Web Development

Domain Name Front Running?


When you think of that perfect domain name and go to find out whether it's been taken or not, do you ever get the feeling that somebody could be listening in? It's so difficult to find a domain name these days as pretty much anything that makes sense will display some kind of holding page, or worse, a page full of useless links pretending to be a search engine. If you do find something that makes sense and is available, then you had better register it right away or you could lose it to anyone who might have noticed your query.

The ICANN Security and Stability Advisory Committee have heard people's concerns on this issue and back in October they released an advisory on what they call Domain Name Front Running. Those of you who are familiar with the financial markets will know the term front running; some form of inside information is used to pre-empt a move in the markets and gain/profit from it. Likewise Domain Name Front Running would entail somebody finding out what domain name you or others are looking for and then registering it in the hope that it will either generate traffic, and therefore revenue, or that you'll buy it from them at a hyper inflated price later down the line.

So how could people know what domains you're searching for? A blog entry over at domaintools.com has a couple of ideas:

The worst thing you could do? Try typing the URL in your Internet browser apparently! Non-eXistent Domain (NXD) is the response received from a DNS server when a queried domain name doesn't exist. The NXD data can be extracted from logs by an ISP and sold on. Many ISP's sell NXD data to domain name research companies for analysis.

Smaller search engines can often have deals with data-mining firms as this is one way of generating much needed revenue. Don't type domain names into a search engine, especially if it's not Google.

Domain name registration companies and unknown/un-trusted whois search providers should be looked at with a suspicious eye. If your ISP is listening in and selling on information, then it's perfectly plausible that these companies could be too.

It's worth noting that while the ICANN SSAC are open to the possibility that front running is taking place, they have not yet been able to find hard evidence. The purpose of this advisory is to raise public awareness and encourage anybody who has evidence of such things taking place to come forward with it.

Paranoia or is it a reality? I have to say that I have long had the suspicion that searching for the availability of a domain would start alarm bells ringing somewhere or other. What are your opinions? Does it take place? Is it really a problem? How can it be tackled?

7 comments
twagner
twagner

I share the paranoia, as it has apparently happened to me twice

Justin Fielding
Justin Fielding

I hope they weren't business critical domains. Did you manage to collect any evidence? I imagine this is very hard to prove.

twagner
twagner

One was for a new business website and a moderately acceptable alternative was found. The other one wasn't that critical. I could not think of any way to gather evidence or even where to begin to look.

davezan
davezan

Well, you're doing one answer already: creating awareness of it. :) The other is what ICANN is doing: trying to get some form of "tangible proof" that such activity is going on. Unfortunately that won't be easy, given that whoever's doing that aren't likely interested in talking about it. What makes this more potentially difficult is people expect...nay, demand they be able to lookup domain names and assume they'll still be available if they don't register them on the spot. While I certainly understand the desire of such, the reality is no one can realistically guarantee results will remain that way when diverse interests swoop in. At the end of the day, it boils down to knowing what you're getting yourself into and not really expecting a lot. But oh well, many people are still going to continue believing what suits them. David www.DaveZan.com

Justin Fielding
Justin Fielding

I think the real solution is to register the domain on the spot if it's available. That's what I do, I'm too un-trusting of ISP's and registration companies to leave it and come back later.

Photogenic Memory
Photogenic Memory

I'm just kidding but really how can this be proved? Is it even worthy of mention once proved? Isn't it a business to predict these kinds of things for businesses and sell them as well? The Internet is rather predictable in a lot of ways. The themes of web pages are a reflection of the people who put them up whether it's family, friends, interests, business, sex, or whatever. These are easy themes to record and document. It doesn't take a whole lot of mental muscle to come to this conclusion. However what does take some brain juice is the ability to be creative and come up with something unique. If you can't do this then you have to rely on a businesses that provide this service for you. It's not a crime ( at least I don't think it is, right? ). It's kinda like automotive or plumbing? It's a service. I could have misunderstood. It's not the first. There is something interesting though about this article. Has the internet come to an end in a way? Since the author is concerned about domain names and their creation; what will the internet by like a another 5 years, hmmmm? Will the next revolution be a fully interactive web instead of static one? Will things like IPV6 expand on it? Since people's needs are mostly basic perhaps selling domains based on mass communication of ideals between people will shape human thought geography? Maybe a nation without borders theme? Anyways, who can predict the future? It's an open road.

Dr Dij
Dr Dij

information week guy wrote an article on this. it seems that at least one of the who is services is tapped either on purpose or by hackers. he showed that if you look up domains and they are available, some of the time they become quickly registered for 5 days (during which time if they are not contacted by the original potential buyer, they let it expire). My suggestion if you want a name you register it rather than look it up separately. and they need to do tests to track down the leaks on the sites.

Editor's Picks