Subscribe
Stealing domain name research
March 20th, 2007 by 
Jay Westerdal
Got an idea for a new company? Well don’t be so quick to check if the domain name is available. Rogue companies are out there stealing domain research. The act of typing the domain name in the wrong place may allow these squatters to register the domain before you. Here is how these companies spy on people and some good tips to avoiding them.
We have been investigating domain name research theft crimes for the last two years and talking with the many victims. If you are a victim, please contact us - the more technical a description of the event the better. We are collating events of all the victims and we will update everyone if there is a common thing to avoid. We will also be passing our evidence on to local authorities in the proper jurisdictions. Name Intelligence/DomainTools has many three letter government agencies and large law firms that use our whois service and users can be 100% guaranteed that research done on our web sites will not get shared with third parties. We still want to share some tips so that domain owners are more aware.
Top Tips:
- Avoid address bar guessing.
- Avoid search engines that don’t make a billion dollars a year in revenue.
- Avoid browser plug-ins that send data back to the Internet.
- Go directly to trusted registrars and whois companies.
Address bar guessing
It is such a strong urge to type the domain name into the address bar and see what website comes up. Most users think perhaps there is already a company using the name and this will be a quick end to the question. Wrong! This is the most dangerous thing to do. Internet Service Providers (ISP) sell NXD data. You may be asking yourself “What is NXD data and how does that effect my domain research?” Non-eXistent Domain (NXD) Data is a response the DNS system tells the asking computer if resolution on an IP address fails because the domain doesn’t exist. Yes, ISPs sell this data. I personally talked with a representative that gave me her business card and quoted me a six figure number for access to their NXD data. These domain name research companies actually buy this data and register those domains to see what generates money. Their hope is that if people at one ISP represent 1/5000th of the Internet, they might receive 5000 visitors a month from all the other ISPs around the world according to that ratio. So by testing a theory with DNS, people are telling these companies what domains to ‘taste’. Ironically, this type of behavior will have a chilling effect on direct navigation which actually hurts the domain parking industry as a whole.
Avoid non-billion dollar search engines
Datamining firms have struck deals with smaller search engines and meta search engines. These companies are looking for more revenue, and revealing what people are searching for is one of their revenue sources. I love when I see search engines like Google stick their neck out and tell the US Government that not even Uncle Sam can have access to user’s search data. To sum this up, don’t trust search engines that don’t have a privacy policies that protects user’s data from being turned over to third parties. And even then, don’t type domains into search engines. Search Engines are for ideas and concepts, the address bar is for REGISTERED domains.
Excerpt from WordTracker.com
“We compile a database of terms that people search for … we tell you how often people search for them…“
Excerpt from HitWise.com
“Hitwise has developed proprietary software that Internet Service Providers (ISPs) use to analyze website usage logs created on their network. The anonymous data sent to Hitwise from the ISPs include a range of industry standard metrics relating to the viewing of websites including page requests, visits and average visit length. Hitwise also combines this rich ISP data with a worldwide opt-in panel to overlay demographic, lifestyle and transactional behavior across the thousands of websites that are reported on every day.“
Browser plug-ins
For any browser plug-in that is free, ask yourself why is it free and whether they send data back to a server. Avoid software on computers that reports data back to the Internet. Of course this is the most obvious advice, but I need to mention it. The likelihood of someone datamining domain name research from spyware is small. If they have spyware on your computer, it’s more likely they are going after credit cards numbers and social security numbers instead of domain research.
Trusted Whois Websites
I have interviewed the CEOs and CTOs of many large registrars. Tim Ruiz, the CTO of GoDaddy, has assured me they have never once abused their position and they would fire any employee caught abusing data inside their company. Pat Kane, the Director of Business Operations of Verisign, has told me they can’t even log their servers because the log files would fill up too fast and the data wouldn’t be valuable unless they sell it. Since Verisign is a public company, they may sell the data in the future but they currently don’t because ISPs can do it better, and the ISPs sample sizes are large enough. It is just too costly to gather, and Verisign would need to file a service plan with ICANN before would be allowed to sell data like this. Paul Stahura, the President of eNom, has told me they don’t allow datamining either.
DomainTools.com is a division of Name Intelligence, and I, Jay Westerdal, the President and CEO of the Name Intelligence, have a strict policy against domain name research theft. People’s queries are never used to register domain names, period. I serve as the secretary of the ICANN Registars Consistency, and although we are not a tiny company, we are still a relatively small company. 
We enjoy building tools for Domainers and anyone seeking more knowledge about domains.
Closing thoughts
There are very few companies that register over 50K domains a day just to perform Domain Name Tasting on them. I have no problem with Domain Tasting, but I do have a problem with tasting other people’s ideas right before they were about to register them. If companies are going to Domain Taste, they should generate the domain names from computer algorithms and not from mining queries. As a footnote, Moniker and Pool.com offer such a service commercially for a small price and actually market it as the poor Domainers chance to taste too. Yes, you too can taste domains for 5 days at 5 cents a domain. There are only a handful of companies that are actually Domain Tasters. Most of these companies hide/shield their identities by setting up Whois Proxy services or setting up paper companies. However, only registrars can effectively perform domain tasting, so it is easy to guess who they are without looking at the whois most of the time.
« Newer Post Older Post »
Posted in Domain Industry, Domain Spying |
March 20th, 2007 at 11:09 am
In my experience, even just searching using a “trusted” registar is risky.
I searched for a domain using both Domain People and GoDaddy but chose not to register it. 24 hours later it was registered. 5 days later it’d be release due to a lack of traffic.
My understanding/leaning is that at some point, data being sent to whois servers is being intercepted.
March 20th, 2007 at 1:11 pm
If I find an acceptable domain name, I just register it. My domain registrar charges $1.99 a year. For that little amount of money, it’s well worth it to just go ahead and buy it. If I end up not using it, I put it up for sale.
Just my 2 cents,
QueenB.
March 20th, 2007 at 2:30 pm
Rob,
Your understanding that, “data being sent to whois servers is being intercepted” is not logical. If the intercepter could grab data going to any server surely they would intercept better data then whois requests. Registrars make direct TCP/IP connections to Verisign and there is no company in the middle listening.
March 20th, 2007 at 5:15 pm
Jay, isn’t it possible that an advertiser on DomainTools could get the data? After all, if I search for whois on DomainNameWire.com it creates the URL:
http://whois.domaintools.com/domainnamewire.com
If I click on an ad or other link on DomainTools that goes to another site, that site’s logs will include the referring URL (which includes the domain). I realize you have good advertisers, but I’m just trying to think of holes in legit sites’ systems.
March 20th, 2007 at 8:15 pm
Bravo austintexas, cool idea
robdavy you may be right, Westerdal - see in the post - NXD selling, the ISP sees everything… (for that matter the carrier too; the data is usually not encrypted)
March 20th, 2007 at 8:28 pm
Austin,
We don’t load sponsor images or scripts from other sites when loading a whois page. If a user clicks on an ad, yes they are exposing that referrer string. However I would estimate that happens less then 1% of the time and only invoked by the user.
March 20th, 2007 at 8:41 pm
How about you ask Nameking?
March 20th, 2007 at 10:48 pm
It was pointed out earlier this week on David Kesmodel’s blog, that NameKing has suspended Domain Tasting because of a Microsoft lawsuit. I have seen a lot of reports about domain research getting stolen and then the domains were registered through the NameKing registrar.
March 20th, 2007 at 11:23 pm
Jay - thanks for an excellent article that every domainer should read. I never even thought about it, but it’s happened to me more than once where I couldn’t understand how a domain I was searching on was purchased the same day as I was seeing if it was available, but just sticking it in the shopping cart for a day or two on fabulous. Thanks again — much needed!
March 21st, 2007 at 10:52 am
I think I have seen this happen in the past, but of course had no proof. It was really many years ago, but with the money in the domain industry these days it wouldn’t surprise me that it’s widespread.
It would be interesting to set up a site on domainthieffeeder.com and gather evidence that this is going on. You know, register some wacked-out name and see who registers it and document the event. Then we get a bunch of people to hit the domain to generate traffic so that it stays registered past the five day trial period…
We could also build a map of sites that participate in this kind of crap and run them out of business, or at least hurt them.
On the other hand, those that think they have privacy and that others on the web are honest and ethical need to get a damn clue! The only real rules here are made by those with the power to do so. Step outside that circle of influience and the rules can change completely.
Best advice: Use DomainTools.com’s search option to see what domains are available. That way you are not doing a direct domain search that can be picked up except maybe toolbars and spyware, but without the TLD (.com, .net, etc.) it should be pretty safe.
March 21st, 2007 at 12:58 pm
Christian,
Our search engine is built on 8-12 hour old data. Domain Tasters are throwing 1+ Million domains a day at the wall to see what sticks, I suggest doing a whois to be sure the domain is availalbe.
March 21st, 2007 at 9:00 pm
Jay is anyone doing anything legal on the net?
Some great sites have dropped names.
March 21st, 2007 at 11:25 pm
rqtect,
I don’t follow your question on the legal thing.
Which names have dropped from great sites?
March 31st, 2007 at 1:47 am
Nice write Jay. IMO tasting isn’t bad, it’s all the sneeky stuff these guys do. False whois data and fictional entities, foreign shell/paper companies or mail drops, monitoring whois queries, data mining customer regs and registration of typo or other competing domains, blatant TM or TM typo squatting, and ring around the rosy kiting between related registrars etc. It would be great to see you guys do an expose on who is really involved in all this stuff. Everybody hates, ChestertonHoldings, DomainDoorman, Wang, Unasi et al, but its fun to see who are they connected with and how. A connect the dots study by you guys would raise some eyebrows. Might surprise a few domainers to know that their friendly registrar or parking service isn’t really much of a friend after all.
April 27th, 2007 at 6:19 am
I was pleased to hear confirmation of DT not allowing spying. However the same day I read your posting I searched for a couple names that ironically both got registered by the same person shortly after my search. Should I be concerned or just coincidence?
April 27th, 2007 at 9:16 am
westblock,
The firm is most likely a domain taster that picked up several hundred thousand domains that day, and yes it would be coincidence, or unless you are at an ISP that feeds your click stream data to the taster. Our data shows that your ISP is “SBC Internet Services”.
Here is a good article that shows that Compete,Inc CEO buys data from ISPs. We know Yahoo has a deal with Compete, we also know that Yahoo has a deal with SBC. I have not found the privacy policy at your ISP but it would be logical that you are being tracked by your ISP.
http://internet.seekingalpha.com/article/29449
June 16th, 2007 at 7:25 am
Why don’t people simply use the good old nslookup tool?
Type nslookup domain.com in DOS and there you get it. If the domain is available, it displays the IP. If not, it says “Non-existent” domain. Its even faster than WHOIS searches or anything else.
Hope it helps.
UPDATE BY JAY: Lack of an IP address does not mean the domain is available. Plenty of domains don’t even have Name Servers. If you do get a response, all you have is the IP address. You have none of the ownership details and other facts about the domain. Sort of like saying, the health of a person is not determined by if they can breath. Often a doctor will take other metrics rather then saying, Yep he is alive, he is breathing.
June 16th, 2007 at 7:38 pm
Hi Jay,
I understand that, but majority of the domains do have NS and the nslookup utility can be used as a first step to check domain availability. Later, ofcourse, you can check WHOIS if there’s no IP returned.
I didn’t say its a viable alternative to WHOIS, but its much faster and reduces the risk of domain research theft by atleast 50%. Hope you would agree.
Rgds,
Ebrahim
UPDATE BY JAY: Ebrahim, A NSLookup still goes through your ISP’s DNS. And they will record this and may turn it over. So actually I think it is more likely to get you into trouble. It all depends on your ISP and if they sell Click stream data. The NXD response you would get would be a trigger for a spy to register the domain. Doing a whois record would not be recorded in your DNS lookups at the ISP. They would have to be snooping inside your packets to get the whois request. So I think a whois request is safer.
August 21st, 2007 at 5:53 pm
I haven’t bought a domain name in years. I searched for a friend on her name which was unusual and it was available. A couple of days later I searched again and discovered that someone had bought the .com domain. Unfortunately, I do not remember where I performed my search. However, the domain is now registered to Domaindoorman, LLC. Now I am aware of domain search theft. Whoever this company is, I wish them a speedy route to bankrupcy.
December 28th, 2007 at 2:04 pm
The web’s most interesting stories on Fri 28th Dec 2007…
These are the web’s most talked about URLs on Fri 28th Dec 2007. The current winner is …..
December 28th, 2007 at 5:52 pm
A company called caribbeanonlineinternational.com stole my domain name!
Somebody should investigate these pirate tasting scumbags.
December 29th, 2007 at 9:13 am
Even using a trusted site for lookup can still be an issue. An ISP can simply act as a passive MITM and log the requests sent to specific sites.
SSL/TLS won’t help you either. Any major ISP can easily install a passive decrypting appliance.
Unfortunately, there is _no_ real way to hide this kind of data from an ISP beyond securing your connection AND handling your keys on a different network. Then again, there’s no knowing what that provider will be doing with your data.
So, in the end, providers are selling aggregate data. The only thing their customers can directly do about it is use a different provider. Although, it’s extremely likely that another customer will come along very shortly.