Recent events have encouraged me to revisit a topic that I first brought to the public’s attention back in 2010. There is quite an online industry involved with domain name registrations, the buying and selling of domain names, and the consequences that involve expirations. Generally speaking, the people involved in these practices spend very little money while in search of tremendously large profits.

About a month ago, one of our clients – a campground in Connecticut – asked me to check into the availability of a more desirable domain name to replace the domain name that they had been using (but that was actually under the control of another individual, with the strong potential for a future dispute.) When I checked the new domain name, I found that it was listed as “for sale” at a price of $500.00. My client authorized me to intervene on their behalf, willing to pay as much as $400.00. Over the next few weeks of shrewd negotiations, I suddenly found that the domain was released, and I immediately registered it on behalf of our client for our standard fee of $35.00 – not the $400.00 that they were willing to pay or the $500.00 that the alleged seller wanted. What happened?

Let me answer that question with another question. Have you ever received an e-mail from a company offering to sell you a “premium domain name” that is similar to your existing domain name? They contacted you because you were listed as a contact for your own domain name, and they were looking for a likely buyer who was willing to take the bait. I have had instances where I have received several consecutive offers from different companies, all offering to sell me the same domain name. The fact is that, in nearly every instance, none of these sellers actually owns the domain names that they are offering to sell. Sound confusing? Read on!

Protect your existing domain name.

First of all, protect your existing domain name from potential hijacking. Unless you are certain where your domain name is registered, know that it is locked to prevent transfer, and know its expiration/renewal date, do yourself a favor and perform a whois lookup. Go to http://whois.com/ and enter your domain name. Confirm that YOU are listed as the registrant and that the domain status includes the words “Transfer Prohibited”, “Update Prohibited” and “Delete Prohibited”. You might be surprised to find that your webmaster or hosting company is the actual registrant (owner) of your domain name – the scenario that our client faced and something that needs to be corrected immediately; that the e-mail address associated with your name is an old AOL e-mail address that you have not used in years; or that your domain is unlocked – which is roughly equivalent to the carelessness of leaving your parked car unlocked on the streets of a major city.

Whether you or your webmaster handle your domain name registration renewals, you will know if it has been allowed to expire because your website will suddenly become inaccessible. That in itself is not a reason to panic; however, you do not want to ever allow your domain name to go beyond the Redemption Grace Period (RGP) status as outlined in guidelines set forth by ICANN (the Internet Corporation for Assigned Names and Numbers). The guidelines (not rules) allow for a 30-day RGP term, after which your domain goes into “Pending Delete” status for an additional 5 days. At the end of those 5 days, it is purged from the registry database and becomes available for anybody to register. That could be anyone from a business with the same name in another state to one of your more vindictive competitors.

Unfortunately, some registrars add their own unique rules to the guidelines that have been put forth by ICANN. For example, GoDaddy will make you pay an $80.00 “redemption fee” on the 19^th day. On the 26^th day, they will enter your domain into a 10-day “Expired Domain Name Auction” and, if there are no bidders, will then enter it into an additional 5-day “Closeout Auction”, seeking every opportunity possible to profit from your oversight and increasing the likelihood that you will be unable to recover your domain name. Only if there are no bidders at this second auction will they release the domain.

Network Solutions has an even worse policy, stating that your domain name is subject to deletion at any time after it has been allowed to expire. They say that they “endeavor to provide a grace period that extends 35 days past the expiration date” but that the “grace period is not guaranteed and can change or be eliminated at any time without notice.” Network Solutions states that “a Redemption Grace Period (RGP) is not guaranteed and customers should renew their domain name registration services in advance of the domain name registration expiration date(s) to avoid deletion of domain name registration services.” Just when you thought that GoDaddy’s $80.00 redemption fee was outrageous, Network Solutions’ fee is far worse. Their policy continues, “If we decide to provide the redemption service to a customer, we charge a fee of $299.00 to redeem and renew a domain name registration during the RGP.”

The bottom line is that you should never allow your domain name to expire.

What happens when your domain is in this Redemption Grace Period? Basically, it enters a domain name limbo otherwise known as the domain name aftermarket, sort of like an enormous used car sales lot or automobile auction. What happens is that vultures appear out of nowhere. The practice is referred to by a number of names, with domain tasting and domain front running being the most common descriptions. Many registrars also encourage a process called “backordering” which allows interested buyers to move to the head of the line during the RGP. Some of these same registrars have also been known to provide information directly to these domain tasters, whenever somebody performs a whois lookup, checking on the availability of a domain name but then failing to register it immediately. Returning a few days later, you find that the domain name appears to have (not coincidentally) just been registered and is suddenly listed for sale at a very high price. The seller is hoping that you will still want the domain name and will be willing to submit to what is essentially highway robbery.

Typically, domain tasters work with a registrar that will even allow them a 5-day grace period to cancel out of the registration if you, the potential buyer, do not agree to pay their fee. However it is handled, these are people who are trying to sell you domain names that they usually do not even own, in many instances running auctions of their own, driving up the price if they find more than one interested potential buyer.

Knowledge is your best defense against fraud.

Understand that there are three basic components when you own a website: The site construction fee (usually the most expensive component, unless you have built a do-it-yourself site), the annual or monthly hosting fee, and the domain name registration fee. The domain name registration fee is by far the least expensive of those three components – unless and until you lose your domain name, when its recovery can be very, very costly. Our client was lucky in this instance, and I have successfully intervened in many similar circumstances, but nobody in business wants to rely simply upon luck. Follow the steps that I have outlined, and do everything necessary to prevent the loss of your domain name from ever occurring.

For quite some time now, I have had a suspicious feeling that one of my increasingly frequent observations was far beyond a matter of coincidence. Have you ever performed a whois lookup to check on the availability of a domain name, confirmed that it was available, but delayed registration of the domain until a later time? Sometimes it seems reasonable to presume that a domain name might be so obscure and highly personalized that there would be no chance that anyone else might consider registering that same name for years, if ever. Well, it turns out that this would be a bad presumption because in far too many instances that domain name would be lost moments later. You will have been the victim of a practice known as Domain Tasting or Domain Front Running.

I had a small business owner call me on May 24, 2010. She said that her son was interested in having a website built for his construction business. She said that a friend had checked and that the domain was available on May 20, 2010. It was an obscure, three-word domain name. I double-checked by performing a new whois lookup, and I discovered that the domain had been registered on May 20, 2010 … apparantly moments after the original whois availability search. What is happening? More importantly, how and why is it happening?

It turns out that the practice is not new. A post by the Daily Domainer back in February of 2007 generated 191 responses, most of which pointed an accusatory finger at GoDaddy. Other blog posts have singled out Network Solutions for engaging in this practice. Together, these are two of the biggest names in the domain name registration industry.

Here is how it works: It seems that many unscrupulous registrars who provide whois lookup services (which are, in fact, provided by virtually every registrar) are selling the domain search data to domain tasting outfits which, in turn, register the domain name with the registrar. Over the next few days, they test (or “taste”) the domain to see if it generates any significant amount of traffic. If it does generate traffic, they will make money from clicks on their bogus landing page. If the new domain does not generate traffic, it might be turned in for a refund under the 5 day “grace” policy of some registrars. Everybody wins, except you lose.

In the old days, Cybersquatting was a common practice, where unsavory characters would register domain names based upon legitimate small business names or product names, with the intention of then selling the names at an enormous profit margin. Domain tasters, on the other hand, cannot be bothered with selling domain names because they are more interested in earning millions of dollars, a nickel or a dime at a time. The Washington Post published an exposé of this practice, titled “Entrepreneurs Profit From Free Web Names” back in 2007. If you are not familiar with the practice, old news is still news.

How to you protect yourself?

• Do not perform a whois query – anywhere – unless you are immediately prepared to register the domain name. This cannot be overemphasized.
• Do not ever “search” for domain availability using Address Bar Guessing. There are ISP’s (Internet Service Providers) who have been found to engage in the practice of selling Non-eXistent Domain (NXD) Data to domainers.
• If you have just “lost” a domain name that you failed to register, go back to look for it in 5 days.

Further reading:
http://blog.domaintools.com/2008/01/google-to-kill-domain-tasting/
http://www.domainnamenews.com/featured/domain-registrar-network-solutions-front-running-on-whois-searches/1359
http://www.billhartzer.com/pages/network-solutions-registering-domains-after-availability-lookup/
http://blog.domaintools.com/2007/03/stealing-domain-name-research/
http://blog.domaintools.com/2008/01/network-solutions-steals-domain-ideas-confirmed/
http://www.eweek.com/c/a/Security/Whois-Hijacking-My-Domain-Research/
http://www.eweek.com/c/a/Security/Bad-Taste-Another-Way-ICANN-Blew-Domain-Registration/
http://arstechnica.com/old/content/2007/10/icann-probing-insider-trading-allegations-with-domain-name-registrations.ars