|
Starting from an old article (dated July 21st, 2005) published at Computer Business Review, (and following a more recent entry on GoDaddy’s Bob Parson’s blog) I would like to touch a bit more on the topic of ‘traffic testing’ or ‘traffic tasting’ of domains. This topic has been discussed at ICANN meetings since last year and is also referred to by the name of ‘add/delete’ or ‘add/drop’ storms.
Pay-per-click speculation market soaring - Computer Business Review:
(July 21st, 2005): There are close to a quarter of a million domain names a week being registered for just a few days, while people “test” the traffic potential of those names before discarding them, chief executive Stratton Sclavos (VeriSign) told analysts yesterday.
We can assume that with this public report of this topic, the amount of domains being tested at a time has at least stayed at the same level if not increased. Bob Parson’s article has some more up to date statistics, probably collected from zonefile information:
During the week of March 27—April 2, 2006, 5,822,881 .COM names were registered. Of those names, only 455,918 .COM names were actually retained after the grace period expired.
Of the .COM names registered during the above week 5,366,963—or 92.1%—were dropped during the grace period. Once again, at least 99% of these were dropped by registrars participating in the add/drop scheme.
So how is this possible? Registrars have a five day grace period for the registration of the domain in any gTLD. What this means is that a registrar can actually register a domain (at this point the registrar is charged) and then deleted it within the coming five days with a full refund. So this has lead to the practice of traffic testing/tasting domains:
A list of domain names is registered for a period from 1-5 days and then deleted again if the amount of traffic (or income) has not reached a certain threshold. Some of the testers will display a ‘parked page’ with PPC advertising and some of them will just display an empty page during the testing period. It is rumored that some registrars also offer this testing ability to their resellers & customers against a small fee per domain.
The original intention of the grace period was to allow the registrar to correct typos and this feature is also known to have been used to delete fraudulent registration attempts.
How do domainers come up with the names that are being traffic tested? They use lists of previously expired and deleted names as well as some of their own lists generated from dictionary information etc. Those are basically the same methods that domainers normally use, just that they normally do no get to actually test if there is any traffic - a name needs to be kept and paid for at least one year.
If you observe the testing cycles a little closer, you will actually also notice that some of the domains are re-tested multiple times. Basically it is safe to assume that any name that had been registered before and gets deleted, is registered again. If there’s any money to be made off the name, it’s unlikely to ever become available again.
What is the cost for the registry of doing this testing? There is computing power used in registering the names and adding them to the zone files and deleting and removing the majority of them at a later point. I would also imagine that the registry operator needs to keep some information for accounting purposes in their database, so this would take up storage space as well. The registrar ends up paying only for the names that are kept, but also has to pre-fund the transactions during the time of the testing.
So far nothing has been done to prevent this traffic testing from happening, but there have been different suggestions (anything from ‘outlawing’ the practice to charging fees for it) within the ICANN community.
Sponsored byVerisign
Sponsored byRadix
Sponsored byIPv4.Global
Sponsored byCSC
Sponsored byDNIB.com
Sponsored byVerisign
Sponsored byWhoisXML API
Wouldn’t this be the way to go for a phishing domain, at least if you were ready with an e-mail burst when the registration goes through? Has anyone correlated that data yet?
Larry,
This could possible used for phising and spamming, yes. But since this would either require the originator to be an ICANN accredited registrar or a reseller of a registrar who passes on this is ability to delete the names for a refund.
However this type of accreditation would probably also make the originator easier to track down, which is certainly not in their best interest. Also whoever is involved in this would be putting their ICANN accreditation on the line, which isn’t that cheap to obtain in the first place.
My guesstimate would be that if you were to check the lists of those tested names for ‘phishing’ names you would most likely find some of them being tested for traffic, but not being used for phising any more, simply because those names would now have been picked up by someone else in order to see if they can be monetized.
For the ‘phishers’ themselves it does not seem like an option they would want to pursue - it’s probably just much easier to register a name somewhere else. Most of the times they probably use stolen credit cards to pay for those names.
/Frank
There are several points to be highlighted.
I touched on these issues in my recent blog entry - Internet Gambling, The ICANN Way: Using Someone Else’s Wallet at http://www.cavebear.com/cbblog-archives/000239.html. I also commented on it in another entry entitled It’s Time To Eliminate ICANN’s “Add Grace” Period at http://www.cavebear.com/cbblog-archives/000231.html.
The particular contractual provision that all of this hangs upon is something called “Add Grace”. The definition can be found in ICANN’s registry contracts.
When grace periods came before the ICANN Board of Directors the only form of grace period was the “Redemption Grace” to allow customers who missed the renewal date to have a chance to recover.
The idea of an up-front 5 day period was never raised, much less discussed, at the board level. So what we have here is the pure creation of ICANN’s staff.
Now, we have recently seen how ICANN and Verisign justified the outrageous increase in registration fees for .com on an incoate and unproven assertion that this fee is somehow related to registry costs incurred by Verisign.
But as we see by these “tasting” numbers, the average Joe who is acquiring a domain name for a year or more is carrying the registration expenses for several hundred speculative acquisitions, and releases.
A simple calculation leads to the conclusion that had ICANN properly counted transactions and costs that the registry fee in the ICANN-Verisign agreement should be on the order of $0.02 rather than $7.00.
Another simple calculation leads to the conclusion that ICANN, by allowing this “tasting” system to exist, is ripping-off the community of internet users to the tune of several hundred million dollars per year in order to subsidize speculators.
Another aspect that should be mentioned is that many, perhaps most, registrars have terms in their contracts that allow them to engage in this kind of “tasting” for names that their customers fail to renew.
The Add Grace period is supposed to occur at the start of new registrations not ones that registrars continue for their own use after the real customer has gone away. So there is a real question whether there is a valid legal foundation for this practice, at least with regard to relinquished names.
The definition of Add Grace does allow the registry to charge real money to those who engage in this practice. As far as I have been able to tell no registry does require a payment.
Every name registration, whether for a long term for for five days or less involves a registration transaction and a delete transaction. There is also a per-diem carrying cost to the registry but since we are talking about roughly 200 bytes in a database that cost is virtually nil. What this all means is that from the registry point of view the cost of processing a 5 day “add grace” add/drop transaction pair is virtually the same as processing a multi-year standard registration.
ICANN should do one of two things:
Eradicate this practice. Or require that even for “add grace” registrations that the registrant pay the entire registry fee, and that fee be non-recoverable.
And then ICANN should adjust the registry fees charged by registries so that they reflect actual, auditable costs.
An example of what competition in TLDs can do: We only charge $5.95/year for domain registration. When you have a world (the Inclusive Namespace) that has 15,000-20,000 TLDs, all of which can determine their own business models, pricing competition is very brisk, which is good for the consumer. There is no excuse for the artificial scarcity the ICANN imposes