Ask HN: Why buy domains and 301 redirect them to me?

Hacker News Discussion ↗

Motivations for 301‑redirecting lookalike domains

  • Phishing and brand impersonation: use similar domains in emails or ads, but redirect root / to the real site so casual checks look legitimate.
  • Extortion / resale: build some traffic or perceived “legitimacy” on the fake domains, then try to sell them to the real company or threaten to stop redirects.
  • Domain aging and reputation building: attach a new domain to a legit service for a while so it looks older and safer for future abuse.
  • Negative SEO or reputational damage: create toxic backlinks or associate the brand with scammy domains to harm ranking and trust.
  • Benign/defensive: a few anecdotes of people buying mistyped or related domains and redirecting them purely to protect a project or charity.

Phishing and fraud patterns

  • Send fake password reset / invite / invoice emails from the impersonating domains.
  • Host hidden phishing routes that don’t redirect, while everything else 301s to the real site.
  • Vary content by geography, user‑agent, referrer, or time (e.g., only show phishing to SMS victims, Google traffic, or non‑owner regions).
  • Use domains in invoice scams or credit fraud, presenting them as the official company site.

SEO and domain‑reputation plays

  • Classic trick: buy expired / high‑backlink domains and 301 them to another site to transfer ranking.
  • Use redirecting domains to outrank the real brand, then later swap redirects for phishing or ad‑stuffed pages.
  • Some mention “negative SEO” via bad backlinks or penalized domains; impact is discussed but not firmly established in the thread.

Detection and technical nuances

  • Consensus: from the destination site, you generally cannot reliably detect that a user arrived via a 301; HTTP Referer and Origin do not record redirects.
  • Referrer‑policy can suppress referrers entirely, further limiting detection.
  • 301s are “sticky” in browsers and sometimes CDNs, complicating investigation.
  • Cloaking techniques: serve normal redirects to some visitors, malicious content to others, including Googlebot‑only spam.

Mitigation strategies discussed

  • Block or treat with suspicion traffic believed to be from suspect domains; some suggest warning pages, others prefer quietly dropping it.
  • Use Google’s Disavow Links and check for manual actions.
  • File complaints with registrars/hosts and rely on trademark or IP where applicable.
  • Add canonical tags, CSP frame-ancestors, and anti‑iframe measures.
  • Monitor for similar domains, indexed pages, and backlink patterns on an ongoing basis.

Unclear/contested points

  • How much 301‑based abuse still influences modern SEO is debated.
  • Effectiveness and side effects of referrer‑based blocking or redirect‑back strategies are contested.