Education·

Park Your Car, Not Your Domain Name

Most expired domains don't disappear — they get parked, monetized, and re-rented to whichever ad network pays the most. Here's what that means for any link on your site that points at one.

A parked domain is a domain that's registered but not actually used. There's no real site behind it. What loads when you visit is a placeholder page generated by a parking service — usually a wall of ads, sometimes a "buy this domain" form, sometimes both. The owner doesn't write the page; the parking company does, on the fly, per visitor.

That last detail is the one that matters: parked domains are dynamic, and what they show you isn't what they showed someone else.

How parking actually works

Parking services (Sedo, GoDaddy CashParking, Bodis, ParkingCrew, Above.com and a long tail of smaller operators) run the same playbook. The registrant points the nameservers at the parking provider. The provider sells the page's ad inventory through programmatic ad networks. The ad networks target ads using whatever they can scrape from the request — geolocation, referrer, the domain name itself, sometimes browser fingerprints.

The ads change constantly. Two people loading the same parked URL from different countries on different devices won't see the same page. Two people loading it from the same country an hour apart often won't either.

Why this is a problem for anyone linking out

When the upstream ad pool is "whatever the network surfaces today," you eventually get:

  • Phishing landing pages dressed as login forms or shipping notices
  • Adult and gambling ads, often country-targeted in ways the operator doesn't even know about
  • Fake software-update prompts, "your Mac is infected" interstitials, and forced redirect chains
  • Crypto-drainer pop-ups and scam offers with very short URLs

The page that's safe at 9am can be hostile at 2pm. There is no version-control on a parked domain.

How sites end up linking to one

Nobody links to a parked domain on purpose. The pattern is mechanical:

  1. A site you trusted — a vendor docs page, a reference article, a small SaaS — quietly stops being renewed.
  2. The domain hits the drop pool. A dropcatcher buys it within hours, sometimes seconds.
  3. The new owner doesn't want to build anything, so they park it. The parking service starts serving ads against the residual traffic — including every link from your blog, your KB, your old email campaigns.

A blog post you wrote two years ago is now a click-through to whatever the highest bidder served this morning.

Why search engines, regulators, and customers all care

  • Trust. A visitor who lands on a malware-warning page or a sportsbook ad after clicking your "Read more" link doesn't blame the parking company. They blame you.
  • SEO. Google has been deprioritizing sites with high outbound-link-rot ratios for years. A spike in dead or parked outbound destinations is a measurable demotion signal.
  • Compliance. Healthcare, education, government, and regulated finance all have content-adjacency rules. A link from a .gov or .edu page to gambling or adult content is a finding.
  • Brand. Customers screenshot. Screenshots end up in support tickets.

What LinkSentry actually does about it

We watch the outbound destinations on your pages and flag the ones that have become parking, malware, or low-reputation hosts. That includes the cases the user's directive cares most about:

  • Links pointing at known parking nameservers (the Sedo / Bodis / GoDaddy CashParking IP ranges and DNS signatures are stable and identifiable)
  • Domains that started serving content that doesn't match what they served when the link first appeared
  • Domains on threat-intel blocklists for malware, phishing, or scam delivery
  • NSFW or category-restricted destinations a regulated site shouldn't link to
  • Links that have become dead outright

You get the alert before the customer does. That's the only useful timing on this kind of problem.

Share this article