Subscribe
Front Running Hype
October 27th, 2007 by 
Jay Westerdal
I love investigating Domain Spying! I saw a case last night, and I think I need to publicly report what I am seeing so people know what is going on. I see these cases all week long. I am going to blank out any sensitive data from his email because he still wants to buy this domain and most likely will get it if he waits out the Domain Taster.
Domain Tasting in bulk can cause a lot of frustration for users that don’t understand the complexities of the system. I have even had a CEO of large registrar call me and ask about a domain he thought was being front run. I was able to troubleshoot the situation, and if people like that are confused I am sure the confusion is widespread.
I don’t believe any Registrars are spying on queries from people trying to register domain names and then registering the names themselves. However, Verisign and ISPs are selling Non-Existent domain DNS queries. So it is much safer to do a whois lookup than it is to type a domain directly into the address bar.
Here is the letter I received:
This evening, a very valuable domain name was stolen from me while I was in the process of purchasing and registering it.
The domain name is: D*******H*****.com.
I did the search for the availability of the domain name (D*******H*****.com) at GoDaddy.com
at approximately 10pm eastern time tonight (October 26, 2007) .
This is a typo domain of D*******H*****.com; and the keyword term “D******* H*****” is listed as receiving over 44,000 searches per month according to Overture. This typo domain name very likely has a fair market value of in excess of $5,000, possibly as high as $20,000 or more, depending on who does the appraisal.
This is extremely disturbing, to say the least.
The domain name showed as being available when I checked at GoDaddy.com
I then immediately performed a WHOIS query on the domain, and the info indicated that the domain name was registered today/tonight–again, quite coincidentally, within a matter of minutes after it showed as being available.
“Coincidentally”, this domain name was BY FAR the most valuable one I was registering tonight, and is one of the more valuable domains among the over 1,000 domain names that I own.
The Sales and Support Rep from GoDaddy.com
My local access ISP provider is CableVision, Optimum Online.
I have not initiated any correspondence to the thief/front runner. I will await feedback from you before I do anything like that.
Please advise me of my legal options in this situation, and how I can recover this highly valuable domain asset.
This is the first time that this has happened to me personally, however, I have colleagues who have large domain portfolios that have told me that this has happened to them so many times, it is out of control, and resulting in severe financial damage to them. I am also aware of your advisory report on Front Running.
I have blind copied some of the domain industry leaders and news sources here, as some have publicly expressed direct interest in this type of crime.
If you require any more information from me, please let me know and I will promptly respond. Thank you.
Below my name is the WHOIS information of the party who stole the domain name. I hope this email and the WHOIS information below is not considered to be anecdotal or incomplete.
Kind Regards,
***************
CC: President@GoDaddy.com–Can and SSAC-Fellow@ICANN.Org — Can you let me know any information or complaints that you have about the registrant listed below in the WHOIS data? Thank you.PS–Here is the WHOIS information listed by the individual who stole this domain (D*******H*****.com):
Registrant:
Marketing Total S.A. (D*******H*****-COM-DOM)
P.O. Box 556
<SNIP>
My Response:
> *******,
> Thanks for the blind carbon copy. Using our database I can see that
> this domain has been domain tasted three times prior to this during
> 2007 – possibly more. This domain is being domain tasted right now. It
> appears GoDaddy’s domain checker is not real time. When you got to the
> checkout process at GoDaddy that is when they did a real check against
> the registry and that is why the domain appeared to be registered at
> that time. At some point today. I do not have access to run an EPP Info
> command right now or I might be able to tell you at what time they
> registered the domain before you. I think it may have been hours
> before you. I would recommend GoDaddy offer real-time checks rather
> then rely on zonefiles for checks. It has been a common practice to
> speed check against a local copy of the zone rather then checking the
> registry.
>
> DomainDoorman is a company that on the average day registers over
> 1,000,000 domains per day. The particular domain had been tasted on
> the 21st of this month as well. I would recommend waiting this one out
> and registering it when they ignore it. You have a 99.9% chance they
> will delete it with in 5 days. Do not click on anything on the page or
> even visit it. This would tip the company off that the domain is
> valuable. Check the whois at
>
> http://whois.domaintools.com/**************.com and we will record those
> records and preserve the history.
>
> Jay
I checked the EPP-Info information directly from Verisign the next morning (something only registrars have access to) and the domain had been registered at 4:00 AM on the morning of the 26th. More the 12 hours before registration attempt was attempted. I can see why people think Domain Front Running exists, but I have yet to see a case that I have not been able to explain. Perhaps it exists with some small no-name whois site but I have yet to find that site. I want to thank this person for providing so much information, it made it easy to track things down. I hear a lot of cases but they are normally not as well documented as this.
There are several things I would recommend the industry do to avoid these types of perception issues.
- Help get rid of Domain Tasting. It times up a lot of domains that users are not able to register.
- Fetch the creation time directly from Verisign and show it to users on this whois records IF the domain was registered within 5 days ago.
- Have Verisign show the time of day the domain was registered in the whois. Currently they only show the date publicly.
- Allow people to run real-time checks against the registry.
Next week they will be discussing a lot of these issues at the ICANN meeting in LA. I would suggest anyone interested to show up. ICANN meetings are free to attend and there are a lot of discussions like these ones but with a lot less facts. 
« Newer Post Older Post »
Posted in Domain Spying, Domain Tasting |
20 Comments »
October 27th, 2007 at 6:27 pm
Hi Jay. Interesting post. It appears a lot of people would like to get rid of domain tasting. Would it be difficult to stop the practice by making domain names that are currently being tasted available to some bots which would then go and hop around these domains, leaving log entries which would make unattractive domains look attractive to the tasters and make them register them?
UPDATE BY JAY: I doubt it. I think Domain Tasters want to control a lot of temporary inventory. I think they rather taste. A stupid domain gets a lot more traffic after a registration event then it dies down. I think they make more on floating thousands of half-dead domains. What if you could get 3 cents average from a total of 1,000,000 domains? That is $30,000 in one day. Why own real domains when you can make that kind of money… Sure you could pick up a few domains that are gems but the overall game plan has to be to float a lot and get paid on random hits.
October 27th, 2007 at 6:30 pm
In some cases domain tasting has helped me, and these are the only cases I can cite: Because these parties only do it for perhaps a few sets of 5 days, legitimate people like myself don’t have to wait a year or two for the company to really drop it. I am a member one one of the biggest forums on the Internet, and most of the people there are pretty tech-savvy. One slang term referenced every now and then had a website (.com) named after it. The same person owned it for three years or so and then let it expire. It was promptly parked. This was less than a year ago. A few months ago I run it through Godaddy and it is available. I promptly bought it and its .org counterpart (.net is still parked)
My friend once had his name .com. Same thing happened and he was able to register it again. Also a domain I used to own as a joke type thing expired due to confusion and disagreement with the guy who bought my old website (and took over my hosting account). It was parked for a while then I checked recently and it was available. I got that too.
I’m not saying that tasting is right, but it is better (for the end-user, you, me) than regular parkers.
October 27th, 2007 at 7:57 pm
Last night I was checking some of the sites I host here and some old domains. There was a domain I’d missed when the owner let it expire that I was hoping was being tasted. Domain Tools Monitor hadn’t alerted me on it yet but a quick whois search there showed it as registered but the whois info was missing. Like it had just been dropped.
I checked it at one the registrars I use and they showed it as unavailable so I tried another and it was available there. I quickly registered it. A couple hours later I had it parked at Domain Tools Parking. It will remain parked there until I get some time off my day job and finish another really big project I’m working on.
Now this second Registrar has proven itself several times and I’m thinking this outfit must not be using cached zone files at all.
I never showed my hand on this one. I used Domain Tools to check the whois. I never typed the URL into a browser and I never checked it at a registrar until I thought something was up. And when it showed unavailable I used another registrar to double check.
Hope this info helps someone else.
BTW: Parking is a real help for me. I believe a domain should answer any call to the www port (port 80) which means I either have to stop what I’m working on and build a “under construction” parked page and setup zone files or leave it at my registrar’s parking or else park it where I might get a couple dollars to help offset my costs.
October 28th, 2007 at 1:00 am
Why this picture in the blog post?
Update by Jay: Front runners and Domain Tasters are just like Gold miners. They pan for gold and look through a lot of dirt.
October 28th, 2007 at 8:54 am
Jay,
By piping the output from Domain Search and Typo Generator into Domain Monitor for key trademarks I can keep track of tasting levels. It is not uncommon for 75 or more tasters to be squatting on a single trademark at a time during the 5 day tasting window, which sometimes runs for as long as 7 days.
When I export Domain Monitor data into Excel and plot the registration history over time, I found that there was an extraordinary seasonal correlation with squatting activity for some of business units but not others. Not surprisingly the businesses with problems were seasonal in nature. It was during the busy-season, when the squatters go into a feeding frenzy, that I have received reports of Domain Spying. This supports your conjecture that most Domain Spying events are random, with one caveat which I will now add.
Let’s take the Christmas shopping season which accounts for a significant portion of the on-line yearly sales and starts this year on Thanksgiving Day Thursday November 22. If my data is applicable to other businesses then at Thanksgiving the tasting of Domain Names related to eCommerce sites should go through the roof. Let’s say that on Thanksgiving evening, as you are recovering from Tryptophan overdosing, you come up with a really great idea for an eCommerce Domain Name, only to find that it was registered as your were researching it . Given the time of the year, there is a very high probility that the squatter will have already been hard at work identifying opportunities based purely on Internet traffic levels. What you thought was an impossible coincidence and proof of Domain Spying, was in fact a statistically predicable event because your behavior and that of the squatter were not random.
I will now stick my neck way-out and make a prediction: On the week beginning Sunday November 18, 2007 tasting and squatting of eCommerce website will exhibit a dramatic increase. Those of you who support eCommerce websites have three weeks to get ready, unless ICANN suddenly develops a backbone.
I would like to make two suggestions:
Domain Monitor user should share techniques for manipulating exported data in Excel. This includes the use of macros, functions and graphical presentation of the data.
Given the high volatility of domains being manipulated by squatter even Domain Tools is not always accurate in determining the availability of Domains. The ever helpful DT Technical Support put me on to a DIG Web Interface which is very accurate at predicting the availability of a Domain when the NIC Name Servers are interrogated. I would strongly urge that Domain Tools provide its users with a full function DIG Web Interface.
Mike
October 28th, 2007 at 10:15 am
“…listed as receiving over 44,000 searches per month according to Overture.”
I’m a new domainer but am very interested in learning. Could someone let me know how/where on Overture to find this data?
Thank you!
October 28th, 2007 at 10:53 am
Jay,
>> Using our database I can see that this domain has been
>> domain tasted three times prior to this during 2007 – possibly more
Without knowing the domain – I can’t check DomainTools history on the domain. Are you able to see that information with your public tools – or is this just a feature you have internally available? Please share insight on how you masterfully see this!
October 28th, 2007 at 2:21 pm
Jay
What do you make of the baiting that was done some time back to check on front running? Certainly people remember when some of the funny names were planted just to see if these rogue registrars (like Doorman) picked them up? Can you say Chesterton? Also, I don’t see where the fact that a name had been tasted sometime in the past excludes it for cosideration in a front running scheme.
Doc
October 28th, 2007 at 6:46 pm
I agree with stockdoctor. There is no denying that it has happened. It was tested with chestertondomaintheft.com
and others. Within minutes of a domain whois check, the result was:
Domain: chestertondomaintheft.com
, INC.
Reg: NAMEKING.COM
Status: REGISTRAR-LOCK
DNServer: ns1.chestertonholdings.com
DNServer: ns11.chestertonholdings.com
Created: 2006/07/22
Those protecting these people that obvoisuly have a hand in this, makes it look like they are a part of it. Why have the various domain news sites and others, including domain bloggers, focused and reported on this news worthy event “ICANN Investigates Insider Domain Name Snatching”? Don’t they see that rooting this out will only give domains more credibilty? The ostrich with it’s head in the sand that DNJournal.com
has in it’s Oct. 24, 2007 post, is much more appropriate for the domain industry, rather than old media.
It’s kind of surprising such a major domain news worthy event is not even covered in the DNJournal.com
or Domainnamewire.com
. How could they both miss this event that pushes any possibility of respect for domainers back many years?
October 28th, 2007 at 7:06 pm
Coorection: above should have said “Why have the various domain news sites and others, including domain bloggers, NOT focused and reported on this news worthy event “ICANN Investigates Insider Domain Name Snatching”?
October 29th, 2007 at 2:52 am
Jay, I have been publishing Nightly Name Dump for several years now. This service sends out daily lists of available to register domain names. Just before sending issues out, we always do a last minute check to remove any registered domains. Back in 2005, we started running into problems doing bulk whois queries on the list. At the time, lists were anywhere from 100 to 500 domains (averaging just over 200), so it wasn’t a HUGE number to check. We ran through several whois servers since it seemed like each one resulted in most of the domains being taken before our subscribers even had a chance to get the lists. With each whois server, the registrant tracked back to a different company that does tasting. Since names on the list did not (and do not) consist of ONLY drops but also created/researched domains, it was impossible to believe it was entirely coincidental that within 2-6 hours of running a check, the domains were registered. I can tell you at least a couple of the whois servers privately, but since this was over 2 years ago, I’m not sure how much use it would be today. After running into this issue with several whois servers, I made arrangements for confidential checks to be done and now fewer than 5% of 3,000+ domains checked are registered by non-subscribers within the same time interval. (Downloading zone files is not practical in this case.)
October 29th, 2007 at 10:51 am
The good news for the person who contacted was this domain is not worth $5k or $20k from the typo traffic. If it has been tasted and dropped several times, then it doesn’t get much traffic.
October 29th, 2007 at 4:57 pm
Actually finding a good domain name is very difficult, even typos, almost all them are registered, and in this case that domain name was tested several times, I think is not that worth.
October 30th, 2007 at 6:50 am
Jay
Since you were set that this front-running was “hype” I was hoping you’d reply to results seen when the swipers were baited.
Here’s some fun from the wayback machine on one fishing expedition that landed a whopper. Kinda funny. Can you explain this one?
http://web.archive.org/web/20070117020434/http://chesterholdingsbuttmonkey.com/
October 30th, 2007 at 9:00 am
Actually, I picked up a domain at a fire sale that is doing pretty well.
I’d rather develop it, though–when I have time.
Ms Domainer
October 30th, 2007 at 11:10 am
Jay
Just thought I’d add a link to the wayback machine shot on one of the names that the frontrunners were baited with. Still think it was just hype?
http://web.archive.org/web/20070117020434/http://chesterholdingsbuttmonkey.com/
November 2nd, 2007 at 3:52 am
I can tell you what I do know for a fact. If you register a domain name with DomainDiscover.com
and fail to renew it they themselves will simply change the whois information to their own information and hive of the domain. Let me give you one example of many. islamicfinance.com
That was simply taken over and then when I raised the matter they started transferring the domains to another party.
November 2nd, 2007 at 9:50 pm
“I agree with stockdoctor. There is no denying that it has happened. It was tested with chestertondomaintheft.com
and others. Within minutes of a domain whois check, the result was:
Domain: chestertondomaintheft.com
, INC.
Reg: NAMEKING.COM
Status: REGISTRAR-LOCK
DNServer: ns1.chestertonholdings.com
DNServer: ns11.chestertonholdings.com
Created: 2006/07/22″
Yes this was a proven fact.
Thread here,
http://domainstate.com/showthread.php3?s=&postid=313745#post313745