Companies that fail to register multiple domain names and extensions under their brand can fall victim to cyber-squatters, confuse their customers or open up their customers to Web and e-mail scams from hackers running look-alike sites. They also run the risk of sending sensitive e-mail to unintended recipients, as the Bush-Cheney 04 re-election campaign found out this month.
Organizers of Georgewbush.org, a parody Web site of the authentic Bush-Cheney re-election campaign, recently realized its mail server had received some interesting e-mails from the campaign itself.
Bush-Cheney 04 campaign officials and volunteers who mistakenly typed the .org extension—rather than .com—into the e-mail address header were likely surprised when those e-mails were published on Georgewbush.org. The servers “catch-all” mailbox had accepted the miscues, which clearly pleased the parody site.
Visitors to the parody site got an inside look at how major political campaigns strategize, debate, attack and slide into disarray. Advertising campaign scripts, news releases, arguments on how to report progress and even after-work party plans all made their way to the mailbox.
Georgewbush.org said two e-mails in particular were used in an Oct. 26 investigative report on BBC News into possible campaign misbehavior in Florida.
The mix-up, however, is a sign of the continued fallibility and security risks posed by e-mail. To avoid a similar fate with sensitive corporate e-mail, enterprises first must register all domain names that could be associated with the organization.
“They need to be conscious of the ability of squatters to acquire a corporate asset and possibly misuse that,” said Teney Takahashi, a market analyst with the Radicati Group, based in Palo Alto, Calif. “You have to realize that Web space is just like real estate. Its an asset that must be secured. If not, it can become a liability.”
Thats what happened when Chickenhead Productions beat the Bush campaign in registering the Georgewbush.org domain. Besides the tongue-in-cheek articles, commercials and campaign materials, such as bumper stickers that read “Bush 04: Quagmire Accomplished,” the site eerily—and purposely—mirrors the campaigns official site, Georgewbush.com.
After the Fact
And e-mail scams now rely on look-alike sites and domain names to dupe unsuspecting victims into revealing personal information such as credit card and Social Security numbers, or to deliver malicious code.
Takahashi said young companies in particular often pass up registering additional domains, or they need domains that are already in use. Fortunately, most domain registration sites now automatically give customers the option of registering various extensions.
Domain registry site Register.com, for instance, offers 40 extensions. Takahashi suggests that companies register product names well in advance of release, as Google did with the Gmail.com domain.
But the e-mail conundrum isnt easily solved if companies dont already own the domain.
“In terms of protecting themselves, I dont think businesses can do much outside of trying to reserve domain names,” Takahashi said. “In regards to e-mail, you cant do much after the fact.”
To ward off questions about the authenticity of the e-mails sent to its site, Georgewbush.org provided sample headers that substantiate the source of the e-mails it received.
The site does believe that one e-mail is a hoax. Takahashi matched up the IP addresses of several e-mails and said most are likely legitimate.
“Plus, if someone went through the trouble of faking these e-mails, I would imagine that they would be more interesting,” he said.
One e-mailer expressed concern about possible violations of campaign law regarding county assets. “Many counties are violating the campaign law as I understood it from you,” the e-mailer wrote. “God help us if the Democrats find out.”