Slashdot Mirror
ICANN Moves To Disable Domain Tasting
jehnx writes "Following Google's crackdown on 'domain tasters', ICANN has voted unanimously to eliminate the free period that many domain buyers have been taking advantage of. At the same meeting they also discussed Network Solutions' front running but took no action on it."
Good.
(all other posts after this are either wrong or repeating)
I live in constant fear of the Coming of the Red Spiders.
Network Solutions recently released a comment on their supposedly unscrupulous business practices. They claim that their automatic registration of domain names that were searched for was an effort to stem the problem of domain tasters. I have a hard time believing that.
Or domain kiting? In tasting, customers register the domain for 5 days and use that up and then let it expire. In kiting, they delete the domain before the grace period is up and then re-register for another 5 day grace for the same domain.
My blog
I expected to see a 'suddenoutbreakofcommonsense' tag on this one, but maybe I saw it before it had time to be tagged.
In this case, it doesn't seem to be a sudden outbreak, though... Reading the notes (yeah, I RTFA) I can see that with the possible exception of Bruce Tonkin (who dropped off the call because of possible conflict of interest, thus making him a good guy no matter his opinion on this matter) everyone agreed that any measure except removing of the Add Grace Period (AGP) would be ineffective and only cause other harm to the community.
It's also obvious from the notes that they've spent no little time thinking about this, and they had their arguments ready. And when talking was done, they were ready to do the right thing. All of them, unanimously.
It was unclear whether the 21-day period was in effect, though... They talked about having to notify the public of policy changes 21 days in advance or more. Even if it is, 3 weeks is pretty short.
"If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
I always thought it was a bit of an obvious loop-hole. Good to see that Google's stance appears to have forced a good decision from ICANN.
.uk domains don't have one - every registrar I've bothered reading the FAQ for basically says "you typed it wrong? Then tough luck, we gave you an 'are you sure the details are right' page".
I don't even know why they have that grace period. AFAIK
If only there was a way to cut down on pointlessly parked domains that turn up high in search results...
Is domain tasting really the most important problem that ICANN could sink its teeth into?
.com, .net, .org, .info domains). But yet they chose to remain toothless in all but the most very extreme cases of bad registrar services.
I say no.
ICANN has the role of accreditation of domain name registrars themselves (particularly for
Bad registrars, such as pacnames.com, yesnic.com, and more recently mouzz.com, are willing partners in the international spamming epidemic. They have or still do sell domains to computer criminals, willingly accepting bogus data from these criminals in exchange for a kickback.
If ICANN really wants to make a positive difference on the internet, they need to flex their muscle and make use of their ability to un-accredit bad registrars. Why they continue to neglect the opportunity to do so is beyond me.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Now, we just need all the rest of the ccTLD registries to do the same, and spammers' lives will get that little bit harder.
Is the fact that last night I was searching for a sprayfoam insulation company in maryland (using google), and the very first link that came up, was a domain taster domain registered 3 days prior to yesterday, that only had ads and click through sites on it...
It was most annoying, but the fact it came up as the first link, means google really should do soemthing about sites abusing the ranking systems and not just people abusing the adsense program.
I came, I conquered, I coredumped
Bad!
Its a good move, but im still waiting to see some more action against domain squatters. It is so infuriating to have a good idea for a website, only to have 99% of the possible/good domain names being taken and being part of some advertizement network. And I just refuse to pay them.
Ofcourse, in economic terms, it would probably be worth it in the long run if you have a very good idea to pay some extra for the better domain name. But its like paying for "protection" money because the alternative is worse...
If pacnames, yesnic and mouzz are getting kickbacks from the criminals, maybe they are sending a cut to ICANN.
My blog
I wonder what impact this will have on registrars such as GoDaddy.com who (according to Wikipedia) have 55.1 million domain names registered a year of which 51.5 million are canceled and refunded just before the 5 day grace period.
While GoDaddy.com doesn't get to keep that money, it does generate a revenue flow. That is, GoDaddy.com must return the money, but there's no requirement to cut a check that day. It may be a week or three before GoDaddy.com has to cut a refund check. In the meantime they have money to work with much like banks do. Most businesses operate on revenue flow and not strictly the net balance they have available at any one time.
If ICANN drops this grace period and domain tasters drop away (possible if unlikely) that leaves GoDaddy.com with 51.5 million domains at $10 per domain (or $515 million) in revenue flow that just dried up. That's a lot of money to just disappear from your business finances.
IANAA, but I think that this decision will have the most impact on large registrars. Perhaps a one day grace period for people who honestly made a mistake would have been more appropriate. One day is not enough to get a domain properly "tasted" because it takes about that long for the DNS entry to propagate through the network, and by the time it was out the domain would either be permanent or gone.
...and that's the way the cookie crumbles.
Don't taste me, bro!
"You'll get nothing, and you'll like it!"
If you have a good idea for a website, pick a unique, memorable name, not an obvious one. Who's the number one auction site; auction.com or eBay? Who's the number one on-line bookseller; books.com or Amazon? What is an ebay anyway? What does a river in Brazil have to do with books? Nothing, it doesn't matter, most people are going to find your website through Google anyway rather than typing in a URL.
Support Right To Repair Legislation.
but $9.99/yr is not much. What's the point of going through all that trouble? Are the people who practice domain kitting registering thousands of domains this way?
It is by orders of magnitude more expensive than not paying anything
Yes.
That is an interesting question to raise. Honestly, I have always hoped that the problem with ICANN was due to incompetence rather than corruption.
Frankly, the more cynical side of me should have considered that possibility long ago. For some reason the optimist was in charge of that decision instead...
And on a side note, I can't help but wonder who the wise-ass is that modded your post "funny". If I had mod points today (and wasn't posting in this thread already) I'd have given it "insightful".
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
I wonder how many of these 'domain tasters' are just registering domains to use in spam and phishing scams. Considering how often the URL changes on the spam I get (that is obviously from the same originator) I would imagine that's what they're doing. If that's the case, I expect the elimination of domain tasting to at least change the way spam is set up, perhaps making some of it easier to detect.
In any case, domain tasting is a very antiquated system almost designed to be abused, and should have been dropped long ago.
Do any registrars check any data you give them that is not required to process your payment? As far as I know, none of them do criminal back ground checks, or require your information to be accurate.
Well.. maybe. Or Maybe not. But Definitely not sort of.
One step back from the wrong direction they've been heading for years.
Or can anyone here name me one not-advertisement-related reason for "domain tasting"? The only use I've ever read about is registering the domain and checking if you get enough hits on it to run your ads with enough profit, before you commit yourself.
Assorted stuff I do sometimes: Lemuria.org
I don't know why that makes me happy.
DT
Is this thing on? Hello?
killing a botched mod
'dupe' is useful, and by itself almost makes the whole thing worthwhile.
pi = 2*|arg(God)|
Along with many others, I deplored Network Solutions' preemptive domain registration which took advantage of domain tasting. However as a former beneficiary of the present domain tasting policy, I can see at least one benefit to consumers (and businesses) that gets overlooked because of the audacity of Network Solutions' behavior.
About a year ago I registered a domain that had a transliteration of a foreign word. I discovered, within a few hours, that my transliteration was not the preferred spelling (for example, "perogi" as opposed to the preferred "pirogi"). I asked my registrar to refund my money for the first domain and registered the domain with the preferred spelling.
Honest mistake and no one was harmed in the process of deleting the undesired domain. Sure, I could have researched that transliterated word before registration but it simply did not occur to me that a spelling which in my day (yeah, I'm over 40) was correct would have been superseded. (Sort of like finding out BBQ is actually spelled "barbecue".)
blog
Well, ICANN does require that registrars maintain accurate WHOIS data so that the domain owners can be contacted.
Payment processing is an interesting question in and of itself, as well. I would suspect that someone with extensive criminal connections (such as Leo Kuvayev) probably wouldn't have much difficulty getting credit cards that correspond to any name and location he likes. And if that is how we wanted to make his payment, then it would be easy to skate by on just enough data to process the payment.
And I would suspect that few if any registrars would bother doing any kind of background checks on their customers. It would probably cost them more than the fee they charge for registration, and I wouldn't expect them to be willing to take in that kind of loss.
However, some registrars are selling domains to names that have been documented for years to be associated with criminal spamming enterprises. These registrars are simply negligent at best, or criminal co-conspirators at worst. They know that their customers are associated with crime, yet they opt to do nothing.
And of course, the registrar could do something about if they really wanted to. All they have to do it change the DNS record for the spamvertised domain to something that either doesn't resolve at all, or won't resolve the domain in question. With that done, new requests to the domain will never get anywhere, as they won't be able to resolve the domain to an IP address.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
I don't know US law, but I'm pretty sure this is illegal in one way or another.
If I were someone who loses a legitimate domain name I wanted to register to such fraud, I'd go to court and demonstrate how NSI systematically abuses its power of being able to register domains for free in order to force people to register domains through them. I'm sure even if it's not extortion, it's anti-competitive at least...
Who is General Failure and why is he reading my hard disk?
Given that virtually all domain registrations are instant, I'd say no. The only exception I'm aware of is .travel, which is a real pain in the arse to register under.
The .au space is pretty tightly governed. For example, for a .com.au you need to be an Australian registered business and provide your Australian Business Number or similar identification; and the domain name needs to either be close or exact match for your business name or "substantially related".
I'm pretty sure it used to be that registrations were vetted by humans in order to ensure the information you provided was accurate, and there was some delay between submitting your registration and actually getting the domain. I guess that doesn't scale so well because now .au domains are instantly registered just like .com and so on. The rules still apply, but it's only there so people can challenge registrations. This does function as a good disincentive for abusing the DNS though; if you do something dodgy enough to get someone's attention, they can complain to auDA and if your registration info is invalid / bogus, you can lose your domain and your money. At least in theory.
Domains taste like chicken.
Eliminating the grace period also eliminates front-running. If you read the transcript, NSI had in fact indicated that they would roll back front-running if they lost the grace period.
So what is the best register to use for us UKians?
I like muppets.
The significance of this may not be obvious to everyone so let me explain. The TTL (Time To Live) value is part of the SOA (Start of Authority) in a DNS zone file. The TTL value is how the administrator of the authoritative NS tells the client's DNS resolver to cache the DNS responses. Ie, if I lookup the MX for blah.com and the TTL is 300 then I will cache that response for 5 minutes and I'll use that cached response for any subsequent queries until the TTL expires. I won't bug you or waste your bandwidth until then. It's a way of reducing load on the authoritative NSs and keep from wasting bandwidth across the Internet for redundant queries (think of a caching HTTP proxy).
The effect of the registrar's taking this step manifests itself when the domain gets renewed. The domain is renewed as soon as service is interrupted and the problem is discovered. The registrar submits updates to Verisign for the COM zone file twice a day. Depending on when the domain was renewed with respect to when the registrar sends the updates as well as the SOA values (that control caching) dictate how long it will be before the domain is functional again. The registrar, Spirit Domains, chose to set the TTL to something between 24 and 72 hours. That's 1-3 days for the math challenged among us. That's absurdly long. I contend that most renewals of expired domains happen within 1-12 hours of the expiration for domains that are actually used. Why any registrar would choose to use a TTL longer than an hour or two is beyond me. I can understand the concern of the load this would put on their NSs. The answer is simple though. For the first day set the TTL to 1hr. On the second day set the TTL to 6 hours. On day 3 set it to 12 hours. On day 7 set it to whatever you want. 98% of expired domains that are going to be renewed would surely be done within 3 days. That would keep the MTTR for the function of the domain down to a reasonable level. 24-72hrs is not a reasonable level.
I called Spirit Domains to chew on them earlier this morning. The guy I spoke with said that he didn't know why that TTL value was chosen but that it was what they always used. He said it was definitely between 24 and 72 hours. That's horse shit. On top of that, in the temp zone they created also had a MX record. It was the MX record that had the extra high TTL of +48hrs. Even if the NS records expired in 24 hours the MX records would have still been cached and would have still been pointed at Spirit Domains SMTP blackhole: grey-area.mailhostingserver.com.
In short I would like to see ICANN address the problem of what registrars put in their expired domain zone files. The TTLs should be kept low and increment slowly. Their should not be a MX record under any circumstances.
Is there a newsletter the registrar's get every moth with names of know criminals? I don't know who they would get this information. I'm sure its out there but how easy is it to collect all of this information?
Plus if you do have this list of known criminals that should not be able to register domain names, how do you allow someone else with a similar name to? First and Last Name combo's are not unique. Just take a look at all of the problems we've had with false positives for the No fly list. If I was on that jury that was trying to convict the registrar of negligence, I'd need to see some more direct evidence showing that it was practical for them to screen criminals, and that it was part of their responsibilities.
Well.. maybe. Or Maybe not. But Definitely not sort of.
That is a valid point, certainly. However, for many of the criminals, there are some obvious patterns involved. In particular, the criminals generally purchase several dozen (or more?) domains in a single day. If you are aware of a good reason why a legitimate business or individual would want to do such a thing, I'm interested in hearing it.
Second, many of these criminals do keep the same name and registration data as they move from one registrar to another. For example, "Leo Kuvayev" has been using the alias "Alex Rodrigez" (note the spelling) for several years now. And over the past three registrars, he as always claimed to live in Lappeenranta, Finland.
So if the registrar started by taking notice of the red flag that should come up when someone registers a large number of domains with very different names, and then they took 5 seconds to do a google search on the contact data, they'd see that they are selling to a known criminal.
If I was on that jury that was trying to convict the registrar of negligence, I'd need to see some more direct evidence showing that it was practical for them to screen criminals, and that it was part of their responsibilities.
ICANN does state that the registrars are obligated to keep valid WHOIS records on the domains they sell. And it really isn't that hard for them to check against publicly available data on their customers when they get unusual requests.
I'm even willing to concede that they shouldn't be expected to check every Tom, Dick, Harry, and Jane that buys a domain. When I've checked the WHOIS records of the spamvertised domains that I see, I would say that over 80% of spamvertised domains are registered to less than 5% of all spamvertised domain registrants, and through less than 2% of all accredited registrars. If the registrars were at least held accountable to check the data on their customers that make unusually large purchases, we could do a lot to stem the current problem.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
The downside to this is that .com needs to be international and some countries have pretty strange looking addresses. I had a customer have his domain disabled every year when someone would look at the address (roughly translated as three houses over from the post office) and disable the domain for having a fake address even though the customer was getting mail at that address.
very true. 'slashdotted' is also a good one. The tagging system needs overhauling--not removing.
whois networksolutionsisabunchoffags.com
.com and .net domains can now be registered
.com and .net domains can now be registered
Whois Server Version 2.0
Domain names in the
with many different competing registrars. Go to http://www.internic.net/
for detailed information.
Domain Name: NETWORKSOLUTIONSISABUNCHOFFAGS.COM
Registrar: NETWORK SOLUTIONS, LLC.
Whois Server: whois.networksolutions.com
Referral URL: http://www.networksolutions.com/
Name Server: NS1.RESERVEDDOMAINNAME.COM
Name Server: NS2.RESERVEDDOMAINNAME.COM
Status: clientHold
Updated Date: 30-jan-2008
Creation Date: 30-jan-2008
Expiration Date: 30-jan-2009
whois networksolutionsisqueer.com
Whois Server Version 2.0
Domain names in the
with many different competing registrars. Go to http://www.internic.net/
for detailed information.
Domain Name: NETWORKSOLUTIONSISQUEER.COM
Registrar: NETWORK SOLUTIONS, LLC.
Whois Server: whois.networksolutions.com
Referral URL: http://www.networksolutions.com/
Name Server: NS1.RESERVEDDOMAINNAME.COM
Name Server: NS2.RESERVEDDOMAINNAME.COM
Status: clientHold
Updated Date: 30-jan-2008
Creation Date: 30-jan-2008
Expiration Date: 30-jan-2009
No offense to gays intended.
Also I don't think it is much trouble for the kiters. I would imagine they have all sorts of automated tools to run the process of juggling that many names.
I would be glad if they remove the grace period.
WTF? Because they believe those domains are valuable in and of themselves? Picking up the leftover crumbs in the domain investment world? This sounds just like the argument against P2P technology: "We don't do it, therefore it's probably criminal."
We often purchased that many domains in a single day at my old company. We were a small hosting company, so we weren't our own registrar, and had to us an actual registrar for the domains that our clients wanted registered.
We often batched up the registrations into a few groups a day, because the process wasn't completely automated (partially because we weren't a generic hosting company, but rather a provider of both hosting and content creation). Also, with many of our clients wanting .com, .net, .info, .us, etc., and some wanting .tv and other lesser TLDs, a single site could end up requiring 8-10 domains being registered.
> Yes. IIRC, Network Solutions would not snipe the results of whois lookups/DNS failed lookups of domains, only the domains that you searched for as the first step of registering it.
...
Actually, they DID snipe the others, it just took a while longer before they went live, IIRC. I'm pretty sure I tested that exact thing (along with several others) when the story first came out.
That, or they really wanted domains like (and I don't remember exactly what I got them to taste) netsolisathievingscumbagregistrar.com or fjklsdfjsdhfisdhfosdhfpoisdhfpaidhfpoahdf.com
The interesting thing was that if you queried THEM it would still claim it was available, but once you checked with anyone else, it was not. And this was for domains where you were merely whoising them, NOT going through their website as if you planned to buy them.
Well, in theory, anyway. In reality, if you had the money and were a big enough name, you could get any .com.au regardless of 'genericity', etc., whereas the small time .com.au company would often have to go through several revisions and "add words" to their company name to provide "further" specificity, all the while you watched companies register like news.com.au etc.
I thought this was gonna be about Taser shots to the nuts...
Please read the remainder of my message. I didn't suggest outlawing registration en masse. I suggested that it should be a red flag for the registrar to investigate the history of the customer.
Though really, should one person own "2008adobedeals", "softfactorysale", "nnowsoft", and "nbuysoft", to name a few? Especially if its the same name *and* contact information that was used previously to register hundreds of other sites selling pirated software and/or controlled drugs?
I really just would like to see the registrars clean up their act, and apply a little common sense to who they keep as customers. If they would actually pay some attention to what their products (as in registered domains) are being used for, they could help with the real problem here.
Instead, (many of) the registrars are apparently in it strictly for the money. They don't appear to have the least concern for what their customers are doing with the domains that they purchased. A little social responsibility and concern here could really go a long way.
Picking up the leftover crumbs in the domain investment world?
I wanted to touch this one in particular, while I'm on my soapbox. I've never been a fan of people who purchase intentionally misspelled names in the hope of getting traffic from people who don't type well.
But much of this large-scale registration isn't even going for that. I've seen other spamvertisements that were using mostly random domain names, that didn't even resemble words in any language I've ever seen in the latin alphabet. Many of these criminals just want to buy as many disposable domain names as possible, rather than trying for speculative investing.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
The original domain name grace period rule was ostensibly to prevent people from complaining that they'd paid $35 for a domain name that they'd mistyped or that somebody else claimed was their trademark, and it avoided trademark disputes because you could simply return the name rather than having to sell it to the alleged trademark owner who might then complain that you were trying to name-squat them. It's not clear that it was a serious problem at the time, but it's become an industry that's clearly causing far more problems than it solves.
ICANN keeping their fee is at least a good start - in theory the registry should also get some cut of the restocking fee as well. In practice this isn't enough money to kill off the whole industry, but it's a least going to cut down on some of the noise.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I always kinda liked the idea of having the registrars charge a small amount for the sites which they "taste." Not enough to have make it impact overall prices for those that aren't pulling a network solutions style ripoff, but enough that companies like NS end up paying out if they decide to try and hold potentially desirable domains for ransom.
The reason that most of them do it is ad-banner revenue - if enough people hit your web site by typing keywords into their browser that you can pay for it with ad banners or Google adwords or whatever, then you're making a profit. Domain tasting lets you try out a name for nearly-free and see if it generates enough hits over a couple of days to make it worth keeping. Depending on how much revenue you get, it *might* be worth paying the whole $6/year to keep it, or it might only be worth the cost of kiting it, which is still non-zero (it's your cost of money on $6/year), and which risks somebody else grabbing it if their automated tools are faster than yours.
Grabbing names that somebody else is checking the ownership on does two things - one is that it's sometimes possible to make money by scalping the name to them, but also it means that the name had *some* probability of being something that humans might type into a browser, so it's more likely to be worth grabbing for the advertising revenue. It's especially common if a domain name has just expired, because there's a good chance that the site had some traffic on it that you can capture for your own ad banners. A friend of mine just had her domain name stolen after owning it for 10 years - hopefully she can get it back but at least as of last week it was pointing to a domain-parker page.
There's a whole parasite-infested industry called "domainers", who are people who buy up domain names for the advertising revenue and for the possibility of making a profit by selling them either to other domainers or to businesses that actually want the name. They're parasites because they're using name space without providing any useful content, and in many cases they're also filling up Google with pages pointing to their pages, so that Google searches are more likely to get their sites than the interesting stuff you were looking for.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Isn't news.com.au owned by News Corp? Sounds fairly similar...
I worked for a company, with a generic-ish name, we'll say, for anonymity's sake, "Streetlamp Solutions". We tried to register streetlamp.com.au - no dice - "too generic". We ended up going with streetlampsolutions.com.au. Fine.
News? isn't generic? How come they weren't pushed to register newscorp.com.au? I'm sure any other news/paper/media source in Australia would have killed for that domain. But no, "news" wasn't too generic. Even when you consider, in our industry, people knew us as "streetlamp", and people in Australia know NewsCorp as, well, NewsCorp.
Hence my point, standards and rules were routinely broken for deep pocketbooks, NewsCorp, Orange, etc, there was no consistency.
It's a good move, but... as with almost any bureaucracy, the reaction has come slowly. Lots of "profitable" domain names have already been permanently snatched from the namespace, and many more will surely be taken in the remaining days until the policy comes into effect. The change will protect any future lookups. However, I wonder what percentage of all currently registered domain names is registered thanks to this loophole. No such estimate?
17779 eligible voters in a district, 17779 'vote' as one. This is Russia.
I dunno!
When did ICANN vote unanimously to stop domain tasting?
When did Google announce that it would stop domain tasting?
Did Google announce it would end domain tasting after ICANN vote unanimously to stop it?