DNS Stressed From Financial Maneuverings

jcatcw writes "The Domain Name System is showing signs of being out of control. Automated software systems are being used to re-register large batches of expired domain names. In addition, speculators are using a loophole in the registration process that lets domains be tested for their potential profitability as pay-per-click advertising sites during a free five-day "tasting" period."

Timely!

[Southpaw018]

This actually just happened to my organization two weeks ago. A .com version of one of the .org names we hold was expiring, and we did the backorder thing with Godaddy to try to acquire it since there's really no other way to even have a remote chance at an expiring name.

We got a notice that the name was re registered within a few seconds of its release, and Godaddy had not acquired it on our behalf. The backorder thing also came with monitoring service that notifies us of any changes to the domain's whois.

Three days later, I received a notification that the domain's whois had changed again. I figured the new owners were setting it up for their use, but instead it was changed to my info. We suddenly had the name in our account.

Cybersquatting Search Tool

[Graham+MacRobie]

Here is a slick, free typosquatting search tool that lets you find and explore the kind of problematic domains mentioned in the article. Try playing with the various search options - it's addictive. For instance, there are 141 registered domains that contain the word "slashdot", and 199 more that are a one-character misspelling of "slashdot". That's within just 4 TLDs.

The firm also offers a novel service that allows companies to recover lost traffic without necessarily filing lots of lawsuits.

Full disclosure - I am CitizenHawk's president. That being said, I can say we are intimately involved in tracking DNS updates daily - and I agree. Tasting is a serious problem that threatens to push the DNS system beyond its limits.

Re: Why is this news?

[rs79]

It was news 2 years ago when it first started happening.

ICANN which (on paper) "measures community consensus and implements it as policy" is the entity that had to approve the policies that lets this happen.

No domain expires any more, the registrars snap them up on principle, try them out and if they get one click in the "don't have to pay yet" grace period then they keep the domain. Very very few, if any domains actually expire back into the free pool.

What strikes me as hysterical is the people that went on to become ICANN accused the alternative root people 10 years ago of wanting to do exactly this. To be honest we hadn't even thought of it. We just wants to see no centralized single-point-of-failure control over the dns.

I note with irony itoldyouso.com is taken by squatter.

DNS != Registrar System

[notlisted]

This article seems not to understand that the DNS system and the Registar system are completely separate entities.. The mass registrations are done through the various registrars for .com, .net, .info, etc., with current estimates that there are are about 5 million domains being "tasted" at any given time. This number is fairly constant so it's not producing spikes or a significant increase in DNS usage at any one time.

I had not heard of the "testing" period.

[khasim]

And I completely disagree with it.

If you want to test the domain, then LEASE the domain name. None of this automated click-count crap for free while other people who would USE the domain name wait to see if it will ever be available.

Re:I had not heard of the "testing" period.

[eln]

I agree. I don't understand why this is even offered. The only reason you would want to know how many hits your potential site would get based on its domain name alone is because you were counting on accidental traffic for all or the majority of your income. This pretty much means you're a squatter looking to capitalize on ad impressions. If you're a legitimate business looking to start a web presence, you're going to just buy a domain that pertains to your business, and ADVERTISE it. Then, people who are interested will visit the domain you have advertised.

I could see offering a trial period if a domain name cost $10,000 or something (and maybe they should), but these days you can buy domain names for pretty much nothing anyway, so a trial period is utterly pointless.

Re:I had not heard of the "testing" period.

[nine-times]

Well, according to the OP, it's not a "testing" period, it's a "tasting" period. But I don't know how you taste a domain, and I sure as hell don't want to know what domains like goatse.cx taste like.

Re:I had not heard of the "testing" period.

[dgatwood]

What's an acceptable lease rate though? At $20 a year what should they charge for 5 days?

$20.

Actually, if you want to rid yourself of domain squatters forever, what is needed is a tiered DNS pricing scheme in which short periods cost MORE than long periods. People who have held a domain name for years should be able to renew it for progressively less, while people registering a domain name should have to pay for more because it requires additional work to set things up on the part of the registrar (even if that work is basically automated). Make the first year $100, the next year $50, the next year $20, the next year $10, and subsequent years $5. The domain squatters would balk because their next renewal of any domain name would cost them $100+, and most of those link sites wouldn't justify that level of payment.

Of course, this technique would only work for about 90% of domains. Any domain that was worth squatting on for $100 at the time the pricing went into effect would likely remain squatted upon forever. Even still, that would significantly reduce the current pool and would eliminate future squatting (because there are almost zero domains that are likely to be worth $100 to a speculator without some assurance of ROI.

Bad headline : DNS != Domain Name System

[Gothmolly]

In popular parlance, DNS is the Domain Name SERVICE, which is fine. The Domain Name SYSTEM is breaking down due to communication problems between or within registrars. Nothing to do with the root servers.

.org Maintainer Moves to Squash Name Tasting

[miller60]

The method for squashing "name tasting" (the expoitation of the five-day grace period) is well known: impose a small fee for each returned domain. The Public Interest Registry (maintainer of .org) recently became the first registry to impose such a fee of 5 cents per name. VeriSign has not followed suit. Some argue that this is because enough "tasted" domains are registered that the sales benefit from the practice outweighs the stress on the infrastructure. ICANN is requesting a position paper from a coalition of registrars on the topic.

Two obvious fixes

[davidwr]

Fix #1: Eliminate the free tasting period.
If you register fo0.com on May 1 and on May 2 you realize you goof and you meant to register foo.com, fine. But your registration still expires next May 1. In addition, you only get 1 or 2 "free goofs" after which you pay a paperwork fee, maybe a few pennies or less, to cover the actual costs of changing things around.
The people who run DNS should neither gain nor lose if I register 1 name for 1 year vs. I register 100 names for short consecutive periods that add up to 1 year. Currently they lose big time.

Fix #2: Meaningful domain-lapse rules
In general, if a domain is revoked or lapses, nobody except you should be able to claim it without your permission for a certain period of time. I'd suggest a minimum of 30 days.
I theory this is the way it was supposed to work but in practice ....
Obviously there will be special cases, such as names transferred by court order.

Re:Two obvious fixes

[mosch]

If you register fo0.com on May 1 and on May 2 you realize you goof and you meant to register foo.com, fine. But your registration still expires next May 1.

Screw that. If you register fo0.com and you meant to register foo.com, screw you, you're out whatever you spent ($10-35). That's a slightly annoying lesson if you're a regular person. But it would destroy the typosquatting market.

Testing period

(posting anon because I used mod points)

Who does the testing period benefit besides spammers and squatters? Does someone who legitimately want to use a domain name "test" it for five days... and then what? Of course someone who wants to the domain is going to keep it. But if you don't want it, why did you register it, unless of course you were testing it for how many people accidentally typed your domain name, and then we come back to the spammers and squatters. I'd be interested in knowing a legitimate purpose for this five day testing period.

Re:Well maybe its *GASP* Time for Reform

[gregmac]

This is a good idea in theory .. but how do you determine that someone is using them for a "legitimate reason" ?

Is advertising a legitimate reason? Sure, any rational person can see that the typosquatter sites are really just advertising sites, and no content. However, some of them have "search engines" (that just return advertising results..) and how can you argue that those are not legitimate, while google (also a search engine, also returns some paid results/advertising) is? If you mandate that sites have to have useful content, then they'll probably just start inserting blobs of random content, or news feeds, or something else that technically complies with the requirements. Why shut them down, but not, eg, MSN or Yahoo, which are both a bunch of ads crammed around some content?

Unfortunately I don't know how you solve the problem that way. In the end, the squatters will continue, making changes to their sites whenever you change the content requirements, and in the worst case, legitimate sites will be forced to make changes in order to comply (even though a legitimate site should never have to change, since they are legitimate).

Worse, many "registrars" are phony

[Animats]

It's worse than that. And it's all ICANN's fault.

ICANN has become a trade association for domain registrars. Which isn't surprising; they're the ones that pay it money.

A big problem is that registrars are allowed to speculate in domain names. ICANN has the power to prohibit this (see section 4.2 of the Registrar Agreement) but has not done so. To speculate in domain names, it helps to be a registrar, which isn't that expensive. ICANN's pricing starts at $4000/year. As a result, there are now about 800 "registrars", most of which are fronts for domain speculators. Most of them don't register domains for others at all.

As a result, ICANN's constituency is now composed primarily of typosquatting slimeballs. That's why we're in this mess.

Re: Why is this news?

[cortana]

Why the hell aren't the .com/.net/.org registries run sensibly, i.e. in the same way that .uk is run by Nominet? It is practically impossible to lose control of a .uk domain once you have it.

After such a domain is detagged, Nominet try to contact thet registrant to confirm that they no longer want to use the domain. Only if the registrant confirms this, or fails to settle an invoice if one exists within 30 days, does the domain become 'suspended'. After 60 further days, the domain is cancelled and can be registered by someone else.

Nominet even make it a policy to dissuade domain spammers from registering expired domains:

Why does Nominet not publish exact dates for when domain names are cancelled?

Giving an exact date would compromise Nominet's policy of allocating domain names on a first-come, first-served basis. It could lead to an increase in speculative applications for domain names, which may result in an abuse of Nominet's registration automated systems.

My Idea

[ryanisflyboy]

I think one way to fix this is to devalue the main gTLDs. Right now there are very few gTLDs that anyone can register for any purpose. I think we need A LOT more gTLDs and train the public further that everything isn't '.com'. This will devalue the existing .com domains that people are squatting. Example gTLDs that I think should have open registration: .global .earth .tech .www .files

So on and so forth. And if you act now, for only $100,000 you can register a custom non-reserved gTLD for your own purpose (subject to approval, id check, no squatters, etc.): .godaddy, .verisign, .linux, .microsoft, .???.

This will make that $40,000 .com collection a lot less valuable. This isn't real-estate. It is virtual. When you run out of land on the Internet you just make more land! Well, that will be easier with IPv6, but you get the point. I think the reason why these tactics are occurring is due to the perceived limitation of the .com space. So what, who cares, just make more gTLDs.

Re:My Idea

[rs79]

"I think we need A LOT more gTLDs"

Holy 1995 batman.


Date: Fri, 15 Sep 1995 12:40:30 -0700
From: Jon Postel
Message-Id:
To: rick@uunet.uu.net
Subject: Re: ISOC Statement on Domain Name Fees

Rick:

I think this introduction of charging by the Intenic for domain
registrations is sufficient cause to take steps to set up a small
number of alternate top level domains managed by other registration
centers.

I'd like to see some competition between registration services to
encourage good service at low prices.

I do think we need to proceed with some care, to understand what are
the requirements and responsibilities of these service centers, what
informatrion they have to provide to the community, what oversight they
are subject to and by whom, etc.

I'd be happy if you could help me come up with a plan for this.

--jon

Re:WTF???

[IgnoramusMaximus]

..and your point is?

My point is that the system is failing miserably, although most head-up-the-ass promoters of "unrestricted capitalism" probably haven't figured it out yet so the social unrest which is on its way will be a real surprise to them.

Probably because they think of watching 24/7 "news" of Paris Hilton while cherishing their ability to buy truckloads of useless plastic crap from China for their "interest-only" financed 6000 sqft paper and sticks house, while having no savings and a negative net worth in general as "success".

Communism is dead, it died because the will of the people is not enough to out way the desire for extraordinary success.

Communism is alive and well in many places where it was always alive and well: Quaker and Mennonite communes. Oh you meant the State Capitalism / Totalitarian Governance combo which the Soviet Union practiced? That one croaked indeed. But not because because it could not out way desire for "extraordinary success". One set of supreme jerks simply lost to another set of supreme jerks. Oligarchs replaced Politburo appointees and then got replaced by ex-KGB "businessmen" who conduct business via 9mm pistol rounds.

I have news for you: the governing principle of our supposed Capitalist society, the very reason it appears acceptable for the general populace, is that one's wealth is supposed to be proportional to one's merit to society. You break that rule badly enough, long enough and you will end up with Feudalism, Corporatism or some other Fascist abomination.

...you however, seem to be shooting for extreme moderation in self made success. A theory that should never be accepted on the net.

No I am "shooting" for proportionality of reward to merit. That is all.

No man or woman is 1000 times (or more) "smarter" then even the dumbest of janitors. No fashion model is more meritous then a productive cancer researcher or an accomplished researcher in quantuum physics. No CEO is worth 400 times the average worker in salary and 1000 times in bonuses when the very company he is heading is going bankrupt. No trust fund kid is "better" then that of a minimum-wage diner waitress just because he inhereited $2 billion from papa. And so on.

Re:stale links are the big win

[IpalindromeI]

Suppose I run davidwristhegreatest.com.

First of all, who is going to visit "David Wrist He Greatest.com"? It's gibberish!

That's a few thousand people a year. Pretty soon that adds up to real money.

Second, how much do ad-views pay? One or two cents? Four people per day for a year would only be $14.60. Not sure that's a huge incentive.

But mostly it's the first issue. David Wrist He Greatest?? wtf?!