DomainTools Blog

The ICANN board just passed the following motion to end Domain Tasting, “THEREFORE, the Board resolves to encourage ICANN’s budgetary process to include fees for all domains added, including domains added during the AGP, and encourages community discussion involved in developing the ICANN budget, subject to both Board approval and registrar approval of this fee.”

It did not directly deal a death blow to tasting, but it was a definitive motion that will kill it this year. This policy is expected to go into effect when the new budget is approved, and that process typically happens in the summer.

http://www.icann.org/minutes/prelim-report-23jan08.htm

It seems all the heat on Domain Tasting in the last few weeks is causing everyone to take action, from Google to the ICANN Board. I applaud the decision to kill the abusive process of millions of free domain names, but I would caution the original use of the Add Grace Period (AGP) is still needed. The AGP was originally designed for very legitimate reasons: erasing domains purchased with a spelling error or for testing the registry computer system.

When the ICANN staff implements the new policy, there are specific things they should allow. Each registrar should have a testing limit of drops in the AGP, possibly 10,000 per month or 3% of all adds, whichever is greater.

One way to keep domain registration prices low is to not increase the domain registration costs for registrars. Bad credit cards are one of the reasons the AGP is needed. Registrars are severely affected when they purchase a domain from Verisign for $6+ and that purchase turns out to be from a stolen credit card. If the average margin on a domain is $1.00, it will take six legitimate registrations to pay for that one fraudulent domain purchase. Keeping costs low for registrars is a good thing. Domain Tasting should end, but registrars still need some use of the free AGP. The board made the motion to include the following language:

Whereas, it is the Board’s view that abuses of the AGP should speedily be halted, while the positive benefits of the AGP to consumers should be retained; Whereas, the positive benefits of the AGP may include, among other things,avoiding fraud and monitoring, testing and development of registrars’ provisioning, production and/or merchant gateway systems;

I am extremely happy Domain Tasting will end. I do feel a bit sad, though, since I coined the term Domain Tasting and now the phrase will be only used historically.

A confidential informant says Google will stop monetizing all domains if they are less then five days old. This potential new policy change by Google could stop all Domain Tasting in its tracks. The Add Grace Period (AGP) is a time period when registrars can delete a domain at no cost, but in this time frame a registrant could register millions of these temporary domains and place Google Adsense for Domains on them. The result is the ability to produce millions of temporary websites that literally generate millions of dollars in income per week for Google. It was disclosed in court that one of Google’s partners was generating as much as 3 million dollars a month from the practice, and that was after Google’s revenue share. Oversee.net and other companies have been using this practice for years and it will have a direct impact on them. The gravy train of free money might be coming to a halt very fast. This policy change at Google should be announced to the channel partners soon and it will have a huge echoing impact on the Industry.

The good news is the quantity of advertising will now be spread among fewer domains. If bid prices start to rise as a result of this change, domain owners who actually own real, full domains should receive more money. However, some advocates of Domain Tasting say that perhaps no one will be able to serve the niche for some ads and no one will make money on the un-served ads.

I think this is a return of the “Be Good” motto Google had a few years ago. Google has been quietly enabling this practice for years. This is a smart policy move on Google’s part to ward off impending litigation that might have hit them in the coming months. Trademark lawyers have been getting craftier at taking down Kiting by suing under other laws. The new weapon of choice is to use forgery laws instead of trademark laws. The penalty for forgery is much worse and caries a much higher fine per forged article. Dell, Yahoo, and BMW have all filed lawsuits in the last two months asking for millions of dollars of damage from Google partners and I think Google sees the writing on the wall: they might be named next.

The question remains, “Will Yahoo follow suit and also block all advertising on domains less than 5 day old?” I have a feeling Yahoo will do precisely that because they are one of the groups suing Domain Tasters using the forgery law tactic. Most of the big Domain Tasters are now using Google ad syndication feeds to monetize the traffic – those dollars will come knocking on Yahoo’s door soon.

UPDATE BY JAY: The new Google policy will go into effect before the end of February.

I am confirming that Network Solutions steals domain ideas when people check domain availability on the Network Solutions website. They seem to have started the practice of stealing domain ideas on December 16th 2007 according to our Domain History database but I was just made aware of this practice today. I am appalled at the concept of taking people’s domain ideas and registering it before the consumer has the ability to manually register the domain.

It is a deplorable action that Network Solution would announce potential domain names to the entire world. If a customer chooses not to register the domain name with Network Solution they are forced to wait 4 days for Network Solutions to delete the domain name in the Free Add Grace period. After the four day hostage period the consumer is free from the hostage situation and can register the domain somewhere else. However Network Solutions has now exposed those domains to Domain Tasters that will snipe those domain up milliseconds after Network Solutions deletes them. By registering the domain Network Solutions is exposing the domain in the DNS and every computer in the world now knows about the domain. These domains are now easy fodder for scammers and it is mind blowing that Network Solutions would expose their customers queries to the world in this manner.

Domain has never been registered before:

Network Solutions is now the best friend of Domain Snipers and Spys. I tested the system by going to Network Solutions and looking up the availability of Neiman Marcus Verizon.com. Sure enough the domain was available to be registered, however when I check the whois it now said it was taken by Network Solutions. I was not able to register the domain at GoDaddy.

Network Solutions says it is available:

Network Solutions sets up a website on the domain:

The domain is now registered to Network Solutions, LLC

Network Solutions really screwed up on this one. The exposer of their customers was put before corporate profit on this one. If you use Network Solutions to check if a domain is available they will literally register the domain without your knowledge and hold it hostage for 4 days with a price tag of $34.99.

This easily makes Network Solutions the worst Registrar in the world. I hope that they cease this activity immediately as this has given them the worst black eye and makes the entire industry look bad. They actually think they are doing customers favors with this little dirty trick. These guys are clueless!

UPDATE: Network Solution has made some improvements.

Three Florida Registrars were named in a lawsuit by Dell on November 16th; all this is just coming to the surface now. Those three registrars are BelgiumDomains, CapitolDomains, and DomainDoorman. They also have a few sister companies such as Netrian Ventures and IHoldings.com that were named too. Dell personally named Juan Pablo “JP” Vazquez because he was on the incorporation paperwork for most of these companies. Dell has a feeling there are 10 other John Does as well that could be related and is seeking the true identity of those companies as well as naming them in the suit. John Berryhill sent me over a copy of the lawsuit today and I have been reading through it. You can read the main document and the supporting doc 1, and supporting doc 2.

This is a bad day for Domain Tasting (a term I coined). This is a good day for Trademark watchdogs. Several companies have noticed this lawsuit and are re-thinking domain tasting.

UPDATE: We ran some stats, and according to our internal data, those three registrars are responsible for 72.5% of all domain tasting in the last 6 months (That is 185,650,068 of the 255,212,260 domains which were tasted).

10/10/2007 1 COMPLAINT for Cybersquatting, Trademark
Infringement, Counterfeiting, Dilution, and Unfair Competition against
IHoldings.com, Inc., Juan Pablo Vazquez, Does 1-10, BelgiumDomains, LLC,
CapitolDomains LLC, DomainDoorman, LLC, Netrian Ventures LTD. Filing fee $
350. Receipt#: 541230, filed by Dell Inc., Alienware Corporation.
(Attachments: # 1 Exhibit 1-5# 2 Exhibit 6 – 10)(nt) (Entered: 11/20/2007)

10/10/2007 2 Summons Issued as to BelgiumDomains, LLC. (nt)
(Entered: 11/20/2007)
10/10/2007 3 Summons Issued as to CapitolDomains LLC. (nt)
(Entered: 11/20/2007)
10/10/2007 4 Summons Issued as to DomainDoorman, LLC. (nt)
(Entered: 11/20/2007)
10/10/2007 5 Summons Issued as to Netrian Ventures LTD.. (nt)
(Entered: 11/20/2007)
10/10/2007 6 Summons Issued as to IHoldings.com, Inc.. (nt)
(Entered: 11/20/2007)
10/10/2007 7 Summons Issued as to Juan Pablo Vazquez. (nt)
(Entered: 11/20/2007)

10/10/2007 8 MOTION for Ex Parte Temporary Restraining Order,
MOTION for Preliminary Injunction by Dell Inc., Alienware Corporation.
Responses due by 10/24/2007 (nt) (Entered: 11/20/2007)

10/10/2007 9 MEMORANDUM in Support re 8 MOTION for Temporary
Restraining Order MOTION for Preliminary Injunction filed by Dell Inc.,
Alienware Corporation. (nt) (Entered: 11/20/2007)

10/10/2007 10 MOTION for Ex Parte Seizure Order, MOTION for
Accelerated Discovery, and an Order Sealing the File by Dell Inc., Alienware
Corporation. Responses due by 10/24/2007 (nt) (Entered: 11/20/2007)

10/10/2007 11 MEMORANDUM in Support re 10 MOTION seizure order,
accelerated discovery, and an order sealing the file filed by Dell Inc.,
Alienware Corporation. (nt) (Entered: 11/20/2007)

10/10/2007 12 DECLARATION signed by : David J. Steele. by Dell
Inc., Alienware Corporation. (Attachments: # 1 Exhibit A-D# 2 Exhibit E-G# 3
Exhibit H-J# 4 Exhibit K-Q)(nt) (Entered: 11/20/2007)

10/10/2007 13 DECLARATION signed by : Kate Burns. by Dell Inc.,
Alienware Corporation. (nt) (Entered: 11/21/2007)

10/10/2007 14 DECLARATION signed by : Arthur Lewis. by Dell Inc.,
Alienware Corporation. (nt) (Entered: 11/21/2007)

10/10/2007 15 DECLARATION signed by : Mimi L. Sall. by Dell Inc.,
Alienware Corporation. (nt) (Entered: 11/21/2007)

10/10/2007 16 NOTICE of Docket Correction: Document Filed in Wrong
Case; Redocketed in 03CV80612 as DE# 1971 (nt) (Entered: 11/21/2007)

10/10/2007 17 MOTION for Limited Appearance, Consent to
Designation and Request to Electronically Receive Notices of Electronic
Filings for Howard Kroll, Filing Fee $75, Receipt #541231. (nt) (Entered:
11/21/2007)

10/10/2007 18 MOTION for Limited Appearance, Consent to
Designation and Request to Electronically Receive Notices of Electronic
Filings for David J. Steele, Filing Fee $75, Receipt #541231. (nt) (Entered:
11/21/2007)

10/10/2007 19 MOTION to Seal. (nt) (Entered: 11/21/2007)

10/10/2007 20 Sealed Document Tracking Form. (nt) (Entered:
11/21/2007)

10/15/2007 21 ORDER OF RECUSAL. Judge Joan A. Lenard recused. Case
reassigned to Judge Adalberto Jordan for all further proceedingsSigned by
Judge Joan A. Lenard on 10/12/07.(nt) (Entered: 11/21/2007)

11/05/2007 22 ORDER granting 8 Motion for Temporary Restraining
Order and setting hearing on 11/16/07 at 1:30 re 8 motion for preliminary
injunction.Signed by Judge Adalberto Jordan on 11/2/07. (nt) (Entered:
11/21/2007)

11/05/2007 23 ORDER granting 10 Motion for seizure order, granting
10 Motion for Discovery, granting 19 Motion to Seal.Signed by Judge
Adalberto Jordan on 11/2/07. (nt) (Entered: 11/21/2007)

11/05/2007 24 EMERGENCY MOTION to Supplement 23 Order on Motion
for Miscellaneous Relief, Order on Motion for Discovery, Order on Motion to
Seal by Dell Inc., Alienware Corporation. Responses due by 11/20/2007 (nt)
(Entered: 11/21/2007)

11/07/2007 25 EMERGENCY MOTION to Supplement 23 Seizure Order on
Motion for Miscellaneous Relief, Order on Motion for Discovery, Order on
Motion to Seal by Dell Inc., Alienware Corporation. Responses due by
11/23/2007 (nt) (Entered: 11/21/2007)

11/07/2007 26 NOTICE of Filing Bond by Dell Inc., Alienware
Corporation pursuant to 23 Order on Motion for Miscellaneous Relief, Order
on Motion for Discovery, Order on Motion to Seal (nt) (Entered: 11/21/2007)

11/08/2007 27 NOTICE of Filing Bond by Dell Inc., Alienware
Corporation re 22 Order on Motion for Temporary Restraining Order (nt)
(Entered: 11/21/2007)

11/09/2007 28 ORDER granting 24 Motion to Supplement Seizure
Order.Signed by Judge Adalberto Jordan on 11/6/07. (nt) (Entered:
11/21/2007)

11/09/2007 29 ORDER granting 25 Motion to Supplement.Signed by
Judge Adalberto Jordan on 11/7/07. (nt) (Entered: 11/21/2007)

11/14/2007 30 Skipped Docket Entry. (nt) (Entered: 11/21/2007)
11/14/2007 31 Skipped Docket Entry. (nt) (Entered: 11/21/2007)
11/14/2007 32 Skipped Docket Entry. (nt) (Entered: 11/21/2007)
11/14/2007 33 Skipped Docket Entry. (nt) (Entered: 11/21/2007)
11/14/2007 36 NOTICE of Filing Inventory by Dell Inc., Alienware
Corporation (nt) (Entered: 11/21/2007)

11/14/2007 37 NOTICE of Filing Proposed Protective Order by Dell
Inc., Alienware Corporation (nt) (Entered: 11/21/2007)

11/15/2007 34 Skipped Docket Entry. (nt) (Entered: 11/21/2007)

11/15/2007 35 Skipped Docket Entry. (nt) (Entered: 11/21/2007)

11/15/2007 40 NOTICE of Filing Discovery: Answer to
Interrogatories by Juan Pablo Vazquez.(nt) (Entered: 11/21/2007)

11/16/2007 38 NOTICE of Attorney Appearance by Richard Baron on
behalf of Juan Pablo Vazquez (nt) (Entered: 11/21/2007)

11/16/2007 39 MOTION to Seal. (nt) (Entered: 11/21/2007)

11/16/2007 41 NOTICE of Filing Discovery: Response to Request to
Produce by Juan Pablo Vazquez.(nt) (Entered: 11/21/2007)

11/16/2007 43 NOTICE of Filing Certificates of Non-Appearance by
defendants by Dell Inc., Alienware Corporation (nt) (Entered: 11/21/2007)

11/16/2007 44 NOTICE of Filing Returns of Service by Dell Inc.,
Alienware Corporation (nt) (Entered: 11/21/2007)

11/16/2007 44 SUMMONS Returned Executed BelgiumDomains, LLC served
on 11/9/2007, answer due 11/29/2007. (nt) (Entered: 11/21/2007)

11/16/2007 44 SUMMONS Returned Executed CapitolDomains LLC served
on

11/9/2007, answer due 11/29/2007. (nt) (Entered: 11/21/2007)

11/16/2007 44 SUMMONS Returned Executed DomainDoorman, LLC served
on
11/9/2007, answer due 11/29/2007. (nt) (Entered: 11/21/2007)

11/16/2007 44 SUMMONS Returned Executed IHoldings.com, Inc. served
on 11/9/2007, answer due 11/29/2007. (nt) (Entered: 11/21/2007)

11/16/2007 44 SUMMONS Returned Executed Netrian Ventures LTD.
served on 11/9/2007, answer due 11/29/2007. (nt) (Entered: 11/21/2007)

11/16/2007 44 SUMMONS Returned Executed Juan Pablo Vazquez served
on 11/9/2007, answer due 11/29/2007. (nt) (Entered: 11/21/2007)

11/16/2007 45 MOTION to Unseal Case by Dell Inc., Alienware
Corporation. Responses due by 12/3/2007 (nt) (Entered: 11/21/2007)

11/16/2007 47 ORDER denying 18 Motion for Limited Appearance,
Consent to Designation and Request to Electronically Receive Notices of
Electronic Filings of Attorney David J. Steele.Signed by Judge Adalberto
Jordan on
11/15/07. (nt) (Entered: 11/21/2007)

11/16/2007 48 ORDER denying 17 Motion for Limited Appearance,
Consent to Designation and Request to Electronically Receive Notices of
Electronic Filings. Signed by Judge Adalberto Jordan on 11/15/07. (nt)
(Entered: 11/21/2007)

11/20/2007 54 SUMMONS Returned Executed (nt) (Entered: 11/21/2007)

11/21/2007 50 ORDER granting 45 Motion to Unseal Case with the
exception of docket entry 42.Signed by Judge Adalberto Jordan on 11/16/07.
(nt) Additional attachment(s) added on 11/21/2007 (nt). (Entered:
11/21/2007)

11/21/2007 51 PROTECTIVE ORDER Regarding Confidential
Information.Signed by Judge Adalberto Jordan on 11/16/07.(nt) (Entered:
11/21/2007)

11/21/2007 52 ORDER Extending Temporary Restraining Order against
defendant Vazquez.Signed by Judge Adalberto Jordan on 11/20/07.(nt)
(Entered: 11/21/2007)

11/21/2007 53 PRELIMINARY INJUNCTION against the registrar
defendants and corporate defendants.Signed by Judge Adalberto Jordan on
11/20/07. (Attachments: # 1 Exhibit A – Part 1# 2 Exhibit A – Part 2)(nt)
(Entered: 11/21/2007)

11/26/2007 55 Amended MOTION to Amend/Correct Motion of David J.
Steele to Appear Pro Hac Vice by Dell Inc., Alienware Corporation. Responses
due by 12/10/2007 (Sall, Mimi) (Entered: 11/26/2007)

11/26/2007 56 Amended MOTION to Amend/Correct Motion of Howard A
Kroll to Appear Pro Hac Vice by Dell Inc., Alienware Corporation. Responses
due by 12/10/2007 (Sall, Mimi) (Entered: 11/26/2007)

11/26/2007 Attorney David J. Steele terminated per 47. Sent
terminated attorney(s) instructions for tracking future case activity. (tb)
(Entered: 11/26/2007)

11/26/2007 57 CERTIFICATE of Counsel re 52 Order, 51 Order, 53
Preliminary Injunction, 50 Order on Motion to Unseal Case Certificate of
Service by Mimi Lee Sall on behalf of Dell Inc., Alienware Corporation
(Sall, Mimi) (Entered: 11/26/2007)

11/26/2007 58 NOTICE by Dell Inc., Alienware Corporation Notice of
Filing Inventory (Sall, Mimi) (Entered: 11/26/2007)

When a domain is about to delete at most registrars they will switch the DNS over to the registrar’s name server. If the domain is getting good traffic then the registrar may renew the domain for themselves or they may just monetize the domain while it is in the deleting queue. However when a domain has never had DNS before and this switch over triggers an event in our database saying that it is a new domain. It is actually sort of amusing. The first time we see the domain is right before it deletes. It has exist for 3 years but we are just now seeing it. The owner even paid the renewal fee last year. The likelihood that the domain has traffic is actually very low. Thanks to registrars trying to make money off of expiring customers they are helping expose the longest of the long tail. We never would have known about this domain or the fact that it had existed for three years without this broadcast event.

I was looking at one case today, Paul Tuminaro.com. The domain has been registered since 2004 but it has been invisible to the web because it had no name servers until today when it appeared on the Internet for the first time and was hosted on the name server of PendingRenewalDeletion.com. Very odd for a brand new domain to appear on a pending to delete name server. The domain will be online for about 30 days before it is finally deleted next month. The life cycle of the domain is very complex. All domains right before they die are broadcast to the world. So I am sure this domain will be resurrected by a domain taster that will try it out for a few days, see that it has no traffic and return it to dead. This will happen a few times. Perhaps several times each year actually. The echoing effects of dead domains mean that any idea once registered never dies. Register it once and it lives forever even if you fail to pay the renewal fee.

I love investigating Domain Spying!  I saw a case last night, and I think I need to publicly report what I am seeing so people know what is going on.  I see these cases all week long.  I am going to blank out any sensitive data from his email because he still wants to buy this domain and most likely will get it if he waits out the Domain Taster.

Domain Tasting in bulk can cause a lot of frustration for users that don’t understand the complexities of the system. I have even had a CEO of large registrar call me and ask about a domain he thought was being front run. I was able to troubleshoot the situation, and if people like that are confused I am sure the confusion is widespread.

I don’t believe any Registrars are spying on queries from people trying to register domain names and then registering the names themselves.  However, Verisign and ISPs are selling Non-Existent domain DNS queries. So it is much safer to do a whois lookup than it is to type a domain directly into the address bar.

Here is the letter I received:

This evening, a very valuable domain name was stolen from me while I was in the process of purchasing and registering it.

The domain name is: D*******H*****.com.

I did the search for the availability of the domain name (D*******H*****.com) at GoDaddy.com at approximately 10pm eastern time tonight (October 26, 2007) .

This is a typo domain of D*******H*****.com; and the keyword term “D******* H*****” is listed as receiving over 44,000 searches per month according to Overture. This typo domain name very likely has a fair market value of in excess of $5,000, possibly as high as $20,000 or more, depending on who does the appraisal.

This is extremely disturbing, to say the least.

The domain name showed as being available when I checked at GoDaddy.com; however, by the time I went to purchase it–along with several other domain names–this one suddenly registered as “not available”. All the others, which were MUCH LESS valuable, were available.

I then immediately performed a WHOIS query on the domain, and the info indicated that the domain name was registered today/tonight–again, quite coincidentally, within a matter of minutes after it showed as being available.

“Coincidentally”, this domain name was BY FAR the most valuable one I was registering tonight, and is one of the more valuable domains among the over 1,000 domain names that I own.

The Sales and Support Rep from GoDaddy.com that was assisting me in the purchase of my domain names this evening is Jared Donnellon. He was extremely helpful.

My local access ISP provider is CableVision, Optimum Online.

I have not initiated any correspondence to the thief/front runner. I will await feedback from you before I do anything like that.

Please advise me of my legal options in this situation, and how I can recover this highly valuable domain asset.

This is the first time that this has happened to me personally, however, I have colleagues who have large domain portfolios that have told me that this has happened to them so many times, it is out of control, and resulting in severe financial damage to them. I am also aware of your advisory report on Front Running.

I have blind copied some of the domain industry leaders and news sources here, as some have publicly expressed direct interest in this type of crime.

If you require any more information from me, please let me know and I will promptly respond. Thank you.

Below my name is the WHOIS information of the party who stole the domain name. I hope this email and the WHOIS information below is not considered to be anecdotal or incomplete.

Kind Regards,
*********

******
CC: President@GoDaddy.com–Can and SSAC-Fellow@ICANN.Org — Can you let me know any information or complaints that you have about the registrant listed below in the WHOIS data? Thank you.

PS–Here is the WHOIS information listed by the individual who stole this domain (D*******H*****.com):

Registrant:
Marketing Total S.A. (D*******H*****-COM-DOM)
P.O. Box 556
<SNIP>

My Response:

> *******,
> Thanks for the blind carbon copy. Using our database I can see that
> this domain has been domain tasted three times prior to this during
> 2007 – possibly more. This domain is being domain tasted right now. It
> appears GoDaddy’s domain checker is not real time. When you got to the
> checkout process at GoDaddy that is when they did a real check against
> the registry and that is why the domain appeared to be registered at
> that time. At some point today. I do not have access to run an EPP Info
> command right now or I might be able to tell you at what time they
> registered the domain before you. I think it may have been hours
> before you. I would recommend GoDaddy offer real-time checks rather
> then rely on zonefiles for checks. It has been a common practice to
> speed check against a local copy of the zone rather then checking the
> registry.
>
> DomainDoorman is a company that on the average day registers over
> 1,000,000 domains per day. The particular domain had been tasted on
> the 21st of this month as well. I would recommend waiting this one out
> and registering it when they ignore it. You have a 99.9% chance they
> will delete it with in 5 days. Do not click on anything on the page or
> even visit it. This would tip the company off that the domain is
> valuable. Check the whois at
>
> http://whois.domaintools.com/**************.com and we will record those
> records and preserve the history.
>
> Jay

I checked the EPP-Info information directly from Verisign the next morning (something only registrars have access to) and the domain had been registered at 4:00 AM on the morning of the 26th. More the 12 hours before registration attempt was attempted. I can see why people think Domain Front Running exists, but I have yet to see a case that I have not been able to explain. Perhaps it exists with some small no-name whois site but I have yet to find that site. I want to thank this person for providing so much information, it made it easy to track things down. I hear a lot of cases but they are normally not as well documented as this.

There are several things I would recommend the industry do to avoid these types of perception issues.

1. Help get rid of Domain Tasting. It times up a lot of domains that users are not able to register.
2. Fetch the creation time directly from Verisign and show it to users on this whois records IF the domain was registered within 5 days ago.
3. Have Verisign show the time of day the domain was registered in the whois. Currently they only show the date publicly.
4. Allow people to run real-time checks against the registry.

Next week they will be discussing a lot of these issues at the ICANN meeting in LA. I would suggest anyone interested to show up. ICANN meetings are free to attend and there are a lot of discussions like these ones but with a lot less facts.

ICANN’s Security and Stability Advisory Committee (SSAC ) has issued an advisory on a process known as Domain Name Front Running. It is a practice of stealing someone’s domain name search queries and registering the domain name before the original person can register it. Let’s say you find a domain that is available for registration. If someone steals your idea and registers it before you, it is like holding you hostage and is called Domain Spying or Front Running. The SSAC was not able to find any hard evidence during their first inquiry so they are issuing the advisory for people to come forward with good hard evidence it is happening.

“Much of the information presented before SSAC regarding domain name front running is anecdotal and incomplete. The information SSAC has reviewed allows us to observe that some part of the community believes monitoring practices that result in preemptive registration of domain names have occurred and that such practices are not acceptable. SSAC is concerned that, whether real or perceived, preemptive registration portrays an unfavorable image of the domain name industry. This Advisory is therefore a preliminary study and is intended to put the issue before the community for discussion and to solicit well-documented incidents, if any can be obtained.”

There are several ways that spying could occur:

• Client software.
• 3rd Party WHOIS query portals.
• Unauthorized executables.
• DNS operators.
• Registrars (and resellers).
• Name Spinners.
• Registries
• Information leaks, social engineering.

Basically the SSAC is looking for hard evidence that this spying exists. If you can help with hard evidence, please contact them. I would encourage people to perform their whois query via our services as I can guarantee we are clean. We have also published ways that stealing can happen even if using our service. It is possible for spyware on your computer to steal your queries or even DNS queries at your own ISP.  It is possible that a Registrar or Reseller is stealing your query. It is also possible that a Registry is leaking the information to Domain Tasters. Never type a domain name into a browser and see if a website exists. This is a horrible way to test if the domain exists because you are leaking the DNS query to global root servers and your ISP’s DNS servers. Major ISPs sell click stream data and non-existent domain name results.

As another side note. Our Bulk Check utility is not real-time. We run the results against a zonefile that could be up to 12 to 24 hours delayed. If you need a real-time query, please run it manually on our services. Domain Tasters are testing millions of domains a day that have been previously registered and that takes a lot of good names off the floor everyday. The only good news is that Domain Tasters generally throw back 99.9% of the domains within 5 days.

There will be a public forum next week at the LA ICANN meeting and I would encourage people to show up and speak out against Domain Tasting. I think Domain Tasting is causing a lot of damage to people, but it is hard to measure. People assume that names are being spied on while I find that the most common thing is Tasters that re-filter old domains over and over again.

Domain Tasting has been going on for years however Ross Rader of Tucows recently raised the point that Domain Tasting may not even be allowed under section 3.74 of the Registrar Accreditation Agreement. ICANN has a poor history of enforcement on certain section and clauses. ICANN picks its battles careful, there are just too many provisions and rules to enforce. Mr. Rader has formally asked ICANN staff if they have ever enforced the provision that states, “3.7.4 Registrar shall not activate any Registered Name unless and until it is satisfied that it has received a reasonable assurance of payment of its registration fee.” An answer by ICANN Staff is expected sometime this month and it could lead to enforcement of the clause.

Mr. Rader points out:

The issue is not whether someone theoretically can pay for the registrations they’ve tasted, but that they will if the registration is activated. The second a registration gets transmitted to and accepted by the registry as a valid transaction, a fee is payable to the registrar. The clause in question clearly states that the registrar must be satisfied that the Registered Name Holder will pay for the registration and that such payment is final and non-revocable. In other words, a registrar is not permitted to issue a refund to a registrant for cancellations made during the Add Grace Period according to the terms of this contract. Generally, this reads that ICANN is not concerned as much with whether the registrant *could* pay the bill, but whether they *will*. Under all tasting implementations imaginable, the answer is clearly “no, they will not be paying that bill”.

The simple act of enforcement of 3.7.4 of the RAA may shut Domain Tasting down. A lot of arguments can be made against this but clearly a habitual user that preforms domain tasting can be isolated and told they are violating section 3.7.4 and that it is not allowed or the registrar could be discredited by ICANN. The issue is not about random domain owners and registrations that happen and then get deleted it is habitual users that clearly violate section 3.7.4 repeatably.

UPDATE:  ICANN has gotten back to Ross.  During any enforcement of this clause Registrars have responded to ICANN that they do collect payment during domain tasting. There is no minimum fee that is required to be paid so a valid defense is a registrar could charge $0.00001 for a domain per day. So if registrant registered 1,000,000 a domains the Registrar would be charge $10 a day. The registrant could then delete 999,900 of them before the AGP ended and the Registrar would charge the registrant $7 per domain for the 100 domains that were kept.

Payment is received and given so there is nothing in there that violates the clause in the contract. I guess this clause will do nothing and is actual rather pointless.

Today was the largest Domain Tasting day ever. We recorded over 8 Million Transactions today. This is a new high. We have never seen 8 Million transactions on one day before. That would be either an add or delete. Over 99 percent of these transactions are completely free and use the 5 day grace period to test domain names for traffic before they are purchase for a long term buy. Sometimes organizations will taste a domain name for multiple 5 day windows. They can tie up a domain for a long time and test it longer.

Domain Tasting seems to be getting worse, the number of transactions continues to grow. I can see a day when more domain names exist in the 5 day grace period then exist as real registrations.

I am not a fan of Domain Tasting, but the Coalition Against Domain Name Abuse (CADNA) has released a new report that aims to frighten and shock everyone. They cite that over 1 Million kited sites bring in $100-125 million in annual revenue for criminals and profiteers. Kiting is when an organization serially Domain Tastes for an extended period of time. They pick up, they let go, they pick up, they let go; all on the same domain name. CADNA’s claim is a bit overboard. I am not sure how they will convince people of their point if they make up facts and put them in press releases. The reason people Domain Taste is to find domains that generate more revenue then the registration cost. The wholesale cost is $6.20 so any name generating more then that would be a name they should keep. The claim would put the average revenue at $10.00 to $12.50 per kiting year. The revenue can’t be higher then $62 Million. So immediately they are off by a factor of two. I would estimate the revenue at between $5 Million to $20 Million a year. We also have previous coverage of CADNA.

They don’t cite where they numbers come from, they simply make them up. There is an old saying, 72% of all statistics are made up on the spot, 89% of statistics are word of month, and the remaining 32% of statistics are real. Add that up and think about it.

Fox News just reported that the whole Domain Industry is worth $2 Billion dollars a year. CADNA reports that over $1 Billion every year is diverted by cybersquatters that park on typos of Brand Owner’s domain names. Hmmm, so 50% of all domain registrations are cybersquatters?

Here is their full press release from today:

COALITION AGAINST DOMAIN NAME ABUSE TO COMBAT CYBERSQUATTING

WASHINGTON, July 24, 2007 – The Coalition Against Domain Name Abuse (CADNA) is announcing the launch of its national campaign against Internet fraud. A non-profit organization based in Washington D.C., CADNA is leading the way in confronting cybersquatting – the fraudulent abuse of domain name registration that threatens the future viability of Internet commerce.

Although the Anti-Cybersquatting Consumer Protection Act (ACPA) was introduced in 1999, cybersquatting remains an underestimated threat. The number of .com domain names alone has doubled since 2003, and the number of cybersquatting disputes being filed with the World Intellectual Property Organization (WIPO) is on the rise – up 25% in 2006 from 2005. According to a recent independent report, cybersquatting increased by 248% in the past year.

With growing ease and profitability, sophisticated cybersquatters are exploiting a flaw in the domain name registration process whereby domain names are registered and subsequently dropped, risk free, within an accepted 5-day grace period. By abusing this grace period, cybersquatters “taste” and “kite” domain names in order to test their profitability. According to a recent industry report, there are over 1 million kited sites re-registered daily, collectively bringing in $100-125 million in annual revenue for criminals and profiteers. On the whole, cybersquatting is costing brand owners worldwide well over $1 billion every year as a result of diverted sales, the loss of hard-earned trust and goodwill, and the increasing enforcement expense of protecting consumers from Internet-based fraud.

Cybersquatters’ increasing assault on intellectual property hurts everyone involved, including consumers and the Internet community at large. By registering domain names derived from famous brands, cybersquatters are able to successfully lure consumers into purchasing counterfeit products (including potentially harmful counterfeit prescription drugs), giving away their personal information (which could lead to further financial loss) and unwittingly exposing themselves to spyware deposits. According to the International AntiCounterfeiting Coalition (IACC), $600 billion was spent online for counterfeits in 2006. Phishing, a fraud enabled by cybersquatting, is also growing at an alarming rate. The Internet Crime Complaint Center, a partnership of the National White Collar Crime Center and the Federal Bureau of Investigation, found that consumers in the U.S. reported personal losses of $198.44 million to phishing in 2006.

To effectively combat cybersquatting, CADNA will work at the federal and international levels to make these fraudulent practices difficult to establish and unprofitable to maintain. Among the coalition’s goals are to pursue congressional legislation that would increase the statutory damages set forth by the existing Anti-Cybersquatting Consumer Protection Act, and to work with World Intellectual Property Organization (WIPO) to introduce an international anti-cybersquatting treaty. CADNA will place pressure on ICANN to take decisive action on abuses by domain name registrars and registrants and close the loophole that affords criminals the opportunity to “kite” and “taste” domain names.

“As a result of the automation of the registration process and the monetization of domain name portfolios, the policing burden placed on brand owners has become almost insurmountable,” said Susan Crane, Group Vice President of Intellectual Property of Wyndham Worldwide. “We have joined CADNA in this fight because we believe a coalition of companies from across multiple industries will be a more effective voice to address this issue than any one company or industry standing alone.”

“The countermeasures available to brand owners are too slow and ineffective to respond to this trend and often too late to prevent damage to the brands and consumers,” said Martin Sutton, Manager of Fraud Risk & Intelligence at HSBC Holdings plc. “CADNA brings together brand owners that are concerned with the lack of preventative measures in place to deter these cybersquatting activities and want to make effective changes in order to safeguard their IP and protect consumers.”

CADNA’s membership includes such leading brands as AIG, Dell, Eli Lilly, Hilton, HSBC, Marriott, Richemont, Verizon, Wyndham, and Yahoo!. “Our 10 charter members alone spend millions of dollars annually to combat cybersquatting,” said Josh Bourne, President of CADNA.

CADNA welcomes leading brand owners to join in the coalition’s efforts to protect against trademark dilution and extortion, and consumer harms that cybersquatting affords and enables. “This coalition is organizing to combat not only domain name tasting, but whatever the next iteration of cybersquatting turns out to be. CADNA’s goals align with all trademark owners who feel like domain name abuses are spiraling out of control,” said Allison McDade, Trademark Counsel of Dell Inc. With the help of current and new members, CADNA will raise public awareness and inform policy makers in Washington and across the United States about the new threats posed by cybersquatting and the need for decisive action. CADNA will propose practical solutions to legislators and regulators, and promote the global harmonization of regulations to make the Internet a less confusing and safer place for consumers and businesses alike.