is fully thought out.

  • Matt BK

    Most desirable is an arbitration page, but then you gotta take it away if goggle.com goes legit.

    2nd most desirable is just send them to goggle.com

    Least desirable by a long way is sending straight to google.com. That’s some creepy chairman mao stuff.

  • Warning page. I wouldn’t bother with a “remember this” option. Once users see the warning once or twice they’ll learn to type it properly.

    A silent redirect would be wrong in my opinion. There are the occasional legitimate reasons to go to harmful sites, such as researching and hopefully fixing the browser flaws that make these sites successful in harming visitors.

    Even Google is now warning users about potentially malicious sites that are clicked on from their search results. Good luck.

  • I think that you’d open yourself up to more chances of being evil than good doing that. Much as I hate squatting, its currently a fact of the internet and teach people to type what they mean everywhere ๐Ÿ˜‰ I’d say leave the DNS associations completely neutral and let the big companies deal with the problems if they become too bad.


  • #3..

    Goggle.com is blantant abuse that is obvious to anyone, but if you censor it, then the result will be that over time, the line for what is “Blantant” will start to move.

    Sooner or later someone is going to block your site because you will be the wacko abusive site (in their opinion).

    Just leave it alone.

    If we all agree that tricking people into unknowingly installing software onto their computers should be the crime and for that there should be a trial and a punishment. Sony and Goggle.com both.

    If you don’t want the “hours of tech support” then you should have put it in your hosts file pointing it to localhost.

  • Tim H

    I support #2 + cookie. Even Google itself does a “Did you mean…” and it’d be good if you did the same thing.

  • Option 2.

    Just make it obvious that it’s not the actual site, and try to inform the user that they haven’t actually gotten to the point where harm from goggle.com has taken place.

    In the OpenDNS response page, add some header comments that indicate the level of threat. I (or someone, maybe you guys) could write an extension for Firefox that would check the response headers for the level of threat, and based on the user preference set in the FF Extension, could choose to be directed without notice for anything 60% bad, etc. If the site exceeds a my user-defined threshold, I am shown the standard OpenDNS “This site is no good, are you sure you want to continue” page. Otherwise, I go on, without notice.

  • CWK

    I say redirect silently. Once the underlying site goes from adsense farming to malware, they go from being a nuisance like a homeless guy sleeping on the bench to a mugger who needs to be jailed.

  • I would go with option number two.

    Create a generic page that clearly marks the page as an offending website, and then give them two links:

    One to go to the proper website (Google.com, in this case) in much bigger text.

    The second to go to the actual website (Goggle.com, in this case) in smaller text.

    This way, users using OpenDNS still get the clear warning, but can continue if for some reason they wanted to go there.

    By making it a generic page, you guys could reuse it for similar future cases.

  • Andrew

    I say don’t fix the typo problem – I really don’t care about handling all domains to big corporations in the interest of saving a ‘free’ internet.

  • Anony

    Option #2 would be superior, what I would want my own family members to experience.

  • Bull Dog

    Option 2.

    Text on that page saying somthing to the effect of: Oops! Did you mean Google.com or did you mean goggle.com (known to contain spyware as of xx/xx/xxxx)?

  • withheld

    Option 2 since this will be applied by some judgement, and that judgement could be wrong.

  • Carl H

    Wow, this is a pretty tough question. At first I go “hell yes, redirect me where I really want to go, this goggle.com site is atrocious.”

    However, what sort of precedent does this create?

  • ThomasB

    Redirect the site, these people are typosquatters and are in it only for the money, they have no morals what so ever, and this is shown by how they are currently using the domain until they can get so many complaints to google that the big G feels it needs to pay what ever insane price these morons are wanting.

    If I walked into a Bank and said my name, which would sound a LOT like yours, tried to take money out of your account, and the teller didn’t notice the one letter different, what would that be?

    Typosquatters are not a crime, *yet*, but they should be.

  • Option number 2, no doubt, because is useful and provides information for noobs.

  • Silently redirect me. Please and thank you.

  • Culvertboy

    Organize a class-action suit for those damaged by malware. When someone intentionally injures another, this is where our system of justice can work well. Sue the bastards. And block them. And be sure OpenDNS users know you do this and list the cases where you do. And if they sue you, countersue and let the fun begin.

  • chilote7

    Option 2 is the best choice. Redirecting directly can’t be an option, but there’s got to be some kind of protection for this sites.

  • dkeav

    i like option 2, but you might also throw in a 5 second automatic redirect to the corrected site, giving the user a 5 second option to go to the typo site if they want, but still keeping it kinda automatic

  • option 2

  • Charles

    What about http://www.hotmale.com... :p

  • #1 would be best and most efficient, but #2 is funny.
    #3 is the only bad choice.

  • MrPeach

    This question actually leads into several areas in which openDNS could be helpful to it’s users. (note: I have only just became aware of openDNS a half hour ago, but have been thinking about these issues for a very long time)

    For all the issues listed below, a redirect page should be used that lists the reason(s) they have been sent here, the option of going on to the site, or possibly the option to go to another more appropriate site.

    1) transient domain protection – you know, those domains that get registered and then cancelled before they have to pay for them. Any domain that has been created in that timeframe should be redirected.

    2) typo pages – you could maintain a list of typo squatters, and redirect them. Offer them the option of going to the “correct” page.

    3) domain squatters in general – these all forward to a small set of IP addresses, there shouldn’t be much difficulty in detecting that the requested page is going to one of these oafs, and redirect them.

    4) Pages/domains known to host malware, spyware, etc – recently google has been used as a tool to locate “fingerprints” of malware, etc. and domains that are hosting these should be redirected.

    Perhaps even add a paid service that isolates “hate” sites, “porno” sites and so forth. These would be meant to catch the most egregious of sites only – not stuff like Boing Boing or Suicidegirls which only occasionally have mild stuff on them. Personally, I just don’t wanna stumble upon pictures of naked chicks or guys d***s while I’m browsing (unless I’m in the mood for that crap that is). ^_^

    I tell you, offering a service like this should make money hand over fist!

    Good luck guys, and I hope your service delivers on it’s promises.

  • Aaron

    Go with option 2 letting the user know they made a mistake and you think they meant what ever and then give them a choice

  • Muerte

    You should actually just send them to google.com, with a small Web 2.0 style bar at the top that asks the user to click the refresh button in the browser, or click on a link in the bar if they’d like to go to goggle.com instead. You should assume it was a mistake, as nobody would want to go to goggle.com unless they wanted to run tests or something.

  • Doug

    I say option 2 – (though message text may be revised) – something more detailed to the user so they identify their own typo and it gives them some education on what WOULD have happened – this MAY help them to be more careful so when they aren’t using open-dns

  • Arkab

    #3 is the only option you can take without sliding down that slippery slope. Once you make a choice for someone, the second or third choice gets easier to justify. Today it’s goggle, tomorrow maybe it’s some political or religious cause you don’t happen to agree with. Even a warning gives you editorial control over other people’s internet experience. Please resist the temptation.

  • r@dix

    Well – I`d work with a couple of lists containing known typesquatters and ‘nasty sites’:
    If a user requests eg. goggle.com, there should be a redirect to a site which says:
    ‘Warning – goggle.com is currently registered as a nasty site. Did you mean google instead?’
    The site should provide links to the requested site (first position) and ‘probably meant’ sites (other positions).
    There should also be some cookie mechanism to skip the check.

    I think that would be be fair for all parties.

  • Brian

    If you run Windows, browse from a virtual PC (free) or don’t let your lil’ sis be admin.

    You can’t rely on a 3rd party to block you from your own stupidity. Eventually you’ll be in a situation without it and, being trained to rely on these training wheels will burn you, or the one time they aren’t aware of a problem site you may have to be the first duped.

    Breaking/modifying your DNS service like this may have major unseen consequences. Changes in the way the internet works like this should be implemented solely on the client side by either a LAN DNS (for a business) or a service running on the clients PC.

    This really needs more R & D. It is a fantastic idea, but needs to be tested by security experts, and network engineers for about a year before I’ll adopt it.

  • Ben

    Definitely option 2. Further, their should be options to just redirect once, or redirectl always, a la Firefox’s handling of SSL certificates that you want accept. A digg style modding of sites that the “do you want to be redirected too…” would be kind of neat.

  • paul

    So where do you draw the line? If you start taking any action for some domain that you disagree with for any reason what’s to stop this from turning OpenDNS into a bunch of filtered DNS entries.

    Are you going to sanitise the entire DNS so you can feel “safe”. Is this going to extend to your morals? Are you going to redirect sites about satan and nazis to http://www.cute.com?

    Personally I would to a blind redirect to google.com, however someone registered that domain name and it seems like a bad idea to start doing things like this.

    The best solution is to take no action. Someone asked to go to goggle.com and you should send them there. PERIOD. This kind of typo check belongs on the client side, ppl need to become more intelligent, even little girls trying to get to google. If anything this is a good leson. You can protect everyone from everything you think is dangerous (which is only your opinion anyway)

    If you are going to do something then give a list of ALL similar domain names to the one they typed.

    What if they were not trying to get to google.com, but another site with a similar name. Only giving a google option seems naive.

    Anyway like is said before, typo filter belongs on the client side or through a 3rd party service, perhaps you should create a OpenCleanDNS? and block all this malware, spyware, porn, etc or call it OpenKidsDNS.

    My point is a DNS server shouldn’t be in the business of filter or providing “choices”. It should be a blind service. If it isn’t going to be a blind an unbiased service then it should be BRANDED as such.

    NotSoOpenDNS anyone?

  • Tom

    Option 2.

    If you did option 1, you’d create a maintenance headache for yourselves… what if someone ends up buying goggle.com and puts up something legitimate there? You should at least give your customers the option of going.

    If you did option 3, you’d be ignoring one of the main benefits of your service over a typical DNS provider.

    If people are afraid of a “slippery slope” they don’t need to use your service. I think if you had a page on your site listing all of the sites you’re blocking for all to see, we could all make up our own minds about your judgement without fearing silent censorship.

  • This is malarkie, trying to protect users from themselves. You are trying to port the police state onto the internet. If you type google.com you should go to google, if you type goggle.com, you should go to goggle.com

    One, its insulting. Your first assumption is your sister is stupid, and needs to be protected from herself. I think she can quickly identify that was not where she wanted to go, if that was the case.

    Two, webcontent is not *dangerous*. A webpage is just that, a webpage, data, information, and pixels on a screen. You need to tell your sister good habits of how to identify malware and avoid it.

    Three, you are setting yourself up as a censor or slanderer, if you put a intermediary page up asking “is this where you really want to go… perhaps you would want to go HERE instead”.

    I hate malware and spyware myself, with a passion, but you can’t do this. If your sister is too young to learn safe browsing, then you need to have her boot off a bootable linux CD distro that is indestructible and which she can surf any site to her hearts content. My own opinion is that kids should not be allowed on the internet until they are in junior high… but should be outside playing, reading books, etc, instead of glued to a computer screen. There is too much real world basic stuff they need to learn, and the internet is a wasteland of media.

  • Tom

    I think option 2 would be the best also. A silent redirect is kind of a bad idea due to the fact that people w/o OpenDNS will continue to go to ‘goggle.com’ while the site/blog owner would never know they linked wrong if they use OpenDNS.

    I think that is the way to go, but definitely a redirect would be best, silent or not.


  • Option 2

  • SheFarted

    Hey, I use the pimptastic theme too!

  • Kevin

    Option 1, I don’t think that this needs to be a blanket policy, but clearly in this case people intended to go to Google, and the concept behind OpenDNS is assisted and safer browsing, so this would assist people. If option 2 was selected, perhaps there is some way to use a cookie to make the change permanent.

  • 1. Make your sister switch to Linux
    2. su -; echo ‘ goggle.com’ >> /etc/hosts
    3. No Worries anymore.

    You can do this in Windows as well…in something like C:WindowsSystemHosts or some crap.

  • Tyler

    I believe that you should either a: redirect it to the proper google site, or b: offer the users a choice but make it very obvious about their typo ie “You misspelled google, click here to goto Google Search or click here to visit goggle.com, an advertising website”

  • Cole

    Option 2 by far. I like that cookie idea, too.

  • Sometimes, you can protect your sister for once, but possibly not forever. Any new computer learner will always have to start from scratch. The only difference between the past MS-DOS users and today’s Windows XP users is that, more viruses are lingering around the planet these days.

  • chesscanoe


  • JimXugle

    I would make a page that gives the User The option of the two pages. Use Screenshots of the pages to make it obvious that goggle.com isn’t google. /My/ Sister could realise which one she wanted…. and she’s not that techno-savvy.

  • kas

    Option 2, for sure. Maybe a message like “Did you want to go to http://www.google.com? The adress you entered is a site which could install harmful programs onto your computer. To continue to go to google.com click here, to continue anyway click here.”

  • Stu

    Option 1. These douchebags are internet criminals.

  • I’m going to have to go with option 2 here. Certainly do not silently redirect, but there should be some kind of alert. Also, include a link to the prefs page so they can turn off the automatic redirection if they want.

  • Alan

    I vote for option 2. Better to let people know what’s going on instead of slyly taking them over.

    Or another way would be to give them the option to never have to see that page in the future and be automatically redirected. That way, they get to choose how the redirection is handled.

  • I vote for option 2 as well, but with the option to “automatically redirect goggle.com typos to google.com from now on”.

  • Pre

    Go with option 2

    The internet is still the modern day wild west

  • Denis

    How about offering both type of services and let everyone choose? You cannot change the DNS protocol, but having 2 different IPs and have people/admins select which one to use.
    On opendns1.com, you get automatic redirection if you mistype. On opendns2.com, you get the warning page. Is that remotely feasible?

    About the warning page, it was suggested to have a “remember my choice” option, which I think maybe better left out. The reason is, people will tend to select that option on their usual computer, then continue doing the same typing mistake. One day they switch to another computer/network that doesn’t use opendns, do the same mistake and lands on a malware site again. Since they got use to no longer pay much attention to the site thanks to that option, it is more likely they’ll get tricked in getting something evil on the computer they are on.

  • Bring up a page with a link to google and a warning of why they shouldn’t continue to goggle.com

  • Redirect silently.

  • โ€œautomatically redirect goggle.com typos to google.com from now onโ€

  • Ricky

    If you could bring up a page instead that says “Oops you typed goggle.com, did you mean google.com? Or click here to go to goggle.com.” That is my suggestion.

  • I like option 2.

    Let the person know *why* you are showing the warning, and give the option. Like some of those before me, I like the idea of a “remember this choice” option as well as a list of sites trated this way (if possible without affecting current service–I’m sure it would be massive).

  • casey

    definitely block it. show a screenshot at most, but i’d rather it just sent me straight to google.com. that’s where people want to go anyway. no one out there is TRYING to get to goggle.com.

  • Mike


  • From reading the comments, I have been dithering back and forth between #2 and #3. I’ll go with #2, since it doesn’t seem drastically different from the services that OpenDNS seems to provide. Especially if the site attempts automatic downloads and other heinous crap that poses a real threat, even to fairly well educated users. I do agree with the slippery slope arguments, though, and would rather see this resolved another manner (i.e. terminating their service on a TOS violation as suggested earlier)

  • I like option #1.

  • Tom

    If you’re going to do DNS, do DNS. If goggle.com is properly registered, then serve their IP, that’s DNS. This case is morally pretty clear-cut – but many won’t be, and there’s no clear place to draw the line. IANAL, but I suspect you open yourself up to liability when you start effectively blocking (or even interfering with) “legitimate” sites, no matter how reprehensible their actions.

    If you want go defang the squatters – good on ya, more power. But do it with a different service that doesn’t claim to be DNS. Super Lucky Fun Name Lookup or something – but not OpenDNS.

  • #2

  • Here is the bottom line everyone… If you dont feel that OpenDNS should police the internet… dont use OPENDNS. Plain and simple… OpenDNS is revolutionizing what DNS actually is… if you dont like the fact that you cant go to goggle.com then dont use it. If goggle is a typo-squatter, then by all means it needs to be shutdown, but since we cant do that, why not going with a WARNING PAGE and give a choice of google or goggle (which is why OpenDNS is so great, it fixes typos).

    People wont willingly going to goggle.com. And if they do, they arent smart enough to be using OpenDNS anyways.

    You people who think that the internet should be left unpoliced are troubling me severely, it is our right to make a choice, but shouldnt we have the most informed choice. And most people wont know goggle.com is a typo-squatter until it is too late.

  • Cactus Joe

    Ummm … all this discussion is about web page content, but since openDNS impacts all DNS data, how would options be given to mail servers and how should a mail server answer on that decision? This is not just about goggle vs google. This will impact all ‘misspellings’ as decided on by the openDNS.

    Although option 2 is noble, I do not think it should be used. I am all for the principle of openDNS, but I am not sure that a name server should “communicate” on the HTTP protocol, since there is no real way that openDNS would know that it IS a web request(, unless of course there was an agent installed on my PC that would report this. I know this is not what happens – no one need get nervous).

    I think that if people subscribe to openDNS, and openDNS says they will use their judgement to ‘protect’ the user, then openDNS should simply translate the goggle request on to google. If one does not want this filtering, one should not use openDNS.

  • IQ70

    Instead of http://www.craigslist.com/

    is a similar problem.

  • Joe Smith

    I say that option #2 is the way to go.

  • Sebhelyesfarku

    Redirect to google.com from the scumbags.

  • Gareth

    In my own opinion you if you wish to do the whole thing correctly
    then just go ahead and make a list of mistypes associated with various
    sites and the malware typo’s.

    Then when someone types in a name on the malware list pop up a
    page that shows all the typo’s in the list for that site. Highlight what
    appears to be the legitimate site with a short descriptor on the contents
    of all the site’s in the list, even the legitimate ones showing.

    An auto redirect defeats the point of helping people learn which is the
    only way that the malware industry will ever be brought under control.
    Sugar coating, aol’ing or other filtering that is invisible will only serve
    to encourage people to stay uninformed and uneducated.

    You will also need a page listing the known active malware site’s that
    can be browsed, heck start a forumn with links to the sites so techies
    can share horror stories of cleaning up there malware.

    Good luck all around though, a good project you have here.

  • David

    option 1

  • for that exact page (goggle.com) you should redirect silently, since you know 100% that it’s an evil page.

    For others like it, take them to a “transition page” that includes a screenshot of both pages (if possible) and lets the user choose which one they want. Maybe say “You typed http://www.whitehouse.com, are you sure you didn’t mean http://www.whitehouse.gov ?”

    To sum it up, if you know for SURE that the page they typed in has NO value other than malware / evil, ‘blacklist’ it , and silently redirect. Else, let them choose.

  • Kevin

    I say block the site, inform them why, but still have the option to continue at their own risk.

  • Pingback: Google Inside » Goggle.com … Some Interesting Results()

  • Option two. Fo shizzle.

  • Option 2

  • Raza A.

    My personal desires for this utopian world I dream of tell me: Go for option 1… Go for option 2…

    Ethically, I beleive, the correct option must be #3.

    I believe that if you make it your policy to protect people from their own mistakes, you will eventually be burdened deeply by your responsibility to that purpose. For example: keeping tabs on every child pornography related website on the internet might become part of your role in dns adminsitration. every phishing site. every hate crime site. every site with objectionable or ambigious worth to the world, and what about a website that has an even more grey purpose? an anti RIAA site? would that be your responsibility to take down? who would make that decision?

    Where would it end?

    This is not your job. Its not what you do. It would be a good thing to do, but the precedent might be larger than this single act, in fact, it almost certainly would be.


  • Ill take door number 2.

  • I did go with Option 2.

  • Taliesin Hoyle

    Provision of choice is not censorship. Inform the user and allow the user to choose. I despise malware but recognise that the web is an open forum in many important respects and that troublesome voices are the health of the forum.

  • WRJ

    The best option is #2 but post a link did you mean: google.com or goggle.com and show a preview image of goggle.com via google.com cache or askjeeves preview.

  • Patrick

    Hi there, i would vote for a warning page if at all possible, however, it would be even nicer if it can remember the choice one made so that if next time someone goes to the site it will not get the warning anymore.

    Why ? If in case the website in question once found ‘dubious’ has changed to a honest person (lets take goggles.com) and does not send out any spyware anymore wouldn’t get the traffic it deserves anymore, and they probably never know that all opendns users will not be able to visit their website!! This would be real bad, as you then are censoring websites which do not deserve to be censored, this should be avoided at all costs!

    This is also what i have against the new way google is going to block websites, what if your new website you just registered is a legit site, but the previous owner was not!

    Its like traveling with a name of a well name terrorist, and being denied access to a country, just because your name is the same. (god knows how many patricks live in this world!)

    Also (and i wrote openDNS about this before) don’t forget to make everything multilingual, English is not the only language on planet earth ๐Ÿ™‚

    Kindest Regards,

  • Option #2, definitely.

  • Jayant

    i say take us to page where we can choose!

    but i dont think i would mind too much if im silently taken to google as long as i can go to all sites that i still want to

  • Gabriel Bauman

    I don’t like the idea of any one company deciding what’s “bad” and what’s “good”, but I see what you’re trying to achieve. The problem is, some domain-name similarities happen by chance. Redirecting people off to ‘what you think they meant to type’ would punish legit sites that are similar in name. I mean, “goggle” and “google” are both legit words.

    So, if you must, give me #2 with the following changes:

    o The warning page should only be shown when the ‘iffy’ domain name is an obvious mis-spelling of a well-established domain. If the iffy domain name is an english word in its own right, you really shouldn’t block the site unless it’s phishing or doing drive-by downloads or something.

    o When shown, the warning page should show which site most other users chose to visit, to help the user make a decision. The warning page should show thumbnails of the sites side by side, so as not to impose visual rank. The idea is to get users to stop and think; don’t highlight one option or they’ll just click it.

    Establish some strict guidelines, avoid labelling anything ‘good’ or ‘bad’, and let your users decide which result matters most to them. That’ll keep me happy anyway.

  • Amos

    Another problem with silently redirecting people would be people that type goggle.com and get google would start thinking it’s an official google page and may try it from another computer that is not protected by OpenDNS. If they get a warning page and link options then that would prevent this.

    Option 2 is my vote. This is what I would want my wife and kids to see if they mistyped google.

  • Larry

    How about a disambiguation page, ala Wikipedia?
    For instance, searching for Castro brings up:

  • Option #2. Why? Three reasons:

    1) Everyone wants google.com; not goggle.com
    2) Users should be made aware of their mistakes; not silently re-directed
    3) Users should be made aware of the wankers that try to take advantage of their typo’s, and should feel motivated to take (positive) action against these squatters.

    Oh, and don’t forget to add goole.ca, goggle.ca, etc. to the list of squatters.


  • Problem, in the context of DNS handling, there are limits to what can be done, so unless combined with a toolbar, the only practical options are the silent ones.

    Redirecting “void” typo’s is no problem, redirecting valid typos, even if most people would not want the alternative, is controversial unless the site is clearly 100% bad.

    Maybe some extended preferences, with the “safe” option being to bring up a “XXX is a frequent mistype of YYY. The site exists but may be considered unsafe”

    And then some way to select (preferably for each occurence), if it will be passed.

  • Joe

    You should take users to a page that says: โ€œThis site is lame, click here to Googleโ€ so users know what is happening.

  • Eric

    What about domains that change ownership or content? Sure, today goggle.com is hosting malware/adware/whathaveyou… but what about in 6 mos when (bear with me, this is hypothetical) Disney buys the domain and uses it to promote their latest movie?

    I guess my preference would be for Option 2 – with a bit of a mod. If you’re going to state that it’s ‘lame’ or whatever, at least put a date of lameness on it. Someone needs to followup at some interval to verify the continued lameness, as well…

    My $0.02…

  • You should definitely redirect, especially if something is a squatter or a known typo. Someone, somewhere, has got to be keeping a list of this type of stuff. Let’s incorporate it and make the world a better place. Oh yeah and ninjas…yeah.

  • Tim Parsons

    Option 2 makes sense for me. I like the idea of a “report misidentified lame site” option, though. Default “dumb user click without thinking” options should fail as safe as possible. “Remember this choice” cookies should probably be avoided, or given a fairly short time to live, because the internet’s not static and nor are the guys in black hats.

    The “DNS should be a black box that does what it says on the label and nothing else” argument is an available choice for everyone anyway. People who /choose/ to use OpenDNS are also choosing a DNS server they know to be external to their ISP, and are making an informed choice, bits on top and all.

  • Fork

    I would go with option 2, giving a choice, some people just like to go there lool.

  • Carol

    Best would be an intermediate page offering the alternate links:
    [1] What you think the user meant (in this case google, the search engine), and
    [2] what the user really typed (in this case goggle, a page 99% of users should not visit).

    This page could be a template, triggered whenever you become aware of a similar squatter. This format would also be familiar to many users, since search engine results often ask (at the top) if you ‘meant to type’ something else. So the first link would be prefaced with: “Did you mean [google.com]?” The second link would be prefaced with: “You typed [goggle.com], which is a site offering downloads which could harm your PC.”

    I would oppose silent redirect, since some (teachers, for example) might intend to get to the site, and turning off your service to get there would be inconvenient — once they realized what was happening. In general, anything of this sort secret or hidden ‘for our own good’ is a bad idea, imo. That way, Microsoft lies….

  • Drew

    Personally I think all three should be options, and you can choose which you want to use from the preferences menu.

    Since I, for one, would like option 1, but I know some people would rather use option 2 or 3.

  • Rob

    Just a little English correction (I couldn’t resist). Please consider using the phrase “try to…” instead of “try and…”. The word “and” connotes one thing and another. The web site was “trying to destroy” her computer, not “trying AND destroying” her computer.

    I don’t know why this is important to me but I just thought I’d share it and, IMHO, make the world a slightly better place.



  • I agree with most post. Option 2 is a great default. But i think that we should have the ability to set in preferances to change it to option 1 under our user prefs.

  • Tim

    Each user should make their own choice as to how they wish to proceed. A first time quick warning or notice is not too intrusive, but let the user decide from that point. Saving and remembering their choices would be pretty nifty.

  • Midge

    Option 4 – nuke the site off the internet for being a security and privacy risk.

    But in all reality, that’s never going to happen. so option 2 would be the logical step.

    OpenDNS – you smart fellers ought to build in a reporting function so other squaters can be reported (and verified) then give users who are browsing to those sites Option 2 as well.

    Option 2 sure beats browsing to number 2… ๐Ÿ˜›

  • David B

    I think you should either block or put up a transition “What do you want to do” page as some users have suggested.

    I agree, if the root servers were doing this sort of thing, I’d have a problem. However, I look at it this way: I very deliberately have chosen to use OpenDNS for protection. I think I’m making a statement that I don’t wish to see those sorts of sites. I, personally, feel as if my home network is better protected by not resolving these domains accurately.

    The ideal scenario, imho, would be an option in preferences: let me choose what level of protection I want. To be totally honest, I would love to see an option blocking most typosquatters as well. In the perfect world, my gateway would never connect to those bottom feeders. I’ll take a 404 to a page served up by those guys anyday.

  • Shaun McDonald

    There are preferences for your domain, on other things, when using OpenDNS. So why not add one for this too. I would like to be able to switch between 1 & 2. Personally, I don’t want 3 (go straight to the domain).

    How would the database be updated?

  • David Clements, jr.

    I would say redirect to a page like noted above and let the users make the choice. Have it store a cookie on what the choice was made.

    Personally I think it is Cybersquatting on google’s property. Of course who would not want that revenue from that cyber fly trap?

    The best action I feel for opendns would be to redirect to a page and tell them that this site appears to not be of legitimate purposes, and may infect your machine.

    If you wish to continue click here (opendns saves the cookie)
    If you wish to go to google.com click here (opendns does not save cookie)

    At the end of the re-direction page I would say “If you routinely clear your cache or cookies you might see this page again, this is normal operation.”

    That’s how I would do it if I was in your shoes.

  • Pingback: Venture Beat Contributors » Why do we pay Internet Bad Guys?()

  • David Lee

    Well here is a idea to solve this problem.

    First let the ip be able to enable or disable this feature

    When enabled it will use a shared database that users are updating
    Allow a database where users could input a misspelled url and input the real url. If more then 10 people input the same thing then it will redirect to the new site if url is misspelled. To prevent abuse of the system as in people redirecting sites to fake sites the arghothm will have to check to see if url a that goes to url b and see url b that goes to url c. The url with the most submitted changed of that will be the correct url and the other result will be ignored unless more people submit that and then made the other not work.

    I hope you are understanding this.

    Another method is to show a page that will say this site might be not what ur looking for and have urls of the correct spelling counted by most dns lookup of the domain name.
    The user will be allow to contuine to the misspelled website by hitting countuine to this site. the page will submit a ip based setting to opendns and then reflesh the page. and let opendns give the new page or another way to save some trouble is just make the site go to like goggle.opendns that will show the page . only problem with this is that some sites uses domain names as part of the url so each page will go back to the parsed page.

  • 1 and 2 would be awesome

  • I vote for option 3, just kick ’em to Google instead ๐Ÿ™‚

  • Gabe

    I vote option 1.

  • Yes please make it an option so we can block crap sites like this…

    Thank You!

  • Chris

    Option 1 or 2.

  • Joe

    Umm wouldnt a website installing malwarewithout your consent be illegal?

  • On my blog there is a video on what happens to your computer (with some dramatic music) if anyone is really interested in the actual process, the permalink is http://forrestquay.wordpress.com/2007/01/21/beware-gogglecom/

  • Chris

    I think that if someone types in or clicks a link to goggle.com they should be taken to a site where it explains what goggle.com is and on the site it should have a link saying click here to continue to goggle.com (not recommended) and another link saying go to google.com (recommended) that would be simple and it would help everyone. I don’t actually see the problem with blocking goggle.com as there is only one use for it and there shouldn’t be anyone who actually wants to go on to it. (to be honest I have felt tempted as I want to know if it is true) so I’d say option 1 or 2, 3 is just irresponsible. I think that everyone should be warned (tv ads internet ads on major sites like google and eBay) and then people will be more careful. Just an idea.

  • Couldn’t OpenDNS provide various DNS choices, or IPs the user could enter, based on the service best for them? I know everyone has different needs and is different. Maybe services based on behavior for option 1, option 2, or option 3, or whatever options become available in the future. I think the decisions should be left up to the user what is best for them, not the government or company. I wouldn’t want a government or company dictating to me or my children what I can or cannot visit. However, on the other hand, as a parent, I wouldn’t want my children accidentally visiting unsafe sites that would risk harming my computer or themselves. Effective tools for such protection should be available for the user and constantly updated as new sites become available or someone bypass the filters that traditional programs aren’t able to reliably prevent 100%. And of course, some browsers do have a place where you can enter restrictive sites through their browser options, not that this is ideal or effective considering thousands of unsafe sites come online daily.

  • Max Nguyen

    I think that option 2 is the best to choose.

  • Alan

    I agree with those posting that OpenDNS is supposed to be a service to translate domain names into IP addresses, nothing more. Having an extra functionality which offers suggestions when the domain name typed is invalid or non-existent is useful, but what you are suggesting is the deliberate substitution of a different “preferred” IP address for a perfectly valid real one. Go down that route and you cease to be a domain name service and become a new type of portal. If that is where you want to go (for example to become “KidSafeDNS”) then fine, but I’ll have to go back to a real DNS. And how do you address the problem of serving IP addresses to non-html traffic?

    Option 3, please.

  • heyllo

    hey goggle doesn’t work I tried it with and without popup blocker =)

  • laconic

    For stuff like this that seems obvious it’s probably a mistake, show a page that asks us if we made a mistake (and tell us the reasons why we would possibly want to block it). also have a checkbox that lets us save our answer if we want. you can then save in a cookie.

  • Pingback: Leif Dalands blogg - IT & Annet » Ikke gรฅ inn pรฅ denne nettsiden!()

  • johnny

    Goggle.com is quite an annoying site but if u have a pop-up blocker it wont do a thing except the couple of minutes/seconds u wasted of ur life. โ˜ป

  • Ryan

    You should Get McAfee, cause i jsut went to that website to see wat would happen and nothing happened, so yeah, thats your safest bet, plus, it prevents other pop-ups and spyware stuff too. Its a really good investment

  • Mike

    I just visited and just popping one pop-up. More dangerous on IE

  • stuart

    i think you should have a page that says that this website is a killer and a lkink to google underneath

  • Omar

    Yes, goggle should be directed to Google.


  • Pingback: Policing the net » JJHalans » halans.com()

  • Jonathan

    I think it should redirect them automatically, but tell them that they made a type-o and that goggle is a dangerous site.