02 October 2009

Don't Mix and Match Those Domains

Many organisations like to do land grab with domain names by purchasing the same name with different generic top-level domains (e.g. .com, .net, .info), country code top-level domains (e.g. .uk, .es, .fr), and multiple second-level domains (e.g. .co.uk, .org.uk). Then of course there are mis-spellings, similar sounding words, brand names and trademarks.

Well all that leads to complexity, and it's not uncommon for many domains to be aliased to the same site in a way that any of them can be used to access the complete web site.

But it can get especially messy when SSL is enabled on some or all of the site too. Inevitably there end up being certificate warnings. Some organisations should know better. So when I was searching for providers of online and business privacy "seals",

Partial screen capture showing search engine results including SSL links to pages on the www.truste.org domain including https://www.truste.org/pvr.php?page=complaint

I was very surprised to click on the link to an SSL page which was reported as using an invalid certificate.

Partial screen capture showing the browser's warning message about the page's SSL certificate that says 'www.truste.org uses an invalid security certificate' and 'The certificate is only valid for *.truste.com'

Actually the certificate was fine, it just wasn't valid for the .ORG domain. Perhaps they had hoped the wildcard SSL certificate *.trust.com would somehow cater for *.truste.* - no.

Partial screen capture showing the browser's information about the certificate which says 'You are about to override how Firefox identifies this site - Legitimate banks, stores and other public sites will not ask you to do this' and 'Certificate belongs to a different site, which could indicate an identity theft'

Identity theft? Privacy? But apart from these configuration issues, isn't it just very confusing to have many different domains appearing in search engine results? How does this duplicate content affect their search engine ranking? Does it undermine trust in the brand? Should the SSL part of the site be indexed at all? Perhaps. Who makes these decisions? Is it the developers, the person who configured the site or does the business have a viewpoint?

I overheard a (loud) mobile telephone conversation this week in which a marketing manager* was apologising for a problem but they "did not know any of the technicalities". Mmmm, who is accountable? Make it your business to know.

[* Security and technology managers should also understand their organisation's business objectives.]

Posted on: 02 October 2009 at 07:56 hrs

Comments Comments (0) | Permalink | Send Send | Post to Twitter

Comments

Comments are filtered automatically and should appear shortly after they been checked.

Post a comment
Confirm acceptance and understanding of the terms of use
New posts to this thread will be sent to your email address
Don't Mix and Match Those Domains
http://www.clerkendweller.com/2009/10/2/Dont-Mix-and-Match-Those-Domains
ISO/IEC 18004:2006 QR code for http://clerkendweller.com

Page http://www.clerkendweller.com/2009/10/2/Dont-Mix-and-Match-Those-Domains
Requested by 38.107.191.105 on Friday, 10 September 2010 at 17:40 hrs (London date/time)

Please read our terms of use and obtain professional advice before undertaking any actions based on the opinions, suggestions and generic guidance presented here. Your organisation's situation will be unique and all practices and controls need to be assessed with consideration of your own business context.

Terms of use http://www.clerkendweller.com/page/terms
Privacy statement http://www.clerkendweller.com/page/privacy
© 2009-2010 clerkendweller.com