What’s in a Name?

Buying domain names of real live people can be manna to the unscrupulous.

Anne Fognano is not a newbie in the online marketing world. She has run a successful affiliate business since 1997. She’s the force behind CleverMoms.com and has registered a raft of variations on the "clever moms" domain name to safeguard her valuable brand. But she never bought the domain for her own name – AnneFognano.com. When someone else did, all hell broke loose.

While domain squatting is as old as the Internet itself, the practice of buying a dot-com name and waiting for someone with a bag of cash to offer to buy it from you has lost some of its cachet – especially since pretty much all the good common names and brand names are taken these days.

However, this hasn’t stopped some folks from getting creative. Many call it "domain extortion," where someone buys your name, sets up a rudimentary Web page of you with dummy copy and then contacts you to sell you services such as Web design, hosting and other services for bloggers. This is what exactly what happened to Fognano.

"Not much I can do about it," she says, "because I don’t have my name trademarked." Since she is not a "public figure" like George Clooney or Paris Hilton, it makes it harder to make a case that her image has been co-opted for monetary gain. The FBI and her local District Attorney’s office in Virginia told her that unless she could prove that someone was looking to profit from her name, they could do little. Besides, they told her, the payout would be so little that it wasn’t worth the authorities’ time.

Domain parking in general is fairly big business, thanks in part to the popularity of PPC programs. Anyone can buy a domain that is either a name someone may type into the address bar or is a misspelling of a brand name (called typosquatting) and put nothing but Yahoo or Google PPC ads on the sites. The ads on these types of sites actually generated $400 million in sales in 2006, according to Susquehanna Financial Group, and looks to hit the $1 billion mark by the end of 2007.

Updated Version of Cybersquatting

In the domain extortion variation, someone grabs a name of a living person who has a blog or is an affiliate marketer for as low as $6 or $8 per name through an inexpensive domain registry such as GoDaddy.com. If the person that bought the domain offers to sell services to the namesake on top of giving them back their name, there’s nothing illegal that’s been done, according to authorities. In addition, the person who registered your name generally gets more than his $8 if you decide to at least take your name back.

In Fognano’s case, she decided to fight back. Going to the popular online forum for affiliates, ABestWeb.com, she posted her dilemma and let the members know that a "blog consultant, John Kitovitsu" of PurchaseMyBlog.com emailed her to show her what using his services would look like and that she could buy the domain from him. ABestWeb members, a large, vocal and tight knit community of savvy online marketers, suggested sending him a "cease and desist" letter to remove the content, which include her image and an article taken from Revenue magazine. They also suggested bringing him up before the Internet Corporation for Assigned Names and Numbers (ICANN) and even paying him a personal visit. ABestWebbers also helped her document all the text and images on the fake site and tracked down the IP address for the hosting company serving up the site. They also determined there was no business active on the Web using the PurchaseMyBlog name.

Not a Crime?

Fognano called the local police, the FBI, her local District Attorney and even the dubious website’s hosting company (in Germany). Since "Kitovitsu" had also set up a WordPress blog page for her without her permission, she got WordPress to pull down the page for violation of their terms of service. Fognano said the FBI pulled the site for her and said it would put an "FBI investigation tag" on the website. "I actually didn’t care that much," she said. "How many people are going to type my name [directly into the address bar]? But only when they use my name and image is it a big deal."

Thus far, the authorities she contacted are not calling this a crime. New York State recently signed a law providing a $1,000 fine per day for violation of people registering domain names of known people purely to sell them their own names for profit. The law goes into effect in early 2008. While it is not known if other states will follow suit, the terms may be just vague enough not to quash the practice entirely.

"It’s almost like they are taking your identity," Fognano says. "It seemed strange that it isn’t a crime."

Domain name registrars say they can only do so much. In 1999, the Ninth Circuit Court of Appeals ruled that registrars, such as Network Solutions, could not be held liable for registering a domain of a "known trademark." Network Solutions – which used to be the exclusive registrars of domain names in the U.S., says it used to purge "domain speculators" from its registry, especially those who registered thousands of domain names at a time. But it adds that most domain names can only be reclaimed if those who registered the names do not pay on time.

After inquiries were made, Fognano heard again from "Kitovitsu." "It’s not our intention to pose as you or use your blog for material gain," the email said. "If you decide to join our network we can have a professionally designed template made to enhance the look and feel of your blog."

"Oh, I see. It was a sales pitch," said a poster on her thread at ABestWeb. Another poster wrote that it sounded like "a scam with a bit of extortion thrown in."

Registrars and Revenue

Now that lower-cost domain name registering companies such as GoDaddy.com have entered the field, the competition for registration fees is much greater. There are hundreds of accredited registrar companies internationally that deal in the more popular .com, .net, .biz, .org, .edu and .mobi top-level domains. A new domain is registered at GoDaddy.com every 1.3 seconds, the company says. That figure comes to 12.8 million domain names every five months, according to Netcraft, up from 7.5 million in a five-month time frame last year.

Selling parked domains is also still big business. Business.com famously sold in 1999 for $7.5 million. Sex.com changed hands last year for a reported $14 million, although some reports said it was more like $11 million. Domain name sales generated $29 million in 2005, according to Zetetic. Some are just in it for the names. NameMedia, for example, apparently has more than 750,000 domain names in its marketplace. Sedo.com also acts as a kind of eBay for the domain space, selling $3 million worth of domain names per month.

"A domain name isn’t something you own, it’s just something you have a right to use," says Elizabeth Beal, director of the Communications Law Centre at Victoria University in Canada. "So it’s not like [a cybersquatter] has been using somebody else’s property."

In this age of security, some companies are enhancing their products and discovering revenue streams in the process. Retail domain name registrar Dotser offers "domain name security" with its NameSafe and TransferLock products. NameSafe restricts actions such as account updates, name server updates, contact name changes, domain account changes and registrar transfers without prior authorization through email. They charge a small annual fee for the service. Its TransferLock prevents domain name transfers without being logged in to your account. This service is free. Dotser itself, however, was named in a typosquatting lawsuit by retailers Neiman Marcus and Bergdorf Goodman a few years ago, saying that Dotster put up ad-filled pages in misspelled domains of the retailer’s name and then only paid to keep the misspelled URLs that were generating any revenue. This is called domain kiting.

Some critics also charge that the extra fee-based services don’t prevent someone from snapping up your domain if the registrar goes bankrupt or registers a taken name by accident or if the registrar deletes your domain through a process error. That’s what happened to Gary Kremen when Network Solutions was conned into giving up his Sex.com domain – a destination that was reportedly earning him $8 million per year. It took him three years to get the name back, but he was pretty much bankrupt by then.

Because of the competition between retail registrars, it isn’t surprising that companies are trying to entice you to add services or register more versions of a domain than you may need. One variation on the hard sell is getting a fax from a "domain name monitoring" organization stating that someone was registering the dot-net version of a dot-com domain name you owned. Saying they were checking on possible trademark conflicts on domains they have registered, the company offers to register the dot-net domain for you instead. Sometimes the materials are marked "final notice" with that day’s date as the deadline.

Lapses and Losses

Members of ABestWeb also suggested Fognano file a complaint with ICANN. You can make a case and request the domain be transferred to you. In most cases, when you register a domain, you are also agreeing to mandatory arbitration. Arbitrations through ICANN can also be far less expensive than litigation, and the judgments through arbitration can be quicker – about 60 days. While ICANN recognizes the need to keep the processes for transferring domain names tight, it is well aware of the chorus of complaints from those hijacked or extorted. "The registrant may lose an established identity and be exposed to extortion by name speculators," ICANN has stated. "Domain hijacking can disrupt or severely impact the business and operations of a registrant."

Generally there is a process by which a domain name can fall back into the unregistered pool to be snatched up by any attentive domain buyer. You register YourName.com on a given date: 1/11/06. The domain expires on 1/11/07. There happens to be a 30-day grace period to allow for renewal of the domain for the standard renewal price (until about 2/11/07). If that date passes, the domain is tagged as in a "redemption grace period," during which time the domain is put in "registrar hold" and then "pending delete" – about 30 to 45 days, depending on the registrar.

ICANN allows the registrar to charge its own fee for renewal from then on, which could go as high as $160. GoDaddy charges $80 and Network Solutions charges $160. If those fees aren’t paid, the domain name is released into the pool to be bought by anyone.
Rich Miller, blogger at DomainWorks.com, says to treat your domain as a brand. Network Solutions agrees – that domains left to expire run the risk of being co-opted by anyone, it says. Miller says that you should register your domain for more than one year. This way it’s actually cheaper to register and you won’t have to remember to do it every year. There are some who say that domains that have been registered and active for a while get better Google page rankings.

Miller also suggests that you should look for the best registrar, not just the cheapest. Look up the reputation of the registrar. You may not see a difference in the features of a registrar who charges $30 versus $9, but you will see a big difference between the $9 and the $5 registrar. He always recommends registering "alternates" of your name in other top-level domains. If you own the .net but not the .com, the .com owner can trademark their name and potentially force you to give yours up. Also, he says, don’t forget to brand your name within the social networks – set up pages in MySpace and other destinations before someone else does.

And whatever brand name you are operating under, always remember to try to buy your own name as a domain. Recently, Fognano decided she would offer "Kitovitsu" $10 to buy her domain from him. She has yet to hear back from him.

Crossing the Line

The roles played by each of the key parties in the affiliate marketing space are very clearly defined. Just like a well-oiled machine, each component has its job to do, each ensuring that the industry as a whole functions, if not in harmony, at least in synergy.

Affiliates should drive value added traffic and consumers to a merchant’s site.

Networks are considered to be the middlemen that track affiliates’ traffic and merchant sales.

Merchants convert that traffic and consumers into sales.

Affiliate managers are there to oil and facilitate the whole process.

Each group enters into relationships with the other parties with the presumption clear boundaries will be maintained. For the most part it works, and each group wants to keep it that way. Affiliates don’t want to see affiliate managers doing their job and merchants don’t want to see networks becoming merchants.

The only potential for crossover is the job of the affiliate manager, as they can exist with the merchant’s organization or within networks or as outsourced program managers. An affiliate manager could certainly boost their personal revenue rather nicely if they started playing all sides of the business,but at the same time they are likely to destroy trust with their affiliate partners.

Trust is the key issue in all of these roles. This complex ecosystem functions because it is based on trust. Trust is not something that people should take lightly or for granted.The presumption of trust exists within each party’s responsibilities, but still, each group needs to earn and continue to foster that trust.

One of the most complex and debated roles in the industry is that of the affiliate network. They are considered to be a trusted third party that is meant to remain neutral and ensure everyone is working in a fair field of play. That’s not an easy task given that there are widely differing opinions on various sides of what constitutes fair play.

Both LinkShare and Commission Junction have previously bought affiliates, and while this has caused concern, it didn’t raise any real alarm bells at the time. And those moves have since faded from the limelight. But let’s face it – many of the larger CPA networks are affiliates that turned into networks,and most still operate as affiliates.

The PepperJam Network has progressed through the affiliate business from merchant,to affiliate, to affiliate managers to affiliate network – presenting them with a serious challenge in how they separate and manage their industry role. The mixed reviews and acceptance PepperJam has received from the affiliate community shows it’s not an easy path to travel. It’s a very difficult journey to take while keeping all constituencies happy. And the larger a company becomes the harder it is to ensure boundaries inside the company are enforced and trust is kept in place.

So it is perplexing when a “Trusted Third Party” network such as LinkShare recently began allowing OneCause, an affiliate, to operate in violation of its’ own terms and conditions, overwriting affiliate codes without a consumer action and targeting direct-to-site traffic from organic search results.

What makes this even more upsetting to the delicate balance of affiliate marketing trust is that OneCause is owned by Rakuten, LinkShare’s parent company.

The industry has long argued whether BHOs (Browser Help Objects) should be part of the affiliate channel and how they should interact with the consumer. That debate continues to rage on. But the real question here is, why is LinkShare (or any network) now operating as an affiliate?

Extensive tests by members of the affiliate community showed that, not only is the LinkShare-owned BHO failing to follow LinkShare’s own Terms and Conditions, but it is also going beyond other BHOs, such as the ones from affiliate eBates, and overwriting affiliate tracking that is meant to be protected by the industry standard afsrc=1 code. This means LinkShare is being credited for commissions that should have gone to its own affiliates. It is wrong on all levels.

LinkShare wrote in its blog that the issues were immediately addressed, but continued testing shows the same results as prior to the fix.

LinkShare isn’t the first to do this, but as the company likes to state, it is a market leader. So, why is one of the three largest U.S. affiliate networks seemingly going out of its way to cannibalize its own affiliate base? In fact, CJ and Google Affiliate Network all cleared OneCause.

Economic conditions are tough in the U.S. market, but it’s hard to believe that business is so bad that networks can’t find other ways to increase revenue rather than undermining affiliates and slicing up their affiliates’ revenue. This is ultimately bad business for the long run because it undermines the basic rules of trust between a network and affiliates.

Merchants need to ask themselves if they want to be working hand-in-hand with networks that are cannibalizing their valuable affiliate sales channels and undermining core affiliate partners. And affiliates must consider if they want to be promoting merchants that allow their traffic to be cannibalized for someone else’s profit. The affiliate business exists because of synergy and trust between all parties. Cannibals have no place in that equation.

Chris Sanderson is the owner of AMWSO.com, an Outsourced Affiliate Management Firm, with an international team of dedicated affiliate managers supporting clients programs on a global basis.

Poaching Prohibited

What’s in a name? According to Shakespeare’s Juliet, not much, but if the name is trademarked it has value worth protecting. Successful companies spend millions developing a brand name and promoting their Web domains online. Some publishers, however, treat others’ trademarks like their personal ATMs by generating commissions through misleading ads.

This practice has become alarmingly present during the past few years and is often referred to by a variety of names: trademark poaching, trademark bidding, domain name poaching and PPC domain name bidding. Kellie Stevens, president of Affiliate-FairPlay.com, says it’s a difficult issue to discuss because the terminology is still not clearly defined or even completely understood.

Some in the industry say it’s actually misleading to call it trademark poaching or trademark bidding. Instead they refer to it as PPC domain name poaching because it’s really a subset of a merchant’s trademark-type words, namely their domain name. Some industry watchers say that using the phrase “trademark poaching” or “trademark bidding” has connotations of it being a legal issue under existing trademark law, but it is really a violation of the terms of services contract between the merchant and the affiliate.

Regardless of the various terminology (which is often used interchangeably), in its most conservative definition, this practice involves a keyword search on a trademarked term or the merchant’s domain name that triggers a pay-per-click ad. The ads use a merchant’s trademark in the copy, and through clever coding, the display URL appears to consumers to be from the merchant.

The way it works is that consumers type an address in places other than the URL bar – such as the desktop Google bar or into their favorite search engine – and are taken to the merchant’s site or an affiliate site via an affiliate link, thus giving an affiliate a commission when none is deserved.

The basis that this commission is unwarranted is the idea that if a consumer types in a merchant’s URL or domain address, it is clear they were seeking that merchant and the affiliate provided no added value in getting the potential buyer to that destination. Therefore, the affiliate should not be compensated.

The origin of today’s trademark poaching problem dates back to 2004, when Google changed its AdWords policy to allow keyword bidding on trademarks and associated Web domains. Cunning individuals began joining affiliate programs and designing PPC ads to appear to come from a well-known merchant. When clicked on, the ad directs the consumer to the trademark owner’s site through a link that inserted the affiliate ID, therefore generating a commission for any resulting purchase. Voilà! No website is required – the ad creates a straight path to easy commissions.

WHY IT’S ATTRACTIVE

Trademark poaching is attractive because of the low barrier to entry. For just the price of a PPC ad, publishers can quickly generate handsome commissions without the usual affiliate administration overhead, and reducing the steps from click to purchase increases the likelihood of a purchase.

One PPC affiliate, who asked not to be named, says there is a “pack of about 30” PPC affiliates that closely monitor the list of new merchants at every network and “crank up campaigns on them all” in order to profit from this behavior.

The anonymous PPC affiliate says “it takes less than four minutes to create a new campaign for a new merchant,” and that this pack of rogue PPC affiliates “don’t read the terms of service” from the merchants and they “don’t care about size – they cover them all.” He says it’s like a competition among this “pack” and that they do this for hundreds of merchants.

“There’s a trickle of others trying it from time to time as well, but the way Google and most search engines work, historical performance and clickthrough rates determine who gets the spots. They’re all competing for the one spot that lands on the merchant’s domain,” the PPC affiliate explains.

He went on to note, “That’s a ton of commissions paid out for almost nothing. If a merchant can easily do this PPC themselves, why pay an affiliate a large percent commission for doing it? It’s the branded traffic the merchant has earned; giving it away to a lazy poaching affiliate is just ignorant.”

Scott Hazard, who runs the website Cooperative- Affiliates.com, says ads that mask their origin in this manner confuse the marketplace and take money away from the merchant and the affiliate channel.

“It’s more of a problem for big brands” with recognizable names, Hazard says, as the popularity of the name as a search term will generate the high volume of traffic needed to create sizable commissions.

However, another school of thought says that although big brand merchants are often targeted more – thus losing more money overall – it’s a problem for merchants of all sizes. In fact, many smaller merchants are less aware of the issue and how to police it, making them easy marks.

While determining exactly how widespread this practice has become is difficult since it’s hard to track throughout the entire industry, a PPC consultant, who asked to remain anonymous, says, that “in some smaller programs I have worked with, as a merchant consultant and/or as a PPC consultant, as much as 40 percent of their registered affiliate sales are coming from this poaching.”

The only penalties for being caught poaching is getting kicked out of an affiliate program and having your commission withheld. That’s a small price to pay compared with the upside of undetected revenue. (See the “Trademark Ads in Legal Limbo” sidebar on page 048″ for details on other potential penalties.) Trademark poaching challenges merchants because as quickly as affiliates are kicked off, others are ready to take their places, according to Hazard.

Hazard launched the website TrademarkPoachers.com in August of 2007 to provide advice and education about the practice. While his site has increased awareness of the problem, “It doesn’t seem to be happening any less,” he says. Some say that they have anecdotal evidence that nearly 50 percent of pay per click is based on trademark poaching.

Chuck Hamrick, an affiliate manager for AffiliateCrew.com, started noticing trademark poaching in mid-2006. He could see that it was impacting overall revenue for some merchants because after he removed the poachers, the affiliate channel earnings went down, while organic and paid search revenue increased by larger amounts. This showed that trademark poaching “was cannibalizing our other efforts,” he says.

In the last two years, Hamrick caught a number of well-known affiliates poaching. He gave them “two strikes and they were out” of the program. If they didn’t take down the offending ads, he would reverse their commissions. “If it happened again, it was not by accident,” he says.

TRACKING THE POACHERS

Still, merchants that do not protect their trademarks from poachers are like retailers that allow customers to walk out with the price tags still on the clothes – if you’re looking the other way, someone will inevitably take advantage of you. Although networks can help with detection, it is the affiliate manager’s responsibility to function as the security guard and prevent these losses.

Fortunately for merchants, tracking this nefarious activity is relatively simple. Reviewing commission reports is one effective method for identifying trademark poachers. High conversion rates or affiliates who rise too quickly in volume of referrals are signs of potential trademark poaching, according to Dave Osman, senior vice president of operations at Commission Junction. “[Trademark policing] is one of the biggest challenges that the affiliate channel has had,” Osman says.

Managers can bid on their trademarks through Google AdWords to see the affiliates that are also bidding as another method of identifying potential poachers. Checking data for the location and time of day where commissions are generated can also help to identify poachers. To head off potential poachers, merchants can specify with AdWords that bidding not be allowed on their trademark or the trademark as part of their domain name.

Google will take down ads from affiliates or competitors that include domain names or URLs if the trademark holder complains, according to the policy stated on the AdWords website. However, Google will not block keyword bidding on trademarks and will not otherwise mediate disagreements over trademark poaching.

THE CASE FOR AND AGAINST

However, there are some merchants that will ask their PPC affiliates to do trademark bidding. AffiliateFairPlay’s Stevens says that there are pros and cons to this tack and merchants that allow it employ the rationale that they would prefer to see their affiliates ranking higher in the search engines than their rivals.

However, these merchants often fall into two categories – those that understand the issue and allow it to happen; and those merchants that are not aware of the implications.

When a merchant understands it and still allows domain name bidding, it’s usually because the affiliate manager can make themselves look good to superiors by showing lots of sales; or the merchant wants to inflate their EPC and sales volume to make their program’s metrics look attractive; or the merchant has made a deal with someone – such as a legitimate consultant – who in exchange for the sweet, low-hanging domain name fruit, obligates themselves to do something else, like pump those margins into deeper product and general keyword PPC on the merchant’s behalf, according to a PPC expert.

For those who don’t completely understand the issue, the reasons to allow it are slightly different: The merchant believes these posted sales are the result of “power” affiliates’ magic and doesn’t understand they’re allowing their brand, via their site name, to be leveraged by someone who does only that; or they have no idea what’s happening and believe these are actually their best affiliates; or someone such as a PPC agency or an outsourced program manager has them hoodwinked into believing this is a good practice.

However, there are instances when this type of bidding can be helpful, according to some PPC experts.

If a merchant has chosen to have coupons, then a search for “merchantname coupons” will be filled with SEO coupon affiliates ready to meet that need in the engine’s natural organic listings. The same principle works for reviews of merchants’ product or services. Most often, consumers seeking reviews don’t want to visit a merchant’s site. Instead, they want a supposedly unbiased view. Therefore, allowing an affiliate to bid on MerchantNameReview.com might be desirable to the merchant.

The Big Decision

One search expert, who asked not to be named, says there are two questions a merchant must ask before making the decision on domain name bidding.

No. 1: Do I allow my affiliates to bid on “MerchantName.com” where they send people directly to MY MERCHANT website and where they earn a commission?

No. 2: Do I allow my affiliates to bid on “MerchantName.com” where they send people directly to THEIR AFFILIATE website and where they earn a commission if someone clicks through to my merchant site from their affiliate site?

Most observers say the answer to the first question, should be – “No way, this is the merchant’s traffic and they earned it. It’s fat with ROI (often a 19x return) and it’s theirs.”

On the second question, the answer is not as clear. Allowing affiliates to do this might keep competitors from squatting on the name with their PPC ads. Search engines could see the merchant’s ads as more relevant because the domain name is the same word as the keyword, meaning that the merchant should be able to still occupy the top search spots with ease.

The Role of the Networks

Networks including Commission Junction offer trademark policing as a value-added service, and specialist companies such as Trademark Tracker and Name Protect can search out poaching ads as part of their broader trademark protection services.

While the industry is in agreement that trademark poaching is unacceptable, there is little consensus on related trademark use by affiliates in their advertising efforts. From keyword bidding on trademarks to the use of trademarks in ad copy, merchants, ad networks and affiliate networks each have their own rules and perspectives on what is permissible, and often those vary depending on individual contractual relationships.

“Ultimately, trademark poaching is in the eye of the beholder,” says CJ’s Osman. “The burden is on [affiliates] to learn each of their [merchants’] rules and to receive permission before incorporating trademarks into their ads.”

Buying a trademark as a keyword in conjunction with other words, such as “iPod and covers” is often allowed or encouraged because search engines do not want to exclude “broad match” terms. With the permission of the trademark owner, trademarks are also permitted as part of the affiliate’s display URL (e.g., www.affiliatesite.com/coupons or /reviews).

Through statistical data and the ability to observe dozens or hundreds of merchants at the same time, the networks have the power to stop this practice, but some think they don’t go far enough in their efforts.

“Good networks will show the referral URLs to the merchant, making it easy to find these poachers if they look, and reverse their orders [don’t pay them] and remove them from their affiliate program for violating the rules,” one PPC expert says.

According to one PPC consultant, who asked not to be named, the networks don’t ban this bogus practice for a variety of reasons – all related to money:

  • Merchants who want to shine their metrics (and show their bosses how well their programs are running) would go to another network.
  • Unscrupulous OPMs (outsourced program managers) would suggest alternative networks for new clients.
  • Unscrupulous OPMs would migrate programs to other networks, and when the reported sales went up, they’d be proven “right” about suggesting the migration.
  • Some merchants would not be able to make deals with their PPC consultants or agencies, and a new network that allowed this practice would be the only alternative.
  • Many less-than-savvy merchants would accuse the network of firing their “best” affiliates.

Because merchants have a right to run their own program, networks don’t and shouldn’t take an all-encompassing stance against it, the PPC consultant says.

Commission Junction’s policy is not to allow the use of trademarks in third-party ads without the express permission of a merchant, according to Osman. The rules that each merchant sets depend on their individual objectives, with some opting to be more flexible in allowing trademark use, he says. “All [merchants] do not view their [affiliates’] use of their trademarks in the same light: They have different marketing needs and therefore make allowances when necessary. For this reason Osman says, “I don’t think consistency [across the industry] is possible.”

Affiliates bidding on a domain name and sending the traffic to their own sites is seen by some but not all in the industry as trademark abuse. “One type of trademark poaching – typo squatting – is the intentional use of a misspelling of the trademarked URL, and is considered trademark infringement by most marketers,” says Osman. In recent years, companies Dell and Lands’ End successfully sued affiliates for generating commissions through typo squatting and direct linking.

Merchants can best protect their trademarks by spelling out what is allowable in their contracts with affiliates and by educating their network partners. Network ShareASale provides a dedicated area for posting banned keywords and text explaining the merchants’ choices, easily available referral URLs marked on every sale so the merchant can see the details, a feedback system for merchants to tag terms-of-service-violating affiliates to others, and other mechanisms making implementation of a merchant’s choices easier and more effective.

“Each merchant has different ideas when it comes to this issue, so our goal is to try to make as much information as possible available to both the affiliates and merchants on our network so that they can run their programs as they wish to run them,” says ShareASale President and CEO Brian Littleton. He encourages merchants to upload their individual agreements as well as a list of prohibited keywords so that all parties are clear on what is allowed.

One observer says that merchants need to ask the networks different questions instead of just asking for advice on whether or not they should allow domain name bidding in their programs. Rather, the merchants should be posing questions to the networks such as: What will the networks do for me? What tools will they give me to support and facilitate my choices on these issues? How will they help me police a decision to disallow it and what repercussions/tools will they give me to stop people who do it and won’t stop?

Domain name poaching is not going away anytime soon, but search experts promoting best practices say that savvy merchants and affiliate managers that educate themselves on the complex issues will realize the practice is a shortsighted path to profits, and ultimately bad for the entire industry.

Ringing IN and Hanging UP

In the old days, a telephone came in two designs and had one ring. With the rise in cell phones, the styles are endless and so are the types of rings you can make the phone chime. There are master tones, ringback tones, polytones, monotones and they all have a price. Users can download them over the Internet and program a ring to sound only when mom or that special someone calls. Users can also send a ring out to someone to let them know who is calling. But they aren’t cheap – as much as three times the cost of one hit single from iTunes. But that hasn’t stopped people from buying the tones in droves.

The music industry loves that users will pay a premium for the 30-second melodies and still come back for more. What the industry doesn’t like is the Florida Attorney General office, which has it in for certain ringtone sellers over the Internet. Whether or not Florida officials can make a civil case for deceptive practices, the damage is done. When sites such as Blinko.com, Jamster.com and DirtyHippo.com are accused of bait-and-switch tactics by offering supposedly free ringtones that are not free, every ringtone seller over the Internet takes notice, as do consumers.

Ringtone affiliates, sites that sell ringtones and networks with ringtone sellers in their lineup are all concerned about the black eye a few misbehavers are leaving on a growing sector of the digital music revolution.

“No reason for one very bad apple to ruin it for everyone,” Steve Richter, president and general counsel for Media Breakaway, says. Media Breakaway owns CPA Empire, a network that was at the center of a ringtone firestorm a few months ago when it was discovered that an affiliate’s website offered free ringtones when, in fact, they were not free (the free tones only came with a paid subscription). CPA Empire noted that within an hour of identifying the affiliate’s website, it was pulled down. “We had no idea that this was running,” says Richter. “We took a pretty severe action against this affiliate. Any of our affiliates that are discovered to violate our terms and conditions, we take action immediately.”

Tarnished Reputation?

Matter closed. Or so it would seem until another online network is targeted. The coverage this issue has received sheds light on the power a few individuals have on the whole reputation of a budding digital music phenomenon and how hard it will be to police the vast reaches of cyberspace.

“It’s a highly competitive market and a burgeoning industry,” says David Haverly, senior executive, Mobile Vertical, at MIVA. “It’s very hard to break through.” He says that, “technically there are no free ringtones. But websites must be clear that to get the free ringtones you must buy a few; say 10 or more.”

That is what caught the attention of the Florida authorities. The alleged bait-and-switch tactics – when a seller never intends to sell consumers the advertised thing so that it can sell them a more expensive other thing – are pretty much illegal in most states. In the case of Florida, its civil investigation means that the upshot will probably not lead to criminal charges for the companies under the microscope, but can lead to accusations of fraud, which means if someone wants to sue the companies, they could have a pretty good case.

“The content provider industry has guidelines to not blur what they are getting,” says Haverly. “Sometimes, in fine print you see that if you sign up, you get the free ones.

Our goal is to give a quality experience. We have to say when an affiliate is not clear.” With a ringtone affiliate reaping as much as $15 for every new customer, the incentive is there to cut corners.

If more investigations in other states are opened, the reputation of all of digital music sales over the Internet could take a beating at a time when the ringtone market is at an all-time-high. Revenues for ringtones have more than doubled year-over- year, says JupiterResearch. Ringtones brought in about $420 million in 2006 and JupiterResearch predicts the pot will grow to $724 million by 2009. In 2005, more than 24 million people downloaded ringtones to their cell phones; that’s about 13 percent of cell phone users, according to eMarketer. IDC predicts that more than 54 million people will download a ringtone by the end of this year.

An Alternative for Record Companies

For the record companies, this is good news in the wake of its falling sales of music CDs since 2000. When Nielsen’s SoundScan launched the tracking of mastertone sales in December of 2006 (mastertones are portions of the original recording, whereas polytones are just the melody played by usually a keyboard. SoundScan has tracked polytones since 2004.), the numbers surpassed the sales of single-track songs, and in many cases at three times the price. When the first polytones numbers arrived in 2004, Geoff Mayfield, director of charts at Billboard, has said he was “floored.” The ARC Group in London has predicted that global sales of ringtones will surpass $5.2 billion in 2008 – that’s more than 10 percent of all digital music sales. Internationally, the numbers are equally big. The Wireless World Forum estimates there will be 28 million Indians under the age of 24 with cell phones by the end of 2007, and nearly 15 million in the U.K. That spending on ringtones comes to $23 million by the end of this year.

Also, with artists and their labels pulling in less from pure CD sales, other means have to be explored – such as ringtones. David Bowie was one of the first to release unique music to subscribers over his Bowie.net network. Some artists are dipping their toes into ringtone-only releases. Snoop Dog releases ringtones on his website, to name just one artist. “[CD] sales are so down and so off that, as a manager, I look at a CD as part of the marketing of an artist, more than as an income stream,” artist manager Jeff Rabhan recently told The Wall Street Journal.

Yet some vocal affiliates continue to be wary of the return ringtones offer. One forum poster stated that “I really don’t trust most of the merchants that offer ringtones; their websites have that spyware feel.” He also stated that he had “recently checked my stats and I had a measly amount, which was less than the meager $10 I made last year.” Other voices on the Internet second that sentiment. “Making money with ringtones has never worked for me,” a forum entry states.

“I’ve tried the high-paying offers; I tried the low-paying offers. I bought ads with PPC through AdWords and AdBrite and still lost money.”

In the short term, affiliates say, the term “free” always gets a higher place in a search engine result and that alone will make it hard to rid the ringtone universe of the “few bad apples.” One affiliate states that “this is actually good for some of the little ringtone affiliate players out there like myself. I always hated complying with the [terms of service] by removing the terms ‘free, no cost,’ etc., from an ad when my competition clearly wasn’t following suit. Makes it a little harder to compete and slims the margins up for a lot of markets.” Another says “all these guys are at the top of search results because their ads get much higher [clickthrough rates] than publishers that are doing the right thing and are staying away from using the word ‘free.'”

Leads from ringtones are also at an all-time high, offering no incentive to “fly by the rules.” Some affiliates in 2006 generated as many as 1 million clicks and 100,000 leads through ringtone keywords. The payout per lead has fluctuated anywhere between $5 and $15 per lead.

The Search Effect

The continued battle for high-ranking ringtone search results has had an impact. Antivirus maker McAfee rates the keywords “ringtone” and “free ringtone” in the top 10 of the most dangerous search terms to use, just after “free screensaver (per chart pg. 62)” and “Kazaa.” Clicking through to sites resulting from these searches is more likely to send the user to questionable sites or install adware or spyware, McAfee states. One of the most popular “scams” is a “free” tone site that checks a terms of service box for you when you enter your phone number. The terms of service state somewhere that you agree to a subscription price to receive the free tones. When users try to uncheck the box, they can’t.

Some ringtone affiliates have said that when they use Yahoo Search Marketing, the titles and descriptions in the ad are sometimes changed to what Yahoo Search Marketing perceives is still an accurate description. The affiliate may bid on the term “free realtone” but submit copy that leaves the “free” out. Then Yahoo Search Marketing will reinsert the “free” since that was in the keywords they bid on. The affiliate doesn’t see the change until it gets served up. In some of these cases, the affiliate will immediately cancel the campaign when they see the mistake. Sometimes, not.

Other questionable techniques include using a ringtone company’s images and logos to build a unique landing page that goes to a completely different destination when consumers go to sign up. Some advertise MP3 ringtones that are, in fact, lesser monotone files.

Ron Czerny, CEO of PlayPhone, has had experiences with bad ringtone affiliates on his network. “We are very active,” he says. “We are constantly monitoring our affiliates. We take action in 24 hours if we find bad apples and we will report them to the carriers.” The cell phone carrier may pull their short code, he says, which means that the connection between the affiliate’s ringtone servers and the customer will be cut off. “This kind of thing happens in all entertainment areas,” says Czerny.

Government Intervention

It happens with piracy in movies and music, he says, adding that the slowdown in ringtone sales in Europe in 2005 and 2006 was because of “bad customer experiences” with fraudulent ringtone sellers. What was done in a lot of European countries was the carriers imposed regulations that sellers were required to meet before they could sell ringtones. Czerny says the market over there has bounced back.

“[Regulation] is not going to happen in the U.S.,” he says, “because companies like ours are taking that right action,” adding that the bigger companies have a stake in making it work. He says that consolidation is playing a role in weeding out the troublemakers. “We will see consolidation in the top 10 businesses,” he says. “A lot of small ringtone companies are using the backbone of larger ringtone companies and are just simply giving up.” He says the larger market will be in China. Brazil and Mexico have proven they have many willing to pay for tones. Innovations, he says, will come in the way people share the ringtones and not in the tones themselves.

As with the online lead generation industry, the perception and the practice need to mirror each other. The top online lead generation firms formed an association last year to help monitor their industry and set guidelines. Currently, ringtone sellers want to keep the market unregulated. “You must have communication with the network,” says MIVA’s Haverly. “We schedule weekly calls with some of the affiliates,” so that the lines of communication are always open. He adds that if a drugstore runs a two-for-one ad for aspirin but you have to pay full price if you want Excedrin, is it a misleading ad? Does the fact that it might be perceived as fraud warrant the government or the cell phone carriers to step in? Who is going to make the judgment call?

PlayPhone’s Czerny says the government will not step in. “It will not come to that.” Richard Jesty, an analyst at ARC Group, states that ringtone sales will also see a slowdown in the U.S., but not because of fraud. “Over time, the novelty will wear off, but not yet.”

Fair Play: Q & A with Kellie Stevens

Kellie Stevens is the president of AffiliateFair-Play.com, which is committed to providing a better understanding and interpretation of the behaviors that impact the affiliate marketing space. Stevens’ goal is to create a fair and competitive marketplace, and she does this by focusing on the actual behaviors – not the technologies – leading to unfair competition and abuse in the marketplace. Her tireless efforts, which started in 2000, have won her the respect and affection of many in the industry as well as the ire of those who are looking to skirt ethical practices. Regardless, Stevens vows to continue her mission to provide the community with resources for striving toward fair practices in affiliate marketing.

Lisa Picarille: What motivates you to find out who is using adware or acting in an unethical manner?

Kellie Stevens: Many of the behaviors I research and document go beyond just ethics. They are behaviors which I strongly feel impact negatively on the affiliate marketing channel as a whole. Affiliates who are automatically redirecting the merchant’s own traffic (both organic and paid traffic) as their own commissionable traffic, devalue the channel overall. Affiliate links showing extensively in adware security companies have deemed that security risks have contributed to blocked affiliate links and tracking cookies flagged as security or privacy risks. This impacts on everyone. Those are just a couple of examples. It’s the overall impact on affiliate marketing, from a business perspective, that is my main motivation.

LP: How did you get started pursuing those exhibiting bad behavior?

KS: Back then there was very little information available. Security companies weren’t researching these adware companies and their software. You couldn’t go to a security site and search their database. Only a few people were even talking about how some affiliates were driving sales and revenue. So I installed a few applications to see for myself. I began talking about what I saw in the community. The day came when I had a couple of applications installed on my computer and I went to my e-commerce site checking on a customer issue. When I got to my shopping cart, I received a pop-up with a blatantly false message encouraging the customer to buy a product from the adware company. That was very personal. I contacted my State Attorney General’s office and found out they knew very little about adware, but they wanted to hear more. I talked with them about six months later and they had a much better understanding; they didn’t like the practices at all but felt there were no existing laws in place to prosecute. Things gradually evolved over time as I continued testing for myself to understand what was going on out on the Internet and reporting back to the community on a somewhat ad hoc basis.

LP: How much of your testing is done without being paid?

KS: When I first started, and for quite some time, it was all done for free. As the demand for the information and my expertise grew, I gradually increased the amount of time I spent doing research and reporting. I’m now doing this full time, so of course it’s not all for free now. I still try to balance my time, providing some amount of information for free because the issues are too important to the industry. I haven’t sat down to put numbers to how much of my activities are devoted to free content and revenue-generating information.

LP: How much is consulting? And do you work with the big networks? If so, how often?

KS: I do private consulting as well as the subscription service through AFP. But again, I haven’t sat down and put numbers to the time (hour-wise) I devote to each area. I know I put in a lot of hours each week because there is always something that needs addressing.

I don’t disclose my clients’ identities for confidential reasons. I will say that over the years I have had contact and dialogues with all the major affiliate networks to varying degrees, whether that contact was paid or otherwise. I always welcome the opportunity to discuss the issues facing the industry, whether I completely agree with the points of view or not. I have always appreciated when the networks have approached me asking, “Kellie, what do you think about”?” Dialogue is extremely important if constructive change is to happen in the industry.

LP: Why do you think that there are individuals like yourself who pursue adware folks, but that there are no formal entities to police these rogue behaviors?

KS: There are probably many reasons. The idea of some type of formal entity has been brought up several times. It’s something I’ve had requested of me on numerous occasions. In fact, I am continuously educating people that AFP doesn’t do any type of “certification.” The largest stumbling block to having some type of formal entity is probably the fact that as an industry we have yet to come to a universally (or close to universal) accepted agreement as to what behaviors are and are not acceptable. You have to define what you will be policing before you can police.

LP: You are performing a very valuable service for the industry, yet you seem to maintain a low profile. Why?

KS: I don’t think I maintain a particularly low profile. I am out and about in the community. I don’t use my research findings to just sensationalize and garner PR for myself. I think the information is too important to dilute with such tactics. And doing so marginalizes my ability to bring about change towards more fair business practices in the industry.

I have found that I have been more able to achieve change by working quietly “behind the scenes” when it comes to specific issues/incidents at times. My ultimate goal has always been, and remains: changes in certain policies and practices in the industry.

I am focusing more of my energies in 2007 towards educating the community on issues related to adware, so in that sense people will probably be “seeing” more of me.

LP: Are you ever worried that these adware firms will retaliate against you?

KS: Anyone doing this kind of work should be cognizant of such possibilities. I have spent quite a bit of time over the years cultivating the way I both approach my work and present the information to minimize those types of risks. Ultimately, I want to be spending my time doing my research and providing information to the community, not dealing with retaliation tactics, legal or otherwise.

LP: And how do you protect yourself from this potential pitfall?

KS: I try to use common sense along those lines. That means being able to support what I report and staying clear of approaching matters in a way that is viewed as just being inflammatory. My goal is to be able to provide people with objective data and information from my research. So far, this approach has served me well.

LP: What’s the best part of doing your job?

KS: I probably have to say, when I see positive change happen. When I see a merchant or network change their policies or implement internal mechanisms to better catch bad behavior. When I have an affiliate come back and tell me their conversions (and revenue) have significantly increased after they took action on information I provided them. Or when a merchant tells me they are showing higher growth and ROI/ROAS in their affiliate channel based on the information they received from me. At the end of the day, that’s what it is all really about and makes the hours in front of the test computer worthwhile.

LP: What’s the worst part?

KS: I don’t know if I would call them the worst part, but there are some things that I find frustrating.

I find there is still quite a bit of misinformation and old information out there. I see people making [what appears to be] business decisions based on the inaccurate information.

I become very frustrated whenever I hear people say, “I don’t like the practices, but there’s not anything I can do about it and it’s just a cost of doing business.” In my honest opinion, that kind of apathy just encourages the bad behavior. There are many things that could be done within our industry to combat the bad behavior. It’s a matter of being committed to doing what can be done. And to say it’s the cost of doing business is devaluing the affiliate channel.

I really become frustrated when I see companies using anti-parasite policies, compliance and fraud detection as primarily PR spin to market their business, when in reality they are eyeball-deep in the relationships. People shouldn’t believe everything they read, but rather, engage in due diligence in understanding the business models/practices of those they partner with.

LP: What’s the most misunderstood element of dealing with adware?

KS: That could probably be a full article by itself; there are so many. One is that it is easy to monitor all of the potential bad behavior out there. It isn’t by a long shot. Could the industry as a whole be doing better? Yes, but that doesn’t make it an easy task. I remember catching wind of a particular application that I wanted to test. It took me two years to finally track down a copy of the software to test. When I did, they were using quite a few techniques to hide the fact from networks and merchants that adware was involved. Programming has become much more sophisticated, allowing adware to “hide” itself more easily from the end user (that it is even installed). And distribution methods have become more stealthy and sneaky as well.

A more global, or big picture understanding of how adware is operating within online advertising as a whole is still not fully understood by many, nor are all the different ways it can impact upon online businesses and affiliate marketing in particular.

There are still many misconceptions about the very basics of how adware functions. I still hear people talking about adware replacing their affiliate links on their websites, and their implementing programming on their site to prevent this. But the majority of adware does not even do that. In fact, some of the “protective coding” they implement could actually put their traffic at higher risk for interception by certain types of adware.

LP:What percentage of commissions do you estimate are lost to the bad behavior of adware?

KS: Lost to who? Affiliates, merchants or networks? All three happen now. There are also many ways a commission can be “lost.” Some of those ways are very blatant and obvious, like the automatic overwriting of an affiliate link by adware. Other ways are less obvious, like lost traffic or redirection into another advertising channel.

I don’t think anyone knows the exact dollar amounts, in truth. I’ve heard speculation of anywhere from 5 percent to over 40 percent of revenue in the affiliate channel attributed to adware. I’ve seen reports which put total revenue for adware, which included all advertising channels and other means adware companies have of generating revenue, at anywhere from $2 billion to $20 billion a year.

The problem with coming up with hard data along these lines is knowing all the adware players and those using adware [i.e., third-party ad buys]. Security companies face an ongoing battle detecting adware applications on the end user’s computer. Most adware companies are privately held, so their financial information is not public knowledge. Others operate outside of the U.S. When you start factoring in very rogue players and the world of botnets, the picture becomes extremely cloudy.

I think most agree that there is a significant amount of online advertising dollars that end up flowing through adware coffers.

LP: What is the future of adware? Will it ever be wiped out?

KS: Adware is here to stay. You don’t put the technology genie back into the bottle. As with all things related to the Internet, what we will see is the way in which adware is behaving and playing on the Internet. This has been the case so far as well.

LP: Who should be responsible to help in this fight? The government? Merchants? The networks?

KS: I think everyone is responsible to varying degrees and in different ways: affiliates, merchants, networks, consumers, regulators and adware companies themselves. Whenever there is a lot of money up for grabs, as there is in online advertising, there will always be people out there who are willing to use unscrupulous tactics to get their hands on some of the dollars. It’s unfortunate that adware has become synonymous with such tactics. My dream is to see the industry become more proactive on addressing the issues surrounding adware and being less reactive primarily when the stuff starts hitting the fan.

Marketing Muscle

Over the years stories about intimidation and goons knocking on the doors of various affiliates and search marketers have circulated at industry events. Some of these scary accounts have taken on a life of their own – much like a game of telephone where fact and fiction are often intertwined as the stories are told over and over again.

The victims claim to have seen a variety of intimidation tactics including death threats issued over the phone, visits at their homes from large, scary-looking men, threats involving physical harm, character assignation campaigns, general bullying and harassment, as well as cyber attacks on their websites and ultimately their livelihoods.

Most of the victims say the perpetrators of this behavior are typically overzealous business rivals or companies they spoke out against that are seeking to silence them.

Retelling of these accounts is often reserved for late-night, alcohol-fueled chats at a bar with colleagues at trade shows and conferences. But trying to get the sober details is much harder. It’s difficult to confirm and corroborate many of these stories since the alleged victims are hesitant to speak in depth, or on the record, for fear of future recrimination.

So are these frightening tales the equivalent of urban affiliate myths, exaggeration or truth? Actually, it’s often a combination all three.

One industry watcher, who asked not to be named, was skeptical of some of the stories.

“It’s somewhat of a Curtis Sliwa syndrome,” he says, “where he faked some crimes and attacks as a way to get more attention for himself and the Guardian Angels. These supposed allegations on the part of affiliates are a way to boost their profile. I may be cynical but unless I see a police report I tend to believe these stories are a way to raise themselves in the industry.”

However, he does admit that regardless of the veracity of the accounts, “they seem to resonate with people.”

Anti-adware/spyware expert Ben Edelman knows the feeling of having his work, which typically exposes unethical behavior on the part of an adware vendor, spark a negative response from those he has criticized.

Edelman says that he’s experienced several instances of threats at varying levels from a variety of unhappy companies that he’s exposed. The Cambridge, Mass.-based lawyer and Harvard graduate student says that’s he not willing to speak about all the incidents right now. He declined to speak about two incidents that he referred to as “very, very nasty.”

However, he did recall a time in the fall of 2003 when for two weeks, a private investigator hired by Claria (formerly Gator) was parked in a dark-colored sedan in front of Edelman’s apartment. He claims the driver followed him to class, around the Harvard campus and to other destinations. The driver submitted to questioning in a courtroom and admitted to being hired by Claria. The driver also said he was simply attempting to serve Edelman with a subpoena, a claim Edelman, who is an attorney, disputes, noting that if the driver wanted to serve him he could have simply knocked on Edelman’s door and done so.

Edelman says he found the situation “puzzling but consistent with [his] view of the company, which likes to play hardball.”

Edelman also says the “intimidation efforts were unsuccessful.” Although, he claims the company subsequently “did some other things that were more effective.” Those are the matters he doesn’t want to elaborate on.

Others have also seen the nastier side of how unhappy companies deal with dissent. That fear makes most afraid to even broach the subject.

One PPC search marketer questioned about his experiences with a particular company – one that is often named one of the most prolific at stealing commissions from affiliates – yielded this response about the company’s CEO:

“He’s not a guy to mess with either – do your checking very discreetly. I trust you’ll be thorough as well, but honestly, I believe this guy is not someone you want to piss off. It ain’t national security, but my affiliate income depends on keeping my distance from this man. I can go no further than this and provide no details.”

Another source that was contacted via email about the same subject would only say, “This company is a bunch of thugs. Be very careful and watch your back. Seriously, tread lightly.”

So just how far outside the law will a company go to get its message across?

To put things in perspective, Edelman says, “The people that I’m exposing are powerful people, but not that powerful. They can’t rig elections or bribe the government.”

Regardless, Edelman has taken practical steps just in case a company or individual wants to take out-of-court retribution.

“In the event that my apartment building were to burn down, I have an off-site backup of all files,” he says. “It could happen randomly or intentionally.”

He recalled a story from his mother, who actively pursues nursing home reform, where a colleague of his mom’s had her home burned to the ground. “It was proved to be arson; they just couldn’t prove who did it.”

In his Search Insider column from August 2006, David Berkowitz, director of strategic planning at 360i.com, wrote, “Manage your search engine strategies so well that competitors want to kill you – literally.”

The column detailed a discussion Berkowitz had with an unnamed search marketer in the health care field whose wife reportedly fielded a death threat via the telephone from an angry competitor.

According to Berkowitz, “The victim of the threat competes with his search engine marketing firm. He owns more than a few domains related to his business and services, including a growing number of local variations on the top terms. He gives some of the domains to his SEM, keeps some others and sees which sites can rank highest in the natural search results. For more than a few highly searched terms related to his business, he and his SEM will split ownership of the first and second rankings. The funniest part is that he gets irritated when his SEM holds the No. 1 position, since he’s determined to figure out how he can beat it. For several terms, he’s cornered the market, at times holding at least seven of the top 10 listings.”

Berkowitz explains to Revenue that he was shocked to hear this story and that the recipient of the call “was caught off guard ” and they don’t know who was the source of the phone call.”

For the most part, Edelman admits that the bulk of threats he receives are legal “and don’t involve henchmen.”

“Most are threats to see me in court,” Edelman says. “But most are not followed through, because I have the documentation to back up my allegations and I am correct. The best way to protect myself is to be right every single time and be able to prove that I’m right. The bottom line is that if people want to mess with me, they will lose because I have the facts to protect myself.”

Virtual Threats

Still, that doesn’t stop other threats that take advantage of technology. The most common are DNS (denial of service) and DDoS (distributed denial of service) attacks. But someone looking to harm your business via your website can unleash a variety of deadly technical attacks using spam, adware, spyware, Windows Messenger boxes, various worms, trojans, phishing, SQL injection, cross-scripting attacks, botnets, UA porn running, traffic laundering, viruses and rootkits, according to a spyware researcher, who asked not to be named.

In February 2005, Edelman fell victim to a massive DDoS attack that knocked his server off-line for nearly two days. His Web-hosting company claimed he was the target of the biggest DDoS attack they’ve ever suffered – some 600 MB per second. Edelman says Claria did not perpetrate the attack and he still doesn’t know who was responsible.

This potentially harmful behavior is why many of those posting on public message boards claim they prefer to post anonymously.

“It’s not about saying whatever you want without backlash,” says one very vocal poster in an affiliate forum, who asked not to be named. “It’s about protecting your business and your livelihood.”

An event that took place nearly four years ago is probably the one that sparked most of the talk of goons and henchmen being dispatched to the front doors of several affiliates – most of them very vocal posters on the AbestWeb.com forum. Many of the frequent contributors to that message board and community strongly voiced their opinions on the actions of World Media.

At the time, Virus Port had merged with World Media, a big adware company and one of the first to garner people’s attention for redirecting affiliate links. World Media had a huge installed base of users for its popular bundled peer-to-peer program called Morpheus. Many of the ABW posters were not happy with the company’s actions and posted their complaints.

Kellie Stevens, the president of AffiliateFairPlay.com, was among those who received a knock on her front door – but it wasn’t “muscle.” She claims that World Media hired a local private investigator and dispatched him to her home. She refused to let him inside and instead spoke briefly to him through the cracked door so she could get his business card.

Stevens described the man as “preppy and not threatening.” Later that evening she called the PI and had a lengthy discussion with him. He told her he was hired by World Media. He didn’t know the specifics of the situation or why. He was just letting her know that the company was considering filing both civil and criminal charges against her because of something she posted on a message board. She says the conversation went on for about 20 minutes as she explained the situation and the PI, who was also an ex-FBI agent, ended their talk by saying that people have the right to free speech and that, if in the future Stevens needed any help, she could call him.

“I’m careful about what I say and post and I have accurate information,” she says. “As long as I’m accurate in my reporting they [companies] may not like it, but I’m not just trying to cause a flame fest or incite a riot, though I’m aware it can happen.”

A very successful search affiliate says there are a handful of companies that he believes are “dangerous from a business perspective but not a physical one.”

“I point out issues with these companies all the time. I post on message boards. I file consumer complaints. I send information to the CDT [Center for Democracy and Technology]. I have been a thorn in the side of many adware companies,” he says. “My sites are all publicly registered. My name and address are all there. It wouldn’t take much more than five minutes for someone to track me down and it hasn’t happened yet. So, I’m not worried they are going to show up on my doorstep, I’m more worried they are going to launch a DDoS attack and shut down all my sites.”

Still, others who received visitors to their home during the World Media matter say they were intimidated.

“People who might have taken the activism to the next level stopped,” Edelman says. “So it worked – not that those tactics are acceptable, because they are not.”

For most affiliate marketers, the idea of someone showing up at their home is truly frightening – mostly because they work alone and use only the computer to connect to others. It’s not like the typical worker who heads to an office filled with other people, where visitors come and go all day.

“Part of what is scary for most of these people is having others out in the virtual world know where they live, and usually just putting that fear into them is enough to make them stop whatever their activities were,” says one industry observer who asked to remain anonymous.

Berkowitz says this behavior definitely surprises him. Although, he explains that there may be times when a threat is slightly more “merited,” because the person being threatened is not operating in a totally ethical and above-board manner.

“At least when it comes to search there are many ways to game the system,” Berkowitz says. Still, he admits, it’s obviously something that needs to be looked at on a case-by-case basis.

On the flip side, Andy Rodriguez, president of Andy Rodriguez Consulting, an outsourced program management firm, is not at all surprised that this type of strong-arm behavior takes place.

“In this industry, the amount of cash and the revenue potential attracts a lot of people that don’t always make the best decisions and it’s easy to see why threats and violence can come up. Plus, in this day and age, people have the tools and technology to use DNS and computer attacks. It’s the same type of intimidation but they don’t have to go to your front door,” Rodriguez says. “The good news is that the government has the same tools and technology to track down the criminals and those threatening others.”

The bottom line according to Stevens is, “When there is a lot of money to be protected, people will go to great lengths and you need to keep that mind.”

Out of Commission

How to Limit Commission Theft

  1. Find a trusted network and merchants. Ask other affiliates about their experiences with network partners, and if you are not being protected, take your business elsewhere. Likewise, if a merchant partner advertises via adware that is known to facilitate commission theft, you may be better off without them.
  2. Study your reports yourself for anomalies such as drops in conversion rates. Look at your server logs as well as network analytics to identify inconsistencies between the ratio of customers who appear to purchase and your commissions. If you are driving traffic but people suddenly aren’t buying, it may be a problem of theft.
  3. Test the software yourself. Even though isolating a computer and infecting it with suspicious software is a hassle, what you learn will be invaluable. Watching the activity when visitors come to you or your merchants’ websites will enable you to understand the scope of the problem.
  4. Educate yourself through affiliate marketing forums and the legal landscape. Affiliates and software experts are the best source of information available. While there is some misinformation, being well-versed in the issues is your best defense. Several court cases are pending that could decide the legality of overwriting commissions.
  5. Tell customers not to download software that you suspect is assisting commission theft. If the evidence convinces you that some free applications are harming your business, advise your current and potential customers not to use it.

We all operate to a great degree on trust. Whether you are an affiliate, advertiser, network or merchant, being able to succeed in business largely relies on others adhering to their written or implied agreements. We assume that most people will be honest and not interfere with our transactions.

“The overwhelming issue [in affiliate relationships] is about trust,” says Joseph Matheny, chief technical officer of advertising network AdValiant. But unfortunately that trust continues to be violated by some who capture commissions rightly due to others or take credit from a merchant that is not earned.

“There are those who haven’t bought into the rules of affiliate marketing,” Larry Adams, product manager for Performics, says. Subversive software, the anonymity of hiding behind affiliate IDs and sneaky scripting on websites make it easy to steal commissions and avoid detection. The potential to redirect commissions without fear of prosecution “provides a strong financial incentive not to follow the rules,” according to Adams, who says, “this is not a problem that is ever going to go away because there is economic opportunity.”

While there are reporting and auditing tools that can flag some of the most blatant attempts at padding commissions, dishonest affiliates can marginally enhance their earnings from their partners with little fear of detection or repercussions. Scott Jangro, president of marketing services company MechMedia, estimates that loss of commissions due to theft is “in the single digits” and “part of doing business that you should expect.”

Not-So-Grand Larceny

Commission theft generally falls into two categories: when tracking mechanisms meant to follow visitors from an affiliate or advertiser to a merchant are ignored or overwritten, or when someone claims a commission from a merchant for a transaction that they did not initiate. Unethical affiliates can stealthily overwrite competitors’ cookies during visits to their sites, or they can “advertise” with companies that disrupt the buying process by launching pop-up windows that falsely create commissions by erasing the true referring ID.

Like its brother nemesis click fraud, commission stealing has existed since before the Web was dynamic and will likely always plague online marketing. In 2002, networks Commission Junction, Be Free (which was subsequently acquired by CJ) and Performics agreed to address the problem by creating a code of conduct for affiliates to follow. LinkShare developed it’s own formal code of conduct.

CJ and Performics agreed that affiliates should insert a text identifier known as “afsrc=1” in their query strings to identify themselves to merchants and publishers. Affiliates and software developers should look for that string and back off from attempts to claim their own fees.

Performics’ Adams says employing afsrc=1 “will protect against software used by a lot of marketers who play by the rules,” and distribute applications that respond accordingly when they detect the code. The affiliate code of conduct has been revised twice since its inception, and Adams still advises new affiliates to implement the afsrc=1 code.

Implementing the afsrc=1 code “protects from a narrow class of programs” such as consumer rebate software like Upromise or eBates that follow the rules, according to attorney and adware/spyware expert Ben Edelman. But many adware companies do not conduct themselves along these guidelines, according to Edelman. Affiliates rely on the networks and each other for policing with “some affiliates paying bounties to those who turn in others,” he says.

The afsrc=1 parameter and affiliate code of conduct is not enforced consistently and “gave too much wiggle room to the networks,” according to Kellie Stevens, president of Affiliate Fair Play. Stevens, whose company provides affiliate consulting services, says “afsrc=1 is now a moot point,” because it is not uniformly implemented and is ignored by adware applications. “Many affiliates have no idea [about afsrc=1] and don’t know they are supposed to be using it,” according to Stevens.

Adware from companies such as Zango (formerly known as 180solutions) and DirectRevenue enable their advertisers, who are affiliates or merchants, to insert pop-up windows that can interrupt the buying process and cancel commissions from other affiliates and/or create commissions for themselves. These applications, which consumers download in order to receive free software, music or videos, have led to several lawsuits (some of which were dismissed) claiming unfair business practices. Zango recently settled a case with the FTC over charges of deceptive practices with consumers and paid a $3 million fine, but did not admit guilt.

Dave Methvin, software expert and chief technology officer of PCPitstop.com, began studying how Zango’s software works because customers who had their PCs scanned at his website were emailing him about problems browsing the Web. “It became a crusade because so many of our users had infected computers,” he says.

Methvin installed the Zango software and watched as his visit to a Verizon website was interrupted by a pop-up window that created a commission for an affiliate whose site he had never visited. “When I started the transaction, Verizon wouldn’t have owed anyone a commission,” he says.

“Clearly there are unfair things going on,” says Methvin, who likened Zango’s enabling of partners to interfere with affiliate relationships to someone who provides a criminal with a gun and bullets but doesn’t want to be held accountable when it is used in a crime.

Zango’s software looks for keywords contained on a website or for specific URLs, and when found, launches a Web page or pages from affiliate websites in pop-up windows that have been observed to generate as well as overwrite commissions.

Zango director of public relations Steve Stratz says his company’s software does not itself overwrite cookies or otherwise subvert affiliate commissions. However, Stratz confirmed that Zango’s terms and conditions with its advertisers does not prevent them from altering cookies or creating pop-up windows that interfere with transactions, and he has no intention of asking them not to. Stratz says Zango sells to its advertisers all of the URLs and keywords that are used by its clients to open up pop-ups, including pages that open up only when someone visits a merchant’s shopping cart. Zango’s software will load pop-ups when a trademarked product names appears on a page.

“For us to regulate the world of cookies and the various and sundry ways that they are used goes beyond the scope of our mission as a company,” says Stratz. He says if companies want to protect their home pages or trademarks from pop-ups, they can always outbid their competitors. “We don’t apologize for the aggressive nature of our ad network,” Stratz says, adding that 200,000 people willingly download Zango software each day.

(For more on Zango, see the Affiliate’s Corner column on page 94.)

Network Protection

Technology does not exist that can prevent cookies or affiliate links from being ignored or to proactively defend against commission theft, according to attorney Edelman. It is impossible to prevent cookies from being overwritten, although consumers can protect their computers by installing applications that detect adware or spyware.

Since there is no panacea for protecting commissions, affiliates should employ the strategies for limiting loss, which foremost requires carefully selecting and working with your network partner.

The primary responsibility for monitoring commission theft lays with the networks, according to Steve Sauve, chief technical officer of network MaxBounty. “The merchant is paying a network for a service, and it is our responsibility to do quality control,” he says.

Sauve says that on average his company terminates two to three affiliates per month for commission stealing. In his experience defrauding merchants is a bigger problem than affiliates stealing from one another. “You need to actively monitor the network and watch to see where the traffic comes from,” he says. If an affiliate’s commission is out of alignment with the historical conversion rates, Sauve says the network should investigate.

Performics’ Adams says networks need to be proactive to make certain that affiliates aren’t participating with adware software vendors. “One of the most transparent things is anomalous performance. If they’ve been in a network for a while without showing results, then jump up to the top 20,” then something is likely amiss, he says. Performics tracks daily and trailing averages, and has a network performance group to monitor how affiliates drive traffic. “Looking at geography [of the initiating IP address] is also a good clue [for identifying bogus commissions], as illicit activity is often offshore,” according to Adams.

If affiliate reports show an unwarranted boost in performance, or if another affiliate has suspicions, Performics undertakes a remediation process to determine if the affiliate should be bounced from the network.

Affiliate Fair Play’s Stevens says if an affiliate isn’t getting enough support from the network in battling lost commissions, then it is time to shop around. However, larger affiliates “have to participate with the big networks because they need big brands to draw the traffic.” She says that networks need to be more candid in instructing new affiliates about the occurrence of commission theft and more closely monitor the commission-reporting process.

Merchants should aid affiliates by terminating relationships with those who are known to steal commissions, according to Stevens, but they are constrained by a lack of information. She says that if a dishonest affiliate is part of a large network, it may be hard to identify that specific affiliate, and so the merchant would be forced to terminate the entire network; a difficult decision if the network overall is performing well. Merchants sometimes make side deals with known cheats because of the revenue they generate, Stevens says.

Networks such as ShareASale are drawing affiliates by being selective about the companies that they choose to do business with and promoting their “clean” affiliate relationships, according to Stevens.

Selectivity

According to AdValiant’s Matheny, networks could eliminate 50 percent of the lost commissions by caring for their affiliates properly. His company is developing MediaTrust, a custom link-generation technology that would make it more difficult for software to circumvent the referral process.

Matheny, who has a background in Internet security, says that the system is similar to a public and private key system used in encryption software where each side (in this case the affiliate and the network) holds part of the information necessary to complete a transaction. The software, which is due in the first quarter of 2007, would make it more difficult for an application to fake a referral transaction.

The best method for understanding if, or how, commissions are being stolen is for an affiliate to set up a test computer and install any suspicious software, according to Performics’ Adams. He recommends you visit your site and your merchants’ sites with the “infected” computer and watch for deceptive behaviors.

Since the networks have offered little details about commission theft, affiliates should search forums and message boards for links to investigations of adware by software experts. “There is not a lot of centralized factual information,” advises Edelman, who says affiliate forums are the best places to start.

Affiliate Fair Play’s Stevens says that lack of a concerted voice among those in the industry is hindering the fight against commission stealing. More sharing of information between networks would deter affiliates from bad behaviors because they wouldn’t find it so easy to hop from partner to partner, she says.

AdValiant’s Matheny says he recently spoke with a competitor about starting a consortium for sharing information and establishing industry standards. Presenting a unified front amongst competitors would have a psychological effect, according to Matheny, if commission thieves believe that “we won’t let you get away with it.”

Affiliates who take undeserved commissions “should be flagged,” by those in the industry, Matheny says. MaxBounty’s Sauve says his company would volunteer data about affiliates to a group effort, “but there would be a danger of false positives.”

Sharing too much information would reveal how commission thieves are tracked and bad affiliates could use the knowledge to avoid detection, according to Performics’ Adams. His company prefers handling issues with clients privately to establishing a blacklist of affiliates who have cheated. “We wouldn’t want to throw them under the bus.”

JOHN GARTNER is a Portland, OR-based freelance writer who contributes to Wired News, Inc., MarketingShift, and is the Editor of Matter-mag.com.

Scrutiny on the Bounty

As every good bounty hunter knows, capturing your target requires exacting execution of a well-designed plan. But unlike intrepid fugitive hunters such as reality television star “Dog” Chapman, earning sizable rewards by corralling customers online doesn’t require risking life or limb.

Instead of offering commissions paid in nickels and dimes, bounty programs attract a growing number of publishers by handing out dollar rewards of tens and twenties. Programs offering substantial bounties for acquiring customers and qualified leads are now among the most lucrative opportunities for publishers. However, the increasing competition among bounty programs requires publishers to rigorously scrutinize leads and to be more aggressive in pursuing consumers.

“The biggest money in affiliate marketing is bounty programs,” says Beth Kirsch, group manager of affiliate programs at LowerMyBills.com. Kirsch, who says publishers can earn up to $75 for delivering a credit card customer, says bounties provide the greatest opportunity for rapidly increasing revenue “without going for porn or gambling.”

Companies on the hunt for consumers will pay hefty premiums “because advertisers are willing to pay up front for the lifetime value of the customer,” Kirsch says. Unlike retail sites that focus on capturing a single transaction, the companies paying bounties are looking to build an ongoing relationship with a customer. The most popular industries utilizing bounty programs include real estate, personal finance (such as credit cards and loans) and subscription services, according to Kirsch.

Kirsch says that while most bounty programs pay commissions after a transaction is completed, companies such as Netflix and Audible.com will pay out merely for getting people to sign up for free trials. “The amount of money flowing through [bounty programs] is amazing,” she says.

Leading to Search

The prospect of earning lucrative commissions is prompting companies to increase their online advertising as well as the incentives offered to attract consumers. Sites such as FreeiPods.com that are relying on search marketing to acquire new customers now make up 6 percent of total online advertising revenue, according to the Internet Advertising Bureau. During the first half of 2005, online advertising revenues for lead generation and customer acquisition rose by more than 200 percent over the prior year to $347 million.

“Paid search is a focus for customer acquisition,” says Shar VanBoskirk, a consulting analyst with Forrester Research. VanBoskirk says that search marketing is an effective tool for bounty sites in industries such as travel because it “captures a person at their point of interest.” The increased spending is raising the cost of keywords and encouraging companies to become smarter at search marketing, she says.

To earn these bounties, publishers are aggressively pursuing consumers by promising cash incentives and free popular electronic devices such as iPod music players and Xbox 360 game consoles to those who will fill out a credit application or subscribe to a publication or service. These sites have found that consumers are willing to provide personal information as well as refer several friends in order to receive a device worth up to $400.

However, VanBoskirk says that while some marketers do not seem to be concerned with how their publishing partners attract an audience for their subscription or financial service, they may be putting their customer relationships at risk. “You could turn away a loyal customer if you were associated with a bad brand or screwed-up message,” says VanBoskirk, who recommends that marketers retain some control over the incentive process.

Service and subscription companies looking to acquire customers are among the top individual Internet advertisers. According to Nielsen//NetRatings AdRelevance advertising data for November 2005, telephony company Vonage spent more than any other company in online advertising, while LowerMyBills.com, BellSouth Corp., Netflix, Verizon and QuinStreet were also in the top 10.

Interest in bounty programs has spurred the development of specialty performance networks, such as QuinStreet, Adteractive, AzoogleAds and MetaReward, that are focused on customer acquisition and lead generation. These networks are bypassing the largest networks and offer generous bounties to publishers who can funnel traffic to their clients.

“To the extent that you can deliver more quality leads, advertisers are willing to pay for them,” says J.B. Orecchia, president of MetaReward.

Detailing the Demographics

Orecchia says the increasing competition among bounty programs is prompting marketers to collect more extensive demographic and lifestyle information so that they can match consumers with advertisers. MetaReward collects date of birth, gender and address information as part of their registration process. The company, which along with Lower MyBills.com and PriceGrabber.com are subsidiaries of Experian Interactive, analyzes the information and delivers targeted advertisements for its advertising clients.

“Deriving positive return on investment from cost-per-lead/account programs relies on the marketer’s ability to match the consumer profile with the type of customer the advertiser is looking for,” according to Orecchia. “It all comes down to yield management,” he says. “Marketers must identify the characteristics of the programs that maximize the quality of the leads.”

Orecchia says his clients do not want to filter out bad data themselves, so publishers must scrub the lead data at the same time it is being collected. MetaReward relies on technology developed by parent company Experian to verify the authenticity of address information as well as remove duplicate leads in real time so that the consumer experience is not disrupted.

Publishers need to be diligent in filtering consumer data because consumers are being more creative in trying to scam companies out of free goods, according to Greg Morey, executive vice president at marketing consulting firm GR Wyse. “The free iPod generation prompted people to [find new ways] to beat the system.”

Morey says despite improvements in screening submissions, there is “still a high amount of bad data” being submitted to lead-generation sites. He says the additional techniques for weeding out spurious information, including email verification, double opt-in steps and survey questionnaires, are increasing the cost of processing leads. In recent years the cost to publishers of verifying a lead has risen from approximately 50 cents to more than $2.

Data verification companies such as TARGUS info use multiple databases to check the authenticity of information in real time. These databases not only verify that the phone numbers and addresses are valid, but also that they match the names of the person filling out the form, Morey says. After a form is submitted, TARGUS info checks the data and, if it is valid, consumers are sent to a landing page from the advertiser.

Morey says competitive verticals such as travel companies, vitamin supplements and mortgage lenders are willing to pay the additional cost to reduce the number of bogus leads.

Media Get Their Share

Publishers and broadcasters are also receiving bounties by converting audience members into leads. Technology from LiveDeal enables newspapers and radio stations to host classifieds on their websites and receive commissions for leads, according to Steve Harmon, vice president of corporate development at LiveDeal.

Harmon says publishers that are losing revenue from classifieds to companies such as Monster.com and Craigslist can earn between $10 and $30 for a lead on a vehicle, and between $30 and $300 for a real estate lead. LiveDeal partnered with radio and advertising giant Clear Channel Communications to create classified site SFBayAuto.com. ClearChannel promotes the classifieds on its six San Francisco Bay area radio stations, and the media companies receive a bounty when someone clicks on a vehicle listing and then fills out a form with her contact information.

LiveDeal provides all of the technology, including the classified listings, e-commerce and images of the items for sale, according to Harmon. The lead-generation service, which went online in 2005, enables media companies, which already collect extensive demographic information about their audience, to connect their fans with products that are likely to be of interest.

Turning Leads to Clicks

Performance network Kanoodle has developed a program for niche publishers who can earn small bounties by sharing information about their site’s visitors with larger publishers. BrightAds, which became available in December 2005, is a third-party cookie program that uses information collected on a website to generate relevant ads on another, according to Doug Perlson, Kanoodle’s chief operating officer.

For example, a golf blog or enthusiast site will install BrightAds software, which places cookies on consumers’ computers to record their activities while on the site. Should that consumer then go to a Kanoodle partner site such as MSNBC.com to check the weather, the cookie information would be retrieved, and they would be shown a golf-related advertisement.

“Third-party cookies are going to be the lifeblood of publications that offer free content,” Perlson says.

When a consumer clicks on an ad, Kanoodle gives 5 percent of the revenue from the publisher to the referring web- site, according to Perlson. Because BrightAds has no exclusivity requirements and does not conflict with existing advertising programs, publishers can earn additional revenue without having to modify their current relationships, he says. And while getting a sliver of the PPC commission (Perlson says the money comes from Kanoodle’s share, not the publisher’s) may not sound like much, third-party cookies can be delivered to all consumers who don’t actively block them.

This “stealth” referral program leverages the information collected by niche sites with dedicated audiences to deliver ads to general interest sites, according to Perlson, who expects consumers to become more comfortable with third- party cookies as they realize the benefits of being exposed to more targeted ads. To address privacy concerns, Kanoodle deletes the cookie information after a maximum of 30 days, and sometimes in less than a week.

Forrester’s VanBoskirk says that while BrightAds helps larger publishers to optimize the yields from the ad programs by targeting customers, some consumers may be concerned when they realize that behavioral information is being shared among sites. Consumers are gradually learning that visiting sites utilizing cookies can provide a better experience, but the cookie placement has to be made known to consumers. “Responsible publishers will want to explain that they are collecting cookies,” VanBoskirk says.

She also notes that some small publishers may have reservations that participating in third-party cookie programs could help competitors. “The biggest concern is that a third party will be selling data to another advertiser,” she says.

Going Offline

Publishers in industries that are completed by offline transactions have been limited to pay-per-lead programs, but new technology allows bounties also to be paid on a pending-sale basis. Because advertisers control the offline sales process, fraud is a concern for publishers, according to Jackie Bates, Web marketing director for affiliate network LinkConnector.

LinkConnector’s pending-sale technology enables publishers to follow a campaign’s performance by tracking the progress of the consumer-seller activity until it is completed, Bates says. LinkConnector monitors the progress when leads become pending sales, such as vacation packages or jewelry where sales representatives are often needed to close the deal, she adds.

LinkConnector passes a completed call form from the publisher to the seller, which initiates the monitoring process. The network provides publishers with status reports and processes the payments to guarantee that publishers are compensated, according to Bates.

Bates says the technology gives merchants that do not have online shopping carts more flexibility in setting commission structures. LinkConnector “enables more merchants to come into the affiliate marketing game,” Bates says.

Bounty programs are popular with publishers because of the substantially higher commissions offered for capturing new customers. New tools that clean up lead data and collect more extensive demographic information will make them more useful both to advertisers and consumers.

JOHN GARTNER is a freelance writer in Portland, Ore. He is a former editor at Wired News and CMP. His articles regularly appear on Wired.com, AlterNet.org and MIT’s TechnologyReview.com.

Data Double Duty

Website publishers are up in arms about the potential threat posed by employees at companies, who have access to their crucial data that could be used to compete with them.

Insiders have nicknamed the situation “Triple Jangro,” after the catchy title of a blog post on Revenews.com by David Lewis, CEO of 77Blue. The title refers to ex-BeFree/Commission Junction product manager Scott Jangro, who left the affiliate network several months ago to become a full-time affiliate.

The crux of the recent situation revolves around the threat of perceived or potential conflict of interest. Observers claim many employees of search engine companies and affiliate networks are infringing on the data privacy rights of their clients by using data from affiliates and merchants to enhance their own affiliate sites, or to go to networks and buy traffic based on inside information these employees receive from clients.

While many say they have suspected this practice for years, news of the situation came to a head at the LinkShare Partnership Summit 2006 in January. A few former Commission Junction employees attended the event as affiliates and revealed that three CJ staffers resigned after the company recently put a policy in place prohibiting employees from also being publishers.

“In the early days of affiliate marketing and affiliate networks – especially CJ – there were a lot of entrants into the space who came to us being program managers or some were publishers and gravitated toward this space,” Jeff Pullen, COO of ValueClick, says. “Over the years they have operated websites of their own on weekends and evenings and in the past we have not discouraged that. It was a good way for people to know the business. We always had a code of conduct and we are aware of the proprietary nature of the information we handle. Because we consider ourselves a leader in networking quality, we wanted to eliminate any potential appearance of a conflict of interest.”

To that end, an email was sent to everyone at ValueClick and its subsidiaries, clarifying that publicly-held ValueClick would no longer allow any employees to be publishers and violators of that policy would be subject to disciplinary action, up to and including termination/dismissal, according to Pullen. He says the change was spelled out and included in an updated restatement of another policy related to the issue of confidentiality.

“It really is easier, from an operational stand point, rather than to have to try and implement policies to monitor the issue, to just eliminate the practice altogether and not be concerned,” says Pullen, who noted that the new policy was not prompted by any wrongdoing nor was there any evidence of any improprieties.

Still, the new policy resulted in the departure of three employees – Chad Darling, an account representative for many of search affiliates; Andy Powell, who didn’t work with publishers but was part of the search management team; and Don Batsford, a CJ employee, who joined the company when it acquired BeFree.

“The people that left took a look at two different business opportunities. These are entrepreneurially focused publishers that chose to pursue that route. We hope they continue to do well. But they can not do both things.”

It’s unclear if these ex-CJ employees were running affiliate sites or doing arbitrage. Commission Junction officials declined to provide any details.

Regardless, the situation has angered many affiliates, who claim network staffers are supposed to be helping affiliate partners, not helping themselves. Despite their outrage, many affiliates, network representatives and industry watchers say the overall issue is so politically charged, they declined to have statements attributed to them and spoke only on the condition of anonymity.

The issue also sparked a lot of heated discussion on the affiliate forums and generated plenty of fodder for bloggers, many of whom admitted to posting comments on a variety of industry blogs under pseudonyms.

“The networks have been very quiet on this issue and are reluctant to make any public comments. This lack of communication is causing an increasing concern of potential wrongdoing at the networks. When the networks have to talk to their lawyers before commenting, nobody feels comfortable,” says Adam Viener, president of IM Wave, a Virginia-based search affiliate. Darling was Viener’s account manager.

Here is a typical post. “Let me get this straight, top affiliates shared their secrets with account managers at a network only to find out those account managers were their competition and using those hard-earned secrets – I’d be fuming. So much for a trusted third party.”

One angry – and anonymous – affiliate tried to put a positive spin on things. “If they quit their day jobs at the network, they were obviously making more money as an affiliate and that certainly bodes well for the state of affiliate marketing as a very lucrative career.”

Cause for Concern

Viener says he alerted Commission junction to the potentially problematic issue.

“I had a conversation with Todd Crawford [Commission Junction’s vice president of sales] about this issue at Affiliate Summit [2006], after talking with some top search affiliates who were concerned that CJ employees were looking at HTTP referrer data to determine exactly which keywords they were bidding on were converting to sales. They seemed to have some internal evidence that showed that when they identified new keyword niches with no competition, that almost immediately after there was a conversion on those terms, new affiliates popped up advertising on those terms,” Viener says.

Both Crawford and other CJ executives insist that calls to that specific database are tracked and protected. In some case only two to three people at the network have access to that sensitive information.

“To be an effective account manager we certainly have access to operational data. We have to do that job in a good and helpful way and that means seeing a variety of data,” Pullen says. “There is no scrutiny that we can’t withstand, and we encourage and hope others can say the same.”

One CJ super affiliate, who asked not be identified, says that on more than one occasion, within days of launching a new campaign, he would also see competition. “No one knows we are running the keywords, so in theory, no one should pick it up. That led to some speculation how it got started and I went away thinking that I should speak to the network about my concerns regarding who has information about keywords and referring URLs. I’m concerned about who has access to keyword data as well as what is converting and what is not converting.”

Vinny Lingham, founder of IncuBeta, poses a possible scenario:

“CJ has about 2,000 merchants, and it takes a lot of time and effort to evaluate, negotiate, research and run test campaigns. Say that one in every 10 campaigns we test out becomes a full-blown campaign, which is both scalable and profitable. We don’t focus on small campaigns, so typically we’re looking for merchants who can do a lot of volume and has great conversion rates.

“An average test campaign costs us anywhere from $5,000 to $25,000 before we even see a daily profit. Can you imagine our frustration when we take a program on CJ with a network earnings of 2 or 3 and turn it into a 5 overnight, only see other affiliates jumping onto the bandwagon – almost as if they had inside information.

“If I worked at CJ or any other network and I knew who the top affiliates were, I would just wait for them to test out all the merchants for conversion rates, etc, and then run only the successful campaigns – why bother running test campaigns myself? Even worse, imagine after all our testing, the network employee gains access to the keywords we’re bidding on and the conversion rates?”

Steve Denton, recently appointed president of LinkShare, says that as employers you can have policies in place but that “ultimately you’re not going to control what people don’t do at work.”

As for LinkShare, the company encourages its employees, especially those in customer-facing jobs, to set up to affiliate accounts as part of their training, according to Denton. “We see it as a value-add. It allows our employees to know what is going on in the space from the point of view of the affiliates as well as the merchants,” he says.

However, LinkShare has a variety of controls in place to ensure the security, confidentiality and privacy of the data related to merchants and affiliates. All LinkShare employees are required to sign a confidentiality agreement and a non-compete agreement.

“Those agreements are reflective of the fact that we deal with a lot of sensitive data and they make all employees contractually aware of what they can do with any of that data,” Denton says.

LinkShare also controls the access to data by limiting certain pieces of information only to specific jobs titles as well as by workers’ roles and responsibilities, he says.

In addition, through the company’s Athena registration and affiliate validation system, LinkShare monitors which employees have affiliate accounts and what they are earnings via their social security number, Denton says.

Like CJ, affiliate network Performics has a policy in place prohibiting employees from being affiliates.

Still, observers suggest it’s not about having a policy, but more about enforcement and direct communication to affiliates about who has access to what specific data.

Lack of Communication

Some chided Commission Junction for not addressing the “Triple Jangro” issue directly with affiliates, most of whom found out about the situation only by reading online reports with sketchy details, inflamed blog comments from other publishers or after being informed via email that their own account representative had left Commission Junction. Many complained there was no official comment from CJ on the details or any attempt to reassure or placate affiliates.

“CJ did a poor job of communicating this problem to the affiliate community,” Viener says. “By not disclosing what was happening, even if there is no evidence of wrongdoing, it makes me feel uneasy. That’s wrong. I don’t feel like I have the facts; I’m not comforted because there has been no communication from the company. I need to hear what happened. There needs to be more communication,” says Viener.

“The networks should take a hard look at these e-affiliates and communicate with the top affiliates they had contact with about what programs they are running, what sites they have, and give top affiliates a chance to determine if their business practices have been compromised,” says Steve Shubitz, who operates stopscum.com.

“I don’t know if that step was necessary. There was no evidence of wrongdoing, so it was not an issue,” Pullen says. “If an individual publisher was concerned and wanted to ask any question of their account manager, that would be fine. I don’t see these as us needing to be proactive. We manage account relationships all the time and information is held in strict confidence,” Pullen says. “It was not identified as an issue in the past five or six years. The existence of the relationship has always been positive with no controversy or issues. There were no improprieties so that would be explaining a negative. Why would we explain something that is not an issue?”

Others think Commission Junction acted appropriately in dealing with the situation.

“The issue of staffers being publishers at CJ has been simmering for a long time and it’s great to see CJ take a leadership role and be protective,” Beth Kirsch, group manager, affiliate programs at LowerMyBills.com, says. “This challenges other networks with even stickier ethical issues to address the same concern. The affiliate marketing industry is maturing and focusing on these issues is part of that process. Personally, I think this is a great step.”

Putting up Your Guard

Meanwhile, the situation has left many affiliates skittish about revealing information – even to their own account managers.

“I’ve got to be a bodyguard in the future,” Viener says. “I can’t say or have conversations in the future about my business. It’s a catch-22. Because if you are secretive, people assume you are cheating.”

Some caution against disclosing many crucial data points with account managers at the networks.

“I would tell my account manager my payout terms with merchants, what keywords are converting, referring URLs or most anything else. I have the right to privacy, confidentiality and transparency with the networks, but since I’m not 100 percent sure that’s happening, I’ll opt to just keep my mouth shut,” says one affiliate, who asked not to be named.

Shubitz offers this advice: “Webmasters and publishers should assume that every single network engaged in the CPA/CPL does in fact have current employees who are stealing their data and using it to make money.”

He encourages affiliates to “Wash/obfuscate your HTTP referral code and never disclose any details about your marketing procedures, media buys, other sites you own or your site’s demographics to your network.” He goes on to note, “Immediately complain to senior management in writing if you suspect that your procedures have been compromised and in fact are being used by current network employees to make money. Continue to be a friendly ‘partner’ but don’t disclose any data that a network employee could use to steal money from you.”

Nature of the Beast

Many claim the entrepreneurial nature of online marketing breeds this type of behavior.

“People tend to be entrepreneurial and opportunistic, and you cannot fault anyone for that – it’s human nature.” Lingham says. “The difference between this and other businesses is that traditionally you just couldn’t start a business that easily, but online marketing efforts can be started with virtually zero cost,” 77Blue’s Lewis says.

Jeff Molander, president of Molander & Associates, an affiliate marketing consultancy, is surprised that it took this long for the issue to be raised. And while Molander agrees that most employers need to have policies in place to ensure the privacy of affiliate data, he says “insights and knowledge” are gained simply by virtue of job duties, daily work experiences and continually expanding knowledge of the market space. He also claims that much of what affiliates do is plainly seen in search engines.

While other industries have laws governing use and disclosure of sensitive information (lawyer/client privilege, doctor/ patient confidentiality); there is nothing like that for performance marketing, which has sparked talk of legal intervention.

“A class-action suit would damage the industry’s reputation and create unnecessary long-term distractions in our core businesses of building a sustainable and long-term industry,” Lingham says. “We need self-regulation. The government takes too long to get things done. It should be the stakeholders making these decisions.”

Instead, Lingham suggests that super affiliates and representatives from both the networks and search engines, should have a round-table meeting to discuss the issues about enforcing both data privacy and non-competes with their staff with respect to all their clients.

Most say it’s in the best interest of the networks to nip this in the bud and take a leadership role.

“The networks are in a precarious position here. Their business model only works because of the trust established with the merchants and the affiliates. If the networks aren’t open, ethical and forthcoming about these types of issues, then their role in this industry will be diminished,” says Shubitz.

Danger: Clicking Ahead

Sometimes a click isn’t really a click. Sometimes the person knocking on a website’s door is really a wolf in shopper’s clothing, perpetrating a fraud that wastes marketers’ advertising dollars or steals commissions.

Skip Pratt says his Web hosting company BAPort.com was being defrauded on 20 percent of its clicks. He was so frustrated by the problem that he developed a click fraud analysis application and started PPC Trax, an analytics company.

While most agree click fraud is a growing concern, there is no consensus on just how widespread or costly it has become. Depending on whom you ask, the amount of advertising dollars lost to fraudulent clicks ranges from negligible to as high as 40 percent.

The Interactive Advertising Bureau estimates that from 20 to 35 percent of ad clicks are fraudulent. When asked about click fraud, 25 percent of online marketers say it is not a problem, 45 percent say they are concerned about it and 6 percent view it as a serious problem, according to a 2004 Search Engine Marketing Professional Organization (SEMPO) study.

The study also indicates that the majority of the click fraud is thought to occur on publisher and affiliate sites, not on search engines websites.

Chris Henger, vice president of marketing at Performics, says click fraud is not occurring on a large enough scale to have a material impact on the return on investment of advertisers that are Performics partners. He says click fraud is analogous to shoplifting in the retail world: companies have to watch out for it, but it won’t ruin the industry.

“I recognize that it is an issue, but it has gotten blown out of proportion,” Henger says.

He says that if click fraud really constituted 20 percent of advertising, it would show up in advertisers’ ROI and would cause search-marketing prices to fall.

But some think click fraud is a much bigger deal. ClickRisk president and CEO Adam Sculthorpe says the click fraud he has observed for his clients ranges from 15 to 70 percent of the total traffic. Sculthorpe has detected click fraud occurring on more than 1,200 websites and says his random sampling of log files indicates that “potentially there has been several hundred million dollars of total click fraud since 2003.”

Regardless of the actual numbers, there has been more media coverage of click fraud over the last several months. That media attention fuels the perception that click fraud is on the rise, and that is creating a real problem for search engines and threatening the pay-per-click model.

“After The Wall Street Journal published its article (in April), there was panic in the streets,” says SEMPO president Dana Todd.

Todd says that while the majority of smaller companies have heard about click fraud, many feel they do not have the resources to compare their performance with the reports they get from their search engines.

“Thousands of businesses that spend less than $1,000 a month are not going to spend the time to go through extensive reports,” she says.

Unfortunately for online marketers, there is no surefire technology solution to prevent click fraud from occurring, and it is becoming increasingly difficult to detect. “Despite what anyone tells you, it is technically impossible to stop,” says Steve Messer, CEO of LinkShare.

Messer says click fraud first became rampant in 1998 and 1999, causing LinkShare to shut down its pay-per-click TrafficShare network. “We had Ph.D.s working around the clock on click fraud defense technologies,” Messer says. But like many other cost-per-click networks at the time, LinkShare could not maintain a profitable business.

Commission Junction similarly ceased its pay-per-click advertising in 2001 because of click fraud, according to Elizabeth Cholawsky, the company’s vice president of marketing and product development.

Fraudian Slip

Companies that generate revenue for themselves by clicking on their ads use websites both created expressly to defraud as well as legitimate destinations, according to Ben Edelman, a Harvard law student who tracks online activities. Edelman says legitimate websites that artificially raise their revenue by a small percentage are very difficult for search engines to detect. “The system is set up so companies should be a little dishonest,” Edelman says.

While there are many not-so-bright fraudsters who do not mask their IP addresses and are easily identified, other more nefarious types are developing sophisticated software applications to commit click fraud.

LinkShare’s Messer says software that covertly requests advertisements or other Web pages is freely available on hacker message boards. Clever click fraudsters embed that code within other software – such as chat applications – so that each time a user sends a message, a “click” is also made.

Such click fraud software can be distributed through viruses that exploit software vulnerabilities and permanently reside on users’ machines, creating a network of unknowing accomplices with IP addresses that look genuine, according to Messer.

While ISPs can somewhat protect against spam by blacklisting known spammers and blocking messages with phony IP addresses, there is no automated mechanism for identifying click fraud in real time, says Messer. He says the only way to protect advertising dollars is to identify what appear to be fraudulent clicks after the fact by sorting through server logs.

Also, because advertisers and search engines are unwilling to share information about who is committing click fraud, there is almost no industry coordination in fighting it. Industry groups are talking about it more openly, though, including the Dallas/Fort Worth Search Engine Marketing Association, which has made click fraud the subject of several recent monthly meetings.

Defensive Measures

Along with Pratt’s PPC Trax, several other startups including ClickDefense, WhosClickingWho and VeriClix now offer fraud protection services that separate the wheat from the chaff in Web traffic data. These companies place snippets of code within ad pages that capture and analyze data from the computer requesting the page to look for signs of click fraud.

Pratt says PPC Trax’s software algorithm compares 22 to 24 characteristics of a click, including IP addresses as well as other factors that he considers proprietary information. However, sorting legitimate clicks from fraudulent ones is an imperfect science at best. “It’s virtually impossible to prove click fraud,” according to Pratt, who says he has more than 35 clients.

VeriClix offers a free pay-per-click auditing service that monitors ad programs from Google, Kanoodle, Overture and others. VeriClix founder Jeff Martin says he was working for an advertising agency when he saw an “obvious need” for a service that scrutinizes clickthrough rates. VeriClix is able to provide the service for free because it receives funding from search engine optimization firms Zunch and Search Engine Optimization Advantage.

VeriClix determines suspicious activity based on an algorithm that tracks the frequency of clicks, originating IP address and other identifying information. Advertisers can adjust the number of repeated clicks that are observed before a warning of suspicious activity is generated, according to Martin.

Foxes Guarding the Henhouse

At the heart of the issue for many Web publishers is the role the search engines play in click fraud. Internet advertisers spent $9.6 billion in 2004, and because the lion’s share of advertising dollars are spent through search engine marketing (over $4 billion in North America in 2004 according to SEMPO), the heat is on Google, Yahoo and others to act to limit click fraud.

Search engines have an obligation to monitor clicks as part of the service that they provide to advertisers, Martin says. However, he notes that the search engines have an inherent conflict of interest, since actually identifying click fraud reduces their revenue. Instead Martin suggests that combating click fraud requires an unbiased third-party auditor.

“Yahoo and Google have created a new business model that has grown beyond the proportions of what they ethically should be handling themselves,” Martin says.

But search engines have been slow to address click fraud, according to Greg Sterling, managing editor with analyst firm The Kelsey Group. “Click fraud threatens to erode confidence in the pay-per-click model,” he says. “Search engines haven’t done a lot to counteract the negative publicity.”

LinkShare’s Messer says that, for now, Google is growing faster than click fraud so it is not as noticeable, but advertisers’ return on investment may depreciate over time. Messer tells his customers not to bid on Google’s keyword program. “We won’t work with AdWords,” he says.

Performics’ Henger says that Google and Yahoo have always paid attention to customer concerns and are doing what they can to fight click fraud. “Google would not be so foolish as to turn a (blind) eye to click fraud just to make a few extra million dollars today and jeopardize its long-term business,” he says. Henger notes that Google and Yahoo have the proper financial incentives to control click fraud.

Google’s Role

Google CFO George Reyes shook up the search world when he told audience members at an investor news conference that click fraud poses the single biggest threat to the company’s business model.

Google business product manager Shuman Ghosemajumder wouldn’t say how much click fraud the search engine sees on its website, but contends that the amount is not increasing. “Overall losses due to click fraud are very small,” he says.

Google employs Web analysis software that automatically filters out any traffic that the company considers fraudulent before the company sends reports to its advertisers, according to Ghosemajumder. “We can’t prevent it from happening, because the action comes from an external source, but we can prevent the action from having an effect on advertisers,” he says.

Google has scientists and artificial intelligence experts on staff to fight click fraud, but Ghosemajumder declined to say how many employees are involved in the effort.

Google provides free conversion tracking software so that its customers can look for suspicious fluctuations in clickthrough ratios, and the company has a department dedicated to resolving customer disputes over click fraud. Detecting click fraud “is all about finding patterns,” and Google is spending a lot of money researching how to identify those patterns, Ghosemajumder says.

Ghosemajumder says that fraud (such as inflating circulation numbers) occurs in print media as well. “We provide one of the most accountable forms of advertising available,” he says.

Click fraud perpetrators may be unafraid of their actions because thus far there have been no criminal prosecutions. Ghosemajumder thinks that may change someday, noting that people have been successfully prosecuted for writing viruses or denial of service attacks, which are similar activities aimed at interfering with the operation of a business.

The Price of Isolation

Finding broad patterns of click fraud across the advertising universe has been a challenge because companies consider Web analysis data proprietary information. Unlike group efforts to combat spam and track computer viruses, search engines, advertisers and click fraud analysis companies have not shared information about when and how fraudsters are acting.

PPC Trax’s Pratt says his company does not compile click fraud statistics because the data is the property of his clients. VeriClix’s Martin says that search engines should provide more data to give advertisers a better view of their clicks.

“Google is holding information [about click fraud] close to the vest,” says Martin. He believes that search engines should make public all information about click rates that are not trade secrets.

Martin says that search engines should provide an application programming interface that would allow click data to be automatically extracted and compiled by third parties.

The data would not identify the advertiser and makes it possible to identify patterns of click fraud across the Internet. Impartial clearinghouse companies could mediate between advertisers and search engines and give advertisers greater confidence in the pay-per-click model since search engines have an inherent conflict of interest in tracking fraud (each click identified as spurious reduces their revenue).

Requiring search engines to turn over click data to third parties would be a reasonable request, according to Henger of Performics. Akin to the debate over global warming, some parties will continue to say that click fraud is an imminent threat of apocalyptic scale, while others say it is merely a mild irritant. However, search engines wanting their industry to continue its incredible growth will have to persuade the court of public opinion that click fraud is not a significant problem, and that they are doing all they can to fight it.

“Search engines have a responsibility – it’s a trust issue,” says SEMPO’s Todd. She says search industry participants should work together to “create a massive anonymous data pool” that would enable click fraud to be more easily tracked. “We don’t want to go back to the insanity of the ’90s where ad dollars are taken for granted.”

Regardless of where you rank click fraud on your scale of big cyber offenses, most agree that some level of action needs to be taken to help stop it and to move online marketing forward.

JOHN GARTNER is a freelance writer in Portland, Ore. He is a former editor at Wired News and CMP. His articles regularly appear on Wired.com, AlterNet.org and in MIT’s TechnologyReview.com.