On the Soapbox

Did you know that TIME has a blog? Can you guess what the address is? blog.time.com? Nope. time.com/blog? Nope. It's time-blog.com. Instead of the usual microsoft.com/windows website, Microsoft is running ads for Windows Mobile that point users to windowsmobile.com. Chevron's ads for their alternative energy initiative point users to willyoujoinus.com instead of something like alternatives.chevron.com (and this isn't an attempt to disassociate the brand name from the campaign because the URL in the print ad appears right next to a big Chevron logo). And there was a recent pharmaceutical ad that I saw that pointed people to a domain that looked like askabout[drugname].com.

Ideally, Internet addresses that belong to the Example Corporation should be in the form of division-name.example.com or example.com/product-name or example.com/campaign-name or service-name.example.com or region.example.com (for the company's regional divisions) or something else that is located squarely within the example.com domain. But instead, companies are now using promotion-name.com or company-service.com or companyusa.com. Instead of adding new addresses to the company's main domain, they are using a new domain name for every new website that they put up.

This is annoying and bad for two reasons. First, this is semantically impure and defeats the hierarchal and organizational structure of DNS and URIs. This is organizational equivalent of dumping all your paperwork in a single box instead of filing them into different folders and drawers. But this is only a minor problem that probably only purists like me would angrily shake their fists at.

The second problem is one of security and trust. A recent article discusses how scammers are registering sites that try to fool users into inputting their login information into a fake look-alike site. These scammers would register domains like citibank-secure.com, citibank-update.com, citibank-login.com, etc.; these are addresses that look like they belong to and are affiliated with CitiBank. The obvious solution would be to educate users that anything.citibank.com and citibank.com/anything are the only legitimate addresses because they reside within the CitiBank domain and are thus under the control and jurisdiction of CitiBank. This is where the issue of trust comes in because citibank-login.com resides within the domain of .com and is thus under the jurisdiction of, effectively, nobody. Unfortunately, few people realize that, because of how DNS works, any guy off the street can create a website at citibank-something.com while only CitiBank can create a website within the citibank.com domain. This lack of understanding is strongly reinforced as people are trained to accept that sites like time-blog.com are legitimate sites owned by TIME (why on earth blog.time.com couldn't be used it beyond me; if anything, "blog dot time dot com" is easier to say and remember than "time hyphen blog dot com") and that companyname-service.com is a legitimate site owned by companyname.com, then this attempt at user education becomes futile (to be sure, it was mostly futile to begin with, but now it's even more futile). Oh well. Companies have long been shooting themselves in the foot in terms of security.

PS: There are a number of companies that do it right, however. AMD's ad campaign directs people to amd.com/lessmoney. Similarly, Xerox, IBM, Intel, and Computer Associates do the same thing with the websites for their ad campaigns. While some of Microsoft's campaigns use improper domains, most of their print ads direct people to addresses like microsoft.com/peopleready. Unlike TIME, The Economist's blog is located within their own domain at economist.com/debate/freeexchange (though they could've picked a shorter name). Finally, while Google uses gmail.com for the domain of their e-mail service because it's shorter to remember and type for the @ part of their e-mail addresses, the actual login and webmail interface is located at mail.google.com. These offending companies should take a cue from the companies that handle domain usage properly and do things right.

PPS: Now that people are accessing websites via search engines, the need for short, memorable domain names isn't nearly as important, which makes the use of a separate catchy domain name fairly pointless. Not to mention that in many cases, these separate domains can be just as hard to remember, if not more. For example, when you sit down at the computer several minutes after hearing a pharmaceutical ad, could you remember if it was askabout[drugname].com, learnabout[drugname].com, or tellmeabout[drugname].com that was mentioned in the ad? Furthermore, that drug company's rivals could register "learnabout" and "tellmeabout" in an attempt to capture confused visitors who didn't remember the name quite right. Of course, this wouldn't be a problem if the first company made proper use of its domain names because there is no memory ambiguity in companyname.com/drugname.

Edit: Another addition to the Wall of Shame: verizon.net vs. verizonwireless.com vs. vzwshop.com.