idn phishing domains on auction

[Bramiozo]

To any Sedo representative,

on january 18 the name f�*sh.com sold for $5400, now since the auction listing had no mentioning of the fact that it is an idn name and since the name is very similar to it's full ascii-counterpart I think it was only reasonable to make the bidders aware of it's nature. This did not happen and eventually someone bought this rather useless name for quite a bit of money.
It is important to note that a significant amount of ascii-investors are still in the dark on idn's, so any notice on this might help to educate the ignorant.
Also, the name f�*sh is not an actual native term, when I search for "f�*sh" it gives me details on the sedo-auction on the first page and it doesn't translate into anything using general translation engines.

These are suspicious idn's currently being auctioned ;

f�*rm.com

�*t.com

Although there are normal idn's being auctioned (german mostly) who do not raise any suspicion I think it is only reasonable that with all idn's from latin scripts a notice is put up as to their nature. If the bidder is aware of it's nature in the first place it won't scare him of and if he's not well then he is warned and educated.

Obviously most non-latin scripts should speak for themselves, but notices should also be put up for certain mixed character domains, cyrillic/latin for instance but also short cyrillic domains since they can be fully similar in presentation to their implied ascii-counterparts.

All in all, I think that measures should be taken, on the one hand, as I said, in terms of notices and on the other hand it shouldn't be just in the users' hands whether or not phishing domains are flagged as such, please;
- put up notices for latin/cyrillic and fully cyrillic scripts
- in any case, place some sort of warning button in the auction description, if a user identifies a name as a phishing domain, sedo can be notified effectively
IF you allocate some resources for this purpose; you would only need 1 person who screens the phishing warnings on a regular basis and corresponds with the seller/bidder.

Also, I sent you guys an email with regard to f�*sh.com prior to the sale, what happened to that ?

 

[mvl]

I mentioned the f�*sh.com sale on a Dutch domainers forum because I think it is misleading not to tell potential buyers this is in fact an IDN name. It is very strange Sedo mentions it on the normal listing pages, but as soon as a domain is in auction, this important part of the domain description suddenly disappears. According to Sedo it is the buyers responsibility to investigate all the details before bidding. My response to that was that this is true but does not mean Sedo has no responsibility.

The buyer has the responsibility to investigate, but the marketplace (Sedo) has the responsibility to inform us properly.

 

[Rubber Duck]

It is also very difficult to explain the problem when this platform is not displaying the scripts properly. DNFs need to get this sorted out to maintain credibility. There are no problems of this nature at IDNFs or DNL, and I am not aware of them at ND. Even the TRAFFICS platform seemed to handle them OK, and I am fairly sure zero effort went in their to achieve that!

 

[mvl]

It is also very difficult to explain the problem when this platform is not displaying the scripts properly.
...

To make things clearer: we are talking about this domain ( xn--fsh-rma.com )

The standard landing page shows the true nature of this domain, but as soon as a domain is in auction that information disappears.

 

[domainah]

You know what I saw that too, and I thought in this case its really Sedo's responsibilty as well to point out its an IDN domain like TDNAM does it.., these things will only result in cancelled transactions and the original seller trying to press charges because his scam didnt work..just watch...

 

[Bramiozo]

It would be nice if someone from sedo can take responsibility, the situation is embarrassing as it is.

 

[mvl]

We got an answer from a Sedo representative in the Dutch domainers forum I mentioned earlier and they took action. From now on Sedo will mention the fact that the domain for sale is an IDN name also on bidding page of the auctions.


Take a look at this auction for an example.

 

[domainah]

We got an answer from a Sedo representative in the Dutch domainers forum I mentioned earlier and they took action. From now on Sedo will mention the fact that the domain for sale is an IDN name also on bidding page of the auctions.


Take a look at this auction for an example.

thats a start..but I think Sedo is making the mistake that many people in a certain industry make, which is that they dont realize 95% of people out there dont know what an IDN domain is, especially endusers..I think they need to add in simple words for non domainers what IDN is..

 

[Bramiozo]

Ok, that's good news, two things though;
1) as domainah said, many people are not aware of idn (still), they may confuse idn with non-english ascii domains. There was a new member at idnforums.com who was selling country .mobi's in french (ascii that is) thinking that they were idn's.

I am thinking of an explicit example which immediately shows the defining characteristic of unicode presentation. A non-latin script would help, say sedo.com in katakana japanese.
2) This text which pops up is a bit to forceful "These domains are subject to many temporary technical restrictions, for example users need an IDN compatible browser to visit them." . this will definitely scare off anyone who is unfamiliar with the concept and besides it's 2-3 years old so I would say it's out dated. How about a direct link to wikipedia ?

 

[SedoCoUk]

Hi All,

As a quick note: the auction for FÃ*sh.com was never completed, nor is there a sale in progress. There might have been some confusion, as an auction disappearing normally means that an agreement has been reached. However, in this case, I had received complaints about the name and its confusing nature. With that said, I (along with several of my associates) felt it necessary to end the auction. In that vein, when these things come to our attention, we do take responsibility and try to protect the marketplace from potentially misleading domain sales.

In a case such as this, we have required that the domain owner update the domain description to include the fact that the "i" in the word "fish" has been changed to an international character. The description should always be visible, even during auctions.

I agree that there should be better notification of some IDN's ability to be misleading. However, we assume that the people involved in bidding for domains are relatively educated in the industry. Yet, as IDNs are a fairly new addition and will start becoming more prominent (Microsoft's IE7 will help this along some), more attention should be paid to preventing a confusing situation such as this from ever coming to a bad head.

I have read the thread and will speak with the appropriate people at Sedo who would be responsible for building such changes into the system. Keep in mind, though, that it might not be an immediate change. For the time being, if you're ever unsure or have any complaints of this nature, email us at [email protected] or send myself or my associates a PM on here. For now, please be patient as we work to keep the online marketplace as usable for all members, veteran and new alike.

Thanks, and have a great day!

--Keith

 

[domainah]

However, we assume that the people involved in bidding for domains are relatively educated in the industry. Yet, as IDNs are a fairly new addition and will start becoming more prominent (Microsoft's IE7 will help this along some), more attention should be paid to preventing a confusing situation such as this from ever coming to a bad head.
--Keith

Hi Keith, thats a good start, but like I said, the real end users (in this case maybe a fish trading company) are the ones that bring in the real money, and they do not know what IDNs are. I think assuming that everyone that bids on a domain knows what IDNs are doesnt hold true. I think Sedo needs to do everything possible to prevent any kind of scammer trying to make a profit and using Sedo as a tool to do so. It makes no difference to me, but I think Sedo should play it safe.

 

[domainah]

HEY: Its happening again here http://www.sedo.com/auction/auction_detail.php?language=us&auction_id=4584&tracked=&partnerid=

you added the IDN thing, but since Sedo didnt believe that many people dont know what IDN means you are still having the same problem...

 

[Bramiozo]

I agree with domainah (see my previous post) and to reiterate the urgency; http://www.namepros.com/domain-name...scammers-fake-domains-like.html?highlight=idn

 

[Bramiozo]

Let's agree on the following, sedo only has to provide for a prominent feature of the punycode next to the utf-8 representation of the domains to avoid most of the confusion.

If sedo is watching this thread, please do something like the following ; prominently feature the punycode next to the utf-8 representation and link an explanation of IDN directly to the punycode->
bláblá.com (xn--xxx) with the punycode giving a pop-up onmouseover with an background on IDN.

Having said this, the implementation is easy and each phishing domain that is being auctioned because of the current negligence is a dent in sedo's reputation and maybe even the reputation of IDN's.

 

[domainah]

I think whoever tried to resolve that IDN Phishing issue at Sedo totally failed, they still think everyone that wants to buy a domain knows what IDN is, and instead of banning the fish IDN scam domain I saw it in the "featured" section which means that they gave the scammer a free listing in the featured section because they had to cancel the sale..thats just short sighted..

 

[mvl]

http://www.sedo.co.uk/auction/auction_detail.php?language=e&auction_id=5400

fìx.com (xn--fx-kja.com) is at $42,000 right now

My opinion is that this is domain is not worth $42,000 and I guess the buyer does not know what he is buying.

 

[domainah]

thats because sedo keeps ingnoring these posts..they are assisting scammers here...this domain is not even worth $42

 

[bwhhisc]

thats because sedo keeps ingnoring these posts..they are assisting scammers here...this domain is not even worth $42

It's not worth 42 cents!

Check the google pages, besides the SEDO 'auction' listing nothing but gobblygook!
The domain was only registered like 5 days ago.
This is deplorable for SEDO to allow these on auction, even EBAY has pretty much stopped allowing these.

http://www.google.com/search?hl=en&q="fìx"

FYI: To properly check an IDN for Google hits make sure your put the "quotation" marks around the word or term.
In this case "fìx" so google only checks for THAT term in that specific way. Try it without quotations and you get millions of responses that appear valid.

 

[Gerry]

Also a hot topic at NamePros but some people seem to think this will have little effect on the domain market.

http://www.namepros.com/editpost.php?do=editpost&p=1758073

I disagree. Look at the articles recently posted on this very forum by DotComGod touting the worthiness of domain name investing as a good investment. We would all like to attract new investors and new money. That would be a boon for all of us as well as the domain industry in general.

Just one major blog, or journal, or newspaper picking up this story of the "fix" auction and it will have a rippling effect all across the internet. And such an appropriate heading of a "fixed domain auction"

Sedo recently sold a fake fish, wine, and now fix. This bogus fix had 26 bidders and closed at $46,001.00.

It is highly likely that many of those bidders were new to domaining.

The buyer refuse to pay for the bogus fish once it was revealed what the domain was. Most likely the same for the bogus wine.

Do you think for a moment the buyer is going to pay $46K for this crap?

And this is how we are going to attract new investors and new money?

Another Sedo response?

I’m sorry but we have made a clear description into the offer of the seller stating the following points:

“f�*sh.com: IDN-Domain (International Domain Name), with logo, without content.

Please note that this domain is a simple misspelling of the English word "fish" and contains an international character/accent.

It may show up in your account or elsewhere as “xn--fsh-rma.com”.

Those of us that speak and write english, I am sure we make this common mistake all the time of the simple misspelling of the English word "fish". Who the hell does Sedo think they are kidding with this kind of nonsense?

It may show up in your account or elsewhere as “xn--fsh-rma.com”? What kind of BS is this? How else would it show up?

Thanks Sedo for setting us back a bit. You are fast becoming the eBay of domain scams.