DomainTools Blog

We just got back from the International Trademark Association (INTA) conference in San Francisco! It ran May 14-18 and we had a great time meeting a good number of the 8,500 attendees from 140 countries. Each day, had engaging conversations about the industry, DomainTools, and it was awesome to see customers come up and introduce themselves with “We use you guys all the time”. For us, it was also enriching to hear about specific anecdotes about how specific tools like Reverse Whois, Trademark Alert, Whois, etc. are being leveraged. Be sure to read our press release about our INTA attendance if you haven’t seen it yet.

Here is a picture of our booth and staff before the exhibition hall flood gates opened the first day.

In just a few weeks, we will be showcasing DomainTools once again – this time at SMX Advanced in Seattle, June 7-8. If any of you SEO and Analytics gurus are in town, be sure to stop by booth #23 to say hello! By the way, DomainTools is looking to add an SEO and Analytics Manager to our incredible team! If you are interested or know of anyone with this expertise, feel free to read the full job description here.

ICANN’s Security and Stability Advisory Committee (SSAC ) has issued an advisory on a process known as Domain Name Front Running. It is a practice of stealing someone’s domain name search queries and registering the domain name before the original person can register it. Let’s say you find a domain that is available for registration. If someone steals your idea and registers it before you, it is like holding you hostage and is called Domain Spying or Front Running. The SSAC was not able to find any hard evidence during their first inquiry so they are issuing the advisory for people to come forward with good hard evidence it is happening.

“Much of the information presented before SSAC regarding domain name front running is anecdotal and incomplete. The information SSAC has reviewed allows us to observe that some part of the community believes monitoring practices that result in preemptive registration of domain names have occurred and that such practices are not acceptable. SSAC is concerned that, whether real or perceived, preemptive registration portrays an unfavorable image of the domain name industry. This Advisory is therefore a preliminary study and is intended to put the issue before the community for discussion and to solicit well-documented incidents, if any can be obtained.”

There are several ways that spying could occur:

• Client software.
• 3rd Party WHOIS query portals.
• Unauthorized executables.
• DNS operators.
• Registrars (and resellers).
• Name Spinners.
• Registries
• Information leaks, social engineering.

Basically the SSAC is looking for hard evidence that this spying exists. If you can help with hard evidence, please contact them. I would encourage people to perform their whois query via our services as I can guarantee we are clean. We have also published ways that stealing can happen even if using our service. It is possible for spyware on your computer to steal your queries or even DNS queries at your own ISP.  It is possible that a Registrar or Reseller is stealing your query. It is also possible that a Registry is leaking the information to Domain Tasters. Never type a domain name into a browser and see if a website exists. This is a horrible way to test if the domain exists because you are leaking the DNS query to global root servers and your ISP’s DNS servers. Major ISPs sell click stream data and non-existent domain name results.

As another side note. Our Bulk Check utility is not real-time. We run the results against a zonefile that could be up to 12 to 24 hours delayed. If you need a real-time query, please run it manually on our services. Domain Tasters are testing millions of domains a day that have been previously registered and that takes a lot of good names off the floor everyday. The only good news is that Domain Tasters generally throw back 99.9% of the domains within 5 days.

There will be a public forum next week at the LA ICANN meeting and I would encourage people to show up and speak out against Domain Tasting. I think Domain Tasting is causing a lot of damage to people, but it is hard to measure. People assume that names are being spied on while I find that the most common thing is Tasters that re-filter old domains over and over again.

High profile domains are being stolen and offered on the blackmarket today. The thief is trying to sell them for $300,000 and turn a quick buck. Beware not to buy them. BO.com, PU.com, JY.com, Showroom.com, and Samantha.com. If you are contacted by the person claiming to be the owner you will want to decline the purchase. James Barnes was on the record with his old email of jbarnes@rgare.com, his address was 17717 Blackwood Ct, Chesterfield, MO, 63005-4298, US. On August 31st his email was jbarnes@rgare.com. On September first his email address changed to jymbarnes@gmail.com. The next day, September 2nd, the address changed from Chesterfield, MO to New York, NY and the Registrar also changed from DomainDiscover to Register.com. This sets off warning bells because the domain was offered for sale right after a registrar change, an email change and an address change.

The person’s name on the whois never changed but everything else did. Curious. We contacted the previous whois contact information and the owner confirmed domains are stolen. Register.com should lock these domains and transfer them back to DomainDiscover if they are reading my blog.

We reported earlier on the Raven.com: The case of a stolen domain. Stealing domain names is a high reward, low risk crime. I have yet to see someone get arrested. Generally the domain is returned to the owner (sometimes).

Here are all the stolen domains:

• BO.com
• PU.com
• JY.com
• Showroom.com
• Samantha.com

To avoid having your domains stolen, make sure your name and all your contact information is correct on you whois record. Unless you own your own registrar you are in danger. We plan to implement a notes system on whois records in the future. We talked about this in the comments of the Raven.com post. It will be a system for members to communicate about a particular domain. We are still working on the check and balance system so that we can minimize abuse of the notes system. Paid members will have more ability to balance random comments we receive.

UPDATE: Here are some more stolen domains:

• Newspaper.com
• FastFood.com
• Right.net

The most recognized brand in Internet gambling is Bodog.com. However the domain was stolen in a court of law not less then 1 mile from my office. I would have expected to hear about something like this in a third world country. How can a US Judge decide against a foreign company for violating a US patent when that company doesn’t even operate inside the US? The judge has no business deciding this case and when seeing all the evidence I am perplexed this happened in my backyard.

Mel Molnick of Las Vegas filed for a process patient on remote betting using the Internet back in 1995. Mr. Molnick sued Bodog in Seattle for violating his patent, Bodog ignored the lawsuit because they where not even based in the US and didn’t think anything would happen to them. If someone sued you in a foreign country how likely would you be to fly there and defend yourself if you don’t have any assets in that country? This was the wrong mistake, the Judge made a default judgment against Bodog and awarded Mr. Molnick $48,937,456.00 in damages. Mr. Molnick instructed the judge to write into the judgment that eNom (the registrar) must turn over the domain names to Mr. Molnick.

Mel Molnick wasn’t looking for cash, he was looking for domain names. I think the Judge over reached his jurisdiction. A judge in Washington State can order a Washington State based registrar to turn over domain names. However, one would argue that domains were not even in Washington. They live in the root servers for dotcom and those reside all over the world and are controlled in Virgina by Verisign. Any company can add and delete things from the dotcom name servers if they pay the access fee to ICANN and sign an agreement with Verisign. If I was Mr. Molnick I would sue in Virgina. But which state to sue in is not really the issue. The issue is that a US judge is making judgments on foreign companies for violating US patents. Even if those patents are bogus and a first year par-legal could have defended Bodog. The issue is the Judge. Judges don’t go to tech school, they simple take the word of the plaintiff if the defendant never shows up. That is a very expensive lesson for Bodog. To overturn the judgment Bodog will need file a lot of motions and get a re-trial. They will win if they get the re-trial but with Football season beginning right now Bodog is missing a lot of regular customers.

Bogus US patents holders can troll for domain names that are worth millions of dollars. If a foreign company doesn’t take a US lawsuit seriously they are kidding themselves, you must defend even the most insane cases because the judge will just accept the word of the other side if you don’t show up in court.

I suspect more domains will be stolen with the help of the US court system in the future. That is totally sick.

Bodog appears to have not learned their lesson. Their first registrar eNom was in Washington state. The judge ordered the domains to be turned over. Well, Bodog when out and purchased newbodog.com to temporally replace their main domain names. They just added the word “new” to any domain name they lost in the law suit. “We are fighting this dispute and are confident that we will win,” says Ayre. “I sincerely apologize to any customers affected by our interruption.”

I have bad news for Ayre. All those “new” domains are registered with a second registrar called Dotster. Guess what, they are based in Washington State too. That Judge can go back and order those new domains be turned over as well. A total of 3000 domains were lost in the first case and the judge also awarded Mr. Molnick the Bodog trademark and ability to use the old logo.

Domain Theft is a crime that is hard for a police officer to understand and equally as hard to doing anything about. This high tech crime can span international boundaries and go undetected until months after it has happened. By the time the victim realizes it the real thief is no where to be found. The new owner of the domain name may have thought they were getting a really good deal but will soon understand why the price was so low. The thief steals the domain and prices the domain low enough so that any domainer that understands the value of that domain would appear stupid if they didn’t buy the domain at that price.

This is the case of Raven.com. A man named Don Teske in Minneapolis started a company called Raven Computer Systems and in 1992 he registered the generic domain name, Raven.com. Several years went by and everything was fine for Raven Computer Systems. Don eventually died in October 3, 2005. That would seem like a pretty normal story if the story was to end at this point. However the story doesn’t end there. The widow of Mr. Teske had her email address at the domain and used it daily. One day her email stopped working and an IT person who was problem solving it for her let her know that she no longer controlled the domain. The domain was originally set to expire in 2008. So the obvious answer would have been that the domain had expired and she failed to pay the bill. This was not the case. She was clearly within her ownership window and didn’t need to renew the domain for another year.

This June the whois changed at Network Solutions. The dead man’s email address changed from dwt@Raven.com to “Kushaiah Gostowski<don_teske@yahoo.com>”. A new guy was on the record and his email address said, Don Teske at Yahoo.com. Someone had tricked Network Solutions to change the whois record. Kushaiah was now the person controlling the domain, Kushaiah quickly used his new ownership status to transfer the domain away from Network Solutions before Network Solutions could figure out they had been tricked. Domain theft 101, once you gain control of the domain, move it away from the current registrar.

The domain was moved to DirectNic 7 days later,  with the fake address now listed on the whois record as 123 Main St. Fresno, CA 94205. The address changed again to the new fake address of One Wilshire Blvd, Los angeles, CA 90010 and was listed for sale on Sedo. Mark Colton with the email address of ravenheadinc@gmail.com then profited $3,500 from the sale on July 3rd 2007.  The winner of the Sedo auction is unknown because they transfered the domain to GoDaddy on July 12th and hid behind a proxy service of GoDaddy. Did the thief launder the domain and make it look like it was sold to someone? Or did someone truly buy the domain for $3,500. The reason this theft was spotted was because the domain Raven.com should be worth $75,000 to $200,000. The quick sale at Sedo makes it look like the theft got quick cash for the domain or it was a fake transaction. But why did the domain go up for sale on eBay after the move to GoDaddy. Yes, it was once again listed for sale however this time no one bid.

Resolution. There currently isn’t one. The domain remains at GoDaddy in a hidden ownership state. Directnic and GoDaddy both have the email addresses and payment information of the people involved with the transaction. Something must be done and more information is needed on this case. I would like to see Mrs. Teske with her domain back as quickly as possible. I am shocked that it has taken this long and I still see no progress.

I am considering setting up a public note system on whois records at DomainTools. It would allow anyone to post a note about a domain. Checking the Title on a domain is very important before a sale, the history records we keep are some of the only public documents that allow people to track down crime. Buying a stolen domains is easy if there are no historical whois records. I wish we could do more to help and I am brainstorming ways right now.