Cookie-Stuffing Targeting globat.com
Cookie-Stuffing Targeting Major Affiliate
Merchants - Ben Edelman
This page reports cookie-stuffing by coupon-monkey.com, targeting globat.com.
As of November 8, the http://www.coupon-monkey.com/coupon-categories/web-hosting-coupons.php page included an IMG (image) tags that, in its SRC ("source") tag, referenced a Commission Junction tracking link. See the following IMG code, taken directly from the page's HTML code.
<img align='right' src='http://www.qksrv.net/click-1446676-9488406'>
As my ordinary Internet Explorer browser loaded this page (i.e. without me clicking on the image or on any other part of the coupon-monkey web page), my browser requested the /click-... link from Commission Junction. The CJ /click link returns a series of redirects that ultimately take the user to a globat.com landing page. Internet Explorer requests these redirects notwithstanding that the /click link originates in an IMG tag -- a HTML construct capable only of showing an image, and incapable of showing a full web page of the sort ultimately returned by /click links. Furthermore, Internet Explorer sets cookies as instructed by the Set-Cookie headers in the various CJ redirects. As a result, notwithstanding that the CJ tracking link has been placed in an IMG tag rather than, e.g., in an IFRAME, the IMG tag is nonetheless successful at cookie-stuffing, and at setting tracking codes such that a user's ultimate signup with globat.com will cause commission to be paid to asmartcoupon.com.
No other link, IMG tag, or other HTML element on this page includes any CJ /click link.
I captured the resulting on-screen display in a video (WindowsMedia format, view in Full Screen mode). I also preserved a full packet log of these findings and a full listing of the resulting cookies files.
Update (March 2005): Staff from Coupon-monkey.com recently wrote to me to represent that their reference to a CJ /CLICK link within an IMG tag was an error. Coupon-monkey staff say they intend to follow all applicable CJ rules, and they say this error was corrected when brought to their attention. Reviewing other pages on the Coupon-monkey site, I see no other pages currently using the IMG-based cookie-stuffing method, nor any other cookie-stuffing method, and Coupon-monkey's statement of the sequence events leading to the error (a copy-and-paste into the wrong field) seems credible and believable under the circumstances. I therefore tend to credit Coupon-monkey's claim that the cookie-stuffing at issue was unintentional.
In my testing, this is but one of many affiilate web sites targeting this and other merchants. For example, the #1 Google result for "globat coupon" is www.consumernow.com/Globat_coupon , which uses cookie stuffing precisely along the lines of that shown as to consumernow's targeting of Toshiba, Netzero, JCWhitney, and DentalPlans.