ICANN Finds No Wrong Doing in Domain Front Running

eldavojohn writes "Remember the investigation ICANN did in domain name front running? Well, it turns out that there was no wrong doing going on at all. What went wrong? Domain name 'tasting', which involves a free five day trial of a domain name, was the big culprit. From the article: 'In some cases ... the committee found that a separate practice of domain name tasting may be causing problems. That refers to someone testing the financial viability of a name for up to five days and then returning it for a full refund, using a loophole in registration policies. Domain tasting can tie up millions of Internet addresses, including ones someone checks but does not buy.' If you check for availability of a website and someone sees you do it and they reserve it before you, it's fair play."

Nice.

[Creepy Crawler]

Predatory domain name "Owner" finds no wrong with predatory practices.

Captain Obvious to the rescue!

I guess it's high time to support truly free DNSes, rather than the corporates. All they do is scam and then hide.

Re:Nice.

[gujo-odori]

No kidding. Besides being in IT, I also hold a real estate license, and if I were to do - or even attempt to do - the equivalent of front-running, I would be at risk of discpline from the real estate commissioner's office and the board of realtors, possibly up to losing my license, as well as wide open for a lawsuit (real estate is a more litigious business than even the patent industry).

An example: I'm acting as your agent, or you are considering retaining me as your agent. There's a property you're interested in that appears to be a great deal. You tell me about it and ask my opinion. I tell you I'll check it out and get back to you by tomorrow. Recognizing that it is indeed a great deal, that evening I put in an offer to buy the property myself and leave you out in the cold.

That is both unethical and illegal, and is essentially the same thing that NetSol or any other registrar does when they practice front-running (they're in the position of being your agent, or prospective agent). It's hard to see how ICANN sees nothing wrong with that. True, it may not be illegal or against ICANN's rules, but it certainly ought to be.

Re:Nice.

[IdeaMan]

It's not quite the way you describe.
It's like you go place a reservation on the property in your name in order to prevent some third party from getting buying it before your client does. However, by doing this you also prevent your client from using another agent to buy the property.

I'm describing the Network Solutions tactic, not anyone else. Were you saying that NS will refuse to sell it to you while they squat on it or take it over as their own? I hadn't heard of any cases of them doing that.

I still think their practice is at best highly questionable, and most likely predatory, but just wanted to make sure that their practice was being accurately represented.

Re:Nice.

[Thought1]

In either case, the proposed change to ICANN policy would stop even NS's practice, because they'd be charged the $0.20 fee for every domain name they did that with, which would add up to expensive really fast. They've stated that they would stop the practice if the ICANN implements the "no registration fee refund" policy, though their claimed reasons are that their users would be less at risk.

Re:

[khallow]

It's like you go place a reservation on the property in your name in order to prevent some third party from getting buying it before your client does.

No, it's like you go place a reservation on the property in your name, when you notice a potential client, who uses your real estate lookup service, seems interested in the place.

Re:

[ciscoguy01]

But ICANN is an organization that can't detect clear ethical violations and conflicts of interests even when it's plain for any idiot to see and recognize.

When it gets through to ICANN that they are supposed to be preventing such conflicts and they actually start doing what they are charged to do, this will all stop.

ICANN is likely dominated by the very companies they are charged with regulating.

Oh hell, put me in charge of ICANN and this will all stop right away. They can do domain tasting, for a

What ICANN is

[rs79]

ICANN went through three stages of evolution. At first it was bunch of - by their own admission - clueless board members picked in secret by the US government, specifically Ira Magaziner, Clintons senior science advisor, and Roger Cochetti from IBM.

Next they were taken over by intellectual property attornies from multinational corporations. Once they'd had their way with internet law and policy came... ... the "domainers" and registration people. That's who goes to ICANN meetings and populate the various ICANN committees.

Is it any wonder they didn't find anything wrong with the practice they invented and make money from?

The US Government mandate ICANN operates under says they must be "open and transparent" and are not to create policy, but to determine the consensus of the Internet community and implement policy based on this. I have personally watched them chnage their bylaws retroactively to prevent the "wrong" poeple from being a part of the organizatin. I've personally watched them kick people out of meeings advertised beforehand as "open to anyone". I've personally wathced them adopt policies where only 13 out ot 1000 people agreed with the policy. I can go on for hours about things like this.

They are one of the most secretive Internet organizations to ever exist. Does anybody else remember Karl Aurbach, when elected to the board had to sue just to see the books? How many organizations do you get to be a board member off but the corporate books are kept secret from you? Why would you need to keep those books secret in the first place.

ICANN was supposed to be a "membership organization". A decade has gone by. Can you find any way to become a voting member of ICANN? Nope. Doesn't exist. You know why? They're scared they'd be voted out of office and for damn good reason.

ICANN runs on a $60M a year budget and it a beurocraic nightmare more complex than the UN in terms of its org chart. (cf. Rutkoswki's brilliant diagram of same. It does NOT fit on a regular sized piece of paper). Now keep in mind the job it does used to be done by Jon Postel as a part time task ("IANA") for $15,000. a year.

When Jon announced there would be new tlds coming ("300 at least, 75 in the first year") the intellectual property attornies made his life a living hell and he sought a legal entitiy as IANA had no legal personality and he himself did not want to assume personal legal liability for adding .web or whatever. His employer, USC/ISI would not back him up. Jon died of heart failure 3 years later.

If you think ICANN is the best and the brightest of the internet you're sadly mistaken, and if we, as the internet community cannot do better than this, then shame on us all, squared.

Scrap ICANN. Make something useful.

A good starting point would be the consensus points from the last IFWP conference - this was to have been ICANN before thart effort, and a years work to reach that consensus, was scuttled by the actors operating in the shadows who have controlled it ever since in a regime where only they benefit.

Or roll your own root. The only reason ICANN is on power is because they control the legacy root zone. If nobody used it any more, they would fade into the sunset where they belong.

If Linux computers used a different set of root servers, who cares what Microsoft and ICANN did.

Read this: http://iconia.com/before_the_dns.txt [iconia.com]

Re:

[sydneyfong]

I would think that the sheer number of users in slashdot, and the density of tech savvy people here, would be the best breeding ground for a root server revolution.

And I'll keep trolling.

http://slashdot.org/~sydneyfong/journal/192584 [slashdot.org]

Re:

[BlueStrat]

Or roll your own root. The only reason ICANN is on power is because they control the legacy root zone. If nobody used it any more, they would fade into the sunset where they belong.

And how long do you think it would take them, if this became widespread, to demonize it as a tool of "terrists", "hackers", and pedophiles and outlaw it? The powerful do not relinquish power easily.

Cheers!

Strat

Re:

[Tony Hoyle]

It's been tried - OpenDNS. When they decided there was no money in it they relaunched as a 'think of the children' content filtering company instead.

Re:

[rs79]

You'd have a hard, if not impossible case to make it illegal. Believe me, if they could do this they would have by now.

The great beautry of the internet is it's "edge controlled" and there is no central control, that is everybody who has the root password to their little piece of it gets to say what their machine does. As such time as the government subsidizes tool becomes not the best tool to use and some other tool is superior, it'll be used instead.

Re:

[Billly Gates]

Very good point.

I am not a lawyer but I am in college and have taken business law last semester.

What you described is the role of an agent (or employee) and what legal obligations they have to a client. A company also is an agent relationship with alot of employees and customers too to a certain extent.

I assumed with domain tasting someone would monitor the connection and then quickly register any domains that someone typed in by sniffing. However if the ISP is doing this then yes its an agent/client relati

Re:

[motokochan]

The thing is, as far as I know, you can't return a house in a few days/weeks and get a full refund. You're stuck with the property. This is a disincentive to do something like that.

Similarly, ICANN feels that they should provide a disincentive for front-running. The root cause is the domain tasting loophole. That provides an incentive for companies like Network Solutions to snatch up a domain and hold it for ransom. After all, if you don't register it in a few days, they get the fee back and don't lose any

In Other News....

[grcumb]

"ICANN fails to find own ass with both hands."

Film at 11. If we can find it.

Re:Nice.

[suso]

This is one reason I created saferdomainsearch.com [saferdomainsearch.com]. It uses direct DNS lookups against the root name servers. No logging is done of what you search for.

Re:

[canUbeleiveIT]

That's awful nice of you but I'm afraid that it doesn't actually work. I checked some domain names (including a couple of big name ones such as www.msn.com) and your site indicated that all three were available. However, all three were actually taken.

Not a criticism mind you--it's a great idea--just thought that you would want to know.

Re:Nice.

[canUbeleiveIT]

Okay, so I'm a dumbass. I tried it without the "www" and it worked fine. My apologies for my error and my thanks for your selfless actions.

Re:

[arth1]

How is this any safer or more efficient than using, say, "whois" (a utility that's been on most Unix systems for a long time now)?

Re:

[cheater512]

But how do we know that its safe and that your not just using it to grab good domains? :)

Re:Nice.

[kimba]

1. You can not query the root name servers to identify the availability of domains like "google.com". The root name servers are only authoritative for top-level domains. You would need to query the authorities for .com, for example.

2. Domain registration != Domain availability in the DNS. It is entirely possible to register a domain and not be able to query it in the DNS. You can only use WHOIS to verify it.

Re:

[dysfunct]

Are you sure about number 2? Shouldn't any registered domain at least answer an NS query?

Re:

[hax0r_this]

Get rid of the "www."

Ok...

[cyberjock1980]

But what is 'fair' is not always 'right'. Make things 'right'! This one is actually fixable.

Not even "fair" here.

[khasim]

Because the people who can "see" the domains you research have access that YOU do not have.

If they were randomly guessing domains and "tasting" them, who would care?

It's when they have info that you do not have that this becomes a problem.

Re:

[Colin Smith]

Oh rubbish. The only thing you have to do to stop this bollocks is kick off a loop which checks every possible combination of letters.com.

 

Re:Not even "fair" here.

[moderatorrater]

Since domain tasting actually doesn't cost them anything, there would be no harm for them to taste every possible domain, regardless of whether it's actually useful or not. That's the real problem with domain tasting. If it cost $1 every time, then at least they would have a financial incentive not to do this bullshit. As it stands now, they can get away with just about anything.

Re:

[a_nonamiss]

I know this is Slashdot and nobody is expected to RTFA anymore, but at least RTFS(ummary):

In some cases ... the committee found that a separate practice of domain name tasting may be causing problems

ICANN acknowledged that domain tasting is bad and is considering charging a $.20 non-refundable fee to registrants per domain reserved. This would more or less end domain tasting, or at least create an economic disincentive for registrants to do it.

If they would put this $.20 fee in place, then people would just start writing scripts to generate millions of random queries per day, and the practice would end overnight

Re:

[bornwaysouth]

I am not stupid (most days), but I do lack expertise in many IT areas including this. If there is a $.20 fee, why would anyone be silly enough to generate millions of scripts, which cost $200,000 per million. It is not an accidental action. You might do it to sink a company that is about to fire you, but you had better have a really good way of beating the law. So expand your logic please. What is the practice that would end overnight. Writing such scripts? Charging for tasting? Tasting? (I have a slug of C

Re:

[Deagol]

The point of the script is to query bogus/random domains via a "watched" interface (web site, certain 'whois' servers, etc.). The automation that the Bad Guys use to snarf up these "interesting" (but as-of-yet not registered) domain names would result in those same bad guys eating the 20-cents for each domain.

In other words, it's not the vengeful script operators who would incur any cost, but rather the vultures who are watching people search for available domain names.

Re:Not even "fair" here.

[a_nonamiss]

I don't think you're stupid, the issue is somewhat complex. The $0.20 charge is not for the consumer, it's for the registrant. The scripts would be written by folks like you and I, (or a million other nerds that read Slashdot) and they would be designed to generate lots and lots of noise so that the companies could stop using their positions of power to take advantage of the regular folks on the Internet.

Here is an experiment that I encourage you to try on your own: I just now, right now, made up the domain flipperjikk.com. Make up your own and follow along. Use long random strings of letters to make sure it's not an accident. I went to GoDaddy and did a search and the domain is available. Great! I then went to Network Solutions and searched for the same domain name, just to be sure. Yep, it's still available. Immediately, I went back to GoDaddy, and lo and behold, in the 15 seconds since I checked the first time, somebody else must have come up with the exact same domain name as I did, because flipperjikk.com appears to have now been registered, and is no longer available. And it cost Network Solutions nothing to register this, because they can just get a refund in 5 days if I decide not to register it. The insidious part is, odds are that domain may NEVER become available again, because once the 5-day period expires, some squatter will see it's expiring, someone's interested in it, and register it for themselves, using the same technique. Domains can sit in limbo for months going back and forth between different shell companies using this trial period. Nobody pays a dime (or two) for all this activity.

The script I mentioned could search the availability for random domains all day. djiuqeruoweit.com, agrhlreijilaer.com, wejhafkljherk,com, etc. The registrants would be overwhelmed with searches, and they would no longer be able to tell which domains people were actually interested in, and which ones were garbage. If they register all the searches using an automated script (which they clearly did with flipperjikk.com) it would cost them millions per day.

This $0.20 tax would in no way hurt you and I. It would just discourage the registrants from registering every domain that they think people might be slightly interested in, because now it costs them money.

Re:

[Walpurgiss]

The scripts would only see if domains were available, leaving it up to the squatters to rush and try to register all the spam queries and eat $.20 for each one. Essentially, people see squatters use their queries to snipe domains. If the snipe costs $.20, then people hurt the squatters by scripting queries, and if the squatters are still blindly sniping, they eat a lot of cost. The scripts aren't registering anything, just trying to trick the squatters into registering and eating the fee.

Re:

[slazzy]

This won't have any impact because there is no cost for domain registers to "taste" the domain for 5 days - only CPU and network cost and if you do too many whois lookup's they' block you.

Re:

[rednip]

...kick off a loop which checks every possible combination of letters.com.

You know that would effectively remove the chance of anyone buying a new domain. It's likely to make the news, might be a good idea to call attention to this crap.

Re:Not even "fair" here.

[ciscoguy01]

' If you check for availability of a website and someone sees you do it and they reserve it before you, it's fair play."

The solution to all this is for registrars to be prohibited from selling domain names, they should only be in the business of providing their "clerical" service, registering your domain name and putting your numbers in the root nameservers.
By their buying and selling domain names themselves they have created a giant conflict of interest.
I don't say they shouldn't be able to buy and sell domains, just not while they are a registrar.

They should give up their registrar business, or only own the domain name they operate under. And no others.
Registrars have a special position, they have access and knowledge that others do not.

Like the real estate agent mentioned in the parent- he has knowledge he gains due to his position that professional ethics prohibit his using for his own gain.

Similarly registrars have knowledge that others do not, and by their using it for gain they are cheating everyone who is not in their special position. Unfortunately they have no ethics so they have no problem using their special position to screw everyone else.

It's a conflict of interest.

We need to give them ethics by prohibiting their trading in the commodity they have their special position in. Domain names.

Get your hands off!

[kcbanner]

My domain!

Yeah, but how exactly are they "seeing" this?

[transporter_ii]

If I go to register a domain host and see if a name is available, I should be the only one who can see that. Especially if you are checking on a domain register that has ssl. I could see checking on some odd web site, that was actually set up to farm domain names, but if you go to somewhere mainstream, it should be a given that nobody sees the lookup but you.

Transporter_ii

Re:

[larry bagina]

how do you think they know if a domain is available? They ask other people. Lots of other people can and do see it.

Re:

[ohtani]

But these "other people" are simply other servers including NetSol's own. VeriSign (NetSol) is still the head of the .COM and .NET TLD registry. So THEY are the people who ultimately would know if it's reserved. And other servers get lots and lots of queries that aren't (or at least shouldn't be) monitored by people directly. Regardless, think about this:

Say for instance I visit your website. And your website has forums. And I search on your forums. Does this mean everybody on the forums (or even off the fo

It certainly is deceptive...

[jea6]

I think the practice is certainly deceptive and should be explained by the registrant ahead of time. But I agree that the real problem is domain tasting. I don't see too much of a reason for refunds beyond, say, 12 hours. That's plenty of time to recognize a typo and correct it. The financial hit for a legitimate registration is much less than what it used to be. So, when NetSol was the only game in town and was charging $100/year for a registration, I'd probably want a refund. When it went down to $30/year but there were other players, I'd still want a refund. But for legitimate purposes (and I'm not including landing pages in that category) there is no reason that an uncorrected typo shouldn't have some consequence. The domain tasting practice is a lot worse for the community at large.

Re:

[augustz]

I wonder if netsol would even give a refund if you typo'd. You have like 5 confirmation screens to get through. I doubt there is an easy one click process for it.

- August

Re:It certainly is deceptive...

[techno-vampire]

Trust me, there'd still be typos. For some people, an OK button has an irresistible attraction; if they see one, they can't resist clicking on it, without looking at what they're agreeing to.

> I used to do telephone tech support for software. I quickly learned that if there's an OK button on the caller's screen, I never said OK, because the odds were that the caller would click on it. I can easily see this type of person clicking OK five, or even ten times on a typoed domain name without bothering to read the message even once. No, if you want to avoid typos, have them type the domain name twice, like many programs do with setting passwords and not continue unless they match. Yes, people can always use copy/paste to get around that, but if there's only so much you can do to protect people from their own missteaks.

Re:It certainly is deceptive...

[Viceroy Potatohead]

Trust me, there'd still be typos. For some people, an OK button has an irresistible attraction; if they see one, they can't resist clicking on it, without looking at what they're agreeing to.

I agree. And don't even get me started on "SUBMIT" buttons, I can't help myself, and click them before I've even fini

Re:

[tompaulco]

Its odd that Preview buttons don't seem to have the same attraction.

Re:

[Maow]

but if there's only so much you can do to protect people from their own missteaks.

Indeed.

Make no mistake, I fully agree with your post (+5 Insightful), but this evening I somehow just can't help myself.

I'm not normally a grammar nazi or anything, it's just so ironic that now I think of it, "missteak" was probably intentional there...

Sorry. ;-)

Re:

[techno-vampire]

"missteak" was probably intentional there...

Of course. Alas, I only wish the others had been intentional as well.

netsol

[B00yah]

Ya, netsol saw it as a way to make sure people who were using their whois servers actually registered through them, instead of godaddy, etc. They never actually KEPT any of the domains they reserved for themselves (dumbly).

ICANN finds many coincidences...

[jea6]

"The ICANN committee said cases suspected of front running often turned out to be coincidence, with multiple parties interested in the same names."

That, of course, is a load of horse feathers. There were countless examples of the practice being exposed by people searching for domains like NETSOLSUCKSALOT12300091.COM. Were there really many parties interested in that domain?

Re:

[gotzero]

I would like to see a list of some of the names there were looked at by multiple parties at the same time...

I hope they will work on their excuses a little harder next time. They should know who their audience is!

Re:ICANN finds many coincidences...

[Actually, I do RTFA]

NETSOLSUCKSALOT12300091.COM.

Shit, you were the one who took that?

Re:

[antic]

Lying bastards. I have experienced front running and not even in the .com "free tasting" namespace.

Checked a bunch of entirely unrelated domain names. I get a purge list nightly so knew they hadn't been registered for at least a year prior to that. Put them on a shopping list to consider and then went to purchase a few a few days later. 10+ of the best ones had been bought and vaguely monetised, all by the same domainer.

The registrar denies that their online tool was being watched/tracked (even said it was

Did not examine Network Solutions

[22_9_3_11_25]

"The report, brought before the ICANN board in New Delhi on Friday, did not examine a controversial practice by domain name seller Network Solutions LLC of grabbing names that people search for on its Web site but don't immediately register."

Re:

[Anonymous Coward]

"grabbing" isn't quite right. we held the name for 5 days, so the user would have to come back to us to register it, and then released it after that time. We never "tasted" these domains, and never kept any for ourselves. (even though that would probably have been more profitable).

The idea was that people couldn't use our site/servers to find a domain's availability, and then register it via godaddy. /posting anonymously to preserve employment.

Re:

[snowlick]

People can buy domain names wherever they choose. That's the way the game operates now, it's for a reason. This practice is quite plainly anti-competitive since domain names are unique. It's nothing but a cheap attempt to lock in buyers in a way reminiscent of the "good old days".

Despite the fact that you "never kept any", you still stole the right to buy for a period of days. Can you imagine that happening with another commodity? Take lawnmowers for example:

"Can I buy a John Deere 324 here?"
"Yep.

Re:

[tompaulco]

"Can I buy a John Deere 324 here?"
"Yep. Now that you have asked, we're the ONLY place that you can buy it for the next 5 days. Oh, during that period we'll be willing to sell it to you for five times more than home depot."
Since somebody brought up Realty on this thread, I'll just mention that Realtor contracts often work pretty analogous to the example above, with the further broadening that you would be tied to the company even if you bought a different make or model of lawn tractor.
Most Buyer's agent

Re:

[generica1]

Maybe I Googled "domain name registration" and used the "I'm feeling lucky" button but I already have another registrar in mind. Maybe my preferred, inexpensive registrant, has an excellent interface on their website but a crappy WHOIS client that's overloaded and runs slow. Conversely, maybe I really really really like the WHOIS tool that is on your site because I can select multiple TLDs, but I find NetSol's prices to be too high (which I do, not that it matters).

Or maybe it's because YOUR WHO

Re:

[bill_mcgonigle]

The idea was that people couldn't use our site/servers to find a domain's availability, and then register it via godaddy. /posting anonymously to preserve employment.

You're such an asshole.

Re:

[Mr. Slippery]

we held the name for 5 days, so the user would have to come back to us to register it, and then released it after that time.

Further proof - if any more was needed - that Network Solutions is a bunch of mindless jerks who'll be the first up against the wall when the revolution comes.

Re:

[totally bogus dude]

Thanks for posting. The explanation seems believable in a "management that has no clue" kind of way, unlike the explanation given on your website:

In response to customer concerns about domain names being registered by someone else just after they have conducted a domain name search, Network Solutions is implementing a new security measure to protect our customers.

Network Solutions may reserve domain names that are searched on our Web site for up to 4 days. During this period, these domain names will only be available to register at networksolutions.com. [...] This protection measure provides our customers the opportunity to register domains they have previously searched without the fear that the name will be already taken through Front Running.

...which is clearly a bald-faced lie. As if this has anything to do with "protecting" customers, and even if it did, you're engaging in the exact practice you claim to be "protecting" your customers from!

As for the whole "stop people searching through us and registering elsewhere" argument, it's not as if GoDaddy and every other domain registrar doesn't have

Re:

[LordKaT]

Hey, guess what, that 5 day period? You know, those 5 days where a domain is untouchable for a period of time?

Yeah, those same five days you use to lock a customer in at your jacked up prices?

That's called tasting. In fact, ICANN explicitly calls it domain tasting.

You were already an asshole for working with Network Solutions. That claim that you "never tasted" domains just made you into a lying asshole.

Re:

[urcreepyneighbor]

Fuck Network Solutions. That's all I gotta add. Assholes.

Whew

[ShakaUVM]

Whew, I'm glad they realized there's no conflict of interest between internet registrars and internet registrars stealing domains from people who go to them to register domains.

That's a load off my chest!

Re:

[amasiancrasian]

For those that don't know, Bruce Tonkin, Chair of the Generic Names Supporting Organisation (GNSO) of ICANN, holds shares in Melbourne IT, which is an ICANN-approved registrar. Hence a conflict of interest. So don't ever run a WHOIS query on a registrar you intend to buy the name from!

They didn't examine NetSol's practice

[wanted]

FTA:
"The report, brought before the ICANN board in New Delhi on Friday, did not examine a controversial practice by domain name seller Network Solutions LLC of grabbing names that people search for on its Web site but don't immediately register."

I wonder why -- that should be the hot topic of the meeting. NetSol is using another loophole in the ICANN process (after previously being responsible for wildcard *.com records scandal, then under Verisign name) and ICANN has other topics to talk about? WTF?

WANTED:

[JazzLad]

IANAProgrammer, how hard would it be to write a simple program (FF extension?) that basically brute-forced their who-is (not enough to get one in trouble for attempted DOS, but enough to make lots of entries) with bogus domains until they had 10's or 100's of millions of addresses (or more)? Obviously it would take many people running it, but how many people on /. alone would dedicate a bit of bandwidth to the task? Perhaps have a use-definable setting of how many queries per hour.

If it was spread out eno

Re:

[Plekto]

"If you check for availability of a website and someone sees you do it and they reserve it before you, it's fair play."

When the site that you visit to check on availability does this automatically with their computers seconds after you type in the name, it's hardly fair. I've checked several names in the past that are listed for a nominal fee, but by the time I get to the payment/price page, they have suddenly jumped to thousands of dollars. Then a few days later, they drop back down. When I've re-checked, them the process repeats. In essence, any name that you check is automatically bought up before you get a chance

Re:

[dysfunct]

It would be possible, yes, but would it also be practical? More often than not, it's not just a simple query to a whois server. For instance, in the case of Network Solutions, you'd have to put it in your cart for them to register it and afaik there's a hard limit on how many they'll register for you.

Then, there's the allegations that ISPs, whois cache providers etc. sell or abuse their query statistics to snag up unregistered domains that received the most queries, in which case your solution wouldn't do

Re:

[mrchaotica]

IANAProgrammer, how hard would it be to write a simple program (FF extension?) that basically brute-forced their who-is (not enough to get one in trouble for attempted DOS, but enough to make lots of entries) with bogus domains until they had 10's or 100's of millions of addresses (or more)?

It wouldn't do any good, because it costs them nothing whatsoever to "taste" all those addresses! Not a dollar per domain. Not ten cents per domain. Not even a fraction of a cent per domain! Nothing! Nada! Zilch! Zero!

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[budword]

That's "inmates" buddy. Still applies in this case though.

Re:

[BungaDunga]

In its original usage, most inmates of an asylum would be considered "idiots", as in "A person of profound mental retardation having a mental age below three years" according to this site [antiquusmorbus.com].

Re:

[TheLink]

Idiots? That's not idiocy you're seeing.

It's something worse. Just confirms to me that the ICANN are a corrupt lot.

put out the fix, Then Beat the Evil ones

[twotailakitsune]

I don't care what they say about this or that company now (right Vs. good;wrong Vs. Evil Vs. bad). What has happen is done.

They know what is the problem; the Test time. How likely are you to know if a domain name is going to be profitable in less then 5 days? They should just drop the test time, but they are thinking of charging a little fee.

The bad guys will just add some bigger fee to their prices to counter it return fee. A lot of people out there will pay it. They go to the 1st site that will tell t

Wow, I just got hit by this today.

[Alonzo Meatman]

This is kinda ironic, because I just got hit by this today. I used Network Solutions lookup tool to search for a domain - simply out of habit - and then when I went to buy the domain at my usual discount registrar, I was told that the domain name was already taken. Then I went back to Network Solutions, did the lookup, and lo and behold, it's still available! Confused, I did a whois lookup, and saw that the site was apparently registered to Network Solutions. So I called up the customer service line for NS, and I was like, "hey, do you know what's going on?" And here's the kicker - the guy tried to make it sound like NS was doing me a favor!

The logic went something like this - some "unethical third party" could be snooping on my connection, and, seeing that I was looking into a domain purchase, they could snap up the domain and then try to sell it to me at an inflated rate. Of course, if they were to buy the domain from Network Solutions, nothing would stop them. But if they tried to buy it somewhere else, good old NS has my back. Isn't that swell of them?

Fortunately, the guy was reasonable, and released the hold on the domain. He then tried to upsell me on some stupid hosting service, and I'm like, "Umm, no, I do my own development. And I'm going to buy this domain someplace that doesn't charge $30 a freakin' domain."

Re:

[robo_mojo]

The logic went something like this - some "unethical third party" could be snooping on my connection, and, seeing that I was looking into a domain purchase, they could snap up the domain and then try to sell it to me at an inflated rate.

Isn't that exactly what happened?

Re:

[elronxenu]

Yes, except that the unethical party was the second party, not the third one.

Re:

[mrchaotica]

No. NetSol is the unethical second party, not third.

Re:

[n6kuy]

Hah!

I just had to try this.

I went to networksolutions website and check for availability of "fumpu.com"
It's available! Plus the .net, .org, .us, .biz and all the others.

Then immediately went to godaddy and looked it up there.

FUMPU.COM is already taken!

Re:

[Bios_Hakr]

Create a script to search for ALL the possible domains.

Easy workaround - Buy without checking first

[billstewart]

If the problem really is just domain-taster scum kiting every name they can generate that gets them ad-banners, then stopping tasters from doing that will cut way back on the problem.
On the other hand, if it really is front-running, charging for formerly-free tasting will reduce it a bit (because the front-runner will need to spend actual money, not just kited money), so you'll only get ripped off by people who think it's worth gambling the proposed 20-cent ICANN fee or maybe the whole $6 on selling you the domain name.

It's easy to work around that, though - if you think of a name you might want to use, and want to check if it's available, just buy it from your favorite registrar rather than checking; if it's already in use you'll get rejected. That's less helpful if you want to buy the .com, .net, .org, .info, .biz., .etc., but worst case is *you're* stuck having tasted a name you don't want to keep and paying the 20-cent ICANN restocking fee to return it. The .com name is the most likely to get ripped off, so if you can't find a registrar who'll do an atomic transaction, you could try just the .com or the .com and .net, and then check the others if you succeeded on the first two.

Also, of course, if front-running sticks around after there's a fee for tasting, it's much more effective to run an automated check-lots-of-names bot that costs front-runners money on gambles that always lose than if it's only costing them free kiting. (There are ways to fight back - captchas on name queries, for instance - but there are also name-grabbers who use DNS/Whois queries, and you can keep querying those without captchas, and not only do those people deserve to lose even more than registrar name-grabbers, but the DNS operator for the .com domain has proposed selling information on queries to (ahem) interested customers, and this'll discourage that.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[EvilIdler]

We're setting up a new domain at work, with some new services, and the
other devs wanted to try various domain names. I of course warned them
about the sort of practices you can expect on the net, and recommended
a quick brainstorming session to come up with good names to try FIRST,
then we'd go to our fave registrars to actually buy it only once we've
settled for a few good names.

We're going for a domain in a TLD which is supposed to be only for
"serious business", a country TLD, but anyone can get an org. numbe

Bullshit

[Zorque]

"If you check for availability of a website and someone sees you do it and they reserve it before you, it's fair play." The hell it is. That's the exact opposite of fair play, that's being underhanded. If someone sees you typing in your PIN and drains your bank account, is that "fair play"?

Re:

[robo_mojo]

If someone sees you typing in your PIN and drains your bank account, is that "fair play"?

According to most banks, yes.

Re:

[KZigurs]

banks actually say - Yes, it is.

Tasting is what did it in

[jjrff]

when someone tasted cornhole.com

ICANN?

[v(*_*)vvvv]

The domain name market is a pile of sewage, and anyone who bothers to look knows who's sitting on the toilet.

ICANN stands for I CAN SHIT.

When ICANN speaks have a plunger handy.

Of course this is going on. But insiders looking at queries is such a small problem anyway, it sounds more like ICANN just trying to come off as a good samaritan. Insider DNS info? Querie spying? These are the least of our worries.

Although one of many scams, the practice of registering expired domains is probably the worse. But this i

What a surprise

[bjorniac]

And vampires think that sucking blood is fair game.

Possible solution?

[zygotic mitosis]

Write a script that will request randomly generated domains. The predators' bills will run up significantly

I would be surprised ...

[veraguth]

...if a few ICANN committee members aren't significantly wealthier than they were before this issue came up. Does anyone know how the money flows in this "business?" Is there an actual transaction involved in which money is transferred? If so, I wonder who's covering the cost of processing the refund. What these companies do amounts to zero-cost gambling. Why would the banks underwrite the activity for nothing?

Need to rename org to

[garylian]

ICANNdowrong

What happened to the common sense factor to business? It's bad enough they allowed the debacle of people that didn't own the trademark to a term getting to register that as a .com name, but you'd have though they'd have learned by now.

Re:

[robo_mojo]

What happened to the common sense factor to business?

It went bankrupt.

This will all come crashing down very soon.

[Alonzo Meatman]

Just wait until someone writes a script to search for every possible domain name on Network Solutions's website, in effect tying up millions upon millions of domain names. Watch hilarity ensue as all of the other registrars decry NS's "blatantly anti-competitive practices."

Re:

[h4nk]

most whois providers lock out ip addresses that send repetitive lookup requests. when you sign on to become a registered reseller, they have an audit process for you and your business and you have to agree to not run scripts against their whois servers.

a really large bot net would probably succeed though with interval-based anonymous lookups. not to give anyone any ideas though...

Sounds like we should do a distributed project

[giminy]

Why not write a distributed project. It will slowly, in the background, hit up all the recently 'tasted' domain names. This would make tasters think that they got a good domain name and buy it. Then they'll go bankrupt, because they'll buy all these crap domain names that are only touched by the distributed client.

For every problem, there is a solution...

Impeach?

[JimboFBX]

Can we impreach everyone in charge of ICANN? Its obvious they aren't doing their job. Its like stealing candy from a baby in front of a police officer, then extorting it for more than its worth, then giving it back after I realize your not going to pay. Then having the police officer say "well thats fair."

Another way to get screwed...

[moronikos]

I had a domain and let it go because I have no further plans for it. It expired about two weeks ago. If I want, I can get it back for $80 from my registrar. What a ripoff... I have to say, no daddy!

What ICANN should do

[surmak]

The only legitimate reason for reserving a domain is to protect a buyer who is purchasing multiple, related domain names (e.g. foo.com, foo.net, and foo-xxx.com, and wants to be certain that all the domains can be obtained. If they cannot, the buyer would choose a different value.

To support this usage model without the kind of abuse we are seeing, reservation should be limited to one hour and should cost the registrar a small amount (maybe 1-20 cents) per reservation. If the customer eventually purchases the domain, the cost of the reservation will not have a ssignificant inpact on the profitability of the transaction.

A simple no refund policy will eliminate the domain kiting scams that are getting happening.

The other place where abuse can occur is when a domain expires. I would propose the following procedure to insure that nobody can lost their domain without really trying:

Once the domain expires, the DNS record is removed from the top level server. After this happens, the (former) owner will have the exclusive right to renew the domain for a period of 45 days. This renewal will be at the normal price, but will start at the expiration date, and not the renewal date. (Thus you lose the time that the DNS was disables.) The 45 days will allow the domain owner to notice that something is wrong, and should be plenty of time for a domain holder to notice their web site or email address no longer works.

After the 45 days, the domain becomes available via an auction which will last at least 15 days. The reserve price of that auction is the normal domain registration fee, with the domain's registrar receiving the proceeds of the auction (to encourage them to not game the system) The auction should have some mechanism to avoid ebay style sniping -- maybe the auction does not close until 1 full day after the last bid is received.

If the auction fails, then the domain returns to the pool, and is available on a first-come first-served as any unregistered domain is.

Slumming

[EdIII]

Unfortunately, and I have known this for years, buying a domain name involves just a little bit of slumming. It's truly a nasty business laden with unethical people extorting money out of others.

About the best you can hope for is:

1) Get a good domain name.
2) Hope that the registrar does their job to protect anybody from stealing right out from under you.

I have always recommended to my clients to have a couple of meetings beforehand and choose several names very carefully. Take their time and think it through. When they are ready to get the domain names, I have described it as being similar to sniping auctions on eBay. Be prepared to hit "click" as fast as possible.

Basically, don't be searching for a domain name. Already have an idea and be prepared to make a decision right there on the spot. That's the only way to truly stop domain tasting.

Rule of law

[Anne Thwacks]

We have several centuries of experience of what happens when the lawmakers behave like this:

If you dont want people to support the Mafia, Jihadists, vigilanty groups and various kinds of thugs hitting people with baseball bats, drilling kneecaps with electric drills, or randomly killing and calling it "summary justice", then you have to have a better legal system. If people cant get redress for this kind of thing through the law, you can expect they will take the law in their own hands.

In short, its governments that behave like this that create third world countries.

Mod parent up, insightful

[EVil Lawyer]

ssia