Keep Your Domain Safe
Controversy over Domain Name Front Running
On January 8 and 9, 2008 Hugh Pickens wrote the following section on Network Solutions' alleged Domain Name Front Running for Wikipedia:
- On January 8, 2008 Domain Name Wire published a story alleging that Network Solutions practices domain name front running. "If you try to register a domain at Network Solutions, but decide not to register it, you won’t be able to register it anywhere else," the article says. "Network Solutions registers the domain in its company name with the words 'This Domain is available at NetworkSolutions.com'." Circle ID reported on January 8, 2008 that Jonathon Nevett, Vice President of Policy at Network Solutions and one of the seven members of the ICANN community who was consulted by the ICANN committee looking at domain tasting abuse, had offered a response to the news story stating Network Solution's policy. The policy was "a security measure to protect our customers," said Nevett. "When a customer searches for an available domain name at our website, but decides not to purchase the name immediately after conducting the search," Nevett added, "after the search ends, we will put the domain name on reserve." Nevett said that if the domain was "not purchased within 4 days, it will be released back to the registry and will be generally available for registration."
- Jay Westerdal, one of the seven members of the ICANN community who was consulted by the ICANN committee looking at domain tasting abuse, published an article on Domain Tools on January 8, 2008 stating that Network Solutions is exposing the domains to domain tasters. The domain tasters "will snipe those domain up milliseconds after Network Solutions deletes them," says Westerdal. "It is a deplorable action that Network Solution would announce potential domain names to the entire world," Westerdal added. On January 8, 2008, Tucows, the largest publicly traded domain name registrar, published an article on their company web site titled "Registrar Reputation and Trust" criticizing Network Solutions policy. "Potential Registrants are effectively forced to purchase the domain from Network Solutions for a period of four days at which point the domain is dropped," wrote Tucows employee James Koole. Koole says that Tucows has found a way to address the issue of domain tasting and have policies in place that uphold the rights of Registrants. "Tucows works to prevent domain name tasting by charging our Resellers a monetary fee on domain name registrations that are cancelled within the five-day Add Grace Period (AGP)," Koole said. "Tucows doesn’t use WHOIS query data or search data from our API to front-run domain names," Koole added.
Keep Your Domain Safe
On December 28, 2007 Hugh Pickens wrote for slashdot:
- Daily Domainer has a story alleging that there may be a leak that allows domain tasters to intercept, analyze and register your domain ideas in minutes. 'Every time you do a whois search with any service, you run a risk of losing your domain,' says one industry insider. ICANN's Security and Stability Advisory Committee (SSAC) has not been able to find hard evidence of Domain Name Front Running but they have issued an advisory (pdf) for people to come forward with hard evidence it is happening. Here is how domain name research theft crimes can occur and some tips to avoiding being a victim.
- Domain Name Wire. "Network Solutions Faces PR Nightmare Over Domain FrontRunning" January 8, 2008.
- ICANN. "SAC 022 SSAC Advisory on Domain Name Front Running" (Page 10). October, 2007.
- Circle ID. "Network Solutions Responds to Front Running Accusations" by CircleID Reporter. January 8, 2008.
- Domain Tools. "Network Solutions steals domain ideas; Confirmed!" by Jay Westerdal. January 8, 2008.
- Tucows. "Registrar Reputation and Trust" by James Koole. January 8, 2008.
There were over 300 comments posted on a story about "Keeping Your Domain Safe" written by Hugh Pickens and published on Slashdot on December 28, 2007.
There were over 600 comments on a story about Domain Name Front Running published anonymously on January 8, 2008 on Slashdot.
- Last week an associate of mine was bulk-checking 200+ generic typo domains through a software that shall remain unnamed for now. All of the domains were available. But less than 2 minutes later, more than 50 of the domains had been registered by a number of different offshore companies from the Bahamas. There is no way this could be a coincidence. And if you read the more recent comments in the above mentioned article, it's clearer than ever before that there are severe leaks somewhere that allow domain tasters to compromise your domain searches and steal your domain ideas.
- "In this Advisory, SSAC begins with a premise that checking the availability of a domain name can be a sensitive act which may disclose an interest in or a value ascribed to a domain name. SSAC suggests that any such domain name availability lookups should be performed with care. Our premise is that a registrant may ascribe a value to a domain name; that unintended or unauthorized disclosure, or disclosure of an availability check by a third party without notice may pose a security risk to the would-be registrant; and that availability checks may create opportunities for a party with access to availability check data to acquire a domain name at the expense of the party that performed an availability check, or to the benefit of the party that monitored the check. We attempt to assess these risks and suggest ways that information could be collected and used to engage in domain name front running activities."
- "It is such a strong urge to type the domain name into the address bar and see what website comes up. Most users think perhaps there is already a company using the name and this will be a quick end to the question. Wrong! This is the most dangerous thing to do. Internet Service Providers (ISP) sell NXD data. You may be asking yourself “What is NXD data and how does that effect my domain research?” Non-eXistent Domain (NXD) Data is a response the DNS system tells the asking computer if resolution on an IP address fails because the domain doesn’t exist. Yes, ISPs sell this data. I personally talked with a representative that gave me her business card and quoted me a six figure number for access to their NXD data. These domain name research companies actually buy this data and register those domains to see what generates money. Their hope is that if people at one ISP represent 1/5000th of the Internet, they might receive 5000 visitors a month from all the other ISPs around the world according to that ratio. So by testing a theory with DNS, people are telling these companies what domains to ‘taste’. Ironically, this type of behavior will have a chilling effect on direct navigation which actually hurts the domain parking industry as a whole."
Please add suggested references and comments about this story on the discussion page.
About this Web Site
Stories on Slashdot
Contributions to Wikipedia
Engineering and Project Management
My blog entry on why I enjoy writing for Wikipedia.
This is an experimental Wiki to investigate internet-based cognitive tools.
- Slashdot. "Domains May Disappear After Search" by Hugh Pickens. December 28, 2007. Cite error: Invalid
<ref>tag; name "PCOLSlashdot" defined multiple times with different content
- Daily Domainer. "Who Is Really Monitoring Your Domain Searches?" October 19, 2007.
- ICANN Security and Stability Advisory Committee. SAC 022. SSAC Advisory on Domain Name Front Running" October 2007.
- DomainTools Blog. "Stealing domain name research" by Jay Westerdal. March 20, 2007.