Belief in conspiracy theories requires a healthy dose of paranoia, and domain name front running (DNFR) – the idea that domain name registrars like Go Daddy or Network Solutions are monitoring your domain name availability queries and registering anything you don’t immediately register yourself – sounds like a presumption of only the most suspicious and mistrustful.
However, evidence suggests that DNFR does in fact occur. Here are a few examples:
- In 2007, Jonathon Nevett, Vice President of Policy at Network Solutions, stated publicly in reference to DNFR that “the practice certainly exists in the gTLD space.”
- Ironically enough, in 2008 the same Jonathon Nevett confirmed that Network Solutions was, in fact, front running domain names, although they never admitted wrong-doing and claimed it was for the benefit of their customers.
- The ICANN Security and Stability Advisory Committee has received many complaints over the years and in October, 2007, they released the ICANN Domain Name Front Running advisory.
The Problem with Domain Name Front Running
So what’s the big deal? When a registrar registers a domain name that you have searched on and believes you are interested in, you are no longer able to purchase the desired domain name for, say, $8. Instead you either must spend whatever price the registrar sets, which likely ranges from $50 to $500, or go back to the drawing board to find a new domain name for your business.
Further, DNFR drives individuals to register domain names as soon as they first query their availability, before a final name decision has been made, just to allow them to maintain the option of using those names. As a result, an individual can end up registering extra names and spending more money than they should have to.
Possible motives for DNFR speak to the unscrupulous nature of the practice. Excerpted from Nominet’s 2007 position paper “Domain Name Front Running: Nominet Experience,” possible motives include:
- To extort money from the person who originally intended to register the name by making them pay to get it.
- To steal the business idea of the person who originally intended to register the name.
- To block or disrupt the business or project of the person who originally intended to register the name.
- To utilize the traffic that the name generates.
How Domain Name Front Running Happens
Many domain name registrars – including Moniker and Sedo, for example – maintain their own portfolio of domain names that they monetize with websites, parking or resale. While not illegal to do so, some domainers frown on this practice, arguing that owning domain name portfolios puts registrars in a conflict of interest with their customers who want to potentially purchase the same domain names. And it’s this practice that can lead to DNFR because when registrars are looking for desirable names to add to their portfolios, they have the domain name query data at their disposal.
Front Running Encouraged By Tasting
Up until 2008, domain name “tasting” allowed registrars to register large quantities of domain names, place advertisements and see if they could produce significant revenue, and then drop the ones that were not financially viable.
In 2009, 99.7 percent of domain name tasting came to an end when ICANN announced they had made large-scale domain name tasting financially unviable. (The solution they enacted charges registrars if they return more than a certain number or percentage of domains each month.) This still allows, however, for a small number of domain names to be tasted, which can lead to the unscrupulous practice of DNFR.
How to Avoid Domain Name Front Running
All of this naturally leads to the question, “How can I do a WHOIS lookup but hide my searches from prying eyes?”
The answer involves using your computer’s terminal access that connects directly to registry databases, rather than using a web interface through your computer’s browser (see figure below). By doing that, you bypass the “middleman” registrar.
On a Mac or in Linux, do the following:
- Open the Terminal application (located at /Applications/Utilities/Terminal.app). For quick access, simultaneously press Command+Space and then type in “Terminal”.
- Type “whois query.ext” without quotes, where “query” is the domain and “ext” is the extension. For
example, type “whois domainsherpa.com” to perform a WHOIS lookup of this website. - Review the output. If the domain is unregistered, it will display, “No match for QUERY.EXT.”
On a Windows-based computer, do the following:
- Download Whois v1.01 from Microsoft and open the application.
- Type “whois query.ext” without quotes, where “query” is the domain and “ext” is the extension. For
example, type “whois domainsherpa.com” to perform a WHOIS lookup of this website. - Review the output. If the domain is unregistered, it will display, “No match for QUERY.EXT.”
If you don’t want to use command line prompts, at the very least you should query InterNIC, which is operated by ICANN, directly via their website. At InterNIC you can do a WHOIS search for the following TLDs: .aero, .arpa, .asia, .biz, .cat, .com, .coop, .edu, .info, .int, .jobs, .mobi, .museum, .name, .net, .org, .pro, and
.travel.
While the above three procedures do not guarantee that your domain name search will not be tracked, they do make it far less likely.
What Not To Do
According to a blog post by Jay Westerdal in 2007, the worst thing you can do is type your desired domain name into your browser directly to see if it resolves. “Non-eXistent Domain (NXD) Data is a response the DNS system tells the asking computer if resolution on an IP address fails because the domain doesn’t exist. Yes, ISPs [Internet service providers] sell this data,” according to Westerdal. NXD data can be extracted from ISP logs and sold to research companies who can then do domain name front running or sell it to another party who could do domain name front running.
Jay Westerdal also cautions against:
- Using smaller search engines that are prone to sell any possible data they have to generate revenue,
- Using browser plugins or extensions that send data through third-party systems, and
- Using WHOIS lookup services that are not trusted.
Final Tip
Just because the idea of someone monitoring your domain name queries sounds paranoid, that doesn’t mean it’s not happening. My final tip? Buy a domain name of interest as soon as you see it available.
Domain Name Registrars Respond
[Update: 04 April 2011 @ 12:12pm PDT] As the discussion continues both here on DomainSherpa.com and on Hacker News, I decided to ask the domain name registrars mentioned in this article to respond directly to the topic of domain name front running – for the record. Below is my tweet and any responses received from the four registrars mentioned in the article.
Mason Cole, Vice President at Oversee.net (parent company to Moniker.com), stated in an email to me: “Moniker does not front-run domain names.”
Special Thanks
Thanks to the following domainer for their technical peer review of this article:
- Neil Armstrong of Domain Names Index (@domainnameindex)
Parallel Discussion on Hacker News
For those of you who are fans of Hacker News (hackers being those with technical adeptness who find delight in solving problems and challenging limits), a parallel discussion of this article and domain name front running is taking place.If you enjoyed this article, subscribe for updates (it's free)
good work Michael.
My final tip? Buy a domain name of interest as soon as you see it available.—
thank GOD…they did not register BullShitWebsites.com
Yo, I know who the domainer is owning the BullShitWebsite, he lives in S.Florida.
When I used whois tool (from microsoft) for my domain, it connected via whois. – that is, my registrar’s whois server. I don’t think whois tool will prevent this misuse because whether via a web interface or via a command line tool, the request has to go via registrar’s server. It’s a case of fence eating the crops.
GoDaddy has stolen many of my domains! (in addition to slaughtering elephants)
Eric,
With the way things are, everybody has to steal to survive.
For those interested, an additional discussion is taking place at Hacker News: http://bit.ly/fZ4hCz
Yeah! Nice to see a domainer getting links up on Hacker News. You’re obviously doing something right :)
Thanks, a. I’m a HN fan, and have never had an article go this high on HN before (was #3 at one time).
I like to to think of myself as a hacker, but compared to some of the feats of individuals at Y-Combinator, I’m just a hack. ;)
Totally awesome. I’m a fan of HN and you’ve got 100 points on this article. Nice!
Thanks, Brett.
[...] How To Keep Your Domain Name Searches Safe From Poachers | DomainSherpadomainsherpa.com [...]
Yeah! This story has entered the popular today section on popurls.com. Congrats!
[...] Comments Hacker News [...]
It’s not often I’m going to agree with BullS, but if you *really* believe a name is valuable, spend the $5-10 to reg it.
Why I love this BS domain game.
I register 10 domains every day- who cares whether I like them or not.
At the end of the 4th day , I see which ones have clicks and worth keeping.
Then I called GD and tell them I want my money back on those BS domains.
That why I love this game.
As Andy Grove, former CEO of Intel wisely said (based on Intel’s and his own personal experience) in his much read business book, of the same title:
ONLY THE PARANOID SURVIVE
word to the wise
Does the MS whois application allow bulk search? unless there is a viable alternative that allows bulk searching, it is fairly moot
I’m not sure if it allows bulk search. I’m on a Mac nowadays. It appears to be single-line action, which is like the version for Mac/Linux.
Some individuals on Hacker News have suggested that there are options out there for bulk (with links), but they rely on the goodness and virtuousness of the individuals running the service.
You can look at those services here: http://news.ycombinator.com/item?id=2405375
Let me know if you find anything useful and I’ll update the article.
@Neil—- everybody agrees with me whether they like it or not.
There are 2 types of people — #1-one who makes money on the internet ( like ME)
and -
#2 -one who makes the #1 rich by just playing games,wasting time on the websites that #1 creates.
Which one are you?
[...] How To Keep Your Domain Name Searches Safe From Poachers | DomainSherpa [...]
Seriously good info on this site. I’m very glad I read your article on Hackernews this morning! I’m a subscriber now! :)
Really enjoyed reading this. Thank you.
Can I just say what a relief to find someone who actually knows what theyre talking about on the internet. You definitely know how to bring an issue to light and make it important. More people need to read this and understand this side of the story.
[...] How To Keep Your Domain Name Searches Safe From Poachers (domainsherpa.com) [...]
Many thanks for that good article, that must have taken some time to put together with superb info.
Well, now that’s a post well worth reading!
Love your blog. Very educational.
Nice article on the topic of front running.
I would just like to point out one little detail about Sedo.com (for full disclosure, I am an employee there).
Sedo operates a marketplace for domain names that are registered and listed for sale. We are an ICANN accredited registrar, but do not currently have any names registered in our accreditation.
Sedo is referring clients to one of our registrar partners in case a user is searching for a domain name that is still available for first time registration. We do not have control over what happens with the search that is subsequently performed on our registrar partner’s website. But if you search for a name at Sedo and it is still available you will be put in a position to immediately acquire that name without Sedo attempting to beat you to it.
Feel free to try this on our website: http//www.sedo.com
Your article is very helpful. I discovered your site a few days ago. Thank you for your great work!
Excellent read, thanks a lot for this posting.
[...] a recent post on Domain Sherpa (by Michael Cyger) he talked about how to Keep Your Domain Name Searches Safe From Poachers and I found this post enlightening as well as concerning. It made me think of those times during my [...]
[...] Share var addthis_config = {"data_track_clickback":true}; The recent DomainSherpa article “How to Keep Your Domain Name Searches Safe From Poachers” by Michael Cyger made me think of those times during my years of domain name purchases when I [...]