Sections:
Home |
Featured Blogs |
News Briefs |
Industry Updates |
Topics |
Community
RSS Feeds, Email Updates, Mobile Edition and More: CircleID Extras
About: About CircleID | Media Coverage | CircleID Blog | Contact | Advertising Programs
Terms & Policies: Codes of Conduct | Privacy Policy | Terms of Use
RSS Feeds, Email Updates, Mobile Edition and More: CircleID Extras
About: About CircleID | Media Coverage | CircleID Blog | Contact | Advertising Programs
Terms & Policies: Codes of Conduct | Privacy Policy | Terms of Use
Copyright © 2002-2008 CircleID.
Iomemo Inc.
All rights reserved unless where otherwise noted.
Local Time: Tuesday, December 02, 2008 12:29 AM PST – Page Load: 0.2975 Sec.
Local Time: Tuesday, December 02, 2008 12:29 AM PST – Page Load: 0.2975 Sec.
Sure, restocking fee increases, reduction / elimination of the AGP will do a lot to blow a hole in kiting (and hell, in domaining as well.. and 'tis a consummation devoutly to be wished).
But you really shouldnt be putting a hold on searched for domains. Even if you dont monetize them during that hold period as your press release states.
There are other people who might want the domain. And there are ways to discourage kiters .. rate limiting bulk signups, or simply refusing to do business with egregious kiters.
Oh, and a registrar best practice code - that you can implement well before ICANN moves on this, that has all that a good registrar would do, so that they dont attract kiting, domaining (as well as other stuff, such as spammer / bot domains)
I cannot understand the position of so many bloggers and journalists who handle the domain kiting issue with such kid gloves. They are too nice. Why don't they just call it what it is? Probably because they're not digging deep enough.
In testing the links found on many spamvertised "kited" domains, the links seem legitimate. Google sees them as valid search queries. Clicking results in a target of another seemingly legit domain. However that will redirect to a phishing, illegal drug, enhancement or other criminal activity. Don't underestimate their prowess, they're two steps ahead of Google and four steps ahead of ICANN.
We've tracked and analyzed spam phishing and malware email for years. Since March we've been monitoring groups of target spamvertised domains and finding "tasted" domains in wide use for criminal intent. Some days, across thousands of spamvertised domains we would see collections of kited domains with just the last letter changed. So, there might be a stack of several hundred domains, alpha sort, like "adigioa.com", "adigiob.com", "adigioc.com", "adigiod.com"—all with the exact same spam message.
Another practice employed by crime rings is to utilize kited domain collections as redirects—A redirects to B, to C; then later B redirects to A, to C, and so forth. Most telling is the fact that within five days, the domains are no longer in the spam files—yet appear again in the same configuration, for the same criminals after the 7th day.
See editorial:
Crime gets a free ride from ICANN
One only has to read the recent Knujon report on "Rogue" registrars to find that there is sufficient reason to suspect ICANN is aiding and abetting the criminal element in allowing such registrars to even get a license.
Go to: www.knujon.com/news.html
and scroll down to "70 Registrars are in mystery locations"
While you're there you'll see another eye-opener where it's revealed that ICANN actually releases kited domains BACK to criminal owners after the domains were identified and suspended for SQL attacks.
Why would ICANN suspend blocks of domains after being clearly identified as cybercrime activities - and then at the end of the "tasting" give them BACK to the SAME owners? Does that make sense? NO. That's another reason to suspect complicity.
FRONTRUNNING
We've been fiercely opposed to frontrunning since the early days when fees for domains were first implemented. What's interesting though is in those days we didn't call it frontrunning—we called it hijacking—and it wasn't a "nice" thing.
For years NetworkSolutions and other registrars have "allowed" domain searches to be "leaked" and the domain purchased out from under the searcher. The purchaser comes back later to "offer" the domain to the searcher for thousands of dollars. Don't laugh, it's happened to me on a number of occassions.
It has happened to us so many times, in fact, that we adopted the policy of not searching unless we fully intended to buy the domain on the spot. And the "Tasting" feature was NEVER mentioned—NEVER available to the public. Why?
What was most disturbing is the fact that those names were particular to a specific business—but the domain would be purchased by an entity in some other location or even a foreign country. Why would a Chinese individual want to purchase a name that applied to a business in the U.S.?
We've suspected all along that registrars (like NetSol) were intentionally leaking (selling) those domains, or access to the searched-for names to hijackers specifically for squatting. But don't think for a minute that this is something new. Network Solutions is only now candy-coating the practice because the unpopularity of Domain Tasting threatens to give them a black-eye.
This has gotten long enough. Sorry. But MORE should be said.
Respectfully
SafeNetting
Or it's probably because we still can't agree on what it is. ICANN adopted Nominet's definition which Network Solutions' appears to jive with, but others are taking it farther.
Not that anyone's required to agree with, anyway, although we can agree domain front running, kiting, whatever has caused considerable problems.
Your press release summary states “Network Solutions has long called for a fee-based solution to eliminate the related abuses of domain name ‘tasting’.”
There is at least one attempt at Comparing Solutions to Repugnant Domain Tasting. Perhaps you have made your analysis public elsewhere.
It would be valuable for the community to understand your underlying rationale:
(a) Why is the fixed fee-based solution best?
(b) Why is 10% best? Why not, say, 5% or 20%?
As you say in your paper ..
After Registration Solutions:
1. Making the ICANN transaction fee (currently $0.20 per year) nonrefundable to names deleted during the registration grace period.[7]
2. Charging a fee for excessive deletions.[8]
These two will get rid of all of domain tasting, kiting, IP tasting, whatever else. Simple and effective. And accomplishes something that should have happened a long time back - a business model based on exploiting a loophole called the AGP that shouldnt ever have come into being in the first place.
The 20-cents policy is a joke.
Looking at the realistic implications of domain tasting, and motives for sampling large numbers of domains, then refusing large numbers of domains, only to pick them up again—the 20-cent charge is ludicrous. Either ICANN isn't very intelligent, or there is an ulterior motive they're not sharing. (Suspected below, keep reading.)
Scenario #1: "THE LEGITIMATE TASTER"
-------------------------------------------
How many domains does a legitimate "taster" need to taste?
Logically, that number should be fairly small.
Let's say he tastes 1,000 domains and gives 999 back.
That's a $199 fee—which is nothing. (Laughable)
They can continue to churn and churn thousands of domains until doomsday.
Which is counter to the purpose for the fee.
Scenario #2: "THE CYBERCRIME TASTER"
-------------------------------------------
Online crime most likely wants to taste as many as they possibly can, since their primary motivation is launching automated phishing or illegal drug pages for just a few days, then close them down and disappear scott-free.
So they 'taste' 10,000 domains—then send 25,000,000 spams
(It's proven that if they are going to get a response at all from spam, it will happen in the first 24 to 36 hours.)
On day 5 they give them all back and pay their $2,000. (Laughable)
Lets say they get click-through of just one-half of a percent of their spam barrage, that's 125,000 captures. Let's say it's an illegal drug vendor, and they're getting 5-cents per click to the Canadian pharmacy— that's $6,250—at 3-cents per click, that's $3,750—enough to laugh in ICANN's face.
Say they do this three times a month, netting roughy $11,250.00 - but pay ICANN only $6,000 for returned domains—a nifty month's profit of $5,250.
If the 25,000,000 spams happen to be phishing spams—and they net even one-hundredth of a percent return—that could mean hundreds of thousands of dollars profit (stolen credit cards and identities)—so again, they laugh at ICANN.
So to organized internet crime, the 20-cents is just another cost of doing business. (They're laughing at ICANN, and YOU and ME!)
Scenario #3: "CHARGE WHAT EVERYBODY ELSE PAYS"
---------------------------------------------
SO the taster must pay $5.00 for each domain, and may NOT return them.
The legitimate taster pays $5,000, and enjoys Google ads for a full year, which can net over $10,000. Fair deal, double their money. Everyone's happy. (Nobody gets rich except Google!)
Organized crime cartels and rogue registrars on the other hand, will have to pay $50,000 for those domains—still not a big hit for online crime. (Except, charges for 50-grand have a way of calling attention to themselves!) The problem to the criminals is they have those domains for a year, which is NOT what they want. It makes them vulnerable. They succeed by disappearing within 48 hours. (The average life span of a phishing site is 36 to 48 hours after the first spam is received by authorities.)
Some crime rings "taste" as many as 100,000 domains at a time. That would saddle them with a half-million ($500,000) in up-front costs, and they probably won't do that.
So THIS scenario effectively eliminates criminal participation in tasting.
MORAL OF THE STORY
------------------
Proposing a 20-cent "restocking" fee for returned domains is very clear indication that ICANN is (either unintentionally or intentionally) complicit with organized crime, or other not-so-honorable players. (Why would they make a decision so blatantly in favor of organized online crime? Why would they release domains BACK to rogue registrars and owners who are identified as involved in criminal activities? Something doesn't smell quite right.)
A one-dollar ($1) fee is more realistic, and a five-dollar ($5) would be better.
Legitimate tasters have a plan and a goal. To them, even $5 would be justifiable—the downside would be they are forced to fine-tune their strategy and run tasting cycles with real purpose on smaller numbers of domains in order to justify the cost.
Everyone would get more honest, unscrupulous tasters would be forced out, and ICANN would raise enough money to institute some better policy enforcement.
BOTTOM LINE
-----------
1) Tasting should be eliminated all together.
. . . tasting is totally unnecessary, if they want a domain, let them buy it.
2) Domains should be charged at uniform rates.
. . . if YOU pay $5, then I should pay $5
3) ICANN must CLOSE all ROGUE registrars, who are not in compliance with ICANN's own regulations. Period. (This one is not arguable!)
4) ICANN must be reorganized to facilitate faster actions for law enforcement.
I personally believe ICANN needs to be pulled in for an investigation and audit. There's too much highly suspicious activity going on to be purely coincidental.
The 20-cents policy is a joke.
The only people it seems to be making happy is ICANN and the media.