ICANN Investigates Insider Domain Name Snatching

Tech.Luver sends us word that, hot on the heels of reports that Verisign may be planning to sell DNS root server lookup data, ICANN has opened an investigation into a suspected practice by registrars it calls "domain name front running." The suspicion is that insiders at some registrars are using information from whois searches to snatch up desirable domain names before interested customers can register them. Here is ICANN's announcement of the investigation (PDF). ICANN asks that anyone who suspects they have been victimized by domain name front running to email them with details.

Not the Point

[mfh]

When a domain is snatched, usually it doesn't matter if the original owner gets it back or not. That's not the point, in most cases. Thieves will use the domain to drive traffic to their astroturfing/spam network and drive their PR up in the process. That stays in memory indefinitely and has a beneficial impact on any site like that.

If the owner gets their network back, they still have the stigma of the bad activity associated with the domain.

Preventing domain theft is going to only get increasingly more difficult as technology becomes more complicated.

Re:Couldn't one start "poisioning" the hit databas

[lena_10326]

I don't think it'd work. It'd be very easy to load them into a table, filter them against dictionary words, and sort them by # of hits.

Human eyeballs could pull the top 1000, do a quick spot check on the list, remove garbage names, and register the rest. Once setup, it'd take about 10-15 minutes of human intervention a day.

a good idea

[FudRucker]

why not make a domain named www.ICANNOT.org and just make it a listing/cache of domain names already taken so users looking for a domain can see if a name is already taken...

Oops, too late, already taken...

I can sympathize

A good friend of mine had a very successful website with 300,000+ users that made him over $100,000/year. The domain had been registered using some free email account that he stopped using. Eventually the email address was reclaimed and made available again and some guy registered it and hijacked his domain. It took him over a year and a half plus thousands of dollars in legal fees to finally get his domain back. By that time the domain was worthless because all of his customers had gotten fed up with the service outage and left. About the only thing going for it now is a Google pagerank of 7. He's also looking for a job.

The moral of the story is to keep tabs on your email addresses.

Re:I've never used whois for this exact reason

[idontgno]

Of course it does. Any IP communications which uses a name rather than an IP number is using some type of name resolution. Since the real question posed by this situation is "has this domain name been registered", you can't answer it without consulting with the domain name resolution system. And that is either a WHOIS query at a registrar or a name resolution check through a DNS, either incidental (ping my.foobar.foobaz.org) or intentional (dig my.foobar.foobaz.org).

And I have doubts about using DNS to verify it anyways. Domains aren't hosts; the domain "foobar.foobaz.org" might have many host names within it (such as "my", mentioned above), but you can't guarantee that you can guess them. Yah, www.foobar.foobaz.org seems like a likely place, but if I'm front-squatting the foobar.foobaz.org domain, I may not host a site at that address. (Of course, I'd be an idiot not to, since hits on that site make measuring interest in the domain easy, and I can aways linkfarm or upload drive-by malware for a bounty.)