NordVPN Promotion

Home / Blogs

It’s Time to End Domain Name Front Running

Next week the Internet Corporation for Assigned Names and Numbers (ICANN) Board of Directors will consider adopting a 20 cent per-transaction fee that will effectively end the abusive speculating practices of domain tasting, front running and kiting. The fee will only apply when domain names are deleted excessively, a signal that they are being “tasted” by speculators.

We, at Network Solutions, strongly encourage ICANN to enact this important provision as part of its budget and we have released a statement to that effect today,

Domain “tasting” occurs when parties register a domain name and place pay-per-click ads on the domain’s Web page to determine if the name is worth more than its registration cost; if it is not, the taster simply deletes the name during the allowed five-day grace period and receives a full refund.

In some cases, the names are immediately reregistered and tasted for another five days. Sometimes this process is repeated over and over in a scheme called “domain kiting.” Both of these practices are abusive as they allow tasters to hold, at no cost, millions of domains that are no longer available to the public for registration.

Elimination of tasting and kiting will also curtail the practice of front running. Front running is when someone registers a domain name, for the purpose of tasting, within minutes or hours after someone else has conducted a search for that domain name. Front runners may get access to domain search data through Internet Service Providers, spyware, or registries.

Because of the prevalence of these practices, earlier this year Network Solutions enacted an opt-in domain protection measure for our customers that reserves available domains for four days. If ICANN adopts the anti-tasting provision, Network Solutions will feel safe in discontinuing its service since the non-refundable fee will deflate domain taster’s profits and provide a substantial blow to front runners who use and sell search data for tasting purposes.

While we understand and appreciate certain concerns initially raised about our protection measure and the way it was implemented, we are heartened by the fact that we successfully highlighted the issue and assisted in moving toward the eradication of these negative practices.

You can read our statement in full on our site at our media room.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By Shashi Bellamkonda, Social Media Swami

Filed Under

Comments

Its time to end domaining, period .. Suresh Ramasubramanian  –  Jun 21, 2008 3:34 AM

Sure, restocking fee increases, reduction / elimination of the AGP will do a lot to blow a hole in kiting (and hell, in domaining as well.. and ‘tis a consummation devoutly to be wished).

But you really shouldnt be putting a hold on searched for domains. Even if you dont monetize them during that hold period as your press release states. 

There are other people who might want the domain. And there are ways to discourage kiters .. rate limiting bulk signups, or simply refusing to do business with egregious kiters.

Oh, and a registrar best practice code - that you can implement well before ICANN moves on this, that has all that a good registrar would do, so that they dont attract kiting, domaining (as well as other stuff, such as spammer / bot domains)

Call it what it is ... Fred Showker  –  Jun 21, 2008 11:25 AM

I cannot understand the position of so many bloggers and journalists who handle the domain kiting issue with such kid gloves. They are too nice. Why don’t they just call it what it is? Probably because they’re not digging deep enough.

In testing the links found on many spamvertised “kited” domains, the links seem legitimate. Google sees them as valid search queries. Clicking results in a target of another seemingly legit domain. However that will redirect to a phishing, illegal drug, enhancement or other criminal activity. Don’t underestimate their prowess, they’re two steps ahead of Google and four steps ahead of ICANN. 

We’ve tracked and analyzed spam phishing and malware email for years. Since March we’ve been monitoring groups of target spamvertised domains and finding “tasted” domains in wide use for criminal intent. Some days, across thousands of spamvertised domains we would see collections of kited domains with just the last letter changed. So, there might be a stack of several hundred domains, alpha sort, like “adigioa.com”, “adigiob.com”, “adigioc.com”, “adigiod.com”—all with the exact same spam message.

Another practice employed by crime rings is to utilize kited domain collections as redirects—A redirects to B, to C; then later B redirects to A, to C, and so forth. Most telling is the fact that within five days, the domains are no longer in the spam files—yet appear again in the same configuration, for the same criminals after the 7th day.

See editorial:
Crime gets a free ride from ICANN

One only has to read the recent Knujon report on “Rogue” registrars to find that there is sufficient reason to suspect ICANN is aiding and abetting the criminal element in allowing such registrars to even get a license.

Go to:  www.knujon.com/news.html
and scroll down to “70 Registrars are in mystery locations”

While you’re there you’ll see another eye-opener where it’s revealed that ICANN actually releases kited domains BACK to criminal owners after the domains were identified and suspended for SQL attacks.

Why would ICANN suspend blocks of domains after being clearly identified as cybercrime activities - and then at the end of the “tasting” give them BACK to the SAME owners? Does that make sense? NO. That’s another reason to suspect complicity.

FRONTRUNNING

We’ve been fiercely opposed to frontrunning since the early days when fees for domains were first implemented. What’s interesting though is in those days we didn’t call it frontrunning—we called it hijacking—and it wasn’t a “nice” thing.

For years NetworkSolutions and other registrars have “allowed” domain searches to be “leaked” and the domain purchased out from under the searcher. The purchaser comes back later to “offer” the domain to the searcher for thousands of dollars. Don’t laugh, it’s happened to me on a number of occassions.

It has happened to us so many times, in fact, that we adopted the policy of not searching unless we fully intended to buy the domain on the spot. And the “Tasting” feature was NEVER mentioned—NEVER available to the public. Why?

What was most disturbing is the fact that those names were particular to a specific business—but the domain would be purchased by an entity in some other location or even a foreign country. Why would a Chinese individual want to purchase a name that applied to a business in the U.S.? 

We’ve suspected all along that registrars (like NetSol) were intentionally leaking (selling) those domains, or access to the searched-for names to hijackers specifically for squatting. But don’t think for a minute that this is something new. Network Solutions is only now candy-coating the practice because the unpopularity of Domain Tasting threatens to give them a black-eye.

This has gotten long enough. Sorry. But MORE should be said.

Respectfully

SafeNetting

Why don't they just call Dave Zan  –  Jun 22, 2008 4:01 PM

Why don't they just call it what it is? Probably because they're not digging deep enough.
Or it's probably because we still can't agree on what it is. ICANN adopted Nominet's definition which Network Solutions' appears to jive with, but others are taking it farther. Not that anyone's required to agree with, anyway, although we can agree domain front running, kiting, whatever has caused considerable problems.

Rationale? Alex Tajirian  –  Jun 21, 2008 7:08 PM

Your press release summary states “Network Solutions has long called for a fee-based solution to eliminate the related abuses of domain name ‘tasting’.”

There is at least one attempt at Comparing Solutions to Repugnant Domain Tasting. Perhaps you have made your analysis public elsewhere.

It would be valuable for the community to understand your underlying rationale:

(a)  Why is the fixed fee-based solution best?
(b)  Why is 10% best? Why not, say, 5% or 20%?

The after registration measures are very effective Suresh Ramasubramanian  –  Jun 22, 2008 7:14 AM

As you say in your paper .. After Registration Solutions: 1. Making the ICANN transaction fee (currently $0.20 per year) nonrefundable to names deleted during the registration grace period.[7] 2. Charging a fee for excessive deletions.[8] These two will get rid of all of domain tasting, kiting, IP tasting, whatever else. Simple and effective. And accomplishes something that should have happened a long time back - a business model based on exploiting a loophole called the AGP that shouldnt ever have come into being in the first place.

The 20-cents policy is a joke. Fred Showker  –  Jun 23, 2008 12:37 PM

The 20-cents policy is a joke.

Looking at the realistic implications of domain tasting, and motives for sampling large numbers of domains, then refusing large numbers of domains, only to pick them up again—the 20-cent charge is ludicrous. Either ICANN isn’t very intelligent, or there is an ulterior motive they’re not sharing. (Suspected below, keep reading.)

Scenario #1: “THE LEGITIMATE TASTER”
—————————————————————-

How many domains does a legitimate “taster” need to taste?

Logically, that number should be fairly small.

Let’s say he tastes 1,000 domains and gives 999 back.

That’s a $199 fee—which is nothing. (Laughable)

They can continue to churn and churn thousands of domains until doomsday.
Which is counter to the purpose for the fee.

Scenario #2: “THE CYBERCRIME TASTER”
—————————————————————-

Online crime most likely wants to taste as many as they possibly can, since their primary motivation is launching automated phishing or illegal drug pages for just a few days, then close them down and disappear scott-free.

So they ‘taste’ 10,000 domains—then send 25,000,000 spams

(It’s proven that if they are going to get a response at all from spam, it will happen in the first 24 to 36 hours.)

On day 5 they give them all back and pay their $2,000.  (Laughable)

Lets say they get click-through of just one-half of a percent of their spam barrage, that’s 125,000 captures. Let’s say it’s an illegal drug vendor, and they’re getting 5-cents per click to the Canadian pharmacy— that’s $6,250—at 3-cents per click, that’s $3,750—enough to laugh in ICANN’s face.

Say they do this three times a month, netting roughy $11,250.00 - but pay ICANN only $6,000 for returned domains—a nifty month’s profit of $5,250.

If the 25,000,000 spams happen to be phishing spams—and they net even one-hundredth of a percent return—that could mean hundreds of thousands of dollars profit (stolen credit cards and identities)—so again, they laugh at ICANN. 

So to organized internet crime, the 20-cents is just another cost of doing business.  (They’re laughing at ICANN, and YOU and ME!)

Scenario #3: “CHARGE WHAT EVERYBODY ELSE PAYS”
——————————————————————-

SO the taster must pay $5.00 for each domain, and may NOT return them.

The legitimate taster pays $5,000, and enjoys Google ads for a full year, which can net over $10,000. Fair deal, double their money. Everyone’s happy. (Nobody gets rich except Google!)

Organized crime cartels and rogue registrars on the other hand, will have to pay $50,000 for those domains—still not a big hit for online crime. (Except, charges for 50-grand have a way of calling attention to themselves!) The problem to the criminals is they have those domains for a year, which is NOT what they want. It makes them vulnerable. They succeed by disappearing within 48 hours. (The average life span of a phishing site is 36 to 48 hours after the first spam is received by authorities.)

Some crime rings “taste” as many as 100,000 domains at a time. That would saddle them with a half-million ($500,000) in up-front costs, and they probably won’t do that.

So THIS scenario effectively eliminates criminal participation in tasting. 

MORAL OF THE STORY
—————————

Proposing a 20-cent “restocking” fee for returned domains is very clear indication that ICANN is (either unintentionally or intentionally) complicit with organized crime, or other not-so-honorable players.  (Why would they make a decision so blatantly in favor of organized online crime? Why would they release domains BACK to rogue registrars and owners who are identified as involved in criminal activities? Something doesn’t smell quite right.)

A one-dollar ($1) fee is more realistic, and a five-dollar ($5) would be better.

Legitimate tasters have a plan and a goal. To them, even $5 would be justifiable—the downside would be they are forced to fine-tune their strategy and run tasting cycles with real purpose on smaller numbers of domains in order to justify the cost.

Everyone would get more honest, unscrupulous tasters would be forced out, and ICANN would raise enough money to institute some better policy enforcement.

BOTTOM LINE
—————-

1) Tasting should be eliminated all together.
. . . tasting is totally unnecessary, if they want a domain, let them buy it.

2) Domains should be charged at uniform rates.
. . . if YOU pay $5, then I should pay $5

3) ICANN must CLOSE all ROGUE registrars, who are not in compliance with ICANN’s own regulations. Period. (This one is not arguable!)

4) ICANN must be reorganized to facilitate faster actions for law enforcement.

I personally believe ICANN needs to be pulled in for an investigation and audit. There’s too much highly suspicious activity going on to be purely coincidental.

The 20-cents policy is a joke.

The only people it seems to be making happy is ICANN and the media.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

IPv4 Markets

Sponsored byIPv4.Global

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

DNS

Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

NordVPN Promotion