[ga] 'Domain Kiting' solution proposals

["Dominik Filipp" <dominik.filipp@xxxxxxxx>]

Hello,

as already stated several times on this forum, this topic has been a
long-term problem over last several months. Among the biggest domain
kiters there are still several well-known ICANN 'accredited' registrars
such as Belgiumdomains, Capitoldomains, Domaindoorman and perhaps also
Dotster, a former owner of the previously mentioned companies. According
to the actual 'webhosting.info' domain gain/lost reports they are still
doing massive domain squatting.
The first three mentioned above have the same looking website and even
sit on the same IP address (perhaps, on the same machine). Their
services are pretty suspicious as one cannot do any whois search. All
whois requests end up with 'session expired' message just faking whois
lookups and remembering your valuable name for being snatched out of you
in a short while...
I am also one of those having been attacked by such kiters and took me
ten hard days (having had a good luck) to take and register my domains
back.
I don't know what kind of measures ICANN is actually being taken against
this practice at the moment, but I think the issue is still under
theoretical discussion, still not convinced of being of high importance.

I think this is primarily an ICANN job to get into it and propose some
regulations that should become part of a renewed contract between ICANN
and registrars. Apparently, registrars themselves don't tend to change
the existing registration model as they are not a primary target of
domain kiters. The practice should therefore be an important topic for
an upcoming ICANN meeting, at best, at the meeting in Sao Paulo in
December this year.

Currently, it seems like there is no common agreement on what to do
against it. Perhaps the most common discussed solution is that proposed
by Bob Parsons calling for deletion fees. However, there are also some
additional aspects to consider.

The 'domain kiting' evidence

Though the domain kiting can be quite easily recognized intuitively
(when a registrar gains 10 times more domains than he actually
possesses, of which over 90 percent are lost (and regained again) during
one month without paying a dime); an unequivocal proof of such activity
can hardly be provided. The problem is that registrars have no legal
obligation to officially account for the reasons leading to delete and
regain domain names repeatedly (they simply cancel the registration
after 5 days and get the money back). We can still imagine a legal
situation - an incompetent registrar verbally claiming to fail to
complete most of its domain name orders in due to alleged massive
fraudulent order attacks being constantly made on him; and immediately
rushing for new registrations for the same names. This is a pretty
stupid argument but, unfortunately, legally hardly controversial.
But even if the registrars were obliged to keep traceable evidence of
such deletion (/regaining) stored, there is still a possibility how to
fabricate it. In fact, the only efficient way seems to prevent domain
kiters from even thinking of doing so. Some ideas...

1. Redefinition of Add Grace Period

The original meaning of Add Grace Period is to allow for typo
corrections as well as for cancelling fraudulent domain orders resulting
in complete reimbursement of the registration fee if this comes to
happen. For typo corrections we normally needn't the reimbursement as
the registrant doesn't demand to cancel the registration but rather to
correct the name (sure, in some cases, the corrected name can already be
taken and the registrant can no longer be interested in it). In such
cases

a) The registrar should explicitly ask the registry for removing the
domain name and reimbursing the order, but only upon written detailed
and traceable evidence sent to the registry. The registry can then
decide to accept or deny such a request. This would bring more overhead
on both sides but could be deterrent enough for domain speculators.

b) Other possibility is to apply the Bob Parsons' approach where the
deletion can be made directly on registrar's behalf (as usual) but
charged some fee. The problem here is that the fee could still be low
enough for avoiding the speculations, although, the overall number of
'tasted' domains would certainly go down.

2. The 'Forbidden DNS Entry' approach

Surprisingly enough, there exists another way how to dramatically
decrease the 'kiting' effort, which as far as I know has not been
broadly discussed yet. The main idea is that during the Add Grace Period
no DNS entry for a new domain name may exist in the registrar's root DNS
records. In other word, unless a domain is properly registered and paid
for, no DNS entry is allowed on any root TLD server for that domain.
The idea is to completely cut off the kiters from doing pay-per-click
advertising, which is the core of their 'tasting' effort. Without having
access to the Internet the kiters cannot measure the domain name ranking
and therefore cannot taste the quality of the name.

Violation of the 'Forbidden DNS Entry' rule can be quite easily detected
by comparing the registration status of the given domain name and the
domain accessibility on the Internet. If the domain has not been
properly registered but an existing TLD server's IP address for the name
is obtainable e.g., by ping-call (or even the related website is
publicly accessible), the registrar has evidently violated this rule.
In the new contract, a violation of this rule should give ICANN the
right to cancel the registrar's accreditation.

.  .  .

Perhaps the mix of both approaches could be worth of being thought
over...

Hi from Europe...

Dominik