http://arstechnica.com/news.ars/pos...legations-with-domain-name-registrations.html
By Jacqui Cheng | Published: October 24, 2007 - 02:43PM CT The Internet Corporation for Assigned Names and Numbers (ICANN) has begun an investigation (PDF) into accusations that some insiders may be using inside information to collect data and purchase unregistered domain names that get a lot of DNS lookup requestsânonexistent domains that surfers frequently try to access. ICANN refers to the practice as "domain name front running," adding that itâalong with several registrars and intellectual property attorneysâhas received a number of complaints from registrants suggesting that such a thing has occurred. While the organization currently has no solid evidence on the matter as of yet, it feels that an investigation is warranted in order to nip in the bud any perceptions that the domain name industry is involved in unethical activity.
ICANN's Security and Stability Advisory Committee (SSAC) likens the practice to stock and commodity front running, which occurs when a broker makes a personal stock purchase based on inside information before fulfilling a client's order. An insider to one of the popular domain registrars can see which domain names are popular with visitors, even if they are not yet registered. That person can then register the domain, knowing how much traffic it could get before the general public does, with the intent to resell it at a profit later.
While the practice is illegal when it comes to stocks and commodities, it is much more cloudy when it comes to domain names. ICANN recognizes the lack of regulation covering this area and makes it clear that a stronger set of standards needs to be established. "ICANN's Registrar Accreditation Agreement and Registry Agreements do not expressly prohibit registrars and registries from monitoring and collecting WHOIS query of domain name availability query data and either selling this information or using it directly," writes the SSAC. "In the absence of an explicit prohibition, registrars might conclude that monitoring availability checks is appropriate behavior."
The SSAC report comes just a day after news leaked that Verisign, a major root name server operator, was considering selling access to select DNS server lookup data. DomainNameNews first broke the story, saying that sources had indicated the company would provide "lookup traffic" reports on specific domains. The sources also said that pricing for the service was not known, but that it could cost up to $1 million per request.
The SSAC is now calling for public discussion of the situation in hopes of gathering more data and coming up with standardized practices on how to manage it. The committee suggests that those involved with domain name registrations "examine the existing rules to determine if the practice of domain name front running is consistent with the core values of the community." If registrants continue to find what they consider to be evidence of the practice, SSAC requests that users submit incidents to [email protected] with as much information as possible, including specific details of domain name checks and copies of any correspondence with the believed to be engaged in domain front running.
By Jacqui Cheng | Published: October 24, 2007 - 02:43PM CT The Internet Corporation for Assigned Names and Numbers (ICANN) has begun an investigation (PDF) into accusations that some insiders may be using inside information to collect data and purchase unregistered domain names that get a lot of DNS lookup requestsânonexistent domains that surfers frequently try to access. ICANN refers to the practice as "domain name front running," adding that itâalong with several registrars and intellectual property attorneysâhas received a number of complaints from registrants suggesting that such a thing has occurred. While the organization currently has no solid evidence on the matter as of yet, it feels that an investigation is warranted in order to nip in the bud any perceptions that the domain name industry is involved in unethical activity.
ICANN's Security and Stability Advisory Committee (SSAC) likens the practice to stock and commodity front running, which occurs when a broker makes a personal stock purchase based on inside information before fulfilling a client's order. An insider to one of the popular domain registrars can see which domain names are popular with visitors, even if they are not yet registered. That person can then register the domain, knowing how much traffic it could get before the general public does, with the intent to resell it at a profit later.
While the practice is illegal when it comes to stocks and commodities, it is much more cloudy when it comes to domain names. ICANN recognizes the lack of regulation covering this area and makes it clear that a stronger set of standards needs to be established. "ICANN's Registrar Accreditation Agreement and Registry Agreements do not expressly prohibit registrars and registries from monitoring and collecting WHOIS query of domain name availability query data and either selling this information or using it directly," writes the SSAC. "In the absence of an explicit prohibition, registrars might conclude that monitoring availability checks is appropriate behavior."
The SSAC report comes just a day after news leaked that Verisign, a major root name server operator, was considering selling access to select DNS server lookup data. DomainNameNews first broke the story, saying that sources had indicated the company would provide "lookup traffic" reports on specific domains. The sources also said that pricing for the service was not known, but that it could cost up to $1 million per request.
The SSAC is now calling for public discussion of the situation in hopes of gathering more data and coming up with standardized practices on how to manage it. The committee suggests that those involved with domain name registrations "examine the existing rules to determine if the practice of domain name front running is consistent with the core values of the community." If registrants continue to find what they consider to be evidence of the practice, SSAC requests that users submit incidents to [email protected] with as much information as possible, including specific details of domain name checks and copies of any correspondence with the believed to be engaged in domain front running.
