Considering Verisign is thinking of selling root lookups - makes it moot really.

I'm a bit rusty on my DNS...

Who could monitor lookups at
[internic.net...]

Who can see when you run nslookup from local machine?

If nslookup comes back with "Non existent domain", is it true and up to date info?

Unfortunately we know where this will lead. If people are doing 'domain name front running' then they are spending big money with the registrars. Big money changes things; if they find the people behind this, all that will change is ICANN will collect extra fees from them in return for being allowed to continue. Of course, there will be a new charter or code of conduct with all kinds of worthless promises such as 'no front running within 12 hours of a lookup' and the like. What we won't get is a promise from ICANN to stop all monitoring of whois requests.

When you type in a domain name in your browser to see if it's registered - your ISP sells that data. This is fact and another reason why they get registered before you bother the next day or two. Always check the tld directly at the registry's website.

I run my server and have a site where clients/users
may perform a whois directly to the source
could that be monitored?

$whois_servers = Array(
'com' => 'whois.internic.net',
'net' => 'whois.internic.net',
'edu' => 'whois.educause.edu',
'org' => 'whois.publicinterestregistry.net');

I can't believe ICANN is just now looking into this.

I can't believe ICANN is just now looking into this.

Your 50 cent TLD price increase at work.
The problem is they will have to invent other things to study for the increase every additional year.

The important question for me is:

-Can a shady registrar somehow monitor Whois lookups done somewhere else? Maybe intercepting or sniffing Whois lookups somehow?

It's difficult but that's what seems to be happening in a few cases I know.

It's about time. I just had this happen to me recently. 12/12 gone the next day. All KW rich, all really long and specific. Made me really mad. It made me suspicious that 12/12 were taken, but made me more suspicious when all were "parked" at the registrar where I checked them.

[edited by: SEOMike at 1:28 pm (utc) on Oct. 24, 2007]

What we won't get is a promise from ICANN to stop all monitoring of whois requests.

Indeed! In their Advisory, ICANN (a/k/a ICANT) states:

"SSAC observes that there does not appear to be a strong set of standards and practices to conclude whether monitoring availability checks is an acceptable or unacceptable practice."

Sometimes you can just wait. What they do is register the name and get their money back in a short period of time. You can register domains all day long and return them for a refund. I forget what that is called and how long you have to do that.

You can register domains all day long and return them for a refund. I forget what that is called...

It's called domain name tasting ...

To give an idea of the magnitude of this scheme, these are just the .com domain names refunded over the past 5 days. When you add in refunds for all gTLDs the number is staggering.

1,177,162 .com(s) Refunded On October 23, 2007
1,183,806 .com(s) Refunded On October 22, 2007
3,385,866 .com(s) Refunded On October 19, 2007
1,178,174 .com(s) Refunded On October 17, 2007
2,248,253 .com(s) Refunded On October 16, 2007

('course, that little 50¢ ICANN fee isn't refunded ... who here wouldn't like that revenue stream each and every day?)

[edited by: Laker at 2:11 pm (utc) on Oct. 24, 2007]

2 years later, ICANN finally looks into it, nice... They just raised the domain registration fee, someone feeling a bit guilty? This organization really needs to get their act together.

Everyone and their mother sells data.

ISP, upstream providers, WHOIS companies, etc etc.

But like I said - Verisign is in the process of getting ready to sell root lookups directly to end-users - buying WHOIS data will become passe-faire.

I have warned many startup's against using all but a few domain name registration service websites for that exact reason. I lost one domain, and it was one too many due to that. I know of at least 20 specific times recently that someone asked me if they were losing their minds due to this. Sadly most of these people are new to the web, have great ideas and no real way of paying for a lawyer. Now lets see if the rules are worse than the bite.

('course, that little 50¢ ICANN fee isn't refunded ... who here wouldn't like that revenue stream each and every day?)

Isn't it?

ICANN to Study if Whois Lookups Are "Monitored"

News at 11 snow is cold and fire is hot :-(

To avoid the risk, as an individual I will be ready to book a domain name immediately if I find one nearest to my choice. .COM like TLDs' prices allow to act immediately for more than one match, when you are seriously looking for a domain name that is good, sensible; and matches a product, service, or website concept.

who here wouldn't like that revenue stream each and every day?

well, ICANN says they are saving us billion [icann.org] dollar annually

Among ICANN's recent accomplishments:

ICANN established market competition for generic domain name (gTLD) registrations resulting in a lowering of domain name costs by 80% and saving consumers and businesses over US$1 billion annually in domain registration fees.

there will be a new charter or code of conduct with all kinds of worthless promises such as 'no front running within 12 hours of a lookup' and the like

And we all know how well enforced this code of conduct will be. (/sarcasm)

Plus, 12 hours isn't much time when trying to keep in communications w/ clients.

But the good news is that this will bring in extra revenue for the registrars and ICANN since people will feel they have to get the domain once they see if it is available.

Luckily I have not had this issue w/ my registrar yet.

Yet...

Remember earlier threads on WW where folks insinuated that this wasn't happening and that everyone was paranoid?

A few points:

The recent ICANN SSAC document re domain name front running [icann.org] isn't too, too long (11 pages). Read it.

Aside from describing the phenomenon (which they don't say necessarily exists, just that "perception exists within the community that monitoring or spying is taking place") they describe several possible ways such spying could take place.

What they really want, though, is evidence. To that end, we all can help out. Here's what they're saying they could use in the way of documentation:

...For each instance of suspected domain name front running, the type of information that
would be most useful in studying the case includes but is not limited to:[br][br]· Method used to check domain name availability (e.g., web browser, application)·[br]. Local access ISP.[br]· Provider or operator of the availability checking service.[br]· Dates and times when domain name availability checks were performed.[br]· Copy of the information returned (e.g., WHOIS query response) in the response to the availability check.[br]· Whether the domain name was reported as previously registered or never before registered in the response returned from the availability check.[br]· Copy of the information returned (e.g., WHOIS query response) indicating the name had been registered.[br]· Copies of any correspondence sent to or received from the registrant perceived to be a front runner.[br]· Correspondence with the registrar or availability checking service.[br]· Any information indicating a potential relationship between the availability checking service and the registrant that grabbed the name

To this end, and in the spirit of empirical investigation, I just tried a few made-up-but-credible queries at some of the top registrars, then took screenshots showing that the domains are currently available. I'll keep checking back for a while to see what happens. It's not necessarily enough documentation, but it should be enough to convince me whether to stop experimenting or to put my tinfoil hat on.

Why don't you try the same?

[edited by: Winooski at 6:48 am (utc) on Oct. 30, 2007]

Just a follow-up to my last post: It's been over 12 hours, and the four ".com" domains I checked at four top registrars are...all still available. These are hyphenated domains, 17 to 25 characters long, all probably valuable in certain contexts (one's even the title of a classic rock song).

It doesn't prove that domain name front running isn't going on, but it is a sincere attempt to put the feared phenomenon to the test.

Anybody else trying this, just to see what happens?

Another follow-up to my last post: It's now been almost 36 hours, and the four ".com" domains I checked at four top registrars are all still available.

Am I the only WebmasterWorld member actually testing this out?

No. If you go back into the Domain Forum about 9+ months you will see we ran a thread where we did some reality testing. It didn't generate much noise. The reality test didn't do much to confirm the anecdotal evidence.

When you have tasters cranking out 2 million test registrations a day chances are there will be some overlap.

Still, there is at least 1 company that I know of, that runs a keyword checking tool, that also registeres quite a few test domains each day, some days in the >10,000 range. A few look a lot like queries . . but I haven't tested the keyword-checker-to-test-registration relationship.

Thanks Webwork. I shoulda known that someone here would already have been there, done that, bought the T-shirt.

My take-away from all this is that I feel pretty confident about the privacy of doing WHOIS queries at the big league registrars. I'll just steer clear of any questionable third parties that offer to save me time via their handy domain lookup tools.

I can verify that this just happened to me. The search was about a month ago, done via Yahoo website by my client. I went to register it the next day & it was taken. Tried to make a buy offer via Sedo.com for a month & NO response whatsoever from the domain owner. I know for a fact that the domain name didn't exist previously & had no previous traffic.

So, is the gist of what I'm reading here that there is no recourse for me/client to take to get the name back? They had to change the name of their business & everything because of this. What can I do?

"Another follow-up to my last post: It's now been almost ...."
If anybody monitoring the look ups, he may not have found the searched names worthwhile. That could be the reason. All globally searched names can not be registered by few monitors.

...And now a month's gone by, and the four domains I tried at four top registrars are still available.

If anybody monitoring the look ups, he may not have found the searched names worthwhile. That could be the reason. All globally searched names can not be registered by few monitors.

Those are actually two separate arguments, right?

Re the first one, remember that there wasn't any point in the first couple of days after I queried the registrars that the domain names were not available. I think if I shared these domain names with a reasonable English speaker, i.e., you, you would conclude that the domains were worth at least holding onto for the five-day grace period to see if you could monetize them. That didn't happen.

Re the second argument, sure, this experiment doesn't conclusively prove that domain name front running isn't taking place. That's why I encourage all WebmasterWorld users to try it themselves and see what they find. I'm feeling confident that most people who try to query some made-up domains on any of the top registrars (e.g., Network Solutions, Register, Go Daddy, Yahoo! Domains) will find the domains still-unclaimed days or weeks later.

At this point, I'm feeling very confident that I can perform WHOIS queries safely to my heart's content at the major registrars.