Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

NSI Registers Every Domain Checked

Posted by kdawson on Tue Jan 08, 2008 02:31 PM
from the that's-why-they-are-the-front-runner dept.
The Internet
An anonymous reader writes "In a developing story, registrar Network Solutions has been caught front-running domain names. Any domain names searched via NSI's whois are being immediately purchased by the registrar, thereby preventing a registrant from purchasing the domain at any other registrar. There are multiple reports of this practice over at DomainState.com." Update: 01/09 01:58 GMT by KD : shashib writes to let us know that NSI has issued a response to the accusations of front running.
+ -
story

Related Stories

Submission: Network Solutions registers every domain checked by Anonymous Coward
[+] ICANN Moves To Disable Domain Tasting 137 comments
jehnx writes "Following Google's crackdown on 'domain tasters', ICANN has voted unanimously to eliminate the free period that many domain buyers have been taking advantage of. At the same meeting they also discussed Network Solutions' front running but took no action on it."
[+] Technology: ICANN to Add Anti Front Running Charge? 63 comments
shashib writes to tell us that ICANN is considering a new $0.20 per-transaction fee for large numbers of domain registrations in order to curtail domain tasting abuse. Network Solutions, previously accused of front-running, is offering their support of the new approach and promises to remove the security measures that caused such a commotion back in January. "Because of the prevalence of these practices, earlier this year Network Solutions enacted an opt-in domain protection measure for our customers that reserves available domains for four days. If ICANN adopts the anti-tasting provision, Network Solutions will feel safe in discontinuing its service since the non-refundable fee will deflate domain taster's profits and provide a substantial blow to front runners who use and sell search data for tasting purposes."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

NSI Registers Every Domain Checked 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Any way to... (Score:5, Interesting)

    by Jaysyn (203771) <jaysyn+slashdot@gmai[ ]om ['l.c' in gap]> on Tuesday January 08 2008, @02:33PM (#21958374) Homepage Journal
    ...automate requests with a dictionary? Make them bankrupt themselves purchasing bogus domains?

    • Re:Any way to... (Score:5, Funny)

      by Shakrai (717556) * on Tuesday January 08 2008, @02:36PM (#21958430) Journal

      I was just about to post that ;) Best idea ever.... quoting this [domainstate.com] from DomainState.com: someone could totally script this and run there credit through the roof with the registry hahahahaha.

      Assuming it costs them SOMETHING (even pennies) to register a domain with the central registry then I think this is an absolutely awesome idea. I'll run such a script if someone writes it. In fact maybe I'll write one myself, because screwing over NSI sounds like a much better way to spend my afternoon then doing anything productive ;)

      • Re:Any way to... (Score:5, Funny)

        by Anonymous Coward on Tuesday January 08 2008, @02:40PM (#21958510)
        In fact maybe I'll write one myself, because screwing over NSI sounds like a much better way to spend my afternoon then doing anything productive ;)

        You must work for the government.

      • Re:Any way to... (Score:5, Funny)

        by kmac06 (608921) on Tuesday January 08 2008, @02:51PM (#21958740)
        Screwing over NSI is productive!

      • Re:Any way to... (Score:5, Funny)

        by Mr. Underbridge (666784) on Tuesday January 08 2008, @03:11PM (#21959134)

        Assuming it costs them SOMETHING (even pennies) to register a domain with the central registry then I think this is an absolutely awesome idea. I'll run such a script if someone writes it. In fact maybe I'll write one myself, because screwing over NSI sounds like a much better way to spend my afternoon then doing anything productive ;)

        If you can't write that in under three lines in the scripting language of your choice, you officially lose your nerd card. ;)

      • Re:Any way to... (Score:5, Informative)

        by djtack (545324) on Tuesday January 08 2008, @03:13PM (#21959154)
        Here ya go... One thing, I noticed NSI stops registering domains after about 50 or so.

        #!/usr/bin/perl

        $count = $ARGV[0] || 8;
        @charlist = (A .. Z, a .. z, 0 .. 9);

        while (1) {
        my $domain = "";
        foreach $i (1 .. $count) {

        $word = `dd bs=1 count=4 if=/dev/random 2> /dev/null`;

        $number = unpack I1, $word;
        $number = $number / 2**32;
        $number *= scalar @charlist;
        $number = int $number;

        $domain .= $charlist[$number];
        }

        print `whois -h whois.networksolutions.com $domain.com`;
        sleep 2;
        }

        • Re:Any way to... (Score:5, Informative)

          by Serious Callers Only (1022605) on Tuesday January 08 2008, @03:49PM (#21959792)
          Or if you prefer Ruby...

          #!/usr/bin/env ruby -w
          require 'rubygems'
          require "mechanize"
           
          search_form = WWW::Mechanize.new.get("http://www.networksolutions.com/").forms.first
          search_field = search_form.fields.name("domainNames").first
          1.upto 10 do |i|
            puts search_field.value = "netsol-sucks-#{'x'*i}.com"
            search_form.submit
          end

        • Re:Any way to... (Score:5, Informative)

          by Anonymous Coward on Tuesday January 08 2008, @04:25PM (#21960436)
          Just tried 3 domain names. The 1st and 3rd domain name, I used their website search feature. They snagged those 2 up quick. The second domain I searched, I did a "whois -h whois.networksolutions.com ..." and they did not snatch up that domain name. Apparently, they are only snatching searched made through their website interface.

      • Re:Any way to... (Score:5, Informative)

        by wdr1 (31310) * <[email protected] minus physicist> on Tuesday January 08 2008, @04:56PM (#21960958) Homepage Journal
        You both missed a very key point: they're not paying these domains.

        The simply reserve them using a registrar's 5 day grace period & if nobody buys the domain from Network Solution for 5 days, they simply release the reserve. I.e., it's available again to the general public.

        It's something a registrar can do, that you & I can't. Basically, a loophole that a few trusted companies in the system are exploiting for profit.

        This came up a big back when a registrar would "try" domains, to see if the type-in traffic made more than the cost of registering. (E.g., by using Google's DomainPark [google.com] for Domain Squatters.)

        The President of GoDaddy wrote about it a little over a year ago:

        http://www.bobparsons.com/DomainKiting.html [bobparsons.com].

        One registrar in particular, DirectNIC, "registered" 8.4 million domains but only permanently registered -- i.e. paid for -- 51,400.

        Overall, I'm with you in spirit of screwing bastards like this over, but it seems the only way to do so is close the loophole in the system.

        -Bill

    • Re:Any way to... (Score:5, Informative)

      by ergo98 (9391) on Tuesday January 08 2008, @02:39PM (#21958500) Homepage Journal

      Make them bankrupt themselves purchasing bogus domains?

      I doubt they're making any financial commitment "purchasing" these domains. They're simply putting in a database record, and then removing it within the 5-day grace period (thus removing any liability to any other registrars).

      • Network Solutions' Response (Score:5, Informative)

        by linumax (910946) on Tuesday January 08 2008, @04:32PM (#21960588)
        Found it here [domainnamewire.com].

        "This is a customer protection measure to protect customers from frontrunners," said Wade. "After four days, we release the domain." According to Wade, Network Solutions instituted this program as a test over the past few weeks. I asked if Network Solutions is actually acting as a frontrunner by doing this and she said there's a distinction. First, they are not monetizing the domains. Second, they have no intention of keeping the domains. All domains are released after the four day period.
        IMHO, bullshit.

          • Re:Network Solutions' Response (Score:5, Insightful)

            by Jafafa Hots (580169) on Tuesday January 08 2008, @05:41PM (#21961770) Homepage Journal
            Its a lie. if you check Ihaveabigprick.com and its available, 2 days later Joe Schmoe from Poughkeepsie can come along and register it, provided he does it at NetSol. It will show up as unavailable elsewhere, but available at NetSol.

            So, this does nothing to protect you from having your domain registered out from under you provided the other person uses NetSol. The only one it protects is NetSol from having you decide to register it elsewhere with a registrar who doesn't charge NetSol's ripoff price. It's a "feature" solely to benefit NetSol at the EXPENSE of everyone else. Slimy fuckers that they have always been.

        • Re:Any way to... (Score:5, Insightful)

          by misleb (129952) on Tuesday January 08 2008, @02:57PM (#21958834)

          if enough people are scripting bogus names,
          perhaps their database and/or db server will choke.
          THAT will cost them money to bring back online.


          Yeah, but then you'd be arrested as a "terrorist."

          -matthew

    • Re:Any way to... (Score:5, Insightful)

      by glpierce (731733) on Tuesday January 08 2008, @02:47PM (#21958652) Homepage
      They won't lose any money (that's the whole point of "tasting", isn't it?), but that doesn't mean it wouldn't hurt them. If someone made a script that would search for every possible domain (up to say, 50 characters in length), no other registrar would be able to sell anything. There are enough competitors with enough money and enough at stake to pressure ICANN to take action if that happened. They could also theoretically sue NSI for attempting to create a monopoly (I assume there's some law it would break). Of course, that assumes that NSI doesn't pull the plug quickly enough.

    • Re:Any way to... (Score:5, Funny)

      by Sloppy (14984) on Tuesday January 08 2008, @03:12PM (#21959142) Homepage Journal
      Make them bankrupt themselves in court. Instead of random names, use a dictionary of trademarks, politician's names, law firm names, etc. Get Network Solutions to register authenticdisneymerchandise.com, applemultimediacomputers.com, deweycheathamandhowelimited.com, advicefrommichaelmukasey.org, etc. Then write a letter of appreciation to Disney, about how grateful you are that they're selling Mickey Mouse porn so cheaply.

    • Re:Any way to... (Score:5, Insightful)

      by LithiumX (717017) on Tuesday January 08 2008, @03:17PM (#21959254)
      I was thinking more along the lines of trademark infringement. Something that would never go to court, but would result in a pretty quick C&D letter from a number of companies who are uncomfortable with their name being auto-registered on a whim.

      I did verify that you have to initiate a purchase before they auto-register. If you simply do a search, they don't do anything (that I can see), but if you click on "Add Domains to Order", it shows up on a general whois a few seconds later, allocated for a year.

      My question is... how long do they keep it? If they were to drop it after say, a few hours... even a few days... I'd consider it a dangerously abuseable practice but little worse. If they keep it any longer than that, it's a few steps shy of a domain hijack.

      Seriously, I think it's just meant to be a service, but I don't see how it offers any kind of service if they allow others to waltz in and register these names themselves (which it sounds like they do, judging from posts on DomainState).

    • Re:Any way to... (Score:5, Insightful)

      by UsualDosage (922364) on Tuesday January 08 2008, @03:28PM (#21959440) Homepage

      I think the rationale behind this isn't entirely malicious. Consider the fact that domains are valuable property. If you were in the process of buying a domain, and had to take the time to fill our user information, credit card information and all of the textboxes that they make you fill out (particularly if you are a first time user), there is a good chance that someone from another registrar could snatch the domain out from under you simply because they were a faster typer, or had previously registered. In this way, if you do a WHOIS search with NSI, the name is locked for a short time to allow you to complete your transaction, and to disallow anyone else who may be following in your tracks to buy you your name before you can.

      It makes sense, and I'm frankly surprised that no one hasn't noticed this before. I for one am glad that someone peeking over my shoulder can buy a domain from their iPhone before I can finish clicking "buy".

      • Re:Any way to... (Score:5, Funny)

        by Anonymous Coward on Tuesday January 08 2008, @02:36PM (#21958442)

        uselessdomain00001.com
        uselessdomain00002.com
        uselessdomain00003.com
        uselessdomain00004.com...


        too subtle

        FuckYouNSI00001.com
        FuckYouNSI00002.com
        FuckYouNSI00003.com
        FuckYouNSI00004.com...

      • Re:Any way to... (Score:5, Funny)

        by SnapperHead (178050) on Tuesday January 08 2008, @03:41PM (#21959678) Homepage Journal
        Domain Name: USELESSDOMAIN00001.COM
              Registrar: NETWORK SOLUTIONS, LLC.
              Whois Server: whois.networksolutions.com
              Referral URL: http://www.networksolutions.com/ [networksolutions.com]
              Name Server: NS1.RESERVEDDOMAINNAME.COM
              Name Server: NS2.RESERVEDDOMAINNAME.COM
              Status: ok
              Updated Date: 08-jan-2008
              Creation Date: 08-jan-2008
              Expiration Date: 08-jan-2009

        Nice, how nice

  • Time for it to go (Score:5, Insightful)

    by Spazmania (174582) on Tuesday January 08 2008, @02:37PM (#21958480) Homepage
    I'm sorry, but its simply time for free domain tasting to go. It costs something like $6 at the back end to register a domain for one year and its a hardship on no legitimate use if they have to pay another $6 to correct a typo.

  • Well, they're now the proud owners of (Score:5, Funny)

    by Malevolent Tester (1201209) * on Tuesday January 08 2008, @02:38PM (#21958492) Journal
    network-solutions-hates-non-whites.com
    our-ceo-jacks-off-to-goatse.com
    batman-touched-my-junk-liberally.com

  • Don't use WHOIS (Score:5, Interesting)

    by Antibozo (410516) on Tuesday January 08 2008, @02:44PM (#21958576) Homepage

    Whether it's NSI or some other registrar doing it, this has been a known issue for a long time. The solution is not to use WHOIS. Instead follow DNS from the root and see if it goes anywhere. E.g.:

    dig the-domain-you-want.com. +trace

  • ICANN to the rescue! (Score:5, Funny)

    by EllynGeek (824747) on Tuesday January 08 2008, @02:44PM (#21958588)
    Don't worry, ICANN will fix everything and make it right!

    I slay me.

  • Yes, another confirmation. (Score:5, Insightful)

    by Animats (122034) on Tuesday January 08 2008, @03:35PM (#21959576) Homepage

    Just looked up Network-solutions-antitrust-violation-demo.com [network-so...n-demo.com]. and Network Solutions registered it.

    Time for ICANN to issue a policy under the registrar agreement [icann.org] to enforce section 3.7.9: "Registrar shall abide by any ICANN adopted specifications or policies prohibiting or restricting warehousing of or speculation in domain names by registrars."

  • PR response from NSI (Score:5, Informative)

    by vmxeo (173325) on Tuesday January 08 2008, @03:58PM (#21959930) Homepage Journal

    Domain Name Wire [domainnamewire.com] has posted a response from NSI's PR department. Here's the relevent quote from NSI:

    I just got off the phone with Susan Wade, who heads PR for Network Solutions. "This is a customer protection measure to protect customers from frontrunners," said Wade. "After four days, we release the domain." According to Wade, Network Solutions instituted this program as a test over the past few weeks. I asked if Network Solutions is actually acting as a frontrunner by doing this and she said there's a distinction. First, they are not monetizing the domains. Second, they have no intention of keeping the domains. All domains are released after the four day period.

    Translation: So if anyone else does it, it's bad, because they're domain front-running. But when we do it's it's ok, because, uh, we say so. No, really!

  • Call for more info (Score:5, Interesting)

    by Dan East (318230) on Tuesday January 08 2008, @04:07PM (#21960072) Homepage
    I checked an obscure domain name through them in the last several days and it was available. Lo and behold, it is now registered. I will be calling their support line at 1.888.642.9675, and / or their technical support line at 1.866.391.HELP to figure out what is going on.

    I sure hope I don't take up too much of their time, because 1-800 minutes aren't cheap for them, neither is tying up their support personnel. However, if you're curious about these practices, you might want to speak with them yourself - it's your right after all.

  • ICANN SSAC looking for input on front running (Score:5, Informative)

    by vmxeo (173325) on Tuesday January 08 2008, @05:25PM (#21961484) Homepage Journal

    Just found this in the ICANN Front-running paper [icann.org]. Note the contact email at the end...

    For each instance of suspected domain name front running, the type of information that would be most useful in studying the case includes but is not limited to:

    Method used to check domain name availability (e.g., web browser, application).

    Local access ISP.

    Provider or operator of the availability checking service.

    Dates and times when domain name availability checks were performed.

    Copy of the information returned (e.g., WHOIS query response) in the response to the availability check.

    Whether the domain name was reported as previously registered or never before registered in the response returned from the availability check.

    Copy of the information returned (e.g., WHOIS query response) indicating the name had been registered.

    Copies of any correspondence sent to or received from the registrant perceived to be a front runner.

    Correspondence with the registrar or availability checking service.

    Any information indicating a potential relationship between the availability checking service and the registrant that grabbed the name.

    Please submit incidents to the SSAC Fellow at [email protected] [mailto].

  • Clarification from Network Solutions (Score:5, Funny)

    by shashib (1167725) on Tuesday January 08 2008, @06:14PM (#21962206) Homepage
    Hi my name is Shashi Bellamkonda and I work for Network Solutions. Aprreciate the opportunity to clarify. Here is a response on Circleid http://www.circleid.com/posts/81082_network_solutions_front_running/ [circleid.com]. Network Solutions is not front running. We've implemented a customer protection measure to help defend our customers against the actions of "front runners" or those persons who register domain names known to have been searched, for the purpose of monetizing them and then selling them at inflated prices either directly to the customer who searched for the domain or through aftermarket channels. The protection measure holds the searched domains at Network Solutions for up to 4 days so customers can take the time to decide whether registration of the domain name will help them build and protect their brand. Network Solutions is not registering these names at the end of the reservation period with the hope of selling them in the secondary market. Likewise, we're not placing any advertisements on these domains to monetize their traffic while they are in the reservation period.

    • Re:Clarification from Network Solutions (Score:5, Insightful)

      by Antibozo (410516) on Tuesday January 08 2008, @06:25PM (#21962326) Homepage

      On the contrary, Network Solutions is effectively monetizing the domains by forcing buyers to purchase them at Network Solutions' inflated prices.

      Furthermore, this concept of protection would only make sense if you thought consumers were searching for a domain both on Network Solutions' lookup system and on that of an another unethical competitor. But why would consumers do that? One lookup is sufficient, and by definition, you know that one lookup occurred on your site, so it's already unlikely that a competitor will have the opportunity. The notion that you're protecting anyone doesn't wash.

  • These domains are hosted on a wildcard DNS (Score:5, Insightful)

    by kindbud (90044) on Tuesday January 08 2008, @08:24PM (#21963622) Homepage
    Oh brother! Another wildcard DNS server (not even RFC compliant, it returns a CNAME for every query, with no glue and no SOA, even when asked explicitly). These domains are parked on ns1. and ns2.reserveddomainname.com. All a spammer needs to do is search NSI for a domain, and it begins to resolve and can be used to spam.

    The following domains are installed on my anti-spam relays' caching nameservers as empty stub zones. It prevents my anti-spam relays from resolving any domains hosted on nameservers that live in these zones. It accounts for a very large percentage of blocked spam on my systems, and I recommend mail admins start blocking domains hosted on wildcard DNS servers. It's quick, easy, painless, and your content filter will thank you for easing its workload (if it could talk and had emotions, that is).

    cheap-dns-host.com
    domainservice.com
    fastpark.net
    namesdiscount24.net
    name-services.com
    names-service.com
    parked.com
    parkingsave.net
    reserveddomainname.com
    versans1.com
    versans2.com
    versans3.com
    versans4.com
    versans.com
                                                                             

    • Re:weren't we just complaining a few weeks ago.. (Score:5, Insightful)

      by quantaman (517394) on Tuesday January 08 2008, @05:41PM (#21961756)

      ...about domains being tasted by spammers etc. that then would try to sell them to you at inflated costs?

      In some ways this is a lot better, so if I have an idea for a domain, go register it at NSI, get sidetracked, go back the next day, the domain would still be available and not stolen by somebody sniffing the whois traffic etc.

      As long as network solutions is upfront with this practise I think it could definitely be spun as a positive vs a negative (check a domain here and you can be sure that you'll be able to register it for up to 5 days after, instead of risking it being stolen or held for ransom).
      Except if that is their intentions they're not doing it properly. After you perform the search they have a button "Add Domains To Order", that would signify the intention to purchase the domain, but NSI has already purchased it at that point. Or if they're actually concerned about sniffing packets they could taste it for only an hour or so until the user progresses further.

      Here's a test, try searching for a domain from one IP, then try going through the purchase process from another IP. How much do you wanna bet that NSI is more than happy to sell the domain to the different IP? Heck if two different people both have accounts have them search a domain name with one then step through the purchase with another, even with two conclusively different entities I'm sure they'll be happy to take the sale. Note there's no reason a spammer couldn't sniff the domain you searched for, then purchase it from NSI. If NSI doesn't restrict the purchase to the person who made the search they've done absolutely nothing to stop sniffers from stealing domains.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2010 Geeknet, Inc.