This happens fairly often. But honestly it's a bit ridiculous that Google suggests that you change from a .co.uk to a .com to resolve the issue. That is NOT an option unless they're going to pay for the domain and the domain migration.
I would keep pushing back on that, there is no way that you need to move to another TLD.
They say that the site is "compromised and has malicious software", I bet it's actually something else, like a site that you're linking out to that's compromised and malicious--that's happened quite a bit in cases where sites are flagged like this in Google Ads.
The logical thing to do would be to provide that feedback as part of the assessment, if they're linking to a compromised site. Even that seems flawed, however. If OPs site is marked as compromised (and isnt) and someone links to it, will they then also be denied access to advertising because their site is now compromised? Soon thereafter I imagine that we have a runaway cascade and everyone is "compromised".
> Soon thereafter I imagine that we have a runaway cascade and everyone is "compromised".
The web isn't as well woven as it used to be. They'll just harm a bunch of innocent people, not numerous enough for the public at large to even notice.
Android and Chrome are not great examples. They already open source projects (or 99.9% based on open source AOSP and Chromium codebases), which themselves only survive because Google is funding tons of engineers to work on them.
The cut should be in the vertical integration stacks. Like in Apple's case between the hardware and OS, between the OS and the App Store.
In Google's case, their hardware is already open, they mostly keep apps in their walled garden (and take their 30% troll tax) with things like GooglePlay and other Google "services", not sure how that would be something to break apart.
Realistically, the best outcome we can hope for is breaking Ads away from Search.
What I don't understand is why companies and brands like this just don't use NameBlock or a similar domain blocking service like GlobalBlock.
They literally can block domain names that have their company name or brand in them from being registered (up to 500 variations of their domain).
It's literally like $99/year to place a block. Saves a lot of the hassle of having to deal with parody and phishing sites and trying to take them down.
Just block the domain(s) from being registered in the first place.
This reads kind of like an advertisement. Plus it's subtly wrong.
My experience with the NameBlock API is that for those $99/year, they'll allow you to automate purchasing all similar domains. But then you have to pay registration fees on all of those domains, too. It's only $10/month per typo domain that you buy, but it sums up really quickly.
You're thinking of some other service, not NameBlock or GlobalBlock. There's no automated purchasing of all similar domain names. You don't pay registration fees, as the domains that end up being blocked will never be registered by anyone (not even you).
There literally is a block on the variations, it works at the Registry level not the registrar level.
I didn't grab the pricing info for NameBlock because it requires you to sign an NDA to even see the pricing. I also don't see a list of TLDs they support.
If you place a block on a brand/companyname (a string of characters), then no one can register a domain name that contains those strings of characters. They also block up to 500 variations (placing a block on 'paypal' would get 'paypa1' blocked as well.
Those domains that are blocked won't be 'parked', someone trying to register the domain that's blocked, it will just say it's not available for registration.
I doubt it. They are protecting against variations of "crowdstrike"...Not every variation of domains with the word "strike" in it. That would go beyond reasonable.
You'd be surprised. I recently parked some big name domains ending in various common TLDs in the world of government contracting. They did utilize some sort of parking or service to do it for them, but certainly not enough.
The real question is if you’ll miss that feature. It’s one of the most useless things they added to the watch just because they had nothing else they could. This and the wash your hands reminder lol.
That 'policy' is still actually in effect, I believe, in Google's webmaster guidelines. They just don't enforce it.
Years ago (early 2000s) Google used to mostly crawl using Google-owned IPs, but they'd occasionally use Comcast or some other ISPs (partners) to crawl. If you were IP cloaking, you'd have to look out for those pesky non-Google IPs. I know, as I used to play that IP cloaking game back in the early 2000s, mostly using scripts from a service called "IP Delivery".
Is it even well defined? On the one hand, there’s “cloaking,” which is forbidden. On the other hand, there’s “gating,” which is allowed, and seems to frequency consist of showing all manner of spammy stuff and requests for personal information in lieu of the indexed content. Are these really clearly different?
And then there’s whatever Pinterest does, which seems awfully like cloaking or bait-and-switch or something: you get a high ranked image search result, you click it, and the page you see is in no way relevant to the search or related to the image thumbnail you clicked.
For context, my team wrote scripts to automate catching spam at scale.
Long story short, there are non spam-related reasons why one would want to have their website show different content to their users and to a bot. Say, adult content in countries where adult content is illegal. Or political views, in a similar context.
For this reason, most automated actions aren't built upon a single potential spam signal. I don't want to give too much detail, but here's a totally fictitious example for you:
* Having a website associated with keywords like "cheap" or "flash sale" isn't bad per say. But that might be seen as a first red flag
* Now having those aforementioned keywords, plus "Cartier" or "Vuitton" would be another red flag
* Add to this the fact that we see that this website changed owners recently, and used to SERP for different keywords, and that's another flag
=> 3 red flags, that's enough for some automation rule to me.
Again, this is a totally fictitious example, and in reality things are much more complex than this (plus I don't even think I understood or was exposed to all the ins and outs of spam detection while working there).
But cloaking on its own is kind of a risky space, as you'd get way too many false positives.
Do you have any example searches for the Pinterest results you're describing? I feel like I know what you're talking about but wondering what searches return this.
As the founder of SEO4Ajax, I can assure you that this is far from the case. Googlebot, for example, still has great difficulty indexing dynamically generated JavaScript content on the client side.
Did they really close the 'loophole' though? Jake said on Twitter they were actually hit with a manual penalty. So doesn't seem like it's patched. Seems like if he didn't boast about it they'd still be doing well.
I’m actually curious, how did Google do that? The guy who did it did it in a very obvious way, but I’m assuming you can just schedule a lot of posts that would drop once a day, make the AI to use different language structures and change the underlying AI model in general (e.g. switch between OpenAI, Mistral and whatever) and slow drip submit the posts. How would Google know they’re “mass generated”?
The original poster of that Tweet (Jake) admitted they got a manual penalty. Also, clearly Google didn't fix it because if not Google wouldn't be 'overwhelmed' with this current spam attack going on. If you look into the attack it's mass generated absolute spam garbage pages on hundreds if not thousands of separate domains. So it is definitely not fixed.
I get what you're saying, it's weird to interview him as a Google employee. But actually it would be really weird if they didn't include Danny Sullivan in the article in some capacity. Danny Sullivan, over the years, has been so influential and such an influential voice when it comes to Search and SEO. He previously was on the other side, not working for Google.
I own the domain of my last name. Several family members use (firstname@lastname.com).
I once went to get a new phone at Best Buy, and the employee needed my email address. I gave it to here (firstname@lastname.com) and she insisted that it was NOT my email address. She insisted that it MUST end in @gmail.com or @yahoo.com, something like that.
We frequently sign up for stuff online, and when we enter our email address it won't let us sign up... we figured it is because the email address is too similar to our actual name, the name we've entered in the 'first name' and 'last name' fields (it happens to both me and my wife at least 2-3 times a year).
I have the same, firstname@lastname.com/uk/.co.uk/etc; my family name alone is an absolute pain in the arse for most British English speakers to spell when given it verbally; to make matters worse, when I give people my email, over the phone for example, I get the combination of "what's it @?" and then when they finally get there, that my last name is after the @, another 5 minutes to get them to spell it correctly; Some, despite this dance still end up never getting it right.
My wife constantly (half-jokingly) reminds me of how much of an PITA I've caused her with my name (that she took), when her maiden name was so sophisticated and easy compared to my weird, unidentifiable, "foreign" (I'm British/English) one.
EDIT to add: I don't often have issues with forms, but I reserve that particular address for "important" family related things, the sort of account where I _know_ if I receive an email to it, I need to read it. Everything else I use a gmail for (as does my wife).
Whereas I made the opposite mistake of having firstname@outlook.com
I get ungodly amounts of spam, relentlessly, from everyone. Because anyone over the age of 50 seems to give it as their email to companies like Target.
Yeah, I've had issues with firstname@lastname.name, but only with terrible regex validation logic that thinks a TLD can't be 4 characters long. And some quizzical replies from people: "dot name? Is that new?" Yeah, I say. Its pretty new.
reply