Did someone steal your domain name?
If you had a domain name all picked out, only to discover that someone seemed to have registered it after you looked it up but before you bought it, the Internet Corporation for Assigned Names and Numbers (ICANN) would like to talk to you. The agency opened an investigation to discover whether this practice is going on, and if so, what to do about it.It’s called “domain name front running,” and only someone with inside information can do it. Basically, you need to know what queries are being made to the whois service, and which ones don’t resolve to existing domain names. When you find a query that fits that description, you buy it, park it, and figure on selling it later for a large profit. Oh, and of course you get whoever wanted to buy the domain name rather annoyed.
This is totally different from other forms of domain name speculation you may have heard about. It’s not unusual for someone to buy a generic-sounding domain name – like cowboys.com, to coin an example – and then sell it for a profit based on the kind of traffic it can generate with the right web site built around it. A good, dedicated domainer might even put some work into building the site up in a way that fits with the suggested theme before selling it, to at least make back the initial investment.
Domain name front running gets its name from a similar practice in the finance industry, namely “stock and commodity front running.” This happens when a client orders his stock broker to make a purchase, and the broker first makes a purchase of his own based on the order he just received from his client. Stock and commodity front running is illegal.
Domain name front running is not, however. That should come as no surprise, both because the Powers That Be often try to err on the side of less regulation when it comes to the Internet, and because, as I mentioned in the introduction, there is some dispute as to whether it actually exists. A recent announcement by VeriSign seems to indicate that if it doesn’t exist yet, it will very soon.
Domain Name News broke the story late last month. Citing sources, it revealed that VeriSign is mulling the idea of selling access to selected root DNS server lookup data to registrars. This data contains failed lookups. When you know what sites people are trying to find that don’t actually exist, you can make estimates of how profitable they might be, and then buy them.
Domain name tasters can already get this information from some ISPs. But VeriSign manages two of the 13 root name servers, so getting the data directly from them cuts out a middleman. It’s rumored that this data won’t come cheap or easy, however. VeriSign allegedly plans to offer a batched service which would let registrars upload a list of names and then receive a report detailing which names saw “lookup traffic” over a specific period of time.
That covers the “not easy” part. The “not cheap” part is pretty exorbitant, as you’d expect when speculators may be involved. Rumors peg the price of the proposed service as high as one million dollars – with the fee to be waived if the resulting volume of domain name registration warrants it.
Are you angry yet? ICANN’s Security and Stability Advisory Committee is, if not angry, at least a bit put out. They released an 11-page PDF report on the issue. They did concede that there has been no guidance on the matter. “ICANN’s Registrar Accreditation Agreement and Registry Agreements do not expressly prohibit registrars and registries from monitoring and collecting WHOIS…domain name availability query data and either selling this information or using it directly,” concedes the SSAC. “In the absence of an explicit prohibition, registrars might conclude that monitoring availability checks is appropriate behavior.”
The SSAC noted in its report that “Registrants have filed complaints with ICANN, registrars, and with Intellectual Property attorneys that suggest domain name front running incidents may have occurred.” Numerous suspicious incidents have undoubtedly gone unreported. Our own CTO, a man with many ideas for cool and useful web sites, estimates that it has happened to him “a minimum of 10 times.” The Internet used to be a place where you could start a business on a shoestring; if someone else has grabbed the domain name you want to use and is trying to sell it at a profit, that’s not true anymore. Multiply our CTO by all the people who have great ideas for an Internet business but not a lot of money to get it started, and you begin to see a real economic impact to this practice.
One of the reasons ICANN is concerned about this alleged practice is that it “portrays an unfavorable image of the parties associated with the domain name registration process in specific, and of the domain name community in general.” Part of this image may have to do with the methods involved in domain name front running. Practitioners must have information, and there are a number of unsavory techniques that SSAC believes they may be using to get it.
One of these techniques is simple client software: “Free- and shareware WHOIS client applications, Browser Help Objects (BHOs), extensions, plug-ins and cookies…can be programmed to record WHOIS queries, domain name queries…and relay these over covert connections…to the software developer or affiliated 3rd party of the developer,” according to the SSAC report. Some of these can be considered to be a form of spyware.
An uglier method involves viruses. “Email-delivered worms infect hundreds if not thousands of client computers daily…Trojan software can be programmed to collect URLs, DNS activity or keystrokes.” The SSAC report notes that it’s not just individually-owned computers that suffer from infections, and “inadequately secured DNS, web and other application servers may also be compromised by attackers,” who then install software to monitor DNS, WHOIS and other system and user activities.
Registrars, resellers, and registries can make lists of names that are checked but don’t resolve. They can either use these names themselves or sell them to domain name front runners.
And then there’s one of the classic forms of hacking: social engineering. “An employee may unintentionally or prematurely reveal a service mark, television or movie title, or product slogan his company intends to register as a domain name during a conversation in a public area, and a passer-by might speculatively register the name,” the SSAC report notes.
The SSAC didn’t say that these practices were actually happening; however, the committee believes they present “plausible opportunities” for domain name front runners to discover potentially profitable URLs. Nor are these the only practices they cited.
To find out whether this practice really does exist, the SSAC is calling for public comment. If you think you’ve had a domain name swiped out from under you by a domain name front runner, let them know about it by sending an email to ssac-dnfr@icann.org. The group will then review the reports and decide where to go from there.
If you do decide to send an email to the SSAC, there is certain information they would like you to include that would help them in their investigation. Here is the list:
- Method used to check domain name availability (e.g., web browser, application).
- Local access ISP.
- Provider or operator of the availability checking service.
- Dates and times when domain name availability checks were performed.
- Copy of the information returned (e.g., WHOIS query response) in the response to the availability check.
- Whether the domain name was reported as previously registered or never before registered in the response returned from the availability check.
- Copy of the information returned (e.g., WHOIS query response) indicating the name had been registered.
- Copy of any correspondence sent to or received from the registrant perceived to be a front runner.
- Correspondence with the registrar or availability checking service.
- Any information indicating a potential relationship between the availability checking service and the registrant that grabbed the name.
It’s a very tall order, but it is important to get all the documentation out in the open to determine whether this practice is actually happening – and if it isn’t, to keep it from turning into “perceived wisdom.” If it is happening, the documentation should assist SSAC and ICANN in deciding what action needs to be taken to ensure that everyone has a fair shot at the domain names they desire.
Add comment November 26th, 2007