NSI Registers Every Domain Checked

An anonymous reader writes "In a developing story, registrar Network Solutions has been caught front-running domain names. Any domain names searched via NSI's whois are being immediately purchased by the registrar, thereby preventing a registrant from purchasing the domain at any other registrar. There are multiple reports of this practice over at DomainState.com." Update: 01/09 01:58 GMT by KD : shashib writes to let us know that NSI has issued a response to the accusations of front running.

I always assumed they did this

[Evro]

They control a big database and know when someone's about to buy something from one of their competitors, so they instantly buy it so the person has to buy it from them for any fee they want to charge. This is historically one of the most unethical companies around, I always assumed they did this, I'm just glad I got my domain ~10 years ago when it was actually possible.

Re:Make it cost them ...

[anotherone]

RTFA. If the user doesn't buy in a few days, they delete the domain- doesn't cost them anything.

Re:Any way to...

[ergo98]

Make them bankrupt themselves purchasing bogus domains?

I doubt they're making any financial commitment "purchasing" these domains. They're simply putting in a database record, and then removing it within the 5-day grace period (thus removing any liability to any other registrars).

Re:Can't be ALL of them.

[WindBourne]

Now try to purchase one of those at a different registrar.

Re:Dupedy do dah, dupidee-ay

[Xonea]

This is no dupe as this shows a specific example of someone practicing it.

Now you can relly test it; I searched for about 20 domainnames and they are now all registered by NS.

Re:Can't be ALL of them.

[Schraegstrichpunkt]

1. Go to networksolutions.com and check the availability of a random domain
2. Go to some other registrar (domainsatcost.ca worked for me) and try the same thing.

Mysteriously, the domain is suddenly unavailable.

Re:Any way to...

[Hawke]

Er, no. Verisign owns the .com, .net registries. Verisign used to own Network Solutions, but they were spun out several years ago.

Web form that doesn't log your domain lookup.

[suso]

Here, use this:

http://support.suso.org/dns/saferdomainlookup.php

I wrote it a few months ago after these types of issues started coming up. I provide some transparency so that you can have confidence in trusting it. Of course, you can always use command line whois or DNS tools.

Re:Any way to...

[djtack]

Here ya go... One thing, I noticed NSI stops registering domains after about 50 or so.

#!/usr/bin/perl

$count = $ARGV[0] || 8;
@charlist = (A .. Z, a .. z, 0 .. 9);

while (1) {
my $domain = "";
foreach $i (1 .. $count) {

$word = `dd bs=1 count=4 if=/dev/random 2> /dev/null`;

$number = unpack I1, $word;
$number = $number / 2**32;
$number *= scalar @charlist;
$number = int $number;

$domain .= $charlist[$number];
}

print `whois -h whois.networksolutions.com $domain.com`;
sleep 2;
}

Re:Can't be ALL of them.

[BaldingByMicrosoft]

Criminy, this is bad.

1. Went to godaddy.com and searched for {obscurewords}.com. It's available.
2. Went to networksolutions.com and searched for the same. It's available.
3. Went back to godaddy.com and searched for the same, again. NOT available!

NS is rotten to the core.

Re:Any way to...

[Serious+Callers+Only]

Or if you prefer Ruby...

#!/usr/bin/env ruby -w
require 'rubygems'
require "mechanize"
 
search_form = WWW::Mechanize.new.get("http://www.networksolutions.com/").forms.first
search_field = search_form.fields.name("domainNames").first
1.upto 10 do |i|
  puts search_field.value = "netsol-sucks-#{'x'*i}.com"
  search_form.submit
end

PR response from NSI

[vmxeo]

Domain Name Wire has posted a response from NSI's PR department. Here's the relevent quote from NSI:

I just got off the phone with Susan Wade, who heads PR for Network Solutions. "This is a customer protection measure to protect customers from frontrunners," said Wade. "After four days, we release the domain." According to Wade, Network Solutions instituted this program as a test over the past few weeks. I asked if Network Solutions is actually acting as a frontrunner by doing this and she said there's a distinction. First, they are not monetizing the domains. Second, they have no intention of keeping the domains. All domains are released after the four day period.

Translation: So if anyone else does it, it's bad, because they're domain front-running. But when we do it's it's ok, because, uh, we say so. No, really!

Re:Any way to...

[drgould]

This Domain is Available - Get it Now!

Re:Any way to...

Just tried 3 domain names. The 1st and 3rd domain name, I used their website search feature. They snagged those 2 up quick. The second domain I searched, I did a "whois -h whois.networksolutions.com ..." and they did not snatch up that domain name. Apparently, they are only snatching searched made through their website interface.

Not a chance

[Weaselmancer]

Sorry pal, this is Slashdot. Source or GTFO.

Network Solutions' Response

[linumax]

Found it here.

"This is a customer protection measure to protect customers from frontrunners," said Wade. "After four days, we release the domain." According to Wade, Network Solutions instituted this program as a test over the past few weeks. I asked if Network Solutions is actually acting as a frontrunner by doing this and she said there's a distinction. First, they are not monetizing the domains. Second, they have no intention of keeping the domains. All domains are released after the four day period.

IMHO, bullshit.

Re:Any way to...

[wdr1]

You both missed a very key point: they're not paying these domains.

The simply reserve them using a registrar's 5 day grace period & if nobody buys the domain from Network Solution for 5 days, they simply release the reserve. I.e., it's available again to the general public.

It's something a registrar can do, that you & I can't. Basically, a loophole that a few trusted companies in the system are exploiting for profit.

This came up a big back when a registrar would "try" domains, to see if the type-in traffic made more than the cost of registering. (E.g., by using Google's DomainPark for Domain Squatters.)

The President of GoDaddy wrote about it a little over a year ago:

http://www.bobparsons.com/DomainKiting.html.

One registrar in particular, DirectNIC, "registered" 8.4 million domains but only permanently registered -- i.e. paid for -- 51,400.

Overall, I'm with you in spirit of screwing bastards like this over, but it seems the only way to do so is close the loophole in the system.

-Bill

Re:At 4:24 PM (EDT-US)

[Ewan]

It's not a hold tag, they do actually register it - it's called domain tasting. You can register a domain and keep it for 5 days before you need to either pay for it or release it.

What NSI are doing is registering the domain for the 5 day period after anyone does a search for the name, making anyone who wants the domain only buy it through them for the 5 days. If after 5 days noone wants it, then NSI can simply release the domain name and not pay a penny.

ICANN SSAC looking for input on front running

[vmxeo]

Just found this in the ICANN Front-running paper. Note the contact email at the end...

For each instance of suspected domain name front running, the type of information that would be most useful in studying the case includes but is not limited to:

Method used to check domain name availability (e.g., web browser, application).

Local access ISP.

Provider or operator of the availability checking service.

Dates and times when domain name availability checks were performed.

Copy of the information returned (e.g., WHOIS query response) in the response to the availability check.

Whether the domain name was reported as previously registered or never before registered in the response returned from the availability check.

Copy of the information returned (e.g., WHOIS query response) indicating the name had been registered.

Copies of any correspondence sent to or received from the registrant perceived to be a front runner.

Correspondence with the registrar or availability checking service.

Any information indicating a potential relationship between the availability checking service and the registrant that grabbed the name.

Please submit incidents to the SSAC Fellow at SSAC-DNFR@ICANN.org.

Re:Any way to...

[sp3d2orbit]

Disclaimer, I worked at a registrar some years ago, not NSI, one of their competitors. As such, I would never advocate anyone scripting lookup information. However, I did have some observations about the approach.

It may not cost them any money for the domain, but the whole process costs some pennies. There are bandwidth costs, obviously. Not just to the user doing the lookup but between the registrar and their data centers, and the central registry. Harddisk costs for data, logs, analysis, etc.

A larger cost would be in their database. NS only has ~6.6 million domains under registry. Adding a few hundred thousand domains (even for a few days) could cause some serious indexing and performance issues.

With all these scripted domains coming in it will mess up any advertising models they have setup. Also, if they haven't been very, very careful, you could trick them into buying the domain by doing a recheck every couple of days. Waiting until the very last second to check the name again may be more than their system is setup to handle.

Like I've said please don't script them. Knowledge should never be used to maintain the balance of power. Those in authority always have your best interests at heart. When those who love you appear to abuse you it is for your own good. Don't fight the man. Etc, etc, etc.