homepage Welcome to WebmasterWorld Guest from 54.205.119.163
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Domain Names
Forum Library, Charter, Moderators: buckworks & webwork

Domain Names Forum

    
ICANN to Study if Whois Lookups Are "Monitored"
Are there insiders who can preemptively register a domain?
Laker




msg:3485752
 5:18 am on Oct 24, 2007 (gmt 0)

It's been discussed several times in this forum -- threads with the sentiment of "I did a whois search, and the next minute the domain was registered by someone else", or "Backordering without showing interest", and "I smell a rat!" ... now ICANN has a Wall Street name for this issue: "Domain Name Front Running".

ICANN’s Security and Stability Advisory Committee(SSAC) has issued an advisory on this issue, as well as a "Call for Policy Consideration". The SSAC is also asking that any incidents of "Domain Name Front Running" [stealing] be reported to them.

The Advisory, SAC 022 - SSAC Advisory on Domain Name Front Running, along with reporting addresses can be found here [icann.org]. (.pdf)

I have included the Executive Summary of the Advisory below:
[No emphasis has been added.]


Executive Summary
This Advisory considers the opportunity for a party with some form of insider information to track an Internet user’s preference for registering a domain name and preemptively register that name. SSAC likens this activity to front running in stock and commodities markets and calls this behavior domain name front running. In the domain name industry, insider information would be information gathered from the monitoring of one or more attempts by an Internet user to check the availability of a domain name.

When the domain name of interest for which an availability check is made is registered shortly after such a check, the individuals making the availability check may reasonably assume that the organization operating the web site or service they used to determine the availability of the name preemptively registered the name. Registrants have filed complaints with ICANN, registrars, and with Intellectual Property attorneys that suggest domain name front running incidents may have occurred. SSAC does not yet have any hard data to draw conclusions regarding the frequency (if any) of the occurrence of domain name front running.

SSAC acknowledges that a perception exists within the community that monitoring or spying is taking place when would-be registrants check the availability of a domain name. Much of the information presented before SSAC regarding domain name front running is anecdotal and incomplete.

edited to add reference to I smell a rat. [webmasterworld.com]

[edited by: Laker at 5:35 am (utc) on Oct. 24, 2007]

[edited by: engine at 8:03 am (utc) on Oct. 24, 2007]
[edit reason] quote edited - fair use copyright [/edit]

 

AhmedF




msg:3485770
 5:58 am on Oct 24, 2007 (gmt 0)

Considering Verisign is thinking of selling root lookups - makes it moot really.

lexipixel




msg:3485857
 8:43 am on Oct 24, 2007 (gmt 0)

I'm a bit rusty on my DNS...

Who could monitor lookups at
[internic.net...]

Who can see when you run nslookup from local machine?

If nslookup comes back with "Non existent domain", is it true and up to date info?

vincevincevince




msg:3486011
 10:12 am on Oct 24, 2007 (gmt 0)

Unfortunately we know where this will lead. If people are doing 'domain name front running' then they are spending big money with the registrars. Big money changes things; if they find the people behind this, all that will change is ICANN will collect extra fees from them in return for being allowed to continue. Of course, there will be a new charter or code of conduct with all kinds of worthless promises such as 'no front running within 12 hours of a lookup' and the like. What we won't get is a promise from ICANN to stop all monitoring of whois requests.

amznVibe




msg:3486036
 10:25 am on Oct 24, 2007 (gmt 0)

When you type in a domain name in your browser to see if it's registered - your ISP sells that data. This is fact and another reason why they get registered before you bother the next day or two. Always check the tld directly at the registry's website.

henry0




msg:3486079
 11:06 am on Oct 24, 2007 (gmt 0)

I run my server and have a site where clients/users
may perform a whois directly to the source
could that be monitored?

$whois_servers = Array(
'com' => 'whois.internic.net',
'net' => 'whois.internic.net',
'edu' => 'whois.educause.edu',
'org' => 'whois.publicinterestregistry.net');

celgins




msg:3486120
 12:15 pm on Oct 24, 2007 (gmt 0)

I can't believe ICANN is just now looking into this.

amznVibe




msg:3486123
 12:32 pm on Oct 24, 2007 (gmt 0)

I can't believe ICANN is just now looking into this.

Your 50 cent TLD price increase at work.
The problem is they will have to invent other things to study for the increase every additional year.

stormy




msg:3486147
 1:04 pm on Oct 24, 2007 (gmt 0)

The important question for me is:

-Can a shady registrar somehow monitor Whois lookups done somewhere else? Maybe intercepting or sniffing Whois lookups somehow?

It's difficult but that's what seems to be happening in a few cases I know.

SEOMike




msg:3486163
 1:27 pm on Oct 24, 2007 (gmt 0)

It's about time. I just had this happen to me recently. 12/12 gone the next day. All KW rich, all really long and specific. Made me really mad. It made me suspicious that 12/12 were taken, but made me more suspicious when all were "parked" at the registrar where I checked them.

[edited by: SEOMike at 1:28 pm (utc) on Oct. 24, 2007]

Laker




msg:3486173
 1:39 pm on Oct 24, 2007 (gmt 0)

What we won't get is a promise from ICANN to stop all monitoring of whois requests.

Indeed! In their Advisory, ICANN (a/k/a ICANT) states:

"SSAC observes that there does not appear to be a strong set of standards and practices to conclude whether monitoring availability checks is an acceptable or unacceptable practice."

ogletree




msg:3486179
 1:49 pm on Oct 24, 2007 (gmt 0)

Sometimes you can just wait. What they do is register the name and get their money back in a short period of time. You can register domains all day long and return them for a refund. I forget what that is called and how long you have to do that.

Laker




msg:3486197
 2:01 pm on Oct 24, 2007 (gmt 0)

You can register domains all day long and return them for a refund. I forget what that is called...

It's called domain name tasting ...

To give an idea of the magnitude of this scheme, these are just the .com domain names refunded over the past 5 days. When you add in refunds for all gTLDs the number is staggering.

1,177,162 .com(s) Refunded On October 23, 2007
1,183,806 .com(s) Refunded On October 22, 2007
3,385,866 .com(s) Refunded On October 19, 2007
1,178,174 .com(s) Refunded On October 17, 2007
2,248,253 .com(s) Refunded On October 16, 2007

('course, that little 50¢ ICANN fee isn't refunded ... who here wouldn't like that revenue stream each and every day?)

[edited by: Laker at 2:11 pm (utc) on Oct. 24, 2007]

BlueLeaf




msg:3486245
 3:15 pm on Oct 24, 2007 (gmt 0)

2 years later, ICANN finally looks into it, nice... They just raised the domain registration fee, someone feeling a bit guilty? This organization really needs to get their act together.

AhmedF




msg:3486294
 3:51 pm on Oct 24, 2007 (gmt 0)

Everyone and their mother sells data.

ISP, upstream providers, WHOIS companies, etc etc.

But like I said - Verisign is in the process of getting ready to sell root lookups directly to end-users - buying WHOIS data will become passe-faire.

techrealm




msg:3487026
 8:44 am on Oct 25, 2007 (gmt 0)

I have warned many startup's against using all but a few domain name registration service websites for that exact reason. I lost one domain, and it was one too many due to that. I know of at least 20 specific times recently that someone asked me if they were losing their minds due to this. Sadly most of these people are new to the web, have great ideas and no real way of paying for a lawyer. Now lets see if the rules are worse than the bite.

gpmgroup




msg:3487062
 9:23 am on Oct 25, 2007 (gmt 0)

('course, that little 50¢ ICANN fee isn't refunded ... who here wouldn't like that revenue stream each and every day?)

Isn't it?

mjwalshe




msg:3487125
 10:53 am on Oct 25, 2007 (gmt 0)

ICANN to Study if Whois Lookups Are "Monitored"

News at 11 snow is cold and fire is hot :-(

algari




msg:3487126
 10:56 am on Oct 25, 2007 (gmt 0)

To avoid the risk, as an individual I will be ready to book a domain name immediately if I find one nearest to my choice. .COM like TLDs' prices allow to act immediately for more than one match, when you are seriously looking for a domain name that is good, sensible; and matches a product, service, or website concept.

Habtom




msg:3487129
 11:05 am on Oct 25, 2007 (gmt 0)

who here wouldn't like that revenue stream each and every day?

well, ICANN says they are saving us billion [icann.org] dollar annually

Among ICANN's recent accomplishments:

ICANN established market competition for generic domain name (gTLD) registrations resulting in a lowering of domain name costs by 80% and saving consumers and businesses over US$1 billion annually in domain registration fees.


draggar




msg:3490729
 5:53 pm on Oct 29, 2007 (gmt 0)

there will be a new charter or code of conduct with all kinds of worthless promises such as 'no front running within 12 hours of a lookup' and the like

And we all know how well enforced this code of conduct will be. (/sarcasm)

Plus, 12 hours isn't much time when trying to keep in communications w/ clients.

But the good news is that this will bring in extra revenue for the registrars and ICANN since people will feel they have to get the domain once they see if it is available.

Luckily I have not had this issue w/ my registrar yet.

Yet...

bcolflesh




msg:3490741
 5:58 pm on Oct 29, 2007 (gmt 0)

Remember earlier threads on WW where folks insinuated that this wasn't happening and that everyone was paranoid?

Winooski




msg:3491198
 6:47 am on Oct 30, 2007 (gmt 0)

A few points:

The recent ICANN SSAC document re domain name front running [icann.org] isn't too, too long (11 pages). Read it.

Aside from describing the phenomenon (which they don't say necessarily exists, just that "perception exists within the community that monitoring or spying is taking place") they describe several possible ways such spying could take place.

What they really want, though, is evidence. To that end, we all can help out. Here's what they're saying they could use in the way of documentation:

...For each instance of suspected domain name front running, the type of information that
would be most useful in studying the case includes but is not limited to:[br][br]· Method used to check domain name availability (e.g., web browser, application)·[br]. Local access ISP.[br]· Provider or operator of the availability checking service.[br]· Dates and times when domain name availability checks were performed.[br]· Copy of the information returned (e.g., WHOIS query response) in the response to the availability check.[br]· Whether the domain name was reported as previously registered or never before registered in the response returned from the availability check.[br]· Copy of the information returned (e.g., WHOIS query response) indicating the name had been registered.[br]· Copies of any correspondence sent to or received from the registrant perceived to be a front runner.[br]· Correspondence with the registrar or availability checking service.[br]· Any information indicating a potential relationship between the availability checking service and the registrant that grabbed the name

To this end, and in the spirit of empirical investigation, I just tried a few made-up-but-credible queries at some of the top registrars, then took screenshots showing that the domains are currently available. I'll keep checking back for a while to see what happens. It's not necessarily enough documentation, but it should be enough to convince me whether to stop experimenting or to put my tinfoil hat on.

Why don't you try the same?

[edited by: Winooski at 6:48 am (utc) on Oct. 30, 2007]

Winooski




msg:3491907
 9:25 pm on Oct 30, 2007 (gmt 0)

Just a follow-up to my last post: It's been over 12 hours, and the four ".com" domains I checked at four top registrars are...all still available. These are hyphenated domains, 17 to 25 characters long, all probably valuable in certain contexts (one's even the title of a classic rock song).

It doesn't prove that domain name front running isn't going on, but it is a sincere attempt to put the feared phenomenon to the test.

Anybody else trying this, just to see what happens?

Winooski




msg:3492848
 5:43 pm on Oct 31, 2007 (gmt 0)

Another follow-up to my last post: It's now been almost 36 hours, and the four ".com" domains I checked at four top registrars are all still available.

Am I the only WebmasterWorld member actually testing this out?

Webwork




msg:3492854
 5:48 pm on Oct 31, 2007 (gmt 0)

No. If you go back into the Domain Forum about 9+ months you will see we ran a thread where we did some reality testing. It didn't generate much noise. The reality test didn't do much to confirm the anecdotal evidence.

When you have tasters cranking out 2 million test registrations a day chances are there will be some overlap.

Still, there is at least 1 company that I know of, that runs a keyword checking tool, that also registeres quite a few test domains each day, some days in the >10,000 range. A few look a lot like queries . . but I haven't tested the keyword-checker-to-test-registration relationship.

Winooski




msg:3492884
 6:10 pm on Oct 31, 2007 (gmt 0)

Thanks Webwork. I shoulda known that someone here would already have been there, done that, bought the T-shirt.

My take-away from all this is that I feel pretty confident about the privacy of doing WHOIS queries at the big league registrars. I'll just steer clear of any questionable third parties that offer to save me time via their handy domain lookup tools.

Buscamos




msg:3494770
 4:24 pm on Nov 2, 2007 (gmt 0)

I can verify that this just happened to me. The search was about a month ago, done via Yahoo website by my client. I went to register it the next day & it was taken. Tried to make a buy offer via Sedo.com for a month & NO response whatsoever from the domain owner. I know for a fact that the domain name didn't exist previously & had no previous traffic.

So, is the gist of what I'm reading here that there is no recourse for me/client to take to get the name back? They had to change the name of their business & everything because of this. What can I do?

algari




msg:3501349
 8:14 am on Nov 10, 2007 (gmt 0)

"Another follow-up to my last post: It's now been almost ...."
If anybody monitoring the look ups, he may not have found the searched names worthwhile. That could be the reason. All globally searched names can not be registered by few monitors.

Winooski




msg:3515917
 6:33 am on Nov 29, 2007 (gmt 0)

...And now a month's gone by, and the four domains I tried at four top registrars are still available.

If anybody monitoring the look ups, he may not have found the searched names worthwhile. That could be the reason. All globally searched names can not be registered by few monitors.

Those are actually two separate arguments, right?

Re the first one, remember that there wasn't any point in the first couple of days after I queried the registrars that the domain names were not available. I think if I shared these domain names with a reasonable English speaker, i.e., you, you would conclude that the domains were worth at least holding onto for the five-day grace period to see if you could monetize them. That didn't happen.

Re the second argument, sure, this experiment doesn't conclusively prove that domain name front running isn't taking place. That's why I encourage all WebmasterWorld users to try it themselves and see what they find. I'm feeling confident that most people who try to query some made-up domains on any of the top registrars (e.g., Network Solutions, Register, Go Daddy, Yahoo! Domains) will find the domains still-unclaimed days or weeks later.

At this point, I'm feeling very confident that I can perform WHOIS queries safely to my heart's content at the major registrars.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Domain Names
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved