NSI Registers Every Domain Checked

An anonymous reader writes "In a developing story, registrar Network Solutions has been caught front-running domain names. Any domain names searched via NSI's whois are being immediately purchased by the registrar, thereby preventing a registrant from purchasing the domain at any other registrar. There are multiple reports of this practice over at DomainState.com." Update: 01/09 01:58 GMT by KD : shashib writes to let us know that NSI has issued a response to the accusations of front running.

Any way to...

[Jaysyn]

...automate requests with a dictionary? Make them bankrupt themselves purchasing bogus domains?

Re:Any way to...

[elFarto+the+2nd]

uselessdomain00001.com
uselessdomain00002.com
uselessdomain00003.com
uselessdomain00004.com...

Re:Any way to...

[Shakrai]

I was just about to post that ;) Best idea ever.... quoting this from DomainState.com: someone could totally script this and run there credit through the roof with the registry hahahahaha.

Assuming it costs them SOMETHING (even pennies) to register a domain with the central registry then I think this is an absolutely awesome idea. I'll run such a script if someone writes it. In fact maybe I'll write one myself, because screwing over NSI sounds like a much better way to spend my afternoon then doing anything productive ;)

Re:Any way to...

uselessdomain00001.com
uselessdomain00002.com
uselessdomain00003.com
uselessdomain00004.com...


too subtle

FuckYouNSI00001.com
FuckYouNSI00002.com
FuckYouNSI00003.com
FuckYouNSI00004.com...

Re:Any way to...

[ergo98]

Make them bankrupt themselves purchasing bogus domains?

I doubt they're making any financial commitment "purchasing" these domains. They're simply putting in a database record, and then removing it within the 5-day grace period (thus removing any liability to any other registrars).

Re:Any way to...

In fact maybe I'll write one myself, because screwing over NSI sounds like a much better way to spend my afternoon then doing anything productive ;)

You must work for the government.

Re:Any way to...

[glpierce]

They won't lose any money (that's the whole point of "tasting", isn't it?), but that doesn't mean it wouldn't hurt them. If someone made a script that would search for every possible domain (up to say, 50 characters in length), no other registrar would be able to sell anything. There are enough competitors with enough money and enough at stake to pressure ICANN to take action if that happened. They could also theoretically sue NSI for attempting to create a monopoly (I assume there's some law it would break). Of course, that assumes that NSI doesn't pull the plug quickly enough.

Re:Any way to...

[kmac06]

Screwing over NSI is productive!

Re:Any way to...

[misleb]

if enough people are scripting bogus names,
perhaps their database and/or db server will choke.
THAT will cost them money to bring back online.

Yeah, but then you'd be arrested as a "terrorist."

-matthew

Re:Any way to...

[mr_walrus]

which "you"? it would require thousands of people hitting the db at the same time.
individually no-one would be capable of doing it.

unless you are orchestrating/controlling a Botnet to do a DoS attack. ...but those who have control over botnets wouldnt be so mean as to direct
their efforts at NSI would they? :)
after all, they are already considered terrorists and have nothing to gain :)

a plain DoS would cost them money in lost business.

Re:Any way to...

[Hawke]

Er, no. Verisign owns the .com, .net registries. Verisign used to own Network Solutions, but they were spun out several years ago.

Re:Any way to...

[Mr.+Underbridge]

Assuming it costs them SOMETHING (even pennies) to register a domain with the central registry then I think this is an absolutely awesome idea. I'll run such a script if someone writes it. In fact maybe I'll write one myself, because screwing over NSI sounds like a much better way to spend my afternoon then doing anything productive ;)

If you can't write that in under three lines in the scripting language of your choice, you officially lose your nerd card. ;)

Re:Any way to...

[Sloppy]

Make them bankrupt themselves in court. Instead of random names, use a dictionary of trademarks, politician's names, law firm names, etc. Get Network Solutions to register authenticdisneymerchandise.com, applemultimediacomputers.com, deweycheathamandhowelimited.com, advicefrommichaelmukasey.org, etc. Then write a letter of appreciation to Disney, about how grateful you are that they're selling Mickey Mouse porn so cheaply.

Re:Any way to...

[emeitner]

Slashdot IS a botnet. Blame the Taco.

Re:Any way to...

[djtack]

Here ya go... One thing, I noticed NSI stops registering domains after about 50 or so.

#!/usr/bin/perl

$count = $ARGV[0] || 8;
@charlist = (A .. Z, a .. z, 0 .. 9);

while (1) {
my $domain = "";
foreach $i (1 .. $count) {

$word = `dd bs=1 count=4 if=/dev/random 2> /dev/null`;

$number = unpack I1, $word;
$number = $number / 2**32;
$number *= scalar @charlist;
$number = int $number;

$domain .= $charlist[$number];
}

print `whois -h whois.networksolutions.com $domain.com`;
sleep 2;
}

Re:Any way to...

[Sloppy]

I can't believe I forgot the best one. Don't forget Scientology. religioustechnologycenterlicensing.com is a great domain name. Network Solutions should snatch it up at once.

Re:Any way to...

[LithiumX]

I was thinking more along the lines of trademark infringement. Something that would never go to court, but would result in a pretty quick C&D letter from a number of companies who are uncomfortable with their name being auto-registered on a whim.

I did verify that you have to initiate a purchase before they auto-register. If you simply do a search, they don't do anything (that I can see), but if you click on "Add Domains to Order", it shows up on a general whois a few seconds later, allocated for a year.

My question is... how long do they keep it? If they were to drop it after say, a few hours... even a few days... I'd consider it a dangerously abuseable practice but little worse. If they keep it any longer than that, it's a few steps shy of a domain hijack.

Seriously, I think it's just meant to be a service, but I don't see how it offers any kind of service if they allow others to waltz in and register these names themselves (which it sounds like they do, judging from posts on DomainState).

Re:Any way to...

[Sloppy]

Dammit. Network Solutions says religioustechnologycenterlicensing.com is available, but godaddy says it's taken. Oh well. I guess I should write the Religious Technology Center and ask them if they'd like a bid on the website that they are apparently about to launch.

Re:Any way to...

[UsualDosage]

I think the rationale behind this isn't entirely malicious. Consider the fact that domains are valuable property. If you were in the process of buying a domain, and had to take the time to fill our user information, credit card information and all of the textboxes that they make you fill out (particularly if you are a first time user), there is a good chance that someone from another registrar could snatch the domain out from under you simply because they were a faster typer, or had previously registered. In this way, if you do a WHOIS search with NSI, the name is locked for a short time to allow you to complete your transaction, and to disallow anyone else who may be following in your tracks to buy you your name before you can.

It makes sense, and I'm frankly surprised that no one hasn't noticed this before. I for one am glad that someone peeking over my shoulder can buy a domain from their iPhone before I can finish clicking "buy".

Re:Any way to...

[the_one(2)]

Don't discourage him =)

Re:Any way to...

[Dan667]

In perl, you could do it in one line with a haiku poem.

Re:Any way to...

[HappyDrgn]

Here ya go...

for i in `cat somefile.txt`
do
wget http://www.nsi.com/whois/results.jsp?domain=$1
done

Re:Any way to...

[kellyb9]

Funny, I tried to register "a';DROP TABLE employees;" - it came back with nothing? Anybody else getting this problem?

Re:Any way to...

I see a new opportunity for some creative ASCII-Art...

Re:Any way to...

[SnapperHead]

Domain Name: USELESSDOMAIN00001.COM
      Registrar: NETWORK SOLUTIONS, LLC.
      Whois Server: whois.networksolutions.com
      Referral URL: http://www.networksolutions.com/
      Name Server: NS1.RESERVEDDOMAINNAME.COM
      Name Server: NS2.RESERVEDDOMAINNAME.COM
      Status: ok
      Updated Date: 08-jan-2008
      Creation Date: 08-jan-2008
      Expiration Date: 08-jan-2009

Nice, how nice

Re:Any way to...

[Serious+Callers+Only]

Or if you prefer Ruby...

#!/usr/bin/env ruby -w
require 'rubygems'
require "mechanize"
 
search_form = WWW::Mechanize.new.get("http://www.networksolutions.com/").forms.first
search_field = search_form.fields.name("domainNames").first
1.upto 10 do |i|
  puts search_field.value = "netsol-sucks-#{'x'*i}.com"
  search_form.submit
end

Re:Any way to...

[Mr.+Underbridge]

In perl, you could do it in one line with a haiku poem.

Sure, but nobody could read it.

Re:Any way to...

[drgould]

This Domain is Available - Get it Now!

Re:Any way to...

[Rihahn]

Whoa! Don't use that word!

Somewhere in an AT&T monitoring center a little light with a handwritten "Terrorist" tag next to it lit up...

Re:Any way to...

So... if they've registered a /. load of addresses today, and then a DDOS hits them, say.. on the 13th, so they cannot remove them, then they'd have to pay, right? That'd be bad. I hope nobody thinks of that.

Re:Any way to...

[dpilot]

So if you're domain-shopping, the obvious method is to build a loop like this, and tack your real request somewhere at the back end.

Then when they get wise to that, and start queuing requests, checking the first N and the last N, you need a back-end loop, as well.

Re:Any way to...

[greed]

Anything wrong with "system('whois','-h','whois.networksolutions.com',$domain.'.com')"? Why bother with print-and-backticks for that?

Anyway, it's too long. Assuming POSIX standard shell...

while true; do whois -h whois.networksolutions.com "$(uuidgen).com" || break; sleep 2; done

Re:Any way to...

[termix]

Not long...

   Domain Name: NETWORKSOLUTIONSWHORE.COM
   Registrar: NETWORK SOLUTIONS, LLC.
   Whois Server: whois.networksolutions.com
   Referral URL: http://www.networksolutions.com
   Name Server: NS1.RESERVEDDOMAINNAME.COM
   Name Server: NS2.RESERVEDDOMAINNAME.COM
   Status: ok
   Updated Date: 08-jan-2008
   Creation Date: 08-jan-2008
   Expiration Date: 08-jan-2009

Re:Any way to...

Just tried 3 domain names. The 1st and 3rd domain name, I used their website search feature. They snagged those 2 up quick. The second domain I searched, I did a "whois -h whois.networksolutions.com ..." and they did not snatch up that domain name. Apparently, they are only snatching searched made through their website interface.

Re:Any way to...

[kvezach]

How about doing a whois on one of the AACS keys? DMCA-tastic!

Re:Any way to...

[cheater512]

Well that page does say that they register 600,000 daily. :)

Re:Any way to...

[wdr1]

You both missed a very key point: they're not paying these domains.

The simply reserve them using a registrar's 5 day grace period & if nobody buys the domain from Network Solution for 5 days, they simply release the reserve. I.e., it's available again to the general public.

It's something a registrar can do, that you & I can't. Basically, a loophole that a few trusted companies in the system are exploiting for profit.

This came up a big back when a registrar would "try" domains, to see if the type-in traffic made more than the cost of registering. (E.g., by using Google's DomainPark for Domain Squatters.)

The President of GoDaddy wrote about it a little over a year ago:

http://www.bobparsons.com/DomainKiting.html.

One registrar in particular, DirectNIC, "registered" 8.4 million domains but only permanently registered -- i.e. paid for -- 51,400.

Overall, I'm with you in spirit of screwing bastards like this over, but it seems the only way to do so is close the loophole in the system.

-Bill

Re:Any way to...

[HappyHead]

In perl, you could do it in one line with a haiku poem.

True, but it'd be more fun to do it as a limerick. Or as ascii art of the NSI logo.

Re:Any way to...

[morcego]

How about this:

for i in `seq -w 1 100`
do
lynx -dump http://www.nsi.com/whois/results.jsp?domain=dienetworksolutions${i}.com > /dev/null
done

Re:Any way to...

[fastest+fascist]

Obviously, since the alternative seems to be actually doing something productive, the parent does NOT work for the government.

Re:Any way to...

[rk]

Yeah, you guys are thinking about this the wrong way. Instead of just costing them money, figure out how you can profit from it:

whois CHAMP-MITCHELL-OWES-RK-FROM-SLASHDOT-TEN-BILLION-USD.COM

Champ Mitchell is the CEO of Network Solutions, and according to this domain name which they registered, fair and square, apparently he owes me some money. I'll try to be magnanimous and settle for just one percent.

Re:Any way to...

[ChadAmberg]

Hehheh... Actually, they own a few less domains as of today. I finished moving the remaining ones I own to another registrar.
That is how you punish this sort of activity. Do they actually lose money by scooping up those checked for domain names? Maybe, I'm not so sure that's the case.
But I do know that by moving domains from them they do lose hard $$.

Re:Any way to...

[enoz]

Sure, but nobody could read it.

Which is quite the irony, because it would be the first ever haiku worth reading.

Re:Any way to...

[gronofer]

Is it possible that they aren't "buying" these domains at all, but "reserving" them for their customers? I know this may sound a little far fetched to those who have no experience with customer service, but perhaps they are trying to provide a better customer experience by reserving names immediately when you search for it, so if it is available, you can buy it (and from them). They could be opening themselves to lawsuits if you searched for the domain, they said it was available, and then 12 hours later you couldn't buy it from them because they hadn't reserved it.

No, because they don't reserve the domain for the person who originally enquires about it. Anybody can register the domain, but for a few days they are forced to do it through Network Solutions.

Re:Any way to...

[nobaloney]

It doesn't cost them anything. It shows up as a one year registration but they have five days to "return" it. And since they don't have to pay until the five days are over it's no money out of pocket at all.

Re:Any way to...

[sp3d2orbit]

Disclaimer, I worked at a registrar some years ago, not NSI, one of their competitors. As such, I would never advocate anyone scripting lookup information. However, I did have some observations about the approach.

It may not cost them any money for the domain, but the whole process costs some pennies. There are bandwidth costs, obviously. Not just to the user doing the lookup but between the registrar and their data centers, and the central registry. Harddisk costs for data, logs, analysis, etc.

A larger cost would be in their database. NS only has ~6.6 million domains under registry. Adding a few hundred thousand domains (even for a few days) could cause some serious indexing and performance issues.

With all these scripted domains coming in it will mess up any advertising models they have setup. Also, if they haven't been very, very careful, you could trick them into buying the domain by doing a recheck every couple of days. Waiting until the very last second to check the name again may be more than their system is setup to handle.

Like I've said please don't script them. Knowledge should never be used to maintain the balance of power. Those in authority always have your best interests at heart. When those who love you appear to abuse you it is for your own good. Don't fight the man. Etc, etc, etc.

Re:Any way to...

[fatphil]

How about scripting such things? The following is all one line. Replace 'networksolutionssuckass' with whatever you want.

wget --post-data='TLDs=.com&domainNames=networksolutionssuckass&method-submit=method-submit&Search=/domain-name-registration/domain-name-search-results.jsp&currentPage=/home.jsp;jsessionid=5e337df9d98b6ffffffffc065d3ac7937db7:+cjA?layoutIdIndex=1&formTargetPage=/domain-name-registration/index.jsp' http://www.networksolutions.com/domainSearch.do;jsessionid=5e337df9d98b6ffffffffc065d3ac7937db7:+cjA

Let's hope for a class action lawsuit with punitive damages for every domain that they've squatted. That script could be a millionaire...

Re:Any way to...

[Z00L00K]

I would advocate for scripting in client-side javascript on your homepages. The script shall only do a few calls (at most 10) using some random names.

This will cause a random distributed load and make it very hard to track if the requests are valid or not. Especially if a JavaScript timer is used to allow for a delay between each request, which will cause the request to look like it's an ordinary user doing it.

Please don't disturb me.

[flaming+error]

I'm working on a program to perform millions of random whois searches via NSI.

Re:Please don't disturb me.

[sm62704]

I'm sorry but what was that again? Sorry, I was working on a program to perform millions of random whois searches via NSI and wasn't paying attention.

What?

Re:Please don't disturb me.

[hedleyroos]

I code in Python. My program is already running :)

I always assumed they did this

[Evro]

They control a big database and know when someone's about to buy something from one of their competitors, so they instantly buy it so the person has to buy it from them for any fee they want to charge. This is historically one of the most unethical companies around, I always assumed they did this, I'm just glad I got my domain ~10 years ago when it was actually possible.

Re:I always assumed they did this

[MightyMartian]

Eleven years ago when I first started working for an ISP, they were called Network Hell, and they had richly earned the moniker then, but their deeds over the last five years makes me think they want to earn some sort of record as the most unethical company in history.

ICANN didn't have the balls to kill the contract a few years ago, maybe they will finally do the right thing and rid the Internet of this vile vile monster.

Re:Make it cost them ...

[anotherone]

RTFA. If the user doesn't buy in a few days, they delete the domain- doesn't cost them anything.

Time for it to go

[Spazmania]

I'm sorry, but its simply time for free domain tasting to go. It costs something like $6 at the back end to register a domain for one year and its a hardship on no legitimate use if they have to pay another $6 to correct a typo.

Well, they're now the proud owners of

[Malevolent+Tester]

network-solutions-hates-non-whites.com
our-ceo-jacks-off-to-goatse.com
batman-touched-my-junk-liberally.com

DNS and Certificate services

[Deadplant]

The domain name registrars and the ssl certificate services are all run by crooks.
It is appalling that so much of our security infrastructure relies on this pack of thieves.

What should be we do to correct this problem?

Perhaps a consortium of the major Internet providers could start up a new DNS system.
I'm not talking about Comcast/verizon/aol, I'm talking about Level3, Cogent, Teleglobe etc..

thoughts?

Re:Use the /. effect to make them screw themselves

[RobertB-DC]

So, we can create a link that has a simple php script to have the user check a random domain through them. That way it isn't all coming from one IP Address...

Who needs a script when you have the power of Slashdot? /me goes off to join the crowd at the whois watering hole...

Don't use WHOIS

[Antibozo]

Whether it's NSI or some other registrar doing it, this has been a known issue for a long time. The solution is not to use WHOIS. Instead follow DNS from the root and see if it goes anywhere. E.g.:

dig the-domain-you-want.com. +trace

Re:Don't use WHOIS

[Deadplant]

The solution is not to use WHOIS. Instead follow DNS from the root and see if it goes anywhere.

Nah, that's a workaround.
The solution is to revoke their corporate charter.

Re:Don't use WHOIS

[IBBoard]

Except that you might get a lack of response when a domain is registered because someone has registered it but not put any DNS records behind it. That plus your ISP can still sniff that request anyway (which apparently some of them do).

On the main topic: as if it isn't bad enough having to beat the general domain squatters to a domain before they "squat" all over it, now you've got to beat the registrar to it as well?

Re:Don't use WHOIS

[Antibozo]

Except that you might get a lack of response when a domain is registered because someone has registered it but not put any DNS records behind it.

Yes, there are rare cases where you might not see a response, at which point you can go ahead and try to register the domain and perhaps fail. But most registrars throw in their own parking nameservers at registration time automatically, so it's pretty unusual to find a name that is in a registry but has no DNS records. The more likely scenario is when a domain is in HOLD status after expiring.

That plus your ISP can still sniff that request anyway (which apparently some of them do).

If you know of cases where ISPs are speculatively squatting on domains based on sniffed DNS lookups, please enlighten us. Certainly there are scenarios where even a DNS lookup could trigger squatting or tasting; after all, a GTLD server operator might be colluding. The noise level in DNS is so high, though, that they would be thrashing the TLD registries pretty heavily if they were doing this.

ICANN to the rescue!

[EllynGeek]

Don't worry, ICANN will fix everything and make it right!

I slay me.

I did it just now... They do it.

[marked23]

I did whois on frammusjammer.com at NSI, then thirty seconds later tried to buy the domain at Godaddy. It was already taken. Checked whois at register.com and it shows NSI as the owner.

F*** You Network Solutions

[T-Kir]

Just tried that search (my subject line) on the Network Solutions site and all domains for it were available, yet I searched using Easily.co.uk immediately after and f***younetworksolutions.com was registered by them immediately:

Record expires on 08-Jan-2009.
Record created on 08-Jan-2008.
Database last updated on 8-Jan-2008 14:38:53 EST.

Yup, I did that 4 mins ago.

I wonder how much it is costing them per domain :-D

Re:Can't be ALL of them.

[WindBourne]

Now try to purchase one of those at a different registrar.

Re:Dupedy do dah, dupidee-ay

[Xonea]

This is no dupe as this shows a specific example of someone practicing it.

Now you can relly test it; I searched for about 20 domainnames and they are now all registered by NS.

Re:Dupedy do dah, dupidee-ay

[flydpnkrtn]

"Domains may disappear" is a bit different than "NSI Registers Every Domain checked"

News does evolve over time... that's why it's news.

It doesn't cost them

I'll just respond in whole to the dozen or so posts above this one... don't bother writing automated requests to "bankrupt" NSI, as it doesn't cost them a cent to register a domain and then release it with in a few days. It's called domain tasting, which is also a problem with domain names that expire and are snatched up by creeps running scripts at the head end of one of the less scrupulous registrars.

Re:It doesn't cost them

[jafiwam]

True. However using scripts to keep NSI grabbing a large proportion of the domain space will cause all the cut rate registrars to scream bloody murder because their potential clients can't register anything because the scripts have dDOSed the domain space.

Which, might in turn make the vile practice of "domain tasting" (which benefits NOBODY but scammers) to be banned.

Re:It doesn't cost them

[Fear+the+Clam]

Which, might in turn make the vile practice of "domain tasting" (which benefits NOBODY but scammers) to be banned.

"Don't taste me, bro" --Domain

Re:Can't be ALL of them.

[Schraegstrichpunkt]

1. Go to networksolutions.com and check the availability of a random domain
2. Go to some other registrar (domainsatcost.ca worked for me) and try the same thing.

Mysteriously, the domain is suddenly unavailable.

Big companies who commit big crimes go free.....

[Raisey-raison]

I never understand why given that this is blatantly anti competitive, companies aren't immediately prosecuted under anti trust laws with their directors going to prison. And don't forget about some nasty fines and civil penalties. So if we find a college kid who copies a movie we prosecute the f*ck out of them and financially squeeze them until they are thoroughly screwed over. But if you are a big company and you screw over millions of people, you get off scot-free. Apart from the fact that the rule of law is a joke if the powerful are not investigated it would be better for the economy and everyone's standard of living if anti trust laws were enforced. How many extra thousands of dollars every year do we spend on things because they are more expensive than they would naturally be if companies were not violating anti trust laws.

Re:Make it cost them ...

[ajs]

Probably the best way to do this search so that it actually consumes the most interesting space first, is to build random domain names, weighted based on existing names. For example, you could build names by taking the most common 2 and 3 letter sub-strings:

foo.com
bar.com
foobar.com

foo: frequency 2
bar: frequency 2
oob: frequency 1
oba: frequency 1
fo: frequency 2
oo: frequency 2
ba: frequency 2
ar: frequency 2
ob: frequency 1

Now, just pick random length, say 5, and generate random strings with the weights to the random selection being the frequency. Better yet, just generate EVERY possible permutation, ordered by frequency like so:

foofo.com
foooo.com
fooba.com
fooar.com
barfo.com
baroo.com
barba.com
barar.com
fofoo.com
oofoo.com
bafoo.com
arfoo.com
fobar.com ... and so on

This should generate all of the most likely-to-be-registered domains of the given length. You could do this based on, say, a few google searches, some Wikipedia articles, and some subset of DMoz. That should get you a nice collection of domain names to seed with.

Web form that doesn't log your domain lookup.

[suso]

Here, use this:

http://support.suso.org/dns/saferdomainlookup.php

I wrote it a few months ago after these types of issues started coming up. I provide some transparency so that you can have confidence in trusting it. Of course, you can always use command line whois or DNS tools.

Re:spam the spammers?

[the_B0fh]

Don't you mean....

justchecking.com ?????

A Jabberwocky generator

[Burz]

...would probably help: http://www.poemsthatgo.com/gallery/winter2004/jabber/index.htm

The greater irony is..

[fictionpuss]

..that I tested this out using the domain name 'networksolutionsjustlostacustomer.com', which is still up for grabs.. but only via networksolutions, natch.

Re:The greater irony is..

[oahazmatt]

..that I tested this out using the domain name 'networksolutionsjustlostacustomer.com', which is still up for grabs.. but only via networksolutions, natch.

Ha! I showed them! I got 'networksolutionsjustlostacustomer.net' at GoDaddy!

Re:Can't be ALL of them.

[BaldingByMicrosoft]

Criminy, this is bad.

1. Went to godaddy.com and searched for {obscurewords}.com. It's available.
2. Went to networksolutions.com and searched for the same. It's available.
3. Went back to godaddy.com and searched for the same, again. NOT available!

NS is rotten to the core.

Just In Time For A Sale

[meatpan]

What a coincidence that just today, NSI spammed their customers with a Winter DNS sale announcement. Perhaps they are betting the hate will die down after the 3 week sale. If you need some help moving your DNS away from NSI, take a look at their HOW-TO

weren't we just complaining a few weeks ago..

[MarcoAtWork]

...about domains being tasted by spammers etc. that then would try to sell them to you at inflated costs?

In some ways this is a lot better, so if I have an idea for a domain, go register it at NSI, get sidetracked, go back the next day, the domain would still be available and not stolen by somebody sniffing the whois traffic etc.

As long as network solutions is upfront with this practice I think it could definitely be spun as a positive vs a negative (check a domain here and you can be sure that you'll be able to register it for up to 5 days after, instead of risking it being stolen or held for ransom).

Re:weren't we just complaining a few weeks ago..

[quantaman]

...about domains being tasted by spammers etc. that then would try to sell them to you at inflated costs?

In some ways this is a lot better, so if I have an idea for a domain, go register it at NSI, get sidetracked, go back the next day, the domain would still be available and not stolen by somebody sniffing the whois traffic etc.

As long as network solutions is upfront with this practise I think it could definitely be spun as a positive vs a negative (check a domain here and you can be sure that you'll be able to register it for up to 5 days after, instead of risking it being stolen or held for ransom). Except if that is their intentions they're not doing it properly. After you perform the search they have a button "Add Domains To Order", that would signify the intention to purchase the domain, but NSI has already purchased it at that point. Or if they're actually concerned about sniffing packets they could taste it for only an hour or so until the user progresses further.

Here's a test, try searching for a domain from one IP, then try going through the purchase process from another IP. How much do you wanna bet that NSI is more than happy to sell the domain to the different IP? Heck if two different people both have accounts have them search a domain name with one then step through the purchase with another, even with two conclusively different entities I'm sure they'll be happy to take the sale. Note there's no reason a spammer couldn't sniff the domain you searched for, then purchase it from NSI. If NSI doesn't restrict the purchase to the person who made the search they've done absolutely nothing to stop sniffers from stealing domains.

Re:weren't we just complaining a few weeks ago..

[ZenDragon]

They are not reserving it for YOU when you search, they reserve it such that it can not be registered by any other registrar. It could easily be snatched up by somebody else who was also registering it though NSI. How is that protecting customers? This is blatantly anti-competitive.

Re:weren't we just complaining a few weeks ago..

[chihowa]

How much do you wanna bet that NSI is more than happy to sell the domain to the different IP? Better than that, when you search for it they begin advertising it as for sale. They're perfectly willing to sell it to anybody, as long as they're the ones selling it.

Oh, this is fun!

[dskoll]

Look at the domains Network Solutions now owns!

the-real-microsoft.com
the-real-ibm.com
the-real-dell.com
the-real-walmart.com
the-real-esso.com
the-real-general-motors.com
the-real-ford.com
the-real-chrysler.com

NSI vs RIAA

[JCSoRocks]

Is there some way we can get RIAA mad at them? Register a bunch of domains using the names of songs, artists, lyrics, etc? I think if we could get a NSI vs RIAA fight going the sheer awesomeness of it would be brain melting.

Only dot com space

[griffjon]

I just searched netsolatemydomainsearch.{everything they offered} and then checked it on godaddy. The dot com version was taken, but the other TLDs were left alone.

e.g. netsol screenshot of me searching for a few sites:
http://www.flickr.com/photos/griffjon/2178156179/

GoDaddy saying the dot com version is taken:
http://www.flickr.com/photos/griffjon/2178156285/in/photostream/

Even more disgusting, the whois record has a freaking advert in it from netsol:

Registrant:
This Domain is available at NetworkSolutions.com
13681 Sunrise Valley Drive, Suite 300
HERNDON, VA 20171
US

Domain Name: NETSOLATEMYDOMAINSEARCH.COM

This Domain is Available - Register it Now!
600,000 domain names are registered daily! Don't delay; there's no guarantee
that a domain name you see today will still be here tomorrow!
Register it Now at www.NetworkSolutions.com.

Administrative Contact, Technical Contact:
Network Solutions, LLC domainsupport@networksolutions.com
13681 Sunrise Valley Drive, Suite 300
HERNDON, VA 20171
US
1-888-642-9675 fax: 571-434-4620

Record expires on 08-Jan-2009.
Record created on 08-Jan-2008.
Database last updated on 8-Jan-2008 15:33:32 EST.

Yes, another confirmation.

[Animats]

Just looked up Network-solutions-antitrust-violation-demo.com. and Network Solutions registered it.

Time for ICANN to issue a policy under the registrar agreement to enforce section 3.7.9: "Registrar shall abide by any ICANN adopted specifications or policies prohibiting or restricting warehousing of or speculation in domain names by registrars."

Re:Yes, another confirmation.

[Animats]

Did that, worked OK. Network Solutions will blacklist WHOIS queries that seem to come from a program or are too numerous. If you need bulk WHOIS data, you either have to become a registrar, make a deal with one, or buy services from "domaintools.com".

Looks like it has stopped, for now

[Uglor]

3:20pm - I searched for networksolutionsisabunchofdouchebags.com and they snapped it up

3:40pm - I searched for networsolutionsisabunchofsneakybuggers.com and they didn't touch it

PR response from NSI

[vmxeo]

Domain Name Wire has posted a response from NSI's PR department. Here's the relevent quote from NSI:

I just got off the phone with Susan Wade, who heads PR for Network Solutions. "This is a customer protection measure to protect customers from frontrunners," said Wade. "After four days, we release the domain." According to Wade, Network Solutions instituted this program as a test over the past few weeks. I asked if Network Solutions is actually acting as a frontrunner by doing this and she said there's a distinction. First, they are not monetizing the domains. Second, they have no intention of keeping the domains. All domains are released after the four day period.

Translation: So if anyone else does it, it's bad, because they're domain front-running. But when we do it's it's ok, because, uh, we say so. No, really!

Re:PR response from NSI

[rstultz]

That would be believeable, if they didn't immediately throw up a "This domain is available" page. If they're protecting the person who searched for it, why are they offering it to sell to everyone else?

Re:PR response from NSI

[Thalaric]

My problem with this is, regardless of NSI's intentions in registering the domain in the first place, when they release the domain after four days it is going to get snagged by another domain taster. Companies such as Snapnames.com operate by analysing which domains are being deleted from the whois.

The act of dropping a domain alone is enough to ensure that you won't get near it.

Re:PR response from NSI

[dgatwood]

Awesome. So the Slashdotting the system got today should cause all manner of pain for sleazebags who watch for whois deletions and snap up the domains. That rocks. Now we can annoy dozens of horrible, evil companies with the ethics of a turnip just by making a single query! Couldn't happen to a nicer bunch of dirtbags.

The only question that remains, then, is how can the slashdot community convince the link farmers to purchase as many of these worthless domains as possible so that when nobody ever visits any of them again, they lose lots of money?

Suggestions?

Call for more info

[Dan+East]

I checked an obscure domain name through them in the last several days and it was available. Lo and behold, it is now registered. I will be calling their support line at 1.888.642.9675, and / or their technical support line at 1.866.391.HELP to figure out what is going on.

I sure hope I don't take up too much of their time, because 1-800 minutes aren't cheap for them, neither is tying up their support personnel. However, if you're curious about these practices, you might want to speak with them yourself - it's your right after all.

A much simpler solution in bash

[concernedadmin]

#!/bin/bash
for i in `seq 1 50`; do
length=$(tr -cd [:digit:] < /dev/urandom | head -c 2)
domain=$(tr -cd a-zA-Z0-9\- < /dev/urandom | head -c $length)
echo "NSI will register $domain.com shortly"
whois -h whois.networksolutions.com "$domain.com"
done

Not a chance

[Weaselmancer]

Sorry pal, this is Slashdot. Source or GTFO.

Re:Not a chance

[nschubach]

No no... it's safe... you can trust anyone posting an executable under AC. Why would they want to do anything to hurt you?

Network Solutions' Response

[linumax]

Found it here.

"This is a customer protection measure to protect customers from frontrunners," said Wade. "After four days, we release the domain." According to Wade, Network Solutions instituted this program as a test over the past few weeks. I asked if Network Solutions is actually acting as a frontrunner by doing this and she said there's a distinction. First, they are not monetizing the domains. Second, they have no intention of keeping the domains. All domains are released after the four day period.

IMHO, bullshit.

Re:Network Solutions' Response

[mr_mischief]

Considering that most people check a few then register the one they like best out of those available it's detrimental to business to make those people wait four days, isn't it? The frontrunners would be more likely to script up a batch every day of the results from four days ago than the individuals would be to come back and register something NSI took off the available list.

It's also poor practice for NSI to keep me from searching on NSI then deciding to register with GoDaddy, Register.com, Dotster, or SRSPlus. That's especially true since I have an SRSPlus domain reseller account but hate their domain availability checking interface, and SRSPlus is owned by NSI. Perhaps I should resell for someone else instead, and move all my existing domains. I might on principal.

Re:Network Solutions' Response

[Jafafa+Hots]

Its a lie. if you check Ihaveabigprick.com and its available, 2 days later Joe Schmoe from Poughkeepsie can come along and register it, provided he does it at NetSol. It will show up as unavailable elsewhere, but available at NetSol.

So, this does nothing to protect you from having your domain registered out from under you provided the other person uses NetSol. The only one it protects is NetSol from having you decide to register it elsewhere with a registrar who doesn't charge NetSol's ripoff price. It's a "feature" solely to benefit NetSol at the EXPENSE of everyone else. Slimy fuckers that they have always been.

Re:Network Solutions' Response

[n2art2]

I've had a reseller account with enom for a number of years. I'd suggest them as a good replacement.

Re:Network Solutions' Response

[brassman]

"when they're up for renewal we're moving them to a different registrar."

ARRRGH! NO! If you put it off "until it's up for renewal", you will be told with a sneer that "We don't allow transfers within six (days|weeks|months) of expiration. If you don't resub with us for another year, you can't transfer it -- AND our Domain Squatter Facilitation Dept. guarantees you will lose the domain."

You do not lose a penny by transferring it right now, as the new registrar will give you full credit for the time remaining at NSI. MOVE IT NOW! NOW!! NOW!!!

Worse than that...

[raehl]

You can now buy uselessdomain00001.com for $34.99.

So they are DEFINITELY monetizing it, by charging more now that it has some traffic.

Re:At 4:24 PM (EDT-US)

[Ewan]

It's not a hold tag, they do actually register it - it's called domain tasting. You can register a domain and keep it for 5 days before you need to either pay for it or release it.

What NSI are doing is registering the domain for the 5 day period after anyone does a search for the name, making anyone who wants the domain only buy it through them for the 5 days. If after 5 days noone wants it, then NSI can simply release the domain name and not pay a penny.

Well...

[Weaselmancer]

...would you mind posting it?

ICANN SSAC looking for input on front running

[vmxeo]

Just found this in the ICANN Front-running paper. Note the contact email at the end...

For each instance of suspected domain name front running, the type of information that would be most useful in studying the case includes but is not limited to:

Method used to check domain name availability (e.g., web browser, application).

Local access ISP.

Provider or operator of the availability checking service.

Dates and times when domain name availability checks were performed.

Copy of the information returned (e.g., WHOIS query response) in the response to the availability check.

Whether the domain name was reported as previously registered or never before registered in the response returned from the availability check.

Copy of the information returned (e.g., WHOIS query response) indicating the name had been registered.

Copies of any correspondence sent to or received from the registrant perceived to be a front runner.

Correspondence with the registrar or availability checking service.

Any information indicating a potential relationship between the availability checking service and the registrant that grabbed the name.

Please submit incidents to the SSAC Fellow at SSAC-DNFR@ICANN.org.

LOL

[cromar]

All of a sudden Whois.net seems to be loading much more slowly. I wonder what could be happening!

Lessor of two evils?

[rs79]

" IMHO, bullshit."

Well... hang on and think about it for a second. In a perfect world if you look up a domain it remains available. But this is not a perfect world, we have ICANN instead.

My first reaction when reading TFA was "no way. they can't be".

But I see their point. With over a hundred registrars, many of them just squatters who want to get domains for the wholesale price of $6, it does appear ot be true that if you look up a domain at NSI you are still able to purchase it.

Compare this to some other registrar where if you look it up suddenly it's sold and now you have to buy it on the secondary market which will cost you way more that a regular domain. Lessor of two evils perhaps?

How long does it take to happen? I just looked up a long silly name at NSI and fifteen mninutes later it's still availalable. Anybody else notice this?

Re:At 4:24 PM (EDT-US)

[Tofystedeth]

So what you're saying is that in addition to the bot that one guy made to autoquery these domains, we should also make bots to give them heavy traffic for the next few days?

Clarification from Network Solutions

[shashib]

Hi my name is Shashi Bellamkonda and I work for Network Solutions. Aprreciate the opportunity to clarify. Here is a response on Circleid http://www.circleid.com/posts/81082_network_solutions_front_running/. Network Solutions is not front running. We've implemented a customer protection measure to help defend our customers against the actions of "front runners" or those persons who register domain names known to have been searched, for the purpose of monetizing them and then selling them at inflated prices either directly to the customer who searched for the domain or through aftermarket channels. The protection measure holds the searched domains at Network Solutions for up to 4 days so customers can take the time to decide whether registration of the domain name will help them build and protect their brand. Network Solutions is not registering these names at the end of the reservation period with the hope of selling them in the secondary market. Likewise, we're not placing any advertisements on these domains to monetize their traffic while they are in the reservation period.

Re:Clarification from Network Solutions

[Antibozo]

On the contrary, Network Solutions is effectively monetizing the domains by forcing buyers to purchase them at Network Solutions' inflated prices.

Furthermore, this concept of protection would only make sense if you thought consumers were searching for a domain both on Network Solutions' lookup system and on that of an another unethical competitor. But why would consumers do that? One lookup is sufficient, and by definition, you know that one lookup occurred on your site, so it's already unlikely that a competitor will have the opportunity. The notion that you're protecting anyone doesn't wash.

Re:Clarification from Network Solutions

[jamie(really)]

for the purpose of monetizing them and then selling them at inflated prices

But since I can buy them cheaper elsewhere, that means that you are precisely "monetizing them and then selling them at inflated prices".

Trademark Monitoring & Domains

[CptMidnight]

Can you imagine the nightmare it's going to create with all those Trademark monitoring organizations out there like MarkMonitor? Can you imagine if you queried high-profile trademark domains such as: MicrosoftSunCiscoWalMartIBMFord.com and they "reserved" the names?

I just hit it and looks like they now own it.

      Domain Name: MICROSOFTSUNCISCOWALMARTIBMFORD.COM
      Registrar: NETWORK SOLUTIONS, LLC.
      Whois Server: whois.networksolutions.com
      Referral URL: http://www.networksolutions.com/
      Name Server: NS1.RESERVEDDOMAINNAME.COM
      Name Server: NS2.RESERVEDDOMAINNAME.COM
      Status: ok
      Updated Date: 08-jan-2008
      Creation Date: 08-jan-2008
      Expiration Date: 08-jan-2009

Since Network Solutions registered the domain, I'm sure its triggering a response to MarkMonitor's "clients". I'm sure MarkMonitor and the other TM moitoring sites are going crazy now.

Re:is this right?

[Antibozo]

you walk into a store and see a jacket you like. you tell the clerk you want that jacket and the clerk puts it behind the counter for you.

It's more like: you walk into a store and see a jacket you like. You tell the clerk you are interested in that jacket and the clerk puts it behind the counter for you. You leave to check the price at a competitor's store, but by the time you get there the clerk has already called all the competing businesses and instructed them not to sell you that jacket, to which they agree.

Re:At 4:24 PM (EDT-US)

[Selivanow]

So basically....don't use NSI for domain lookups. Use someone else. Maybe a company that won't try to screw you.

Re:Can't be ALL of them.

[rdewalt]

Not only that, they also put it on one of their parking "Domain Available!" pages too.

www.hitler-had-only-one-ball.com,

Tried on godaddy, showed up as open.
Same on NS, showed up as blank.
Went back to Godaddy, clicked it again, "DOMAIN TAKEN"

Whois shows it up as;
    Domain Name: HITLER-HAD-ONLY-ONE-BALL.COM
      Registrar: NETWORK SOLUTIONS, LLC.
      Whois Server: whois.networksolutions.com
      Referral URL: http://www.networksolutions.com/
      Name Server: NS1.RESERVEDDOMAINNAME.COM
      Name Server: NS2.RESERVEDDOMAINNAME.COM
      Status: ok
      Updated Date: 08-jan-2008
      Creation Date: 08-jan-2008
      Expiration Date: 08-jan-2009

Within seconds of having it hit.

As for the "domain tasting" drop after $n days, why not just 're-search' for it, after 3 days, so it stays registered until it costs them money?

These domains are hosted on a wildcard DNS

[kindbud]

Oh brother! Another wildcard DNS server (not even RFC compliant, it returns a CNAME for every query, with no glue and no SOA, even when asked explicitly). These domains are parked on ns1. and ns2.reserveddomainname.com. All a spammer needs to do is search NSI for a domain, and it begins to resolve and can be used to spam.

The following domains are installed on my anti-spam relays' caching nameservers as empty stub zones. It prevents my anti-spam relays from resolving any domains hosted on nameservers that live in these zones. It accounts for a very large percentage of blocked spam on my systems, and I recommend mail admins start blocking domains hosted on wildcard DNS servers. It's quick, easy, painless, and your content filter will thank you for easing its workload (if it could talk and had emotions, that is).

cheap-dns-host.com
domainservice.com
fastpark.net
namesdiscount24.net
name-services.com
names-service.com
parked.com
parkingsave.net
reserveddomainname.com
versans1.com
versans2.com
versans3.com
versans4.com
versans.com

Another one to add to the list

[JimboFBX]

I thought I'd try it out: http://www.payupnetworksolutions.com

NSI doing Creative Commons Abuse, too!

[schmiddy]

I Just followed the link to uselessdomain0001.com. Check out the blue globe logo at the top.. now check out this CC licensed SVG image on Wikipedia: Applications-internet.svg. Looks like someone "accidentally" forgot to include the Creative Commons Share Alike license on that page.. hmmmm.

I think it's pretty obvious that NSI is just a scummy company, through and through.

P.S. If uselessdomain0001.com has changed by the time you read this, just check out uselessdomain0002.com or any other similarly tasted domain.