NetSol Abuses the Process in Order to Save It

In order to protect its customers (actually, potential customers) from domain frontrunning and tasting, Network Solutions is using domain front-running and tasting. Its excuses ring hollow.

As we reported earlier, Network Solutions has taken the extraordinary step of registering domains as you search for them. The company acknowledged what is obvious to anyone testing the process and states that it is doing it in order to protect users from abuse by third parties.

Network Solutions has responded to criticism with some changes to the domain "protection" program. Click here to read more.

It's an extraordinary affair, as it brings together a number of controversies that have been brewing in the domain name business for some time. I first reported on what I called "Whois Hijacking" about 18 months ago. Now it's called "front-running," but we don't know much more about it. Somehow malfeasants are able to find out about domain name lookups as users make them and register them themselves.

I did some testing of this and was able to demonstrate it. Even though it's not a widespread phenomenon, the ICANN SSAC (Security and Stability Advisory Committee) revealed a study it is doing on the problem back in October.

Now, to prevent the bad guys from front-running your domain after you search for it on, NetSol beats them to the punch and registers it. At that point you can buy it from Network Solutions for one year at the low, low rate of $34.99.

If you'd like to buy it from another registrar with lower prices, the set of which includes just about everyone else in the industry, you'll have to wait four days. If no suckers have turned up to buy it from NetSol, it'll release the domain.

What's up with this four-day wait? That has to do with another abusive practice that Network Solutions is protecting us from by employing it: domain tasting. Funny it should come up; just yesterday I wrote a column about developments in ICANN's study of domain tasting, which is an abuse of the "Add Grace Period." After a domain is registered, ICANN rules state that the registrant can "undo" the registration with a full refund of fees from the registry, ICANN, and anyone else involved. The point is simply to allow mistakes to be corrected.

What's that you say? You've never seen this option from your registrar when you registered a domain? That's because registrars don't let normal, honest customers use it. It's only available to people scamming the system, with the collusion of a registrar.

In fact, there are cases of registrants with large enough portfolios that they save money by creating their own registrar. This opens up all sorts of potential abuses. The examples I saw 18 months ago were such a case, as the registrant (Chesterton Holdings) and the registrar (NameKing) appear to be owned by the same people. But I digress.

Domain tasting is a big, big deal. According to the ICANN report I discussed yesterday, the majority of new domain registrations are for tasting purposes. What do they do with these domains? They throw up a template page with links and ads and mucho keywords designed to get the best search engine response they can, as if anyone is actually searching for that page. The owner makes money off these links and ads; this is called "monetizing" the domain.

Now obviously Network Solutions is tasting the domain, but it says it isn't. Read this CircleID post to see Network Solutions' response on this matter. It claims that it's not monetizing the domains, and therefore it's not tasting.

I would argue that it doesn't have to monetize the domains in order to be tasting, and that in any event it is monetizing because every "protected" domain has Network Solutions links and materials on it, offering the opportunity to register it to anyone-not just the person who searched for it.

This is the central, glaring hypocrisy in the company's explanations: The domain isn't protected for the person who did the searching. Only Network Solutions is protected.

On the subject of where Network Solutions went wrong, this editorial in Domain Name Wire makes a lot of other good points, although it is far too generous to the company's motivations. It points out that there's no notice; you don't find out that Network Solutions has reserved the domain until after it has done it.

It also points out that by collecting all these searches in a place where they can be publicly searched (see this page for 20,000 domains registered in this way by Network Solutions), it is actually creating a tasting menu for the bad guys.

There's an interesting quote from Network Solutions' statement: "...Front Runners purchase search data from Internet Service Providers and/or registries and then taste those names." Really, do they? There has been some speculation about this, including from me, but I'm not aware of any hard evidence that ISPs or registries are selling data to domain tasters. I'll have to ask them about it. Of course, I don't have any better answer for how front-runners get their data.

I'm sure it has lots of happy customers, but when I think of Network Solutions, the first thing I think of is its history of abusing its customers' trust. This is not the first time the company has moved aggressively, taking advantage of an apparent legal vacuum. The fact that it now claims to be acting in its customers' best interests just makes it more audacious.

It's a shame that problems like domain tasting and front-running take years to fix. In the meantime honest people get ripped off and the networks get overloaded, and people who add no productive value to the system get rich. I'm not surprised at which side Network Solutions chose to sign up with.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.