CircleID

Wouldn't this be the way to go for a phishing domain, at least if you were ready with an e-mail burst when the registration goes through? Has anyone correlated that data yet?

Larry,

This could possible used for phising and spamming, yes. But since this would either require the originator to be an ICANN accredited registrar or a reseller of a registrar who passes on this is ability to delete the names for a refund.

However this type of accreditation would probably also make the originator easier to track down, which is certainly not in their best interest. Also whoever is involved in this would be putting their ICANN accreditation on the line, which isn't that cheap to obtain in the first place.

My guesstimate would be that if you were to check the lists of those tested names for 'phishing' names you would most likely find some of them being tested for traffic, but not being used for phising any more, simply because those names would now have been picked up by someone else in order to see if they can be monetized.

For the 'phishers' themselves it does not seem like an option they would want to pursue - it's probably just much easier to register a name somewhere else. Most of the times they probably use stolen credit cards to pay for those names.

/Frank

There are several points to be highlighted.

I touched on these issues in my recent blog entry - Internet Gambling, The ICANN Way: Using Someone Else's Wallet at http://www.cavebear.com/cbblog-archives/000239.html.  I also commented on it in another entry entitled It's Time To Eliminate ICANN's "Add Grace" Period at http://www.cavebear.com/cbblog-archives/000231.html.

The particular contractual provision that all of this hangs upon is something called "Add Grace".  The definition can be found in ICANN's registry contracts.

When grace periods came before the ICANN Board of Directors the only form of grace period was the "Redemption Grace" to allow customers who missed the renewal date to have a chance to recover.

The idea of an up-front 5 day period was never raised, much less discussed, at the board level.  So what we have here is the pure creation of ICANN's staff.

Now, we have recently seen how ICANN and Verisign justified the outrageous increase in registration fees for .com on an incoate and unproven assertion that this fee is somehow related to registry costs incurred by Verisign.

But as we see by these "tasting" numbers, the average Joe who is acquiring a domain name for a year or more is carrying the registration expenses for several hundred speculative acquisitions, and releases.

A simple calculation leads to the conclusion that had ICANN properly counted transactions and costs that the registry fee in the ICANN-Verisign agreement should be on the order of $0.02 rather than $7.00.

Another simple calculation leads to the conclusion that ICANN, by allowing this "tasting" system to exist, is ripping-off the community of internet users to the tune of several hundred million dollars per year in order to subsidize speculators.

Another aspect that should be mentioned is that many, perhaps most, registrars have terms in their contracts that allow them to engage in this kind of "tasting" for names that their customers fail to renew.

The Add Grace period is supposed to occur at the start of new registrations not ones that registrars continue for their own use after the real customer has gone away.  So there is a real question whether there is a valid legal foundation for this practice, at least with regard to relinquished names.

The definition of Add Grace does allow the registry to charge real money to those who engage in this practice.  As far as I have been able to tell no registry does require a payment.

Every name registration, whether for a long term for for five days or less involves a registration transaction and a delete transaction.  There is also a per-diem carrying cost to the registry but since we are talking about roughly 200 bytes in a database that cost is virtually nil.  What this all means is that from the registry point of view the cost of processing a 5 day "add grace" add/drop transaction pair is virtually the same as processing a multi-year standard registration.

ICANN should do one of two things:

Eradicate this practice.  Or require that even for "add grace" registrations that the registrant pay the entire registry fee, and that fee be non-recoverable.

And then ICANN should adjust the registry fees charged by registries so that they reflect actual, auditable costs.

An example of what competition in TLDs can do: We only charge $5.95/year for domain registration. When you have a world (the Inclusive Namespace) that has 15,000-20,000 TLDs, all of which can determine their own business models, pricing competition is very brisk, which is good for the consumer. There is no excuse for the artificial scarcity the ICANN imposes