Slashdot Mirror
Domains May Disappear After Search
Ponca City, We Love You writes "Daily Domainer has a story alleging that there may be a leak that allows domain tasters to intercept, analyze and register your domain ideas in minutes. 'Every time you do a whois search with any service, you run a risk of losing your domain,' says one industry insider. ICANN's Security and Stability Advisory Committee (SSAC ) has not been able to find hard evidence of Domain Name Front Running but they have issued an advisory (pdf) for people to come forward with hard evidence it is happening. Here is how domain name research theft crimes can occur and some tips to avoiding being a victim."
Always use a command line tool. The webservices are notorious for such sniffing, I've never seen or heard about it happening from the unix command line. :)
Better still, simply use your registrar to do a registration, if that works then it was free
http://rndpic.com/
MP3 Search Engine
It has long been rumored that domain name registries snap up names when they see signs of interest. Unfortunately ICANN's committees don't have the tools to really open up the clamshell and see what is really going on deep inside registries and registrars.
However, there is another matter - that of data mining of the query packets that arrive at root and top level domain servers.
ICANN's contracts do not prohibit data mining of the query stream, in fact they openly permit it. Thus Verisign has the right to look at incoming queries and generate a body of information about what domain names are being uttered by users. It's not a big step from that to come up with a list of names that would be nice things to have if one wants to spatter up a bunch of Google Adsense ads and collect click revenue.
(Also, because the entire domain name, not just the top level parts, hits root and top level domain servers, through a bit of statistical reduction, one can produce a data stream that is of interest not only to paying marketeers but, perhaps, to certain national intelligence agencies.)
Though, not on the "in minutes" time scale.
My buddy and I even made up names with random letters in a string of 15 or 20, then some porn words stuck on the end ".com".
Sure enough, two days later some squatter had them.
I think the leak is in the registrars themselves. Imagine the money someone could get from the squatters by simply setting up a script to automatically email these queries somewhere.
"Never a more wretched den of scum and villany" describes the whole domain registration process pretty well I think.
Over the years, the Internet and its resulting commercialization have lead to some truly awful buzzwords and mangling of the language (may the person who first coined "blog" rot in hell)...
But ye gods! "domain tasting"?!
I can see it now... "The slashdot.org '97 was a superb one; It had a playful nose, a full, rich body and a piquant aftertaste. The digg.com '07, however, can only be described in scatalogical terms."
Insisting on "correct" English is like saying that there is only one, definitive recipe for chili.
How does this apply to me? I make it a point whenever entering my credit card number and personal information into an order form, to do a Google search first to make sure someone else doesn't have the same information, so they don't get confused and send my order to them instead.
Theft? Crimes? Does Slashdot now think, an idea can be "property" and/or "stolen"?
In Soviet Washington the swamp drains you.
I'll swear this has been happening for years. I've taken to the habit of not searching for a new domain until I'm ready to buy it, right then and there. In the past, I've seen cases where customers have searched for a domain, found it to be available, and by the time they had a meeting the next morning to discuss buying it have it be registered by someone else (usually a squatter). In a sense, it's just common sense that a lot of the domain search "services" would engage in a competitive practice like this. I'm not saying it's ethical, but it's been going on for a long time.
Maybe the community can come up with a list of guaranteed reputable domain search services that take measures to prevent this sort of activity, and support those organizations.
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
I've heard rumors of GD domain "tasting" for the past 18 months, maybe longer. If true, it's pretty pathetic that they need to do that in order to make money.
Website Hosting
- Register a domain as soon as you search for it
- Avoid using registry based WHOIS tools.
The ICANN requirements for becoming a registrar are VERY weak. There are a lot of disreputable operations out there who could be colluding with domain prospectors. Even with the bigger registry operations, its still possible for people to get access to the whois queries. You have no idea what that web whois box is actually querying, and there is no privacy guarantee.perhaps whois should provide Md5 lookup for a domain instead so people cant snoop at the domain being queried.. so instead of for example whois: somedomain.tld its whois: a79f888f1c2dc50c6b354c0d816f5bf5 simple and effective.
Would it be possible to request so many nonexistant domains to make this unprofitable? Or would they just figure you're having a seizure at your keyboard and drop your IP from the logs?
that will query random domain names.
Millions of them. Have fun squatters!
I don't know the meaning of the word 'don't' - J
Actually most of bigger squatting operations don't pay a dime on a per name basis. They hold the name for 30 days, then release it at no cost.
One of the problems stem from the fact that any whois query can be sniffed (or SNORTed) if it passes over the wrong network hop anyway, so there isn't much you can do unless you're ready on the trigger to register the domain almost immediately. One thing you CAN do if you're going to do web queries (because not everybody has a whois command line installed) is query via;
https://www.easywhois.com/
Note httpS. I can certify that Mark J doesn't do domain tasting, that's not the business EasyDNS is in. So if you do do a query via EasyWhois it's not going to get snagged after 24 hours (at least not from our end).
[ Disclaimer: Yeah I work for EasyDNS
-- The unsig...
There is a opt out program so that your WHOIS isn't tracked.
Period.
Much of not most of the spam I'm deflecting nowadays seems to come from 'tasted' domains. Or just made up. I almost don't care about the difference.
The last time I read about this, more than a month ago, one snarky idea was to script a tool to randomly taste domains, constantly. If the registrars are forwarding the requests to squatters, they would go crazy with the surge in requests. The squatters would fritter away resources keeping up with these random searches, and eventually the WHOIS functionality of the registrars would have to change. And the script would change, and so on.
I think domain tasting ought to go away, or cost something. $2 for a 14 day taste would wreck the economics, maybe, certainly if random search scripts got going. My server could probably do 100,000 searches a day. I know it can send out 3-4 million spams a weekend, sadly.
Of course, the registrars could block my IP after a while. And blocks of IPs. So we need a Seti@Home-type script that hammers these things out, and let them block every dialup/dsl/cable/sat block. Hehe.
No, it's not devious enough.
deleting the extra space after periods so i can stay relevant, yeah.
Can anyone give one legitimate reason why anyone would need to "trial" a domain? Is that to see how it looks in the browser's address bar?
Wouldn't doing away with that stupidity make things a lot harder for these losers that park / squat domains?
Dan East
Better known as 318230.
Comment removed based on user account deletion
Packets are being sniffed as they traverse thru the tubes. Try this, do a google search for something made up. Try to get a page result of 0. Do this a few times and write down each time you get a 0 result. Come back in a few days and do a google search and you will probably find some custom pages. Is this google tasting?
I'm thinking that I'm not liking the direction this is going...
Sniffing, tasting, hmmm, what comes next, digesting? Excreting?
Comment removed based on user account deletion
When thinking of potential domain names, I usually use the inurl: function in Google. I generally only use part of the name too - that way you're able to see all the potential variations of the domain name you're thinking of working with (and possibly giving you some inspiration too)...
On May 1, 2006 I was researching a fairly obscure domain name. I used many tools, including several that created and checked various combinations of words. While I wish I could trace it back to a single search tool, there is no way of knowing which tool is the harvesting
Less than two days later my fairly obscure domain name was snapped up by Marklark, LLC and is now offered "for sale" for $1000. The domain is obscure enough that it is only of use to me so this sucks.
I hope we can screw these fuckers to the wall.
Registrant:
Marklark, LLC
P.O. Box 13309
San Luis Obispo, California 93406
United States
Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: ************ (Redacted)
Created on: 03-May-06
Expires on: 03-May-08
Last Updated on: 25-Apr-07
Administrative Contact:
Fleming, Mark domain.manager@smarty.biz
Marklark, LLC
P.O. Box 13309
San Luis Obispo, California 93406
United States
18058882789 Fax --
Technical Contact:
Fleming, Mark domain.manager@smarty.biz
Marklark, LLC
P.O. Box 13309
San Luis Obispo, California 93406
United States
18058882789 Fax --
Domain servers in listed order:
NS1.SEDOPARKING.COM
NS2.SEDOPARKING.COM
When I read this, I was a bit concerned there might be someway queries were being intercepted by command line tools, but that doesn't seem to be the case. I have a big list of open domain names that I was considering about 15 months ago, and doing a quick survey just now, there are quite a number that are still open. There were also a number of them that were now taken, but the dates on them didn't show any particular scary pattern. Just sometime in the last 15 months someone else thought of my rejects. :)
Some of the untaken ones are actually pretty short, decent names, so I'm pretty sure the command line is safe (for now).
Sometimes it's best to just let stupid people be stupid.
Is when you've already visited the site, but for some obscure reason, even though they registered with a big-time registrar, another registar places it in their DNS, and, your browser connects to that one first, and -- bingo -- the site you've visited for the past 5 days is now replaced by some "Find what you're looking for, right now" site crawling with useless content, spyware, a search box, and advertisements that link to sites designed in the same fashion. (And it's not a "typo" when you have it bookmarked and the admin is a friend of yours and tells you to connect via the IP address).
This type of domain name sniffing and squatting has been happening for years. I 'tested' registration of a domain name on ICANNs biggest contractor. They havent changed their page. and the next morning, as I was paying for the registration, the registration record came up 'owned' by someone else. ( Purchased the following day. Since I tested the name at about 11:15 p.m. It was an automated system, in place and doing its dirty work.) A squatting company in Pasadena, who sold it to someone in Oregon. Nothing has appeared on the site EVER, and that was a way back in 1999, but it kinda angered me that it happened, and I never understood the mechanism, but now see clearly that ICANNs contractors were behind it. There is a domain-name squatters magazine, and a domain-name squatters trade show!
Instead of using /usr/bin/whois, I used some whois search engine for some stupid reason. A day later it was snatched up. Super annoying. I'm waiting for the company to lapse on renewing it so I can buy it back.
I guess from now on one will have to register a name blind and see what happens.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
Don't use whois. Just open up a webbrowser and enter the doman you want. See what the browser returns. If possible use different dns servers or locations. Your search should look like normal web querys. Onces you are sure that you domain isn't registered go snarp up the fucker.
Supporting World Peace Through Nuclear Pacification
Anyone up for flooding the Internet with whois requests so these automated processes register up a ton of crap domains & burn up all their funding ?
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
Stop using names, and start remembering IP addresses. This will be a nice challenge when IPv6 takes hold :-) But there ya go. Time to exercise those brains. 1 point 2 point 3 point 4... now the left hemisphere... and 5 point 6 point 7 point 8...C'mon girls, get that cortex up!
What?
I posted this over 18 hours ago. I checked it on Network Solutions's web-based Whois last night and again a few minutes ago. The domain is available.
By the way, the solution to the "tasting" problem is to either put a very low limit on the number of "free tastes" people or companies can have in a year.
Another way is to simply charge tem a pro-rated amount based on a minimum usage, say, 1/26 of the annual fee for 2 weeks.
Another way is to charge a non-refundable setup fee, say, 1/12 of the annual fee, which would be credited against the 12th month of service. Whatever this fee is, it should cover the actual costs of registering and de-registering a domain plus provide an optional small profit to the registrar.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Comment removed based on user account deletion
There's been some concern about this over at the Anti-Phishing Working Group. Much phishing seems to come from domains held for very short periods. But it turns out that's not "domain tasting". It's phishers buying domains with stolen credit card numbers, using retail domain registrars. After a few days, the credit card number is detected as stolen, the transaction is reversed by the bank, and the registrar deletes the domain.
This seems to be a separate problem from "domain tasting". But the "grace period" loophole that makes "domain tasting" possible also enables this scam. If registrars couldn't return domains to the TLD registry without paying, they'd have to raise their standards of customer validation.
How far "up the chain" would someone have to be that would allow them to register domains "for free" for an extended period of time (6 months)? Is it possible these Domain Squatters can make a profit because of corruption somewhere, IE they pay only funny money for domain registration?
I read the internet for the articles.
But a lot of companies that have made enough money to grease a lot of palms would fight it with everything they had.
Quack, quack.
It is interesting that so many ignorant people are angry.
I just enter my search into my firefox url bar and voala it comes up from google. Domain names are for pussies with more money than sense.
http://www.rense.com/general79/wdx1.htm
From the page linked from TFA:
"It is such a strong urge to type the domain name into the address bar and see what website comes up. Most users think perhaps there is already a company using the name and this will be a quick end to the question. Wrong! This is the most dangerous thing to do. Internet Service Providers (ISP) sell NXD (Non-eXistent Domain) data."
Maybe someone can enlighten me here. If I look up a domain, then try to buy it and see if it is taken, I move on to some other variant of the name. Do people actually purchase from squatters? I guess it's the same as, do people buy products from email spam? It only takes a couple to make it profitable.
Flexible bare-metal recovery for Linux/UNIX
Read the article. ISPs weill sell non-existent domain information for fun and profit. It is not safe to "just type in your query in the url bar of your browser."
You could send him some faxes describing your feelings in a visual manner.
Have an app that pings 1,000,000 combinations like the one you want.
It can run all night, and the tasters get a big mouthfull of NOTHING.
Run it for a couple weeks. See if they re-register some of them again and again.
A nickle a piece is cheap. But times a million will add up.
Maybe it could be set up like the SETI search so thousands of computers across
the web would work together to make tasting a bad investment.
Why is this so hard to verify. Use each registrar to test availability of domain xyzzyplugh99.com, changing the index number "99" for each test. Try back the next day and see which ones are sudden unavailable, then complain LOUDLY!
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Comment removed based on user account deletion
You thought you were just being paranoid when this happened. Other people told you were being paranoid.
Just remember, even if you are paranoid, they may still be out to get you too.
Fight Spammers!
Wouldn't it be possible for people to spam potential url inquiries they actually have no interest in creating in order to cost these companies money? How do these programs detect actual links that people will buy versus phony ones?
Comment removed based on user account deletion
Those who want to educate themselves about the corruption can also read The Lie of the Century and one of the many topics on Cooperative Research.
This is on topic considering that the article referenced by the Slashdot story claimed that big search engines are safe for doing domain searches because even the U.S. government cannot get access to Google. It's a minor point considering that the major point is about domain registration, but it is a point.
Having a minimum-term or a non-refundable setup fee turns a free taste into a paid taste.
There is a legitimate reason for cash- or "store credit"-refunds:
It allows clerical errors to be rectified without a total loss. For registrars that charge more than a few dollars a year this makes a lot of sense. For $1.99/year domains it's easier to write off the loss.
If domain registrars were allowed but not required to have free tasting, you can bet that the mass-market registrars would either eliminate them, have a cancellation fee high enough to cover their costs, or offer them only to high-volume customers and even then limit them to a fraction of the customer's volume.
The high-end registrars would probably allow them but only for "store credit" and only 1 free "oops" per paid domain-name.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Its happened to me several times and the domain names were not very common words- or words at all for that matter.
I went to register a name with GoDaddy about six months ago. I used a command line WhoIs tool to verify the availability before going to GoDaddy. As I was going through the registration process, I got an idea for a shorter version of the same domain name. I canceled the registration process, went back, and started over with the new domain name idea instead.
To this day, GoDaddy still holds the original domain name idea I had. Although the one I ended up with was better, it was a good domain name. I wanted to go back and grab that one too as a forwarding domain. But now GoDaddy is parked and trying to sell it at a premium.
They stole my idea and are selling it! IP THEFT!!!!
But ICANN and/or some other body needs to crack down against this ridiculous cyber-squatting crap! If you don't *USE* it, you shouldn't be allowed to have it. There should probably be a lot of rules like this, for example, if you own more than 5 domains, you should have to justify it somehow. Some of these clowns have hundreds of domains and they are just used for trashing up the internet with search engine spamming (like Yet Another Content Generator) and crap like that.
It needs to end.
I know my brother got caught by one of these scammers. He was planning to set up a family web site with our name. He did a whois to see if it was available. It was. A few days later he went to register it and it wasn't available! He went to the named web site and saw a nice screen saying "it's for sale!" for several hundred dollars. Those people, and people like them, need death. There's no excuse or rationale for this to be acceptable... taking something that would only be useful to one or a very limited number of people and taking advantage of it.
People don't really learn german or latin or whatever roots to their languages these days, so they're unaware of the true meanings of some words. It's not uncommon for half of peoples' vocabularies to come from words that they just know by rote. People on the internet and in music (and pop culture in general) are now just making up words because they feel they have a word that fits better simply because they feel the word they use somehow has an intrinsic meaning, or that the use implies its meaning and it takes hold. The language you know and love only is used in business and has its roots in proper grammar and definitions etc; It's not the same language that people use in social situations or popular culture. This pop language will continue to grow and evolve because it has its roots in today's culture because the people creating and growing these terms do so because they understand where the words come from. They don't understand the roots of their language so they're not going to use words that they learnt by rote instead of by the root, when they can just as easily throw out words that have much more meaning to them and the people around them. We're just going to have to start having "formal english" and "social english."
By instinct, I would pronounce a lot of words the wrong way, such as "draught" or "digest", because I don't know how to pronounce those words except phonetically. I never learned the roots of the words or how to pronounce certain things when or why. Some words are going to sound or look weird to me or even seem out of place just because I don't know these things, so I will be much more likely to use words that mean something more to me and tie into my experiences more.
I don't know if you've seen some french books, and then heard french people talking. Around here at least, it's totally not the same thing. One is definitely more formal and one is definitely more slang-laden. It doesn't even matter if the book is for casual reading. If you walk into a job, then you're not going to use the slang-laden french either, you'll turn to the more formal french. And then when you're hanging out with friends, it's back to slang-french. That's just how things will always be until people in formal situations accept slang, or people are taught languages formally and learn the roots of their languages as well.
Twinstiq, game news
I read some comments saying you can release a domain at no cost after 30 days. I occasionally have misspelled a domain name when registering. Does anyone know if you can do this with Godaddy? If so how do you get your money back?
thanks
Slightly Off Topic
Actually, Bob Parsons (CEO of GoDaddy) has been complaining about "domain tasting" and "domain kiting" for years. Google Bob Parsons domain tasting and look at the results. I wouldn't be surprised if it's happening upstream from Godaddy, but I'd be shocked to find Godaddy is in any way willingly facilitating the practise.
"No War For Oil" meant "No War about Oil". The war allowed U.S. citizens to get some of the oil profit, instead of Iraqi citizens. The bigger reason was to restrict the supply so that the price rose.
No one blames Bush for climate change. He is blamed for supporting people who want to lie about it.
What registrar registers a domain for $2?
I placed an order with StartLogic.com for hosting a while back (soon after the game went retail.) The domain was "wowvault.com" just like "eqvault.com" and "uovault.com". Sure, I was trying to pre-emptively hijack this site from the vault network, but I was going to develop it as my own and actually run with it. I checked and saw that the domain was available. Now, at the time, I was a bit unsure about registering a domain myself, so I figured I'd let "the experts" do it at StartLogic. I placed an online order and then followed it up almost immediately with a telephone call to confirm it. Everything was in order and would be taken care of shortly.
Days went by, and the domain was still available. I called StartLogic and they lost my order somehow! So then I placed the order again, figuring it had to go through smoothly this time. 2 more days go by and finally the domain is registered, BUT TO SOMEBODY ELSE! And it's just a domain squatter, even. I strongly suspect foul play was involved, and have since registered every one of my domains myself.
This is no surprise. I think it's been done before a lot, but not necessarily through automated websites. It seems so far to have been more of an analog to a phone operator at a catalog company taking a caller's credit info home with them.
Move all sig!
With this continuing abuse of "theft" I don't know what to call it any more when somebody simply steals my wallet.
"Stop um... pickpocket scallywag!"
In the past, I've seen cases where customers have searched for a domain, found it to be available, and by the time they had a meeting the next morning to discuss buying it have it be registered by someone else
You have meetings to decide wether to buy something that cost two fucking dollars??? You must work for the government!
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
Solve the problem of domain-name squatting, as well as spam email, by taxing both.
Hey, we're rolling, hey..
Go home, go home Squatter go home
Go home, go home Squatter go home
I think I hear your Mommy callin' On your cellular phone
She said your dad wants his car back So you'd better come home
Squatter go home
Squatter go home
Squatter go home
Squatter go home
Go home, go home
Squatter go home
Go home, go home
Squatter go home
You got no money for the punk rock show
It's delagated for a beer and a ho
Spitting, pissing, cumming, and shitting So you have cool clothes
Squatter go home
Squatter go home
Squatter go home
Squatter go home
I see you sitting on the boulevard with your tired and pissed off stare
Tellin' everyone your hard luck story, and what landed you here
You think of mommy and daddy out in their safe suburban home
And you know that's where you're gonna be when you start to feel the cold
I'm saying poser go home
Poser squatter go home
Summer squatter go home
Poser squatter go home
Squatter go home
Squatter go home
Squatter go home
Squatter go home
Squatter go home
Squatter go home
Summer squatter go home
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
Some have suggested that registering fake WHOIS requests might confuse these systems. I'd take it a step further and:
a) pick a random, obscure domain name (i.e. twistpark.com - available as of now)
b) issue multiple whois requests on various registrar sites
b) issue multiple whois requests from the command line of various servers
and sit and see who snaps it up.. make up your own random domain name and see if multiple whois requests in a short period of time, originating from multiple hosts might ferret out who's doing this.
About 18 months ago, we had a product beginning development cycle, and naturally wanted to secure the domain that related to [productname]. The domain was currently held bu a squatter.. because of a number in the domain (like 18), it was vaguely possible it might have been useful to someone as a porn site. I stress the word vaguely. We tried to contact the squatter, but none of his contact info was current. Luckily, it expired just a few weeks later. After the domain release period (45 days iirc), the domain was released back into the wild. We used godaddy's recovery service ($20) to make a best effort to catch it as it drops. As it happens, a domain taster (using dotster's tasting arrangement) got it ahead of us. By googling their contact info, I was able to find a few forum posts discussing this squatter being a domain taster as well. We specifically avoided doing anything for a month (and not visiting the domain at all), and the domain was released by the squatter (because it hadn't generated enough ad revenue). IIRC the whois info for the taster was incredibly ambiguous. A Brazilian company using a bogus PO Box address in Brazil, with a bogus 425 area code (Eastside of Seattle) phone number. Basically, it would have been impossible for us to ever track them down.
Besides SPAM, domain grabbes get really annoying. Maybe we should set up a Web 2.0 style DNS combined with a web ob trust (similiar to GPG). Then such grapped domains that show only advertisement for years could just be given out for re-registration. The only disadvantage would be that you would see different Webpages for the same URL, depending on what DNS/Web ob trust you use. BTW, at the same time you could take more easily malicious URL out of the DNS more easily.
Forgot to add a link to the macros, my friend.
Don't Taste me, Bro!
[Sorry for the Photobucket link, couldn't for the life of me find it online so I had to upload.]
Just -1, Troll talking to another.
I recently learned that a former coworker is going off on their own to become a competitor. Maybe I'll do a little "domain research" on the possible domain names they might choose for their new company website... Sure hope none of these "tasters" get a hold of the good ones!
Everyone is saying it's 30 days but I think it's 5. "Source": http://en.wikipedia.org/wiki/Domain_tasting
Beat the scammers at their own game. Set up an automated script that does whois lookups for random combinations of words. More or less just flood them with requests and they won't be able to tell which ones are legit lookups. Whoever the douchebag is, will either eventually run out of money, or have to expend more time to improve his algorithm, or just blacklist your ip.
When I have a kid, I want to put him in one of those strollers for twins and then run around the mall looking frantic.
Screw 'em, we went with the .org, Google ranks it higher then the BS .com anyway. I'll pick it up next year.
OSGGFG - Open Source Gamers Guide to Free Games
I'm sure one of you good folks can enlighten me as to why preventing domains from being "purchased" and rather making them a truly lease/rent transaction, remaining the property of the centralized body, preventing their re-sale between private parties and other such measures (draconian as they may sound) to prevent them from being treated as IP wouldn't solve this and a number of other issues (ex. litigation re: brand infringement, administrative overhead related to the volume of domain transactions, etc?) It's already such a transaction more or less no? I've always felt domain names, IP (as in the octects) and other aspects of the Internet should, to some degree, be treated like street addresses. As cool as it may sound (to some folks) to be able to purchase 1337 Ami Notu Street and plop in on your home it'd be too much overhead for regulatory and supporting bodies to handle. The post office alone would be crippled. It's hyperbole, I know, but illustrates why there should be some sacrifices with respect to "addressing" no matter the application.
Also or instead of the above, perhaps some measures like:
- domain leases require a minimum 90 day committment, paid in advance with no refunds
- much like patents require to some degree of effort to actualize the idea behind them, domain owners must put up content (not search crap) in 30 days or less (doesn't have to be policed rather a basis by which you can loose it if found)
- if a domain lease expires, it is listed for 30 days as "soon to be available" after which it will become available for lease at a random time ensuring everyone has a fair chance at it (no pre-orders, auctions, etc.)
Sometimes it's necessary I believe to make certain sacrifices when something starts going to crap. I don't think any of the above would significantly affect anyone but squatters and others seeking to misuse/abuse from both a personal and business perspective nor would it require much out the regulatory and private administrations involved. Perhaps we're not there yet to require such draconian measures but, as I stated in the beginning of the post, perhaps something escapes me here?
That's just my POV... no more, no less.
I have owned coppit.org for a while. About 8 or 9 years ago I checked coppit.com, and it was free. A week or so later I got around to registering it, and it was taken by a squatter. I had to wait a year before I could register it.
:)
For the record... There are maybe 8 people with a surname of Coppit in the world, and a out-of-print board game called "Coppit". It's pretty rare...
David Coppit
It was 7 or 8 years ago when I did a search for a domain one day, and the next day, when I went to register it, it was taken. I mentioned it to a coworker, and he said "Oh, yeah. The whois sites sell their search queries to squatters."
I figured by now it would be common knowledge that things like that would be happening. Ah, well.
Oh, you're not stuck, you're just unable to let go of the onion rings.
It's actually only a 5 day window. Which is easy for registrars to manage, but difficult for the registrant (domain owner). If you don't want the domain, you better email your registrar within 3 days of the registration. Also read the terms of service -- some registrars won't delete within the grace period. However, there are registrars (check out Moniker) that let you taste for a small fee (4 days for 25 cents I believe).
I misread the article and thought it said "Dolphins May Disappear After Search". I was all ready to make a couple Hitchhiker's Guide jokes, then make some quantum physics joke about them disappearing only after attempting to observe them. Oh well.
That Google link showed only spam web sites.
Are the people who are bragging about getting domain name registration for $2.00 telling the truth? Are such registrations $2.00 after you have paid too much for hosting?
This is not the time I'd like to be reading this story...
Yesterday I tried signing up for a domain on 1and1.com and was successful (AKA: gave them all my info/signed up). However, I have received no confirmation emails now, still have no access to the domain, yet their website says that the domain is taken now
Should I be worried? Probably.
Google has introduced a new service where it will automatically share all your WHOIS requests to your "friends" on your contact list.
import random,time,os
f=open('/usr/share/dict/words', 'r')
words=[i.strip() for i in f.readlines() ]
f.close()
while(True):
x="".join(random.sample(words,random.randint(1,3)))
x+=random.sample([".com",".net",".cc", ".tv"],1)[0]
os.system('host "'+x+'"') ## or whois
time.sleep(random.randint(0,60)+90)
The best example of how messed up domain name registration has gotten on all fronts can be found in the US election right now. type: mittromney.org into any browser and say hello to http://www.ronpaul2008.com/ Last I heard Mitt had not endorsed Ron for president. The Ron Paul organization has rerouted every thing under to the sun to their pages all perfectly legal as far as I can see. A tax on registrations or other low cost mechanisms are not going to end this kind of abuse. I've got a bad feeling that after this coming election that we could see the kind of overhead found in trademarks taking over domain registrations.
They're talking about people providing a service which purports to be checking domain availability, in case you want to purchase it. They're pretending to offer a low-level service for high-level users. It seems they are actually a high-level, competing service, lying to their competitors about what they do, in order to get inside information about their competitors, and beat them to the "punch" by snapping up property first.
So. You're really going to claim that's not a crime, are you? To anyone with a functioning moral compass, it should immediately stink of being unethical, even before you've fully considered the reasons why it's not right. Even if you don't get the ethics, you'll probably find it's against the letter of the law as well as the spirit of the law. Bypassing competition is generally considered to be a bad thing in a capitalist marketplace. You know... "tearing up the fabric of society"-type bad.
I've been using Domainmonger since it was recommended by many Slashdotters back in the late 90s. Despite their higher-than-some $17/year rate, I find it well worth it. Every single time I've had a problem with anything (and that's rare), they've helped me out right away. They're well worth the money. I have hosting through 1and1.com, but given what I've heard about them, I think I'll keep Domainmonger as my actual registrar and just host my site on 1and1 - if 1and1 decides to fuck me, well, so be it - at least they can't take control of my domain.
Since ISPs sell NXD data, a small script trying out millions of domains 24/7 could obscure your true searches, no? and by the way, I can't see any legitimate reason for domain tasting...
Comment removed based on user account deletion
Comment removed based on user account deletion
The second a new service, TV show, video game, even presidential canidate is announced, spammers and hackers race to the domain name registeration to register common misspellings of popular domain names, or variations of a domain name. Look at microsoft.ms...
I've been using godaddy to search domains for a long time and I keep track of what I'm interested in. I've never lost any. I am suspicious of this claim.
Meh.
Any IT person with half an ounce of paranoia has suspected this for years.
I usually just try to browse the URL (URL-search off of course). If the domain isn't found, I try to register it. I haven't used whois to search for a new domain for a decade.
This sort of thing has been going on for ages. You check on a domain name, it turns out to be available, then next day it's mysteriously gone. After all, why would someone check up on the availability of a domain name unless they were interested in buying it? And if they're interested in buying it, maybe they wouldn't object to paying a bit more for it?
If you can afford a Nominet membership, two static IP addresses and a Linux box with Apache, Perl, GPG and BIND, you too can become a domain scammer! Sell domain names "from" some riduculously low figure, which -- it transpires, after reading the small print, which is so small you have to press ctrl + "+" several times just to be able to see it -- only applies to long, unpronounceable strings, with actual words coming at a higher rate. Set yourself up a dodgy affiliate programme {is that a tautology?} where people can put a little form on their pages querying your WHOIS service. A little drive-by download which diverts other domain queries to your own server wouldn't go amiss {best to do this from one of your affiliates' pages, though}. Now you know what domains people are looking up and, being a Nominet member, you are in a position to register the most interesting ones straight away {you can even do this fully-automatically, since all you have to do to buy a domain is send a GPG-encrypted email}.
Registering a domain is so cheap, if you're a member of Nominet, that it's worth a few failures for the successes you will achieve. (You can also register easy mistypings of the name, and post content there which might help persuade the owner of the correctly-spelt domain to purchase those domains from you.)
Je fume. Tu fumes. Nous fûmes!
Sounds like it would be more useful than running SETI.
I come here for the love
This happened to me early this year: I looked up a bunch of domain names, went through the focus-group thing, then came back to register the chosen one in both .COM/.ORG/.NET variants and in several different spellings. I got halfway through the set of variants before discovering that one of them (in .COM) had been registered hours earlier by one of these scumbag companies, and I felt sick. I knew about the risks, and I thought I'd followed the rules, only using Google and domaintools, and I had no idea what happened. Had I accidentally typed it into an address bar, maybe while using the wrong ISP (e.g., Verizon Wireless)? Had one of my colleagues checked it in an unsafe manner?
Of course, I never found out, but a week later, I looked again, and that domain had been released, so I snapped it up and finished the process. Obviously it was completely automated, and stupid besides, because anyone who'd bothered to look would have found I'd registered all those other variants.
Nonetheless, I think tasting is a scourge and should be eliminated. Mining query results is just plain wrong.
Is it not obvious that the moment you type in a domain into a whois search, it's gone. ...
It has to be that way. Why else would so many services offer free whois searches?
Domain-name-only companies or outfits are essentially the worst/best opportunists on the web.
They make money on knowing vocabulary and on ideas.
These are guys who talk very well and socialize a lot. And also, so-she-lies-a-lot!
Go read about domain squatters - they just work for a few hours a day - it's a proper auction or still better, a gambling den.
For example, suppose I were to start a mashup (or a messup, if you think so) about this, I would call it
"The Squattro" and so i would buy low and sell high _squattro.com_ which would be about domain skvatterz and the like.
Or maybe squatt.ro for effect, y'know.
You want to get into this shady business, go download a rhyming software and sell domains by writing catchy 1/2-liners everyday. or maybe, if you open source the thing, like Linus did, you could write one-Linuz, y'know.
yadda yadda
Fast cash.
Betcha all those are taken. Don't even think about getting into that. They've been there pretty early. Much before you.
False comparison. An idea cannot be stolen because, when you have taken a copy of it, the creator still has the idea.
A domain is different. By definition, there is only one of each domain. Ergo, one person can posses it in its entirety, and deprive others of its possession. Hence it can be stolen.
Rgasuya aata! : I have been coding Perl and cannot tell where my fingers are now!
Hey...let em have it! I'm sure several here have thought of just writing a program to auto-query on every word in the dictionary...let 'em register the entire language (including foreign words)....
If a registrar lets you have a 30 day trial on a domain name, it's a business decision they're making on the risks of buying a name - they must be buying the name themselves after the grace period runs out (assuming you're remembering the time-frame correctly.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Ironically, the article that Slashdot's reporting on is at "Daily Domainer", a site which is targeted to parasites who buy up domain names for speculation that real people might otherwise want for real content (or typos from real domains.) So it's one parasite complaining about other parasites. There's not any obvious way to stop domainers (though eliminating the grace period would slow them down by changing the economics a bit) - it's trivial to generate a website with enough correctly-buzzworded content to fool an automated test, and not much harder to generate or plagiarize content if you need something fancier, such as good enough content to get search engines to start directing more traffic to your site; some of the SEO-scum web pages do in fact have more useful content than a lot of human-generated pages (though much of that's in blogs these days.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I can vouch for this kind of thing. I registered a name in several TLDs, but when I went to get the .com one, it has mysteriously been registered just minutes before. Later, I get some spam asking me if I want to buy it.
This really pisses me off. The registrars really need to curb this kind of scamming.
--
The early bird catches the worm. The worm that sleeps late lives to see another day.
There is a Firefox extension called TrackMeNot at http://mrl.nyu.edu/~dhowe/trackmenot that issues random requests to search engines generated from a wordlist. All that needs to be done to make it lookup poison is to modify the query strings with various WHOIS lookups and add .TLD or .ccTLD to the end of the generated search string and send it off. For more usability both the wordlists and WHOIS lookup site strings could be stored in user-editable text files and more words could be added from http://www.gattinger.org/wordlists. List updates could be distributed as extension updates. Later maybe something to randomly do command line lookups could be added too. Finally,a feature could be added to request Squatter URL's and load them in the background without caching to use up their bandwidth. If I knew extension code I would do it myself but as of yet all I can do is provide ideas. To get the source for the extension simply grab it from http://mrl.nyu.edu/~dhowe/trackmenot or https://addons.mozilla.org/en-US/firefox/addon/3173 and rename it anything.zip then open it up. If anyone does anything with this please email me about it.
Thanks.
Note: I am not affiliated with TrackMeNot
My registrar is ENOM and it appears that they do not do this type of game. My suggestion is that you use their direct site if you are attempting to register.
Blumenthal Associates
Technology Consulting