Light bulb Limited Spots Available: Secure Your Lifetime Subscription on Gumroad!

Parked Domains Are Now a Privacy Nightmare: What Gmail Users Need to Know

A new study reveals that over 90% of parked domains now redirect to malicious content, including typosquat domains that target Gmail users.

The Alarming Shift in Parked Domains

A new study by security firm Infoblox has uncovered a disturbing trend: more than 90% of visits to parked domains now result in exposure to scams, malware, or phishing attacks. Just a decade ago, malicious content appeared on fewer than 5% of these sites.

Parked domains are website addresses that have been registered but are not actively used for legitimate purposes. They include expired domains, placeholder sites, and most concerningly, typosquat domains designed to capture users who mistype popular website addresses.

The Gmail Typosquat Threat

For Gmail users, one finding from the Infoblox research is particularly alarming: the domain gmai.com (missing the "l" in Gmail) has operational mail servers actively capturing misdirected emails.

This means that if you accidentally share your email address with a typo, or if someone mistypes when sending you an important message, that communication could end up in the hands of malicious actors. Sensitive information like password reset links, financial statements, or personal correspondence could be intercepted.

The researchers found that one threat actor alone controls approximately 3,000 lookalike domains targeting major brands including Netflix, YouTube, Google, Microsoft, eBay, Amazon, and Yahoo.

Visualization of malicious parked domains targeting users

How Attackers Profile Their Victims

The Infoblox study revealed sophisticated visitor profiling techniques used by these malicious domains. When you land on a parked domain, the site collects:

  • IP geolocation data to determine your physical location
  • Device fingerprinting to identify your browser, operating system, and device type
  • Cookie information to track your browsing history

This profiling determines what content you see. Visitors using residential IP addresses are immediately redirected to scams, while those using VPNs or data center IPs are shown benign parking pages. This makes it difficult for security researchers to detect the malicious behavior.

Why This Matters for Email Privacy

The parked domain threat compounds existing email privacy concerns. Consider this scenario: you receive an email containing a tracking pixel and a link to a lookalike domain. If you open the email, the tracker reveals your location, device, and the time you read the message. If you then click the malicious link, you could be redirected to a scam site that attempts to steal your credentials or install malware.

This is why comprehensive email privacy protection matters. Blocking tracking pixels prevents senders from profiling when and where you read emails, while being aware of typosquat threats helps you avoid dangerous links.

Protecting Yourself from Parked Domain Threats

Security experts recommend several protective measures:

  • Use bookmarks for frequently visited sites rather than typing URLs manually
  • Enable a password manager which will only autofill credentials on legitimate domains
  • Consider DNS filtering services like NextDNS that block known malicious domains
  • Use browser security extensions that warn about suspicious sites
  • Block email trackers to prevent senders from profiling your behavior before you even click a link

For Gmail users specifically, tools like Gblock help protect your inbox by blocking tracking pixels that could be used in conjunction with phishing links. When senders cannot confirm you opened their email, they have less information to use in targeted attacks.

The Root Cause: Advertising Policy Changes

Interestingly, the surge in malicious parked domains stems from a policy change intended to improve security. In March 2025, Google began requiring advertisers to deliberately opt in to having their ads appear on parked domains, rather than including them by default.

While this reduced legitimate advertising on parked domains, it inadvertently pushed domain operators toward less regulated "direct search" monetization models. In these systems, the highest bidder wins placement, and scammers can outbid legitimate advertisers to serve malicious content.

Stay Vigilant

The evolution of parked domains from harmless placeholders to active threat vectors is a reminder that online security requires constant vigilance. Double check URLs before clicking, use security tools that protect your privacy, and be especially careful with any links received via email.

Protect your inbox. Take control of your data. Gblock has you covered!