A Specific Case Of Someone Spying On Domain Name WHOIS Lookups

In various domain name forums, there’s talk of parties looking up domain name availability searches and registering those that weren’t taken on the spot. This sort of thing has been softly talked about for a year or so, but is recently gathering steam.

It seems someone has looked into this and has pinpointed a specific party allegedly engaged in this seemingly “unethical” practice. I’m posting a link to the story I recently found:

http://www.eweek.com/article2/0,1895,1991365,00.asp

The author, Larry Seltzer, basically looked around based on whatever clues he found and was given. Eventually he came up with a conclusion that a group called “Chesterton Holdings” was somehow looking up domain name searches and registering them if they haven’t been taken.

Before I go on, I think I oughta recap some of my previous writings to give a heads up for those who just got in.

For .com domain names, domain registrars pay $6 to the VeriSign COM NET Registry for every registration, renewal, and transfer they accept within their systems. But they have a special “privilege” where they can request the Registry to cancel and delete the .com domain name registration and get a refund within 120 hours from its creation date and time.

However, others are seemingly taking it to a more extreme level: they’re now querying and reviewing domain name availability searches, and registering those who didn’t take them on the spot! Then they take advantage of the 120-hour period to see what results they’ll get, if any.

Those who didn’t get it and saw someone else has might contact them and ask if they’d be interested in selling the name. Those who did might eventually be told they’ll be sold anywhere from probably $500, $5,000, or $50,000!

It’s outrageous, of course.

Problem is, no one has absolute exclusive rights to a domain name at all until it’s registered to somebody. And some of these parties are taking advantage of that fact.

Currently only the Internet Corporation of Assigned Names and Numbers (http://www.icann.org/), the non-profit organization charged with overseeing the Domain Name System (DNS) and making sure domain registrars “toe the line”, is in a seeming position of authority to do something about this. Many people have already told ICANN about this on-going practice, but so far they haven’t said or done anything about it.

I can only hope ICANN’s board is discussing this and are just trying to come up with a resolution to address this. But I’m also expecting the worst they’ll just throw their hands up and say “we’re only technical coordinators, not legal luminaries”.

What makes this situation worse is someone will have to sue somebody in order for people to take notice. What laws are violated, though, is something a retained attorney is going to have to figure out based on what s/he can gather.

Going back to the article link above, Larry Seltzer reported a lady emailed her that the domain name she looked up but didn’t take was eventually registered to Chesterton Holdings. He dug around and learned a few things about them.

As Mr. Seltzer expected, the domain name in question eventually became available after a few days because it likely had few to no hits. He made about 3 domain name searches, and all 3 were eventually registered to Chesterton.

Mr. Seltzer fortunately captured screenshots and posted them. You can see those via the link below:

http://www.eweek.com/slideshow/0,1206,l=182949&s=25956&a=184028,00.asp

He eventually did a few more tests, although the results didn’t pan out. Essentially he tried to see if there’s a possibly discernible pattern on how Chesterton (or whoever) was able to “see” the results and grab them right away, but with little success.

Unfortunately this means it’ll be tough to trust any online search site, especially those of domain name registrars. Domain registrars can see what we’re looking up, but whether they’re logging them and using them is at their discretion.

If you’re expecting to “force” the domain registrar to promise they won’t log and maybe register the domain name you’re looking up, I’m sorry to say you’re wasting your time. No one’s forcing you to use their search service, and they have no legal agreements whatsoever to you unless they have some kind of privacy policy dealing with this subject.

One attorney I know gave an interesting analogy which I’ll paraphrase a bit: imagine I let you stay in my room to use my computer. While you’re typing and saving stuff in my computer, I stay hidden in my closet and watch what you’re doing.

Am I invading your privacy? Maybe.

Butit’s my room you’re on. I can do anything I want, can’t I?

I’m sure you get the driftand the implications this has for this sort of practice going on.

So until someone finally does something about this, we’re going to have to “defend ourselves”. To that end, I have 3 suggestions:

1. Make sure your computer is clean. You don’t want any “unwanted guests” like viruses and keyloggers (programs that log or record what you type on your keyboard) in your computer to potentially “feed” what you’re typing to someone else.

2. Once you see the domain name is available, be ready to grab it on the spot! As in have your credit card handy, make sure it’s in good standing, and don’t allow anything to distract you from registering it right away!

There should be no excuses as to why you shouldn’t grab it. Domain names are worth anywhere from $2.99 to $6.99 to $34.99, and their prices will remain the same in the next coming days.

3. Having your own Unix server/computer to lookup a domain name is a “safe” way to check. But if you really need to rely on web-based sites, at least one site I can recommend is http://www.iwhois.com/.

I use iwhois.com a lot myself. So far so good, I haven’t had any available domain name swiped.

In summary, you must be RAW (Ready, Able, and Willing) to register the domain name right away once you see it’s available. Don’t hesitate even for a moment, every second counts.