Subscribe
Domain Name Front Running
October 23rd, 2007 by 
Jay Westerdal
ICANN’s Security and Stability Advisory Committee (SSAC ) has issued an advisory on a process known as Domain Name Front Running. It is a practice of stealing someone’s domain name search queries and registering the domain name before the original person can register it. Let’s say you find a domain that is available for registration. If someone steals your idea and registers it before you, it is like holding you hostage and is called Domain Spying or Front Running. The SSAC was not able to find any hard evidence during their first inquiry so they are issuing the advisory for people to come forward with good hard evidence it is happening.
“Much of the information presented before SSAC regarding domain name front running is anecdotal and incomplete. The information SSAC has reviewed allows us to observe that some part of the community believes monitoring practices that result in preemptive registration of domain names have occurred and that such practices are not acceptable. SSAC is concerned that, whether real or perceived, preemptive registration portrays an unfavorable image of the domain name industry. This Advisory is therefore a preliminary study and is intended to put the issue before the community for discussion and to solicit well-documented incidents, if any can be obtained.”
There are several ways that spying could occur:
- Client software.
- 3rd Party WHOIS query portals.
- Unauthorized executables.
- DNS operators.
- Registrars (and resellers).
- Name Spinners.
- Registries
- Information leaks, social engineering.
Basically the SSAC is looking for hard evidence that this spying exists. If you can help with hard evidence, please contact them. I would encourage people to perform their whois query via our services as I can guarantee we are clean. We have also published ways that stealing can happen even if using our service. It is possible for spyware on your computer to steal your queries or even DNS queries at your own ISP. It is possible that a Registrar or Reseller is stealing your query. It is also possible that a Registry is leaking the information to Domain Tasters. Never type a domain name into a browser and see if a website exists. This is a horrible way to test if the domain exists because you are leaking the DNS query to global root servers and your ISP’s DNS servers. Major ISPs sell click stream data and non-existent domain name results.
As another side note. Our Bulk Check utility is not real-time. We run the results against a zonefile that could be up to 12 to 24 hours delayed. If you need a real-time query, please run it manually on our services. Domain Tasters are testing millions of domains a day that have been previously registered and that takes a lot of good names off the floor everyday. The only good news is that Domain Tasters generally throw back 99.9% of the domains within 5 days.
There will be a public forum next week at the LA ICANN meeting and I would encourage people to show up and speak out against Domain Tasting. I think Domain Tasting is causing a lot of damage to people, but it is hard to measure. People assume that names are being spied on while I find that the most common thing is Tasters that re-filter old domains over and over again.
« Newer Post Older Post »
Posted in Domain Spying, Domain Tasting, Stolen Domain |
27 Comments »
October 23rd, 2007 at 5:12 pm
al7waaam
October 23rd, 2007 at 6:31 pm
Oh yea. I can not tell you how many times this has happened to me while searching at GoDaddy, though they have continually denied it. I must be imagining things… like even the “bait” names I checked too!
October 23rd, 2007 at 7:54 pm
I don’t even check a name on my registrar until I’m sure I’m going to sign it up (if available).
I do Google searches first, though I suppose spying could occur here as well. Even as a total green domainer, I knew not to use the URL box to do my searches. Even if I’m 99.9% sure a domain is already regged, I still check the registrar first. You never know.
This has worked well for me.
I discovered spying when I first started domaining. I had found idriven.net
(the dot-com train had left years ago) and wanted think about it for a while. A day later, when I decided to reg it, it had been snatched. Grrrr….
Two months later, the domain was suddenly available again. Evidently, the snatcher wasn’t happy with it, and released it, so I leaped on it this time (It’s part of my book title–unrelated to domaining–so I wasn’t interested in direct navigation traffic per se, although it does pretty well in drawing traffic to my page).
Here’s my question: how does one come up with “hard evidence”? If a domain has popular keywords, it could be that other users have come up with the same combination independently, which is why this might be difficult to prove, at least for someone like me who wouldn’t have a clue how spying is done.
Even if such a thing could be proven, what could be done about it, I wonder?
Ms Domainer
October 24th, 2007 at 4:08 pm
On a somewhat related note, what does one do when one registers a domain with, uh, a “history”?
The domain itself was checked through the internet archive, and nothing suspicious came up, other than some parking pages from 2005. But 2006-2007 were blank.
Sedo refused to park it because of “traffic irregularities,” and Explorer wasn’t even bringing up the GoDaddy construction page, not even through direct navigation.
I sent the domain to “rehab”: an explanation post to my blog, and now it redirects there.
Does the “taint” ever leave a domain that has been used for nefarious deeds?
Ms Domainer
October 24th, 2007 at 5:45 pm
MsDomainer asks: “On a somewhat related note, what does one do when one registers a domain with, uh, a “history”?”
If it was mine I’d stick it on it’s own server space and develope some nice content for it. I’d also work in some links to other sites or parked domains I own. That way your other linked sites get a benefit from any traffic and/or search engine spidering that occurs.
Sorta what you did by redirecting it to your blog post already but with that domain having some content of it’s own instead. The content should be somewhat related to the domain subject (as you blog post is).
October 24th, 2007 at 6:02 pm
MsDomainer Said: “Sedo refused to park it because of “traffic irregularities,””.
Should have mentioned this first, you could park it right here at Domain Tools own Parking to see if Name Drive will accept it. I like the parking here cause it’s easy to setup and I’m making a little money here. I imagine it will get better yet as they find more parking services to work with.
October 24th, 2007 at 8:44 pm
I may consider doing that, Spambait, but maybe Jay doesn’t want a “tainted” domain either.
It’s freecasinocash.info
.
Is that something you’d want parked on your site, Jay? If not, it’s okay. It can sit in rehab for a while
Ms. Domainer
October 24th, 2007 at 10:54 pm
i have had a couple domains mysteriously regd darn near the same time when i first started out but that was with a couple of the smaller companies im not sure how a reseller can do it if they are using a stock reseller site.But
that was also before i ever knew about tasting if these companies rotate thru lists of Domains on a constant basis no doubt id think ANY previously regd Domain that expired would be picked up on a regular basis(after all the rest of the Domains on their list would of been tasted).I didnt know a Domain owner was responsible for a previously misused Domain,MSDOMAINER if SEDO is affiliated with Google iv been told they Frown on Gambling related and just certain Domain names that OFFEND them for some reason /shrug funny if they owned the Domain id lay money it would be parked somehow.
October 25th, 2007 at 4:49 am
Yes this does happen, can’t tell you how many times! When I started doing a whois on this site, it stopped. I do a whois on here all day long. If I go to the registrar and do it, and then go back to register the domain, the domain will be gone that fast! I tell everyone to come here to do a whois. I love this site! You keep me informed. Jay, you guys are great, keep up the good work.
October 25th, 2007 at 7:19 am
Dreamdealer,
I also regged the .mobi version of the same domain name, and it went through just fine, now happily parked at Sedo.
I DO suspect that the .info had been used for something suspicious, like spamming or phishing, although it shows clear.
Even a search before regging would not have revealed much; I only found out when Sedo refused to accept it.
If I were sued for a domain that the previous owner misused, I would definitely fight it; I do not feel responsible for someone else’s misdeeds.
For expensive (over $25.00) aftermarket domains, I also check this site (among others) and, happily, have passed on a few dogs (Thanks, Jay).
I have made my mistakes–live and learn–but now I make fewer of them.
Best,
Ms Domainer
October 25th, 2007 at 9:11 am
For all that hassle, the .info domain has now been listed in my Sedo account (?).
Go figure.
Ms Domainer
October 25th, 2007 at 12:32 pm
Interesting article. This has happened MANY times when I do a search on GoDaddy. If I go back the next day to register it, someone has gotten it. It became obvious to me that this was some kind of search query spying because the domains I searched for did not contain any keywords and were not the types of domains that would have been registered the same time as I was looking them up. Wonder what GoDaddy’s involvement is in this?
This site however is so reliable comparatively. I can feel safe doing domain queries on here, and not worry about query spying. So, thanks for the great alternative!
October 25th, 2007 at 8:29 pm
Hey, I had this happen to me: some big COMPANY really is spying on me, because I know the 2-words domain I have weren’t registered before. I think either Moniker or someone who has a tasting account at Moniker has my domain.
The reason is either DomainBank.com
or Moniker.com
, of whose two services I’d used to check batches of domains (for possible niche site development and definitely not for ‘tasting’ 
. Well, since the whois for the ‘pre-register’ for my ‘tasted’ domain was in the name of a company called “MetaPredict” and 5 days after, “Wan-Fu China,” I’m pretty sure it’s has to do with Moniker (and/or someone who own a tasting account at Moniker). More Infor: their hosting IP Location is from the United Arab Emirates – United Arab Emirates – Direct Information Fzc: TALK ABOUT A SNEEKY CHAMELEON THAT EMITS ITS CAMOUFLAGE FOR “UNTOUCHABILITY”!
…Anyway, rant over. I hope ICANN imposed more rules on the 5-days grace period (their “we’ll give you a fee/fine if the # of returned domains are disproportionated” won’t stop these tasters from drill more holes into the loop).
October 25th, 2007 at 8:34 pm
Hey, what happen I can’t change my alias to “MintSEO”? I thought it was MintSEO. Could you take a look, there might be a bug in WP 2.2.
BTW–please let me know all of the “possible” reasons why ICANN has implemented such “5-Days Grace Period”? I’d thought of 2 reasons already and have countered measures for each. Maybe, I’ll start up a new blog and post about these issues???
BTW2–just testing the alias to see if it works this time.
~MintSEO~
April 30th, 2008 at 10:26 am
I had a name that I searched through GoDaddy come up available and went back a day later and it was gone. It was not a name that had key words that someone would have come up with at the exact same time. I contacted GoDaddy and they said it was nothing to do with them. I checked whois and it seems it is a communications company that registered it right after I looked it up. The funny thing is, I have submitted numerous names into Moniker live auctions and have gotten none in. This was a brand new name and they submitted it to Moniker live auction and it actually got in. Amazing! I don’t think it sold though. Just found that to be pretty funny.
December 31st, 2008 at 11:55 am
I tell you thing has happened me to ask you if there is something that can do, also only to be able to signal what happened to authority that watches over on these scandalous things:
)…
Also I have done different whois on a dominion name that interested me, with the difference that dealt with a dominion in in my case “pending delete” therefore I attended that he was freed for recording it… I have also made 5 whois to day, he is never freed and the 26 of December has seen him acquired nothing less that from a group that it belongs to the company where I made the whois O_O… I have felt taken around… obviously in that page there is not now anything else other than a false site with in anymore the key devoted to the offers to acquire that site (obvious, they know that at least an consumer/chicken it is interested to that name
Do I wonder me, possible that anybody controls these speculators/scoundrels?
At the end knows me that it will be my turn to buy a site with a different name, however how disgusting, as if of garbage in internet there was not any enough =_=.
Thanks for all help