Keep Your Domain Safe
Keep Your Domain Safe
Hugh Pickens writes
- Daily Domainer has a story alleging that there may be a leak that allows domain tasters to intercept, analyze and register your domain ideas in minutes. 'Every time you do a whois search with any service, you run a risk of losing your domain,' says one industry insider. ICANN's Security and Stability Advisory Committee (SSAC) has not been able to find hard evidence of Domain Name Front Running but they have issued an advisory (pdf) for people to come forward with hard evidence it is happening. Here is how domain name research theft crimes can occur and some tips to avoiding being a victim.
- Last week an associate of mine was bulk-checking 200+ generic typo domains through a software that shall remain unnamed for now. All of the domains were available. But less than 2 minutes later, more than 50 of the domains had been registered by a number of different offshore companies from the Bahamas. There is no way this could be a coincidence. And if you read the more recent comments in the above mentioned article, it's clearer than ever before that there are severe leaks somewhere that allow domain tasters to compromise your domain searches and steal your domain ideas.
- "In this Advisory, SSAC begins with a premise that checking the availability of a domain name can be a sensitive act which may disclose an interest in or a value ascribed to a domain name. SSAC suggests that any such domain name availability lookups should be performed with care. Our premise is that a registrant may ascribe a value to a domain name; that unintended or unauthorized disclosure, or disclosure of an availability check by a third party without notice may pose a security risk to the would-be registrant; and that availability checks may create opportunities for a party with access to availability check data to acquire a domain name at the expense of the party that performed an availability check, or to the benefit of the party that monitored the check. We attempt to assess these risks and suggest ways that information could be collected and used to engage in domain name front running activities."
- "It is such a strong urge to type the domain name into the address bar and see what website comes up. Most users think perhaps there is already a company using the name and this will be a quick end to the question. Wrong! This is the most dangerous thing to do. Internet Service Providers (ISP) sell NXD data. You may be asking yourself “What is NXD data and how does that effect my domain research?” Non-eXistent Domain (NXD) Data is a response the DNS system tells the asking computer if resolution on an IP address fails because the domain doesn’t exist. Yes, ISPs sell this data. I personally talked with a representative that gave me her business card and quoted me a six figure number for access to their NXD data. These domain name research companies actually buy this data and register those domains to see what generates money. Their hope is that if people at one ISP represent 1/5000th of the Internet, they might receive 5000 visitors a month from all the other ISPs around the world according to that ratio. So by testing a theory with DNS, people are telling these companies what domains to ‘taste’. Ironically, this type of behavior will have a chilling effect on direct navigation which actually hurts the domain parking industry as a whole."
Please add suggested references and comments about this story on the discussion page.
About this Web Site
Stories on Slashdot
Contributions to Wikipedia
Engineering and Project Management
My blog entry on why I enjoy writing for Wikipedia.
This is an experimental Wiki to investigate internet-based cognitive tools.
- Slashdot. "Domains May Disappear After Search" by Hugh Pickens. December 28, 2007.
- Daily Domainer. "Who Is Really Monitoring Your Domain Searches?" October 19, 2007.
- ICANN Security and Stability Advisory Committee. SAC 022. SSAC Advisory on Domain Name Front Running" October 2007.
- DomainTools Blog. "Stealing domain name research" by Jay Westerdal. March 20, 2007.