Welcome to WebmasterWorld Guest from 188.8.131.52
ICANN’s Security and Stability Advisory Committee(SSAC) has issued an advisory on this issue, as well as a "Call for Policy Consideration". The SSAC is also asking that any incidents of "Domain Name Front Running" [stealing] be reported to them.
The Advisory, SAC 022 - SSAC Advisory on Domain Name Front Running, along with reporting addresses can be found here [icann.org]. (.pdf)
I have included the Executive Summary of the Advisory below:
[No emphasis has been added.]
This Advisory considers the opportunity for a party with some form of insider information to track an Internet user’s preference for registering a domain name and preemptively register that name. SSAC likens this activity to front running in stock and commodities markets and calls this behavior domain name front running. In the domain name industry, insider information would be information gathered from the monitoring of one or more attempts by an Internet user to check the availability of a domain name.
When the domain name of interest for which an availability check is made is registered shortly after such a check, the individuals making the availability check may reasonably assume that the organization operating the web site or service they used to determine the availability of the name preemptively registered the name. Registrants have filed complaints with ICANN, registrars, and with Intellectual Property attorneys that suggest domain name front running incidents may have occurred. SSAC does not yet have any hard data to draw conclusions regarding the frequency (if any) of the occurrence of domain name front running.
SSAC acknowledges that a perception exists within the community that monitoring or spying is taking place when would-be registrants check the availability of a domain name. Much of the information presented before SSAC regarding domain name front running is anecdotal and incomplete.
edited to add reference to I smell a rat. [webmasterworld.com]
[edited by: Laker at 5:35 am (utc) on Oct. 24, 2007]
[edited by: engine at 8:03 am (utc) on Oct. 24, 2007]
[edit reason] quote edited - fair use copyright [/edit]
Who could monitor lookups at
Who can see when you run nslookup from local machine?
If nslookup comes back with "Non existent domain", is it true and up to date info?
$whois_servers = Array(
'com' => 'whois.internic.net',
'net' => 'whois.internic.net',
'edu' => 'whois.educause.edu',
'org' => 'whois.publicinterestregistry.net');
[edited by: SEOMike at 1:28 pm (utc) on Oct. 24, 2007]
What we won't get is a promise from ICANN to stop all monitoring of whois requests.
Indeed! In their Advisory, ICANN (a/k/a ICANT) states:
"SSAC observes that there does not appear to be a strong set of standards and practices to conclude whether monitoring availability checks is an acceptable or unacceptable practice."
You can register domains all day long and return them for a refund. I forget what that is called...
It's called domain name tasting ...
To give an idea of the magnitude of this scheme, these are just the .com domain names refunded over the past 5 days. When you add in refunds for all gTLDs the number is staggering.
('course, that little 50¢ ICANN fee isn't refunded ... who here wouldn't like that revenue stream each and every day?)
[edited by: Laker at 2:11 pm (utc) on Oct. 24, 2007]
who here wouldn't like that revenue stream each and every day?
well, ICANN says they are saving us billion [icann.org] dollar annually
Among ICANN's recent accomplishments:
ICANN established market competition for generic domain name (gTLD) registrations resulting in a lowering of domain name costs by 80% and saving consumers and businesses over US$1 billion annually in domain registration fees.
there will be a new charter or code of conduct with all kinds of worthless promises such as 'no front running within 12 hours of a lookup' and the like
And we all know how well enforced this code of conduct will be. (/sarcasm)
Plus, 12 hours isn't much time when trying to keep in communications w/ clients.
But the good news is that this will bring in extra revenue for the registrars and ICANN since people will feel they have to get the domain once they see if it is available.
Luckily I have not had this issue w/ my registrar yet.
The recent ICANN SSAC document re domain name front running [icann.org] isn't too, too long (11 pages). Read it.
Aside from describing the phenomenon (which they don't say necessarily exists, just that "perception exists within the community that monitoring or spying is taking place") they describe several possible ways such spying could take place.
What they really want, though, is evidence. To that end, we all can help out. Here's what they're saying they could use in the way of documentation:
...For each instance of suspected domain name front running, the type of information that
would be most useful in studying the case includes but is not limited to:[br][br]· Method used to check domain name availability (e.g., web browser, application)·[br]. Local access ISP.[br]· Provider or operator of the availability checking service.[br]· Dates and times when domain name availability checks were performed.[br]· Copy of the information returned (e.g., WHOIS query response) in the response to the availability check.[br]· Whether the domain name was reported as previously registered or never before registered in the response returned from the availability check.[br]· Copy of the information returned (e.g., WHOIS query response) indicating the name had been registered.[br]· Copies of any correspondence sent to or received from the registrant perceived to be a front runner.[br]· Correspondence with the registrar or availability checking service.[br]· Any information indicating a potential relationship between the availability checking service and the registrant that grabbed the name
To this end, and in the spirit of empirical investigation, I just tried a few made-up-but-credible queries at some of the top registrars, then took screenshots showing that the domains are currently available. I'll keep checking back for a while to see what happens. It's not necessarily enough documentation, but it should be enough to convince me whether to stop experimenting or to put my tinfoil hat on.
Why don't you try the same?
[edited by: Winooski at 6:48 am (utc) on Oct. 30, 2007]
It doesn't prove that domain name front running isn't going on, but it is a sincere attempt to put the feared phenomenon to the test.
Anybody else trying this, just to see what happens?
When you have tasters cranking out 2 million test registrations a day chances are there will be some overlap.
Still, there is at least 1 company that I know of, that runs a keyword checking tool, that also registeres quite a few test domains each day, some days in the >10,000 range. A few look a lot like queries . . but I haven't tested the keyword-checker-to-test-registration relationship.
My take-away from all this is that I feel pretty confident about the privacy of doing WHOIS queries at the big league registrars. I'll just steer clear of any questionable third parties that offer to save me time via their handy domain lookup tools.
So, is the gist of what I'm reading here that there is no recourse for me/client to take to get the name back? They had to change the name of their business & everything because of this. What can I do?
If anybody monitoring the look ups, he may not have found the searched names worthwhile. That could be the reason. All globally searched names can not be registered by few monitors.
Re the first one, remember that there wasn't any point in the first couple of days after I queried the registrars that the domain names were not available. I think if I shared these domain names with a reasonable English speaker, i.e., you, you would conclude that the domains were worth at least holding onto for the five-day grace period to see if you could monetize them. That didn't happen.
Re the second argument, sure, this experiment doesn't conclusively prove that domain name front running isn't taking place. That's why I encourage all WebmasterWorld users to try it themselves and see what they find. I'm feeling confident that most people who try to query some made-up domains on any of the top registrars (e.g., Network Solutions, Register, Go Daddy, Yahoo! Domains) will find the domains still-unclaimed days or weeks later.
At this point, I'm feeling very confident that I can perform WHOIS queries safely to my heart's content at the major registrars.