ICANN Investigates Insider Domain Name Snatching

Tech.Luver sends us word that, hot on the heels of reports that Verisign may be planning to sell DNS root server lookup data, ICANN has opened an investigation into a suspected practice by registrars it calls "domain name front running." The suspicion is that insiders at some registrars are using information from whois searches to snatch up desirable domain names before interested customers can register them. Here is ICANN's announcement of the investigation (PDF). ICANN asks that anyone who suspects they have been victimized by domain name front running to email them with details.

I believe it happened to me....

[lena_10326]

A year ago I searched on a domain I had spent 2 weeks thinking up. It was available but I waited 3 days. When I went to purchase, it was registered 1 or 2 days before. At the time I chalked it up to bad luck.

I only wish I could remember the domain name. I might have it in my notes but I have pages and pages of notes.

Couldn't one start "poisioning" the hit database?

[laing]

Why not just start a bot that makes random DNS queries? This would eventually make it unprofitable for the squatters to squat.

--
This space for rent

Re:Email them?

[sm62704]

OK, I know yours was a joke post, but something pissed me off for YEARS that I don't think should be allowed. I wanted to register mcgrew.org or alternately mcgrew.com back when com, org, and net (and ones you can't get like gov and edu) were the only roots.

What infuriated me was that some sleazeballs had registered .com and .org for every name in the phone book, and was selling "your name can be your email!" mcgrew.com, smith.com, jones.com, even johnson.com (which one would expect to be a porn site) led to the same company.

Eventually they opened up .info and I managed to snag mcgrew.info and moved all the stuff I'd been polluting the net since 1997 [mcgrew.info] with (yes, that particular page is older than slashdot). And newer stuff.

Of course, if I had actually managed to get mcgrew.com, the comedian with the same name as me out in Colorado probably would have sued me for it, despite the fact that I'm 10 years older than him.

-mcgrew

(then I discovered K5, back in its heyday, [kuro5hin.org] and actually had people READING my pollution, and strangely LIKING it. Still scratching my head over that one...)

Some probabilistic inference

[jpfed]

To greatly reduce any doubt that this is happening, people should determine the availability of extremely unlikely domain names, like a random string of 24 characters.

tksmowlapoxnvbwlqanmiutklweh.com
laskjdfghlfkajgneruykvjniour.com
qwieurylkajbaiurylkjasndfgpu.com

If several of those are snatched up after a whois lookup, it's clearly not because anyone else actually bought the domain name because they wanted to use it.

I'd rather see a crackdown on typos...

[damn_registrars]

As much as front-running is annoying (at the very least), I think registering typo'd domains is actually worse. Considering how many domains are registered simply for the purpose of catching people who misspell the domain they want to visit, it may be a larger problem.

And from my experiences, it seems like the typo squatters usually bombard you with pop-ups and other annoying crapola on their sites when you accidentally wander into them. The front-runners at least seem kind enough to just tell you "this domain could be yours for only $1M". Bastardly, sure, but less of an annoyance than 4 pop-ups that trigger more pop-ups on being closed.

Re:Not the Point

[sm62704]

This is only slightly on-topic but I have karma to burn so wtf, someone might think it interesting or amusing.

I used to be a Quake addict, ad my ISP offered "unlimited internet access" and he wasn't kidding. They gave free web hosting with internet service, so I proceeded to start the "Springfield Fragfest" [sj-r.com] (note that the link is NOT to the Springfield Fragfest, it is to an article in Springfield's local paper that succinctly illustrates the fact that the real Springfield, which has an alderman named Gail Simpson, is sicker and funnier than the cartoon Springfield. The article is about "Klutzo the Clown", a former police officer, being arrested for being a pedophile).

Anyway, a series of freak accidents got my site popular, and I finally registered thefragfest.com and continued the site there. A few readers jokingly pestered me to host porn on it (one fellow whose online name was "Dopey Smurf" is now a medical doctor in Canada, he's probably reading this now). After a few years I got tired of the sirte, let it grow cobwebs, and finally let the domain lapse.

Well, Dopey got his wish. thefragfest.com was, last time I looked, a porn site.

-mcgrew

I say SPAM the domain Spammers

[PS3Penguin]

I say we setup a dictionary based query that (slowly as to not DNS) .. generates a mountian of plausible but not needed DNS queries. The domain squatters would then spend $$$ grabbing what amounts to useless domains .. Use the old scale of economy attack on them. It they have to sit on 10,000 useless names to hit one "real" one .. it becomes a LOT less profitable .. and they will move on.

Re:Dear ICANN:

[sm62704]

It began innocently enough with "trolling" borrowed from fishing terminology.
Actually, its trawling,/i>, but nice try

Wikipedia says you're wrong [wikipedia.org]

Trolling is a method of fishing in which some form of bait, such as a fishing lure or a living fish, is drawn on a line through the water. Trolling from a moving boat is a technique of Big-game fishing and is used when fishing from boats to catch large open-water species such as tuna and marlin. Trolling is also a freshwater angling technique

On the other hand, [wikipedia.org]

Trawling is a method of fishing that involves actively pulling a fishing net through the water behind one or more boats, called trawlers.

-mcgrew [kuro5hin.org]

Re:I've never used whois for this exact reason

[Anonymous Coward]

I've *never* used whois for probing novel domain-names for this exact reason. I just use the URL and see if it hits. If it and it's adjacent ones on other tlds of interest don't hit and I want it, I order it.

I always just use nslookup. That way it is just between me and my DNS server. Someone would have to be constantly sniffing my DNS server and its upstream authorities and rapidly analyzing the huge amounts of data in order to grab a domain before I can register it. (entirely possible, however less likely than a whois or registrar search)

Re:I've never used whois for this exact reason

[Marvin01]

You don't trust 'whois', but you trust your ISP not to sell DNS records? You are far more trustworthy than I. Not to mention the significant chance that the domain might be registered, but not exposing a web host.

I think this happened to me, but with a twist..

[Unmanifest]

I was going to buy Squandered.org, .com, .net to release some original music and essays. Squandered.org was to be the band name, with the .org in the name to emphasize the "new media" thing.

So I checked via godaddy.com, and it was available, but I didn't purchase it because my checking account was overdrawn. A while later(2 weeks to a month), I went to buy it, and it was taken. Whois said it was taken shortly after my availability check, by a company in Maine. It was cash-parked at Network Solutions.

Anyway, a few months later(the dates are vague, I didn't mark my calender) I checked it to see what the people from Maine were doing with the title of my life's work. It was still just cash-parked at Network Solutions. So I checked WHOIS again, to refresh my memory about the name of the company, and it was now owned by an individual in Maryland instead of a company in Maine, but here's the scariest part: the registration date had *magically* moved backwards to 2005!

I had personal reasons to remember very specifically that the location of the owner was in Maine. I didn't remember the company name, but I definitely remembered that the date of registration was just after I had checked it.

And it's still just cash-parked. When it first happened, because of "Maine" and some personal events, I suspected a certain person I knew from certain forums had taken it for basically spiteful reasons. But when the date was altered, I was mystified and paranoid. "Why would the CIA and time-traveling lizard-people from Sirius conspire to keep me from doing my little project under that name?" Now, I'm relieved to find a more plausible explanation. A scammer or scammers with access to official registration data. Makes sense, I also own several other domains, so I might pop up as a high-probability purchaser. But I never contacted the owner, and in the intervening time I've reworked things to release soon under another name that I've owned for years.

I did, however, pop off an email to ICANN detailing the events.

Let me reiterate what's been said by others on this thread: don't check a domain unless you're ready to purchase it immediately.