Imagine that your registrar informs you the domain you’ve been eyeing would soon become available for purchase. That’s good news. However, your security adviser told you to make sure a domain is threat-free before you buy it. So you visited the current hosted site and got an alert from your security solution saying it isn’t safe to access. Do you still think you should go ahead with the purchase?

A warning like the one you got indicates that the domain is probably on someone’s blacklist. Most users would avoid harmful sites for fear of identity theft and fraud. Let’s take a look at one of the blacklists every website owner or administrator should avoid ending up in—the Google Blacklist.

What Is the Google Blacklist?

Although the search giant doesn’t call its list of quarantined websites a “blacklist,” it does admit to restricting its search users from accessing at least 10,000 websites a day. Domains that are part of this list spell bad news not just to potential site visitors, but more so for anyone planning to purchase them.

Google blacklisting is part of the company’s Safe Browsing Program launched in 2007. The project was the search giant’s response to the growing threat of malware and other cyber attacks, specifically phishing.

Most blacklists look at email activity. Any domain that sends lots of spam instantly lands in a blacklist that severely affects its owner’s email deliverability. Email blacklists are either maintained by Internet service providers (ISPs) or by third parties (usually independent organizations like the Spamhaus Project).

What sets the Google Blacklist or the Safe Browsing Index apart is that it screens domains based on three criteria: social engineering, malware presence, and unwanted software presence.

What Lands Domains in the Google Blacklist

Social Engineering

Social engineering, in its online form, is a known cybercriminal tactic frequently appearing around phishing, deceptive content, and improperly labeled third-party services.

Domains that have been compromised to send user data to remote malicious sites are cited for phishing and deceptive content. Attackers typically create fake e-commerce forms within an insufficiently secured domain’s infrastructure to steal credentials inputted into these.

Domains cited for improperly labeled third-party services, meanwhile, include those that organizations run for others but don’t clearly state how they are related. An example of this is a content aggregator for a start-up but doesn’t declare the partnership. Google would blacklist the site because it appears to be stealing the intellectual property of the company the aggregator serves.

When accessed, sites hosted on domains that Google suspects of social engineering display these error messages:

• Deceptive Site Ahead
• Website Request Forgery
• Suspected Phishing Site

Malware Presence

Google screens websites for malware. Any site found hosting or containing embedded links to malware-laden pages are immediately quarantined. These sites include those that have been hacked by cyber attackers to serve their malicious needs.

Sites cited for malware presence display these warnings:

• Suspected malware site
• This site has been reported as unsafe
• Danger! Malware Ahead!
• The site ahead contains harmful programs
• The site ahead contains malware
• Reported Attack Page!

Unwanted Software Presence

Google’s definition of unwanted software include:

• Hard (or impossible) to remove programs
• Applications that collect or transmit private information without the users’ knowledge or consent
• Programs that pretend to be something they’re not
• Applications that come bundled with other software that isn’t listed as part of the package
• Programs that can cause system problems
• Applications that trick users into installing them

Unwanted pieces of software often do things like switch users’ browser homepages or add unnecessary features to their search bars. The same warnings that come with malware presence are issued when domains that drop unwanted software are accessed.

How Would I Know If a Domain Is Blacklisted?

Readily available tools can provide detailed information that would help organizations maintain reputable domains. One option is by checking blacklistalert.org. This tool lets users check if a domain, a website, or an IP address is in any list for online violations.

Another option is to use a domain reputation API, which checks a domain for Secure Sockets Layer (SSL) certificate validity and vulnerabilities, among others. It ranks domains based on how unsafe or safe it is to access.

A domain’s reputation doesn’t solely rely on its current state. There are cases when owners give up their domains because these ended up on a blacklist. Make sure you aren’t purchasing one by running a historical domain lookup. WHOIS History API, for instance, would tell you all about a domain’s past, including its prior registrants, registrars, name servers, and any other modification its record has undergone.

Using WHOIS History API with reverse WHOIS data monitoring would reveal even more details about a domain such as an email address that’s tied to an attack. Avoiding the domain related to that email address, therefore, is already a step away from domain blacklisting.

* * *

Any domain that’s part of a blacklist, especially the one run by Google, presents considerable risks to its owner. When planning to buy a domain, do a thorough background check first to avoid trouble. Use available domain intelligence tools because the repercussions are no laughing matter.