homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Domain Names
Forum Library, Charter, Moderators: buckworks & webwork

Domain Names Forum

This 132 message thread spans 5 pages: 132 ( [1] 2 3 4 5 > >     
The "Are They Really Monitoring Your Domain Queries" Challenge
Can It Be Proven Beyond a Reasonable Doubt That Domain Sniffing Happens?

 7:28 pm on Nov 2, 2006 (gmt 0)

One of my clients e-mailed me earlier this week about registering a domain name. I checked on the domain and it was available, so I e-mailed the client back. Today, my client finally sent me the approval to register the domain, but when I checked today, it had been registered by a domain name reseller. The domain name is too obscure for this to be a coincidence, so I want to know:

1. Do domain registrars release search information to domain resellers?

1B. If so, are there any registrars that don't do this?

2. Is it possible for domain resellers to track requests made by a certain company? How do they do this?

3. Is this legal? I know the answer is probably yes, but that's not what I want to hear.

Any answers to the above, or recommendations on the best way to relieve stress in this situation would be much appreciated. Thanks.



 9:58 pm on Nov 2, 2006 (gmt 0)

If it's going on at the various registrars - and it might (who knows) - then it's amazing how well kept "the secret" is. By that I mean we are talking about more than a few registrars and, if any one of them can "sniff" then chances are they all can do it. If one of them is sniffing then chances are they are all sniffing AND, IF that's the case isn't it quite amazing how well "the secret" has been kept? I mean, this theory has been around for a year or two. Yet, in all that time, not one disgruntled ex-employee or mischievious current employee has leaked word/proof to the media.

Below Added - November 3 @ 1:00 A.M.

You know, I ran about 900 domain registration candidates through GD's system earlier today. About 14 hours ago. I just ran the list again. Darn! Not a one was taken! Must be bad choices.

So, tonight I registered about 12 of them, because they weren't all that bad. And, if I really was in the mood, I might not have pared down that list that hard. There was about 70 that held some interest.

So, what does this mean? Not 1 in 900 registered! Someone at GD must be falling down on the job.

Alrighty folks. I want y'all to get this out of your systems. I do not think we will be revisting this issue again in the next 6 months, so let's make this an interesting LIBRARY WORTHY thread.

It's Time to Put Up or Hush Up: Let's See Current Proof. You believe it's happening? Prove it. Show me it's actually, currently happening. Each one of you "true believers" go WhoIs test 250 domains in the next 3 days and report back on your results. If you really want to impress me then sticky me or some other member your test list - beforehand. I'll verify the listed domains are not registered. That was the 2 of us can SEND 2 SIGNALS to the sniffers.

And yes, I'm aware that a certain WhoIs service was reported to be compromised. I'm also aware of the various players in the WhoIs tracking conspiracy. Show me - now - proof that it's going on.

Oh, I forgot. A good conspiracy theory never works when you "go public" about the conspiracy. The conspirators "go into hiding", right?

Lastly, if you want your revenge on the domain tasters then why don't you all go and program bots "to visit" the most recently parked "tasting domains"? I don't mean click on the ads on the parked pages. Just spoof a visit by someone direct navigation browsing from random IP addresses. Make it appear that people ARE, IN FACT, typing in the domain names. For all the teeth gnashing I'm amazed that no one ever went of the counter-offensive and gamed the gamers. Rationalize it: They're tasting by bot and you're seeing by your bot is "tasting" the ads that are appearing on the newly launched tasting domains. It's all just one giant tasting fest.

[edited by: Webwork at 12:54 pm (utc) on Nov. 3, 2006]


 10:39 pm on Nov 2, 2006 (gmt 0)

I heard about this happening at GoDaddy a while back. I think they got in trouble for it and no longer practice it.


 2:43 am on Nov 3, 2006 (gmt 0)

I invite anyone reporting that they "read/heard about" about this happening to post up a link to a major media publication or government/regulatory agency that investigated and confirmed the existence of the practice.

I haven't read anything about GoDaddy getting caught doing this and I'm surprised - if it's true - that I haven't. I don't know it all but that type of news wouldn't be that low on my radar to go unnoticed.

Max, care to validate your statement by reference to reliable media?


 3:36 am on Nov 3, 2006 (gmt 0)

WW - I think you are a little bit naive on this subject. It's going on. Just try searching for a "reasonable" unregged name at Onlinenic, DT (the unmentionable), et al, and you'll find the name is regged within 24hrs. I think at GoDaddy it's probably miscreant employees rather than systematic. It's generally percieved wisdom to reg IMMEDIATELY any domain which you've searched online, if it's available. Otherwise, there is a grave danger that it will be gone.

The safest way to do these domain searches is by using your linux shell whois command (there are probably similar tools on other os platforms). The only online tool that specifically doesn't analyze your searches is iWhois. It's a pretty neat whois tool, to boot. Probably searching the register's databases themselves would be reasonably safe, but they don't guarantee not to use/sell the info from your searches.

[edited by: stu2 at 4:07 am (utc) on Nov. 3, 2006]


 3:59 am on Nov 3, 2006 (gmt 0)

When you see a vacant parking spot but decide not to take it on the spot because you get a burger craving at the nearby drive-thru burger joint, do you expect that slot to remain empty for you by the time you get back?

Or say you pick up a book you fancy at the bookstore and read thru a few pages, but forgot to bring enough money to buy it on the spot. Is there someone to hold liable for seeing it gone soon after you return?

But to answer your questions:

1. They can. But that's up to them, and I too have yet to read or hear anyone report of such.

1B. Unfortunately this forum's charter prevents us from naming names (unless the mod/s decide otherwise).

2. Sure they can, pretty easy to do actually. Just input some code to keep track, check for consistent patterns, etc.

(My own blog has a nifty feature that allows me to see what people are searching for.)

3. Yes. Unless the provider's privacy policy addresses something like this (and they don't have to unless "reminded" by someone in authority) and there's a specific "law" applicable to this situation, then they're free to do anything with the data as they see fit.

Tell you what: don't contact the current registrant of that domain name and give it 120 hours from its initial creation date. If you're lucky, they might let it go by then.

Be ready by then. And next time you see a domain name that's available, be ready to take it on the spot without hesitation.

You can also do what stu suggested if you really insist on being able to check for domain availability without someone potentially "seeing" what you're doing. And make sure your computer's clean, too.


 4:25 am on Nov 3, 2006 (gmt 0)

The day that the FTC or some consumer protection agency steps up to investigate and confirm this is the day I say "Yep, it's happening."

I'm not saying it isn't or it can't. I AM saying it's one of the best kept dirty little secrets.

On top of that what do you think my happen to the domain registration business of any registrar if word got out that they were snatching people's inquiries before they could register them? I suspect such news would put a serious hurt on that registrar's good will and future.

With millions of domains being "tasted" each week it's not hard to see a few people suffering a loss of potential. Have the floodgates opened? Do we read 1000s upon 1000s of "they don't me wrong posts"? No. One every few weeks.

IF this business was as widespread as the rumors then there would have to be 1000s of domains snatched from the hands of slow movers.

If anyone is convinced that it's happening then why hasn't anyone filed a complaint with either their State's Consumer Protection agecny, the FTC or any other agency that might excercise some oversight of unfair business practices?

We can debate this ad nausem. I'm close to the point of nauseum. ;0) Maybe it's time to put this to rest and insist that anyone who wants to post up about their grievance has to first file a complaint with a government agency?

Rx Recruiters

 5:28 am on Nov 3, 2006 (gmt 0)

There are some interesting articles about this:


and the Digg commenets on the article here:


Also, google "domain tasters" - there are some interesting theories on how some of the tasters spy on your whois searches.

It's strange that this topic is on here today, as I have been looking for information on domain spying and domain tasting all day. Three days ago I checked 10 domains from work. I was off for a couple of days, and didn't think about it again until yesterday. I checked again yesterday, and they were all still available, but I didn't have time to go through the registration process and knew I could do it today without being interupted. Today, I tried to register the 10 domains, and 5 of them were just registered, 3 by a NameKing registrant, and 2 by a Domaindoorman registrant - which happen to be two of the culprits mentioned in some of the domain tasting articles above. The statistical probabilty of those exact 5 domains being registered of the 10 I checked on the same day by the same two registers is something like a trillion to 1. Esp. when you consider the fact that none of them had ever been registered before in the history of the internet, but for some reason, three days after I checked tham, 5 of these 10 were registered by 2 known companies that have been affiliated with "domain tasting"!

I registered the other 5, and hope that others were simply being tasted and not really registered. The moral of the story is: Don't check it on a whois until you are ready to buy!

[edited by: Rx_Recruiters at 5:44 am (utc) on Nov. 3, 2006]


 7:43 am on Nov 3, 2006 (gmt 0)

Subgenius, you shouldn't worry about it IMHO. In afew days, it will be dropped back into the pool again.

They have no reason to hold on to the domain if there is no traffic and no one shows interest in it. (Unless you or your client contacted them already)

O/T but I thought it would be useful to know, about 3-4 years back, domain names are actually dropped at the end of the pending delete period. At that time, if I refresh hard enough, I could register afew not so popular but relatively good domains. :D

But now, it is no longer so. In fact, it is passed on to related companies like domaindoorman, capdomain, enombre and what not, many of which you didn't even know they were registrars. The .info domains may still be possible to register around a year back though I am not sure about it now because I stop buying them.


 7:45 am on Nov 3, 2006 (gmt 0)

As stu2 mentioned, I doubt that this problem is systematic at the majority of registrars, else they'd lose too much face. I think It's more likely to be a case of some employee seeing a decent name and registering it themselves.

I'd be very interested in the results of any tests you do, but I prefer to play it safe with my good ideas and register them immediately.


 7:48 am on Nov 3, 2006 (gmt 0)

Wow - I'm finally a "Junior Member"!


 8:50 am on Nov 3, 2006 (gmt 0)

Ahh, another thing... If I'm unable to register a domain straight away then I usually bulk search for some bluff names that I'm not interested in so that hopefully the ones I am interested in are a little more obscured in the domain registrar's logfiles...


 3:12 pm on Nov 3, 2006 (gmt 0)

WebWork, I cant offer concrete evidence as proof, but a few weeks back I queried a domain that was my daughter's name spelled backwards.

It was available. I didnt register it at the moment, wanting instead to show her the process of starting her website from the very beginning. Several hours later we both went online and the nonsensical domain was parked.

I have a friend who works for an entity that owns a certain 4 letter registrar. He tells me sniffing is common practice.

Like I said, I cant offer irrefutabale evidence as proof, but that isnt unusual. Isnt OJ still looking for Nicole's killer on golfcourses around the country?


 3:20 pm on Nov 3, 2006 (gmt 0)

I heard about this happening at GoDaddy a while back. I think they got in trouble for it and no longer practice it.


GoDaddy are by far the biggest registrar over twice the size of Network Solutions now, so they must be doing something very right. Big companies don't bother with silly little scams and usually come down very hard on employees damaging their reputation.

Can you imagine working for Bob Parsons and getting on the wrong side of him I think you'd last about 2 seconds LOL


 3:33 pm on Nov 3, 2006 (gmt 0)

I don't doubt that there are situations where someone may have an opportunity to "sniff" and that person/company make take the "sniff test" onwards to the "domain registration tasting test".

What is whacky is the proof.

Kirby's post is a perfect example: He queries a discombobulated version of his daughter's name and wham! That domain is parked. If THAT is the outcome of sniffing then that's pretty sad. Of all the queries that day an entirely made of domain was registered.

C'mon folks. It costs nothing to query the WhoIs, so why not scam the scammers and prove the proposition whilst you're at it?

Everybody make your lists. Make them 1000 long. It's easy enough to make domain lists for domains that you just know won't be registered. Then query those lists and report back - after checking - a day, two, three days later with the results.

Hit different registrars whilst your at it. Target the ones that are rumored to be bad. Report back. All of ya. Me too.

IF this test shows that there really IS something ugly going on then maybe well go a bit further than usual in posting lists, etc. Please don't do that without first checking with me. Thank you.

[edited by: Webwork at 3:35 pm (utc) on Nov. 3, 2006]

Rx Recruiters

 5:44 pm on Nov 3, 2006 (gmt 0)

I'm in on this test .....

Just an idea on how a sniffer could spy on domain name queries:

Place an advertisement at one one the popular domain check sites. Whenever a domain is checked, it shows up in the URL field of that particular user's browser, and correspondingly shows up on the advertisers log as the URL from which the image (advertisement) was served. An simple automated script pulls the domains out of the log, checks for known words, number of characters, etc, and automatically registers those that fit the criteria. If they don't get any traffic to the autmatically generated landing page, the domain drops after 5 days, and doesn't cost the register anything. If they do, they pay the 6 bucks and keep the name.

I'm a non-tech person, but I see my server and referrer logs, and I have a program that pulls URL's and e-mail address's out of bodies of text, so I don't see why someone without just a little tech know-how couldn't do this.

Look at the advertisers on the whois sites: keep in mind that they can see very query you make!

[edited by: Rx_Recruiters at 5:46 pm (utc) on Nov. 3, 2006]

Rx Recruiters

 6:36 pm on Nov 3, 2006 (gmt 0)

I submitted my domains to test. Some of them were whole word type domains with high value keywords that are currently available - the type that an automated program might pick up and register if they are monitoring whois queries. By using these words, I guess I risk the chance that someone else may register them by total coincidence, but truthfully, if they haven't been registered in the last 10 years, what are the statistical chances that any will be registered in the next 3 days. We'll see .......

I sent you the list WW, let me know if you see any I should go ahead and register!

[edited by: Rx_Recruiters at 6:38 pm (utc) on Nov. 3, 2006]


 10:45 pm on Nov 3, 2006 (gmt 0)

Looks like you guys have been querying the WHOISes like there's no tommorrow and the domain tasters have been sneakily grabbing them all - 2,611,063 new .com's were registered today :)


 2:24 am on Nov 4, 2006 (gmt 0)

It is almost certain that does not happen. In all likelihood it's only an occasional coincidence.

As a guess I would say about 98% of the names being checked are already taken, worthless or have already been 'tasted' by a domain taster (and reveal no traffic) so it would be a lot of work for a registrar to monitor it 24X7 for a very rare and likely small potential benefit, not to mention the firms reputation (potentially going out of business) if an employee blows the whistle.


 12:43 pm on Nov 4, 2006 (gmt 0)

Does it happen? From personal expericence I am convinced it does.

Case 1 - A nonsensical .com that would suit my purposes was about to delete. I contracted a drop-catcher to nab it for me. Amazingly the domain was registered by - wait for it - the registrar supposedly doing the catch for me!

Plus, they also also registered the .net and .org that same day and placed PPC on all three. So, I monitored and waited, and sure enough, a few days later the domain was dropped again (no traffic I am sure) and they caught it again but this time on my behalf as they should have deon in the first place. This happened nigh on twelve months ago.

Case 2 - Again I searched a nonsencical .com that would suit my purposes, and although it was available, it was only one a several possibilities so I decided to sleep on it overnight. (yeah, yeah, I know ...)

The next morning the domain was registered (different registrar) and PPC parked. Again I just waited, it dropped again through insufficient traffic, and I nabbed it. This happened just now, the credit card is still warm. :)

So, do I have conclusive proof that would stand up in court? Probably not, but these two instances are just too "concidental" for me to believe that they are actually coincidences.

Moral of the story, as everyone else is saying, is that if you are not prepared to take chances, then have your credit card at the ready when searching the whois database.



 3:07 pm on Nov 4, 2006 (gmt 0)

The proof of this happening - at this time - is in the pudding.

Make up your lists. Query the WhoIs.

Report back on how many domains on the list were subsequently registered.

Based upon my own personal experience I am saying that the "fact" of this happening is not nearly as widespread as the "perception" that it IS happening.

Might it happen in the case of 1 domain that you queried? Sure, but on any given day when 100s of 1000s of domains are being registered or test registered there's some chance of it happening.

IF it happens again at some registrar then here's the challenge: Query 300 domains the next day and report back if all or many of the 300 have been registered.

I think the rumor is so much bigger than the reality.

AND if you have in mind a really good "made up domain" then why not register it then and there? There are like a few million other people trying to think up a good domain at the same time, so why give them the advantage?


 4:04 pm on Nov 4, 2006 (gmt 0)

The fact a Moderator named Woz believes this is happening certainly adds some credibility to the side of those who are saying this.

However, I can personally say after late registering a number of domains (sometime after I first checked Whois) over the years only an insignificant few were taken during the interim time period.

Have also bulk checked domains many times and some time later (be it a day or a few weeks) re-checked the good size list but very rarely were any taken.

It's likely you are thinking that is happening because of the millions of names being tasted on a regular basis and that increases the chance the name you want was tasted, something which is relatively new.


 5:45 pm on Nov 4, 2006 (gmt 0)

I've seen it in the past with nonsensical domains as well, but I will rise to the test. I agree with Webwork lets either confirm it or move on.

I suspect that domain sniffers are going by keywords so I am making a list of nonsense + high paying keyword combo (generic)domains and running them through the usual suspects.


 5:52 pm on Nov 4, 2006 (gmt 0)

@ Davezan,

Or say you pick up a book you fancy at the bookstore and read thru a few pages, but forgot to bring enough money to buy it on the spot. Is there someone to hold liable for seeing it gone soon after you return?

Or you are a stock broker and you discover that one of your clients is looking to make a huge buy of stock but hasn't yet. Maybe you should pick some up first or get your aunt in Seattle to?

I see it as a conflict of interest. Especially since domain names are a quasi public good. The people who profit from gathering registrations should be barred from registering or using this information for profit.


 10:43 pm on Nov 4, 2006 (gmt 0)

AND if you have in mind a really good "made up domain" then why not register it then and there? There are like a few million other people trying to think up a good domain at the same time, so why give them the advantage?

Yep. That's the advice I give everybody to avoid such dissappointments. At <$10 for a registration, it's good insurance.

Also, not to tell anyone that you are thinking of registering a domain, helps.

I don't buy the "tasting" theory so much for domains being regged from under your noses, but the numbers are staggering, so it might happen occasionally.


 7:54 am on Nov 5, 2006 (gmt 0)

Well, so far no bites here. Has the fishing been better elsewhere?


 1:38 am on Nov 6, 2006 (gmt 0)

Ok, it does happen for sure. I don't want to go and "prove" it to anybody. If you don't beleive this, it's fine. You'll remember this thread once it happens to you ;)

It did happen to me, I checked the domain several times (I beleive this to be the #1 "buy" signal) and it got registered by a squatter. A few days later it was dropped, and I got it myself.

Check a domain that sounds Ok, but too weird to be a coinsidence. My domain was JungleRewind.tld -- I'd say nearly impossible to be a coinsidence.

I beleive this is happening only with one or two registars (that actually might be the same people). Hint: the one that stayed running during Katrina.

Rx Recruiters

 5:20 am on Nov 6, 2006 (gmt 0)

No bites here yet either. I think I did check my other domains that I thought were "stolen" by a taster by the afforementioned Katrina registrar, as I have about 50 domains registered there. I haven't "whoised" these at that registrar yet - I think I'll do that tomorrow. Then it may be narrowed down somewhat.


 10:56 am on Nov 6, 2006 (gmt 0)

Networksol used to ( had it happen to me on many occasions with them ..eventually I realised what was happening there ..names being regged by them within 10 minutes to 24 hours of my queries ..names were frequently in mixtures of english and french " franglais" ..presumably they had french canadians on staff "watching" ) ..this happened in 98/99/2000..

I would never ever ever use them again ..for anything ..nor recommend anyone else to do so ..even if they have maybe cleaned up their act ..


 11:38 am on Nov 6, 2006 (gmt 0)

Thanks for the reports. It's what I expected given my own history of WhoIs queries.

Whilst we do see the occassional report of "they took my queried name" I would expect a daily and deafening roar of complaints coming from all quarters, not just from webmasters or domain types, if the problem was as widespread as the perception or rumors that "there IS this problem".

Anyone else playing the "they're watching us and I'm going to prove it" challenge have anything to report?

[edited by: Webwork at 11:45 am (utc) on Nov. 6, 2006]

This 132 message thread spans 5 pages: 132 ( [1] 2 3 4 5 > >
Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Domain Names
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved