ICANN Investigates Insider Domain Name Snatching

Tech.Luver sends us word that, hot on the heels of reports that Verisign may be planning to sell DNS root server lookup data, ICANN has opened an investigation into a suspected practice by registrars it calls "domain name front running." The suspicion is that insiders at some registrars are using information from whois searches to snatch up desirable domain names before interested customers can register them. Here is ICANN's announcement of the investigation (PDF). ICANN asks that anyone who suspects they have been victimized by domain name front running to email them with details.

Some proof

[suso]

I have proof of this happening and I'm sure others do too. We have two different customers that looked up domains to see if they were available, asked us to register them and before we could register them, they were already registered by places in China and the Carribian. Both domains where somewhat obscure and I didn't see any reason why they should have normally been bought. In both cases, the domain was released after the 5 day period that ICANN allows (which I think was a mistake on ICANN's part to have that policy). But in some cases it might not be released if it turns out to be popular. As I said about the Verisign thing, this is an invasion of privacy.

One of our customers (who allowed me to mention in this post that his domain in question was psysci.net) that had this happen said that he only used the command line whois and networksolutions.com to lookup the domain, so it might not just be small registrars involved in this scam. But that's a pretty serious accusation to bring against Network Solutions so take that with a grain of salt. THe company that tasted psysci.net had a name of Wan-Fu China, Ltd. The company that tasted the other domain had a name of (MAISON TROPICALE S.A.), which you can find a little more information about here

How to buy a domain in this day and age

[hansamurai]

Say you want domain xyz.com and you have no idea whether anyone else owns xyz.com or if it's in use.

1. DO NOT go to xyz.com. If it is being squatted then the squatters now have a hit on it, they have one more reason to keep it if they're just testing out the ICANN 5 day snatch and release policy.

2. Go to a registrar site and do a search on xyz.com

3. If no one owns it, buy it NOW. The first hour after your search could very well be the only time it is ever available ever again. There is a very high probability of this. If you do not buy it right away, by the time you come back it will be gone. A squatter will have bought the site to abuse the ICANN 5 day policy. If it gets enough hits, they will keep it, if not, they will release it and by the act of releasing some other squatter will probably pick it up. This will keep on repeating itself until you pay enough money for some just as evil company to grab it and sell it to you.

There's your guide to buying a domain name in three obnoxious steps.

I've never used whois for this exact reason

[Qbertino]

I've *never* used whois for probing novel domain-names for this exact reason. I just use the URL and see if it hits. If it and it's adjacent ones on other tlds of interest don't hit and I want it, I order it.

Being a little paranoid allways helps.

Use DNS to look up domains.

[pikine]

Have you tried:

host -t NS domain.com

instead? If it says NXDOMAIN (no such domain), the domain does not exist.

Re:Use DNS to look up domains.

[suso]

Have you tried:

        host -t NS domain.com

instead? If it says NXDOMAIN (no such domain), the domain does not exist.

Well of course I can do that but now even that is in danger of being snooped. But I can't expect a customer to do that every time, but they deserve better treatment than to have their domain snatched before they can even buy it. I think once this whole Verisign thing gets resolved, I'll setup a domain checker on our website so that they have someplace more trustworthy to check.

I'm kind of sensitive to this stuff right now.

[Dr.+Manhattan]

I failed to renew my free dyndns.com domain on time and on Saturday someone using the U.K. host "Real International Business Corp." (which Google shows to be a host for all kinds of scam websites) stole the domain. It wasn't just someone grabbing an unused domain - they put up a copy of my front page (though the links led nowhere).

They were even loading images, like I do, from my ISP's webspace. For a while I had changed the image to a big "WARNING!", but they noticed that yesterday and removed all links and images from their copy. A DMCA takedown won't work since they're in the U.K. and from what I've read of the hosting service, ethics aren't exactly their strong suit. So I've got to just learn from experience here. Oy.

ICANN needs to put registrars out of speculation

[Animats]

One of the provisions of the ICANN Registrar Agreement is this:

• 3.7.9 Registrar shall abide by any ICANN adopted specifications or policies prohibiting or restricting warehousing of or speculation in domain names by registrars.

So ICANN has the authority to insist that registrars get out of the domain speculation business. They don't have to ask the registrars; they can simply order it.

Currently, most of the "registrars" are fronts for domain speculators. Take a look at the list. There are whole families of phony registrars (Enom1, Inc., Enom2, Inc., Enom3, Inc., ... Enom371, Inc., ... Enom469, Inc.) There are ones who admit they're domain speculators (NameJumper.com, Inc., "!!BBB Bulk Inc"). There are ones that are fronts for "Club Drop".

Most of these "registrars" are so phony they don't even have a business address.

This registrar information is useful for filtering junk sites. If a site is registered with one of the bogus registrars, it's probably desirable to block its e-mail (which is probably spam), and throw it out of search engines.