DomainTools Blog

I am confirming that Network Solutions steals domain ideas when people check domain availability on the Network Solutions website. They seem to have started the practice of stealing domain ideas on December 16th 2007 according to our Domain History database but I was just made aware of this practice today. I am appalled at the concept of taking people’s domain ideas and registering it before the consumer has the ability to manually register the domain.

It is a deplorable action that Network Solution would announce potential domain names to the entire world. If a customer chooses not to register the domain name with Network Solution they are forced to wait 4 days for Network Solutions to delete the domain name in the Free Add Grace period. After the four day hostage period the consumer is free from the hostage situation and can register the domain somewhere else. However Network Solutions has now exposed those domains to Domain Tasters that will snipe those domain up milliseconds after Network Solutions deletes them. By registering the domain Network Solutions is exposing the domain in the DNS and every computer in the world now knows about the domain. These domains are now easy fodder for scammers and it is mind blowing that Network Solutions would expose their customers queries to the world in this manner.

Domain has never been registered before:

Network Solutions is now the best friend of Domain Snipers and Spys. I tested the system by going to Network Solutions and looking up the availability of Neiman Marcus Verizon.com. Sure enough the domain was available to be registered, however when I check the whois it now said it was taken by Network Solutions. I was not able to register the domain at GoDaddy.

Network Solutions says it is available:

Network Solutions sets up a website on the domain:

The domain is now registered to Network Solutions, LLC

Network Solutions really screwed up on this one. The exposer of their customers was put before corporate profit on this one. If you use Network Solutions to check if a domain is available they will literally register the domain without your knowledge and hold it hostage for 4 days with a price tag of $34.99.

This easily makes Network Solutions the worst Registrar in the world. I hope that they cease this activity immediately as this has given them the worst black eye and makes the entire industry look bad. They actually think they are doing customers favors with this little dirty trick. These guys are clueless!

UPDATE: Network Solution has made some improvements.

I love investigating Domain Spying!  I saw a case last night, and I think I need to publicly report what I am seeing so people know what is going on.  I see these cases all week long.  I am going to blank out any sensitive data from his email because he still wants to buy this domain and most likely will get it if he waits out the Domain Taster.

Domain Tasting in bulk can cause a lot of frustration for users that don’t understand the complexities of the system. I have even had a CEO of large registrar call me and ask about a domain he thought was being front run. I was able to troubleshoot the situation, and if people like that are confused I am sure the confusion is widespread.

I don’t believe any Registrars are spying on queries from people trying to register domain names and then registering the names themselves.  However, Verisign and ISPs are selling Non-Existent domain DNS queries. So it is much safer to do a whois lookup than it is to type a domain directly into the address bar.

Here is the letter I received:

This evening, a very valuable domain name was stolen from me while I was in the process of purchasing and registering it.

The domain name is: D*******H*****.com.

I did the search for the availability of the domain name (D*******H*****.com) at GoDaddy.com at approximately 10pm eastern time tonight (October 26, 2007) .

This is a typo domain of D*******H*****.com; and the keyword term “D******* H*****” is listed as receiving over 44,000 searches per month according to Overture. This typo domain name very likely has a fair market value of in excess of $5,000, possibly as high as $20,000 or more, depending on who does the appraisal.

This is extremely disturbing, to say the least.

The domain name showed as being available when I checked at GoDaddy.com; however, by the time I went to purchase it–along with several other domain names–this one suddenly registered as “not available”. All the others, which were MUCH LESS valuable, were available.

I then immediately performed a WHOIS query on the domain, and the info indicated that the domain name was registered today/tonight–again, quite coincidentally, within a matter of minutes after it showed as being available.

“Coincidentally”, this domain name was BY FAR the most valuable one I was registering tonight, and is one of the more valuable domains among the over 1,000 domain names that I own.

The Sales and Support Rep from GoDaddy.com that was assisting me in the purchase of my domain names this evening is Jared Donnellon. He was extremely helpful.

My local access ISP provider is CableVision, Optimum Online.

I have not initiated any correspondence to the thief/front runner. I will await feedback from you before I do anything like that.

Please advise me of my legal options in this situation, and how I can recover this highly valuable domain asset.

This is the first time that this has happened to me personally, however, I have colleagues who have large domain portfolios that have told me that this has happened to them so many times, it is out of control, and resulting in severe financial damage to them. I am also aware of your advisory report on Front Running.

I have blind copied some of the domain industry leaders and news sources here, as some have publicly expressed direct interest in this type of crime.

If you require any more information from me, please let me know and I will promptly respond. Thank you.

Below my name is the WHOIS information of the party who stole the domain name. I hope this email and the WHOIS information below is not considered to be anecdotal or incomplete.

Kind Regards,
*********

******
CC: President@GoDaddy.com–Can and SSAC-Fellow@ICANN.Org — Can you let me know any information or complaints that you have about the registrant listed below in the WHOIS data? Thank you.

PS–Here is the WHOIS information listed by the individual who stole this domain (D*******H*****.com):

Registrant:
Marketing Total S.A. (D*******H*****-COM-DOM)
P.O. Box 556
<SNIP>

My Response:

> *******,
> Thanks for the blind carbon copy. Using our database I can see that
> this domain has been domain tasted three times prior to this during
> 2007 – possibly more. This domain is being domain tasted right now. It
> appears GoDaddy’s domain checker is not real time. When you got to the
> checkout process at GoDaddy that is when they did a real check against
> the registry and that is why the domain appeared to be registered at
> that time. At some point today. I do not have access to run an EPP Info
> command right now or I might be able to tell you at what time they
> registered the domain before you. I think it may have been hours
> before you. I would recommend GoDaddy offer real-time checks rather
> then rely on zonefiles for checks. It has been a common practice to
> speed check against a local copy of the zone rather then checking the
> registry.
>
> DomainDoorman is a company that on the average day registers over
> 1,000,000 domains per day. The particular domain had been tasted on
> the 21st of this month as well. I would recommend waiting this one out
> and registering it when they ignore it. You have a 99.9% chance they
> will delete it with in 5 days. Do not click on anything on the page or
> even visit it. This would tip the company off that the domain is
> valuable. Check the whois at
>
> http://whois.domaintools.com/**************.com and we will record those
> records and preserve the history.
>
> Jay

I checked the EPP-Info information directly from Verisign the next morning (something only registrars have access to) and the domain had been registered at 4:00 AM on the morning of the 26th. More the 12 hours before registration attempt was attempted. I can see why people think Domain Front Running exists, but I have yet to see a case that I have not been able to explain. Perhaps it exists with some small no-name whois site but I have yet to find that site. I want to thank this person for providing so much information, it made it easy to track things down. I hear a lot of cases but they are normally not as well documented as this.

There are several things I would recommend the industry do to avoid these types of perception issues.

1. Help get rid of Domain Tasting. It times up a lot of domains that users are not able to register.
2. Fetch the creation time directly from Verisign and show it to users on this whois records IF the domain was registered within 5 days ago.
3. Have Verisign show the time of day the domain was registered in the whois. Currently they only show the date publicly.
4. Allow people to run real-time checks against the registry.

Next week they will be discussing a lot of these issues at the ICANN meeting in LA. I would suggest anyone interested to show up. ICANN meetings are free to attend and there are a lot of discussions like these ones but with a lot less facts.

ICANN’s Security and Stability Advisory Committee (SSAC ) has issued an advisory on a process known as Domain Name Front Running. It is a practice of stealing someone’s domain name search queries and registering the domain name before the original person can register it. Let’s say you find a domain that is available for registration. If someone steals your idea and registers it before you, it is like holding you hostage and is called Domain Spying or Front Running. The SSAC was not able to find any hard evidence during their first inquiry so they are issuing the advisory for people to come forward with good hard evidence it is happening.

“Much of the information presented before SSAC regarding domain name front running is anecdotal and incomplete. The information SSAC has reviewed allows us to observe that some part of the community believes monitoring practices that result in preemptive registration of domain names have occurred and that such practices are not acceptable. SSAC is concerned that, whether real or perceived, preemptive registration portrays an unfavorable image of the domain name industry. This Advisory is therefore a preliminary study and is intended to put the issue before the community for discussion and to solicit well-documented incidents, if any can be obtained.”

There are several ways that spying could occur:

• Client software.
• 3rd Party WHOIS query portals.
• Unauthorized executables.
• DNS operators.
• Registrars (and resellers).
• Name Spinners.
• Registries
• Information leaks, social engineering.

Basically the SSAC is looking for hard evidence that this spying exists. If you can help with hard evidence, please contact them. I would encourage people to perform their whois query via our services as I can guarantee we are clean. We have also published ways that stealing can happen even if using our service. It is possible for spyware on your computer to steal your queries or even DNS queries at your own ISP.  It is possible that a Registrar or Reseller is stealing your query. It is also possible that a Registry is leaking the information to Domain Tasters. Never type a domain name into a browser and see if a website exists. This is a horrible way to test if the domain exists because you are leaking the DNS query to global root servers and your ISP’s DNS servers. Major ISPs sell click stream data and non-existent domain name results.

As another side note. Our Bulk Check utility is not real-time. We run the results against a zonefile that could be up to 12 to 24 hours delayed. If you need a real-time query, please run it manually on our services. Domain Tasters are testing millions of domains a day that have been previously registered and that takes a lot of good names off the floor everyday. The only good news is that Domain Tasters generally throw back 99.9% of the domains within 5 days.

There will be a public forum next week at the LA ICANN meeting and I would encourage people to show up and speak out against Domain Tasting. I think Domain Tasting is causing a lot of damage to people, but it is hard to measure. People assume that names are being spied on while I find that the most common thing is Tasters that re-filter old domains over and over again.

Got an idea for a new company? Well don’t be so quick to check if the domain name is available. Rogue companies are out there stealing domain research. The act of typing the domain name in the wrong place may allow these squatters to register the domain before you. Here is how these companies spy on people and some good tips to avoiding them.

We have been investigating domain name research theft crimes for the last two years and talking with the many victims. If you are a victim, please contact us – the more technical a description of the event the better. We are collating events of all the victims and we will update everyone if there is a common thing to avoid. We will also be passing our evidence on to local authorities in the proper jurisdictions. Name Intelligence/DomainTools has many three letter government agencies and large law firms that use our whois service and users can be 100% guaranteed that research done on our web sites will not get shared with third parties. We still want to share some tips so that domain owners are more aware.

Top Tips:

• Avoid address bar guessing.
• Avoid search engines that don’t make a billion dollars a year in revenue.
• Avoid browser plug-ins that send data back to the Internet.
• Go directly to trusted registrars and whois companies.

Address bar guessing
It is such a strong urge to type the domain name into the address bar and see what website comes up. Most users think perhaps there is already a company using the name and this will be a quick end to the question. Wrong! This is the most dangerous thing to do. Internet Service Providers (ISP) sell NXD data. You may be asking yourself “What is NXD data and how does that effect my domain research?” Non-eXistent Domain (NXD) Data is a response the DNS system tells the asking computer if resolution on an IP address fails because the domain doesn’t exist. Yes, ISPs sell this data. I personally talked with a representative that gave me her business card and quoted me a six figure number for access to their NXD data. These domain name research companies actually buy this data and register those domains to see what generates money. Their hope is that if people at one ISP represent 1/5000th of the Internet, they might receive 5000 visitors a month from all the other ISPs around the world according to that ratio. So by testing a theory with DNS, people are telling these companies what domains to ‘taste’. Ironically, this type of behavior will have a chilling effect on direct navigation which actually hurts the domain parking industry as a whole.

Avoid non-billion dollar search engines
Datamining firms have struck deals with smaller search engines and meta search engines. These companies are looking for more revenue, and revealing what people are searching for is one of their revenue sources. I love when I see search engines like Google stick their neck out and tell the US Government that not even Uncle Sam can have access to user’s search data. To sum this up, don’t trust search engines that don’t have a privacy policies that protects user’s data from being turned over to third parties. And even then, don’t type domains into search engines. Search Engines are for ideas and concepts, the address bar is for REGISTERED domains.

Excerpt from WordTracker.com

“We compile a database of terms that people search for … we tell you how often people search for them…“

Excerpt from HitWise.com

“Hitwise has developed proprietary software that Internet Service Providers (ISPs) use to analyze website usage logs created on their network. The anonymous data sent to Hitwise from the ISPs include a range of industry standard metrics relating to the viewing of websites including page requests, visits and average visit length. Hitwise also combines this rich ISP data with a worldwide opt-in panel to overlay demographic, lifestyle and transactional behavior across the thousands of websites that are reported on every day.“

Browser plug-ins
For any browser plug-in that is free, ask yourself why is it free and whether they send data back to a server. Avoid software on computers that reports data back to the Internet. Of course this is the most obvious advice, but I need to mention it. The likelihood of someone datamining domain name research from spyware is small. If they have spyware on your computer, it’s more likely they are going after credit cards numbers and social security numbers instead of domain research.

Trusted Whois Websites
I have interviewed the CEOs and CTOs of many large registrars. Tim Ruiz, the CTO of GoDaddy, has assured me they have never once abused their position and they would fire any employee caught abusing data inside their company. Pat Kane, the Director of Business Operations of Verisign, has told me they can’t even log their servers because the log files would fill up too fast and the data wouldn’t be valuable unless they sell it. Since Verisign is a public company, they may sell the data in the future but they currently don’t because ISPs can do it better, and the ISPs sample sizes are large enough. It is just too costly to gather, and Verisign would need to file a service plan with ICANN before would be allowed to sell data like this. Paul Stahura, the President of eNom, has told me they don’t allow datamining either.

DomainTools.com is a division of Name Intelligence, and I, Jay Westerdal, the President and CEO of the Name Intelligence, have a strict policy against domain name research theft. People’s queries are never used to register domain names, period. I serve as the secretary of the ICANN Registars Consistency, and although we are not a tiny company, we are still a relatively small company. We enjoy building tools for Domainers and anyone seeking more knowledge about domains.

Closing thoughts
There are very few companies that register over 50K domains a day just to perform Domain Name Tasting on them. I have no problem with Domain Tasting, but I do have a problem with tasting other people’s ideas right before they were about to register them. If companies are going to Domain Taste, they should generate the domain names from computer algorithms and not from mining queries. As a footnote, Moniker and Pool.com offer such a service commercially for a small price and actually market it as the poor Domainers chance to taste too. Yes, you too can taste domains for 5 days at 5 cents a domain. There are only a handful of companies that are actually Domain Tasters. Most of these companies hide/shield their identities by setting up Whois Proxy services or setting up paper companies. However, only registrars can effectively perform domain tasting, so it is easy to guess who they are without looking at the whois most of the time.