NordVPN Promotion

Home / Blogs

Domain Front Running by Registrars Continues to Draw Attention

Protect your privacy:  Get NordVPN  [73% off 2-year plans, 3 extra months]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

In response to accusations lodged yesterday in a post on the DomainState forum, NSI has issued a statement which essentially admits that it engages in a form of domain front running. No one has challenged domain Front Running by registrars in the courts, likely because the practice is new and since the loss of a single domain would not typically generate a level of damages to support litigation. But litigation over this arguably fraudulent domain practice by registrars is both viable and likely inevitable as noted below and further analyzed at this post on the Traverse Legal domain name blog here.

While NSI states it is merely holding the domain for the consumer at issue, other registrars are accused of actually registering and reselling the domains at inflated prices.

Every US state has a Consumer Protection Act which would make this practice illegal. It amounts to outright fraud. The registrar deceives the consumer into using its domain availability or Whois search so they can presumably have the option of registering the domain. The search feature is really a search tool for the registrar to see whether there is interest in the domain name. The registrar runs software which instantly registers the domain for itself and either offers it for sale or, at a minimum, makes it impossible for the consumer to register the domain through another register. Some registrars continue to deny the practice but litigation subpoenas offer the advantage of obtaining real data and documents from registrars concerning the inner workings of domain front running.

Because penalty damages and attorney fees are available under state Consumer Protection laws, we believe it is just a matter of time before this practice finds its way to court. It is certainly clear that ICANN has no intention of acting quickly to curb this domain registration abuse.

By Enrico Schaefer, Attorney & Advisor: Protecting International Business Interests

Filed Under

Comments

Thomas Barrett  –  Jan 9, 2008 6:42 PM

This is simply a new reservation service that customers will appreciate.  I find it difficult to believe any laws are being violated.

There are other similar models (airline seats and concert tickets come to mind) that place a hold on customer requests pending purcase.

The appearance of “fraud” is easily fixed.  I would simply alertthe user with the message

“As a courtesy, we have reserved this name for you for 5 days.  The name reservation will be released if you decide not to purchase within five days”

Better yet, allow the user to make the decision.  (Trademark owners might not the name to be revealed in the zone file).  So, another option, is to prompt the user with the question

“Would you like us to hold this name for you for a few days while you decide whether to purchase it?”

The “fraud” disappears.

Tom Barrett
EnCirca, Inc

Enrico Schaefer  –  Jan 9, 2008 7:04 PM

Tom: I agree that notice is everything. And not notice buried in a 6 page use agreement, but in your face notice.  The clear deception here is that most people would have no idea they are locking themselves down to registration through NSI when they check
availability.  And there is nothing on the NetSol site that tells users that they are about to cause the domain to be locked to NetSol, that tasters may be ready to jump in at the end of th 4 days, further locking up the domain, etc. Deceptive trade practices violate state law. I believe that a court would find this particular practice deceptive and I don’t buy the consumer protection arguments being made by NSI. 

Are they saying that hackers are able to see when a user is checking availability through their web site? If so, the problem is solved by precluding third parties from phishing for availability search data when their web site visitor’s access that feature. 

Are they saying the some end users are having their availability searches tracked because of phishing code or cookies on their client machines? If so, that is an end user problem and my guess is that it is a small one.

There are all kinds of problems here but the biggest one is that NSI is really looking to trap the consumer into using them for registration.

Enrico Schaefer  –  Jan 9, 2008 7:57 PM

I have not have not heard of IMCs.  Do you have any resources or links to share that would explain the approach?  Sounds interesting across a range of issues.

Enrico Schaefer  –  Jan 9, 2008 8:21 PM

According to NSI, they don’t know either (hard to believe) but suggest it is further upstream, at the ISP or registry level. NSI says that’s because Network Solutions then must check availability at other sites when a customer searches.

Network Solutions believes the frontrunning problem is occurring somewhere between when domains are searched at a registrar and when the registry VeriSign is pinged. Someone is selling the data and Network Solutions says that it has implemented this solution to stop it.  More here.

Dave Zan  –  Jan 10, 2008 2:52 AM

Enrico Schaefer said:

The registrar deceives the consumer into using its domain availability or Whois search so they can presumably have the option of registering the domain.

Sorry, Enrico, but I disagree with this one. I looked up a domain name at their site yesterday, saw it’s in their holding account a minute after, went back to their site today, and am still able to register it.

I just didn’t finish the process since it was just a test. :)

And there is nothing on the NetSol site that tells users that they are about to cause the domain to be locked to NetSol, that tasters may be ready to jump in at the end of th 4 days, further locking up the domain, etc.

They have now:

http://customersupport.networksolutions.com/category.php?id=178

Sure wish they did that before, though.

Interestingly understandable why they’re doing this since neither ICANN nor VeriSign have done anything to “stop” this practice so far. If either one finally does, there’s a slight chance that NetSol might drop this.

Mel Beckman  –  Jan 10, 2008 4:53 PM

Despite its promise of full disclosure to users on the NSI front page Whois section today, there is still no warning there of NSI’s preemptive domain registration scam. If NSI is really so concerned about their customers, why not simply add that notice (as they promised they would) rather than burying vague, oblique statements in the FAQ?

NSI’s claim that its name seizures constitute “customer protection” is a lie, for the simple reason that the promised protection simply isn’t provided. While a domain is being “protected”, ANYONE can register it. I tested this yesterday, running NSI’s whois on a nonsensical domain name, then minutes later finding the name locked by NSI but still purchasable from anywhere on the Internet via Tor (from another browser on another computer).

This is Tony Soprano-style protection, and NSI is trying to make an offer we can’t refuse.

Troy  –  Jan 10, 2008 8:16 PM

Thomas Barrett said:

There are other similar models (airline seats and concert tickets come to mind) that place a hold on customer requests pending purcase.


That’s not an accurate analogy.  Imagine that searching for an airline seat via Travelocity (or via any client of SABRE), the seller “reserved” all seats between those two points, for all flights that day, on all airlines?  Without an explicit (or even implicit) request, notification, option to un-hold, and on all ways to acquire that service (mydomain.com), and potentially without even having a direct relationship with the buyer.

Enrico Schaefer  –  Jan 10, 2008 8:31 PM

Domain Pawn Shop points to two posts, one of which talks about registrars under the ICAN policy grabbing domains on expiration.

The ICANN regulations for domain name registrars dictate a requirement for deletion and auto-renewal policies. However, if you’ve had a domain expire lately you may have noticed that your registrar has taken over your domain name’s DNS and redirected YOUR domain to THEIR website. This is because of a clause in their Service Agreement that says you give them permission to do this.

This permission statement is usually buried so you won’t find the clause or the opt-out provisions that are provided. (For example, the clause is in Section 14, on page 10 of the Network Solutions agreement.)

But the difference here is that people who use the NSI search tools are not customers of NSI and have not agreed to anything.  There is no agreement which allows NSI to take control of the domains.  It does so without notice and without agreement. 

As noted here, neither the NSI AUP or Privacy Agreement allow for the activity, and arguably preclude it.

Dave Zan  –  Jan 11, 2008 2:32 AM

Enrico Schaefer said:

But the difference here is that people who use the NSI search tools are not customers of NSI and have not agreed to anything.

So essentially, that means NSI really has no obligations to the end-user, don’t you think? I don’t know the intricate legalities of this (especially in NSI’s jurisdiction), but I found this on their privacy policy:

By purchasing our services, you obtain the protections of, and consent to the data processing practices described in, this Privacy Policy.

You’re the lawyer, though, so I defer to your knowledge on that matter. :) If there is a specific law requiring specific disclosure of that specific practice, why not let them know?

Incidentally I just came from their site. They’ve finally added that “protection measure” at the middle right.

Dave Zan  –  Jan 11, 2008 2:47 AM

DomainPawnshop said:

These are the questions I’d like to see a judge answer - and soon.

DP, as long as you register a domain name, pay for it, and click the check box beside the “I agree” thing with a registrar, you’re bound to the terms of their agreement. Incidentally, NSI’s and Register.com’s contracts have been upheld in one legal decision each (Size Inc and Zurakhov, respectively), and they’ve further re-written them since then.

Unless there’s a specific law dealing with the specific items you mentioned or others, registrars practically have no obligations to non-paying users who don’t agree with their terms. Why should they?

Mark Fulton  –  Jan 11, 2008 5:31 AM

One of my readers has contacted a lawyer and reposted a Cease and Desist letter sent to NSI:

.... As you neither asked for nor received permission to use the Work as the basis for your registered domain names nor to make or distribute copies, including electronic copies, of same, I believe you have willfully infringed my rights under 17 U.S.C. Section 101 et seq. and could be liable for statutory damages as high as $150,000 as set forth in Section 504(c)(2) therein….

Full: NetworkSolutions Scandal: Hijacking User Domain Searches

Dave Zan  –  Jan 11, 2008 10:50 AM

DomainPawnshop said:

But what about genuine abusive practices? If you agree they may exist, then you must agree they should be addressed in some meaningful fashion.

Well, isn’t this genuine abusive practice of domain front running what Network Solutions is trying to address in some meaningful fashion under the circumstances? Since VeriSign won’t impose a fee for the add/grace period, ICANN hasn’t created a solution yet, and impatient people want this issue resolved immediately, what can one propose how registrars remedy this now?

On the side, I found this:

http://www.infoworld.com/...

Mitchell added that if ICANN (Internet Corporation for Assigned Names and Numbers), the organization that oversees the domain name system, would move to cut down on these type of scams, then his company wouldn’t have to engage in this kind of automatic search registration. “We would be perfectly happy to end this process if ICANN or the registries would do something to protect small businesses or other small users,” he said.

So there you go, folks. Straight from the horse’s mouth.

I don’t mind some registars being protrayed as Dr. Evil…if the situation warrants it. Of course, even that is subjective. ;)

Enrico Schaefer  –  Jan 11, 2008 11:55 AM

Really, the solution for NSI is to open and conspicuous about their policy.  This does not include the notice buried on their support page.

Conspicuous notice solves everything and would put out the fire burning across the internet.  If their intent to protect consumers is sincere, they will place a notice directly above their search box telling consumers what is about the happen.  I agree that protecting consumers from front running is a worthy goal.  But consumers also have aright to now they are being protected, that the domains they are searching are about to be locked down, that for 4 days they will only be able to register those domains through NSI at NSI prices, etc. 

Conspicuous notice would make NSI the good guy here; a registrar who truly is trying to protect consumers from front running, without lining its own pockets behind the scenes in the process.

I do wonder if NSI is having a bigger problem with front running than other registrars.  There may be more going on than meets the eye.

Enrico Schaefer  –  Jan 11, 2008 1:27 PM

Here is a new twist. 

According to a story yesterday by the WASHINGTON INTERNET DAILY, Network Solutions Vice President of Policy Jonathon Nevett responded Tuesday that there is another reason NSI is locking domains during the grace period.  He says the policy tries to

“take an arrow out of the quiver of the [domain] tasters.  They’re the largest front-runners, buying search data from ISPs or registries, then tasting names for profitability. Some folks might not agree with our approach, but we are trying to prevent this malicious activity from impacting our customers.”

How does locking domains that aren’t even registered yet affect domain tasting?  Tasters typically pick up expiring domains in bulk. I have never heard anyone suggest that domain tasting involves unregistered domains, which of course have no established traffic at all. Are domain tasters picking up unregistered domains using domain name front running (DNFR) or is is this a separate and distinct method of monetization?

Dave:  What do you think NSI is trying to say here?

Or is this a weak excuse that further undermines their ‘consumer protection’ spin?

Dave Zan  –  Jan 12, 2008 12:39 AM

Enrico Schaefer said:

Dave:  What do you think NSI is trying to say here?

What I’m simply thinking is NSI (or Network Solutions since they’ve rebranded themselves years ago) means exactly what they said. Whether people want to think or believe they’re crooks, scum of the earth, or whatever is up to them.

However, can one deny the issue Network Solutions claims to be addressing with this latest measure? Even Go Daddy complained about it years ago in an ICANN meeting at Marakech, Morocco.

BTW, it appears Network Solutions finally put the consumer protection notice on their site aside from their FAQ. It’s on the middle right, can’t miss it.

Additionally, I just did a new test. The domain name’s in their holding account, but it isn’t resolving.

Too bad they didn’t think of doing those back then, or they wouldn’t have gotten a lot of bad publicity. But then, any publicity is good publicity, right? :D

John Berryhill  –  Jan 12, 2008 4:29 AM

I have never heard anyone suggest that domain tasting involves unregistered domains

That is what domain tasting is.  You have apparently confused it with old fashioned dropcatching or something else.  Domain tasters work off of text feeds that come from a variety of sources.  For example, they may receive feeds from various search systems, browser plug-ins, spyware, etc.  Using this feed of text strings constituting “something that someone typed into their browser” the domain taster does a comparison with the .com zone file, and registers the strings as domains for the five-day add-grace period.  If the domain makes enough money to pay $6/year on a projected basis, then it is kept.  If not, it is dropped.

Surely, you have read, for example, Bob Parson’s comments about how tasters use this method to taste millions of domains a month?  The tasted domains are not “expired domains” - they are domains which have never been registered.

Are they saying the some end users are having their availability searches tracked because of phishing code or cookies on their client machines? If so, that is an end user problem and my guess is that it is a small one.

Uhmmm… no they aren’t attributing it to “phishing code” (whatever you believe that to be) nor cookies (which cannot be used for this purpose anyway), but there are ISP’s (for example Verizon) which do collect a lot of interesting data; there are any number of browser plug-ins which do things with text entered into the browser; and quite a few other ways to intercept domain search data at the user’s end.

As far as whether your “guess” constitutes an informed measure, you might take a look at how GoDaddy executive Tim Ruiz characterized the problem during the Marrakech ICANN meeting:

http://www.icann.org/meetings/marrakech/captioning-dn-27jun06.htm


>>TIM RUIZ: Thank you, Jonathan.
As I stated earlier, godaddy does feel that using the add-grace period for domain-tasting is a problem.
That is an abuse.
There’s been a lot of debate about the economics of that.
That’s not our concern.
It’s not our concern that somebody’s getting something for free.
I think there are some legitimate questions that need to be asked in that regard.
But what our primary concern is, that it’s creating customer confusion, that it’s threatening consumer confidence in our industry, and that it’s costing—it’s causing increased support costs for registrars, definitely for Go Daddy.
We’ve talked to other registrars just informally.
We’ll let them speak for themselves.
But indications are that other registrars are beginning to see similar problems.
So the kinds of support issues that this is creating and the kind of confusion that this activity is creating I’ll let registrars—our customers speak for themselves by just sharing with you a few of the written complaints that we’ve received from customers.
This first one was directed to our CEO, Bob parsons.
And the customer says, hi, Bob, I’ve been doing business with you for many years.
On Friday, I checked the availability of something.com from your site as I always do.
It was available.
I had my meeting with the store owner and promised to buy the domain name for him today.
I ran the availability of it again this morning from your site and imagine my surprise when the domain showed as being unavailable and sold to some obscure registrar, and he names the registrar.
I do not believe this is coincidence.
I believe in my heart that you’ve got someone in your camp that’s giving information to someone that’s speculating on domain names.
I really hope that you—you’re the kind of person I’ve always assumed are you and this situation is one you take seriously.
Well, we did take it seriously.
We spent a lot of time investigating this situation, in fact, close to five days working with this customer.
Ultimately, we were able to get the domain name that they were afternoon because it was dropped after it had been tasted for five days.
Another comment, complaint, actually.
I’ve personally searched on several names which have absolutely no meaning whatsoever.
We assume no anybody else but himself.
All were stolen by some registrar and parsed out to their various subcompanies.
They eventually dropped within a few days.
Either someone internal to your company and/or someone who is in charge of the entire WHOIS system of queries and/or somewhere along the way some bot or worm is intercepting these queries.
Somehow, in some way, these queries are being intercepted and used to some registrars’ benefit.
They know it, you know it, we all know it, ICANN knows it.
It’s time to put the legal folks with the U.S. government on this.
This has gone too long and too far.
No resolution to the domain names that he was concerned about.
They all dropped, so I would assume that he was able to eventually acquire them.
And, finally, I used to be a proud go-daddy customer.
I registered and bought both a domain name and a hosting space there.
Since I searched for my second domain acquisition in the WHOIS box at Godaddy’s site, even after entering my customer I.D. and password five days ago, and tried to make it effective on Tuesday, it came that the dot com I queried and found available the previous Saturday was already registered, delegated, and active since the day after by, and it names some registrar.
I was registering my boss’s company name.
He was trying to understand what all that was about.
He doesn’t speak English, doesn’t trade with credit cards, so had I to accomplish the task.
And he couldn’t believe his trademark was registered.
Obvious questions: What, why, how?
What can we do?

Now, it is clear that NSI’s approach to the problem was deeply flawed, and it appears they are making changes.  But the fact that NSI took a misguided approach to the situation does not merit equally misguided accusations of illegality - particularly based on uninformed guesses.

Kelly Burgess  –  Jan 12, 2008 6:00 PM

Well, I for one, will NEVER use NetSol for ANYTHING. They have lost all credibility to me, and it is my sincere hope that they crash and burn. I’m sick of having to spend hours trying to ‘cover my back’ on each and every purchase or figure out how to keep from being burned. I never understood why anyone would pay that much for a domain anyway; we always use GoDaddy or other lower-priced (and apparently higher standards) entity. We only ever used NetSol for our first purchase many, many years ago. NEVER AGAIN.

Enrico Schaefer  –  Jan 12, 2008 6:02 PM

NSI’s potential liability for their Reserve Policy had nothing to do with their justification, the mechanics of the domain tasting problem or whether NSI’s supposed ‘fix’ was truly motivated by consumer protection. NSI’s potential liability had everything to do with, in John’s words, NSI’s “flawed” implementation of its so-called Reserve Policy.

NSI initially reserved domains without notice to consumers under a service deceptively called “Find A Domain.” Its initial iteration of its reservation service also arguably violated its own use and privacy polices. Since it initially placed adlink parking pages up on the names it reserved for the search consumer in NSI’s name, and some of those monetized domains contained trademarks, it also opened itself up to cybersquatting claims.

But give credit where credit is due.  Whatever you think about the NSI’s Reserve Policy or NSI’s consumer protection spin, it has likely solved any legal issues for deceptive practices with its new notice scheme, as analyzed here

Because of ICANN’s refusal and delay to act on issues such as domain tasting, litigation against registrars by private companies and consumers are filling the void (ie Dell lawsuit against Belgium Domains, Microsoft’s lawsuit against Red Register and the Class Action filed against Registerfly (although ICANN eventually filed its own claims).

And despite the legal merits of claims, large companies are no doubt looking to provide pressure and media attention to registrar abuses. While litigation may not be an optimal vehicle to affect internet policy, it appears to be a growing factor.  NSI appears to have responded and modified its policies in response to market criticism and, in my opinion, was wise to provide notice to consumers and resolve legal issues as well.

Mel Beckman  –  Jan 15, 2008 5:09 AM

WSJ writer Chris Rhoades has a nice summary article in the Jan15 online edition:
http://online.wsj.com/... (free sub trial required for full article)

In the article, Rhoades reports a telling statement from NSI about a change they’ve made in reaction to criticism of their name-seizing scam.

NSI says that it will make sure names held in reserve won’t be made public, a revelation that completely unhinges NSI’s argument for “protection”. If nobody can detect domain names searched through NSI (thanks to NSI’s curious “NOW they won’t be made public” fix), then searched names will be completely safe without holding. If, however, someone can detect domain names searched through NSI, then names run the same risk of front-running whether held or not, since NSI will cheerfully sell the name to anyone.

Jack Spencer  –  Jan 24, 2008 9:38 PM

I think that is the point Kelly and others - If you’re not a customer with Network Solutions then Network Solutions does not want you using their free tools if you are not going to do business with them….this is not hard… I have read through so many of these posts that note that they went to Network Solutions to check for a domain name and then went to godaddy or 1&1 to purchase it… as if was a regular practice. If I were NS I would find a way to eliminate useless traffic that makes them zero money. I own a retail jewelry store and I have people “shopping” me everyday, and many purchase elsewhere and mostly because of price. However, I have been in business for 17 years, 2 kids through school and live a nice life…my overhead is such that I ask the price necessary to maintain my business and lifestyle….and I remain in business. Nothing worse than providing a person (I won’t call them a customer) with necessary information (why is a diamond worth what it’s worth, the 4 c’s, etc…) and then they go off to purchase from another store because that particular store/chain may be able to do business with less overhead (or whatever the reason) and offer a lower price for the same item. The point is, if I could filter out all of the people who will use my knowledge to purchase elsewhere, I would and if it means making one sale a day it would be worth my time. Network Solutions is able to do such a thing by swaying those with no intent on buying from them to start and finish their business elsewhere… and yet they remain in business… hmmmmm, sounds like they are working smart by getting rid of the “user” traffic so they can focus on the true customers who come to their site. Now, don’t get me wrong, I can’t agree with the idea that they are “protecting their customers” by holding the domain for them because if they don’t a third party will take it… and even if that were true, they should have made this clear from the beginning instead of spinning the PR BS after the fact…. That’s simply bad decision making and/or execution from the top…. However, I believe that if they didn’t do it someone else would…. It’s the same in any business or industry… Honestly though, I am looking forward to godaddy’s Superbowl advertising…

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign

DNS

Sponsored byDNIB.com

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API

NordVPN Promotion