ICANN ICANN Email List Archives

[gnso-dt-wg]


<<< Chronological Index >>>    <<< Thread Index >>>

RE: [gnso-dt-wg] Two Additional Registrar Uses of AGP to get captured

  • To: "Margie Milam" <Margie.Milam@xxxxxxxxxxxxxxx>, "Jeffrey Eckhaus" <jeckhaus@xxxxxxxxxxxx>, <gnso-dt-wg@xxxxxxxxx>
  • Subject: RE: [gnso-dt-wg] Two Additional Registrar Uses of AGP to get captured
  • From: "Paul Stahura" <stahura@xxxxxxxx>
  • Date: Fri, 5 Oct 2007 16:52:53 -0700

Margie, thanks

 

sounds like we have two things:

1) "kiting"

2) "typosquating"

 

In my opinion, somehow getting rid of one will not get rid of the other
one.

both are bad.

It obvious that getting rid of AGP will completely rid kiting, but it
will not rid the planet of typosquating

 

But I'm just talking about the kiting part for now... 

 

are you saying those 375 names (makes no difference that they are
typosquats when talking about kiting) were registered more than once
consecutively (during AGP) at the same port-43-blocker-registrar, or at
different registrars, or just the one time?  (you say "one day in
September" so I think not kited, just want to find out for sure, plus
September is not in Q2 so that confused me too).  it does not surprise
me that all 375 are pointed at the same IP, but the fact that they are
does not mean they were kited (unless they were repeatedly registered at
the same family of registrars), it does tell me that they were likely
registered by the same registrant.  Since its sounds like you can know
the whois for at least a few (before being blocked), it would be
reasonable to apply that whois to the rest, and go after that guy.
Anyway...

If they were registered more than once in a 6+ day period at the same
registrar, then I'm with you, I would strongly suspect kiting.

If they were at the same family of registrars, then I would also agree
that it is likely kiting. 

If they were at different family then I would guess someone is mining
someone else's tailings.

 

I'd have the same question to ask on the 37,634.  I understand they were
repeatedly registered.  But I'm unsure that they were kited or were the
object of "tailing mining", it would take more analysis is alls I'm
saying.

 

I agree, we need whois, but we also need the registrar families to know
the scope of it.

I would guess most, if not all registrars, and the registry, are against
kiting the same as eNom is against that practice, for at least the
simple reason it takes names out of circulation that we could be making
money on.

 

 

________________________________

From: Margie Milam [mailto:Margie.Milam@xxxxxxxxxxxxxxx] 
Sent: Friday, October 05, 2007 3:35 PM
To: Paul Stahura; Jeffrey Eckhaus; gnso-dt-wg@xxxxxxxxx
Subject: RE: [gnso-dt-wg] Two Additional Registrar Uses of AGP to get
captured

 

The pattern I described occurs very often, and is not a rare event in
the brands we studied.  I would guess that the numbers would be in
excess of the tens of thousands from the list of 37,634 domain names
that we identified as being kited domains during Q2 2007.   To give an
example, on one day in September, the same registrar registered
approximately 375 variations/typosquats of the word "microsoft" and
pointed them all to the same IP address.   Since this registrar tends to
block Port 43 after a few queries per day, it is impossible to determine
whether it is the same party.   

 

WHOIS record analysis might be part of the further analysis and surveys
that could be conducted by ICANN if it wants to determine the scope of
kiting involved with the AGP.

 

Margie

 

________________________________

From: Paul Stahura [mailto:stahura@xxxxxxxx] 
Sent: Friday, October 05, 2007 2:08 PM
To: Margie Milam; Jeffrey Eckhaus; gnso-dt-wg@xxxxxxxxx
Subject: RE: [gnso-dt-wg] Two Additional Registrar Uses of AGP to get
captured

 

Margie, I agree that names being re-registered  over and over during the
AGP and not being paid for is not a good thing.

Do not mistake this email as defending that practice which I do not.

 

But, your 3 points below could also be explained as follows

1.      A registrar registers many (lets say 100,000+) names for some
client (client #1),
2.      client #1 points the names to a popular monetization partner to
taste them, the client keeps a small percent, and deletes the rest (lets
say 99,000 names are deleted)
3.      Some other client does not want to go to the effort to create
its own list, so it uses the list created by the client in #1.  It
discovers this list by looking at the zone file.

        a.      sort of like mining the "tailings" of another miner

4.      this other client uses a different registrar to re-register the
list that was deleted by client #1 (the 99,000 names)
5.      Client #2 uses the same popular monetization partner as client
#1 
6.      one or more of the names on the list of 99,000 are of the brand
you speak of.

 

Therefore 

(i)                   the registrars are not related, just appear to be
because they are being used by 2 different clients who are registering
the same list of names

(ii)                 the names resolve to the same IP because the
clients are both using the same popular parking partner

(iii)                there is not really coordination because Client #2
knows the list Client #1 used due to the zone file being published. and
there are a few names on the list that are brand.

 

Eyeballing the registrars in your data (I think I'm looking at the right
spreadsheet), I do not think those registrars are related family, but I
don't know for sure.

Verisign and/or ICANN would know.  I think one is mining the tailings of
the other.  This is an alternative explanation which fits the same
facts, I don't know which one is right.

 

So yes, your scenario suggests the same party is involved, but there is
also, IMO, a different possibility that the same party is not involved.

We need to do some more detailed analysis to truly know for sure. 

Can you tell me how many names followed the same pattern?  was it a
large number like 99,000 or just the few "brand" names?

If a few, then I'd lean toward one way (related), if tons, then the
other.  But still that is not definitive.

 

________________________________

From: Margie Milam [mailto:Margie.Milam@xxxxxxxxxxxxxxx] 
Sent: Friday, October 05, 2007 10:32 AM
To: Jeffrey Eckhaus; gnso-dt-wg@xxxxxxxxx
Subject: RE: [gnso-dt-wg] Two Additional Registrar Uses of AGP to get
captured

 

The period in question is the survey period, in this case 3 months.
However, since the WHOIS is unavailable for many of the registrations,
we don't have the ability to confirm that it is the same person,
especially when a proxy/privacy service is being used.

 

We do however, have many examples of (i) names being dropped and
re-registered by related registrars, (ii) the domain names resolving to
the same IP address, and (iii) coordination of registrations targeting
the same brand during the same period (often on the same day).     All
of this suggests the same party is involved and that it is likely to be
kiting. 

 

Margie

 

 

 

________________________________

From: Jeffrey Eckhaus [mailto:jeckhaus@xxxxxxxxxxxx] 
Sent: Friday, October 05, 2007 11:15 AM
To: Margie Milam; gnso-dt-wg@xxxxxxxxx
Subject: RE: [gnso-dt-wg] Two Additional Registrar Uses of AGP to get
captured

 

Margie,

 

I think the issue here is the definition of "kiting" , which I do not
believe has ever been officially defined. 

 

According to your index , and please correct me if I am wrong, if I
register XYZ.com and then decide to return it within 5 days and then
another person comes in days later and registers the domain for
themselves, that is "kiting". The parties do not have to be related for
Mark Monitor to consider the domain as being "kited"?

 

 

One more question - I am unclear if you have stated that the how many
days between being registered and dropped in the AGP and re-registered
is considered "kiting" is it 5 days or could it be as long as 360 days? 

 

Thanks for helping clear this up 

 

 

Jeff

 

 

________________________________

From: owner-gnso-dt-wg@xxxxxxxxx [mailto:owner-gnso-dt-wg@xxxxxxxxx] On
Behalf Of Margie Milam
Sent: Friday, October 05, 2007 11:57 AM
To: gnso-dt-wg@xxxxxxxxx
Subject: RE: [gnso-dt-wg] Two Additional Registrar Uses of AGP to get
captured

 

Jothan,

 

Our data is quite voluminous and is summarized in the report so I am not
sure exactly what types of information you are looking for.   Our data
was based on daily zone file analysis during the survey period for
approximately 30 of the top brands as ranked by Interbrand.   

 

We refer to "kiting" as a domain name that was registered and dropped
during the AGP and then reregistered one or more times.  We refer to
"tasting" as a domain name that was registered and dropped during the
AGP but not subsequently re-registered.

 

Margie

 

 

________________________________

From: Jothan Frakes [mailto:jfrakes@xxxxxxxxxxx] 
Sent: Thursday, October 04, 2007 5:34 PM
To: Margie Milam; Mike Rodenbaugh; gnso-dt-wg@xxxxxxxxx
Subject: RE: [gnso-dt-wg] Two Additional Registrar Uses of AGP to get
captured

 

Margie, 

 

I know that you had sent these to the mailing list, and it sounded like,
unless I am mistaken, that there was support information to help clarify
how the statistics were measured, but we've not seen this.

 

Is there a chance to get the support data included for these
brandjacking indexes?  The concern I'd heard from within the RC was that
all activity was labeled as 'Kiting' in these, as opposed to making a
distinction between tasting and kiting and how Mark Monitor arrived at
the label for the activity, so that it is more substantive, similar to
the work in the Anti-Phishing working group where they identify Phishing
was not related to Tasting.

 

-Jtohan

 

Jothan Frakes

  

Oversee Domain Services

......................................................

 

515 S. Flower Street, Suite 4400

Los Angeles, CA 90071

direct +1.213.925.5206

cell +1.206.355.0230

jfrakes@xxxxxxxxxxxxxxxxx

www.domainsponsor.com <http://www.domainsponsor.com>  

 

Confidentiality Warning: This e-mail contains information intended only
for the use of the individual or entity named above. If the reader of
this e-mail is not the intended recipient or the employee or agent
responsible for delivering it to the intended recipient, any
dissemination, publication or copying of this e-mail is strictly
prohibited. The sender does not accept any responsibility for any loss,
disruption or damage to your data or computer system that may occur
while using data contained in, or transmitted with, this e-mail. If you
have received this e-mail in error, please immediately notify us by
return e-mail. Thank you and have a nice day.  No lawyers were harmed in
the creation of this disclaimer.

 

________________________________

From: owner-gnso-dt-wg@xxxxxxxxx [mailto:owner-gnso-dt-wg@xxxxxxxxx] On
Behalf Of Margie Milam
Sent: Thursday, October 04, 2007 4:13 PM
To: Mike Rodenbaugh; gnso-dt-wg@xxxxxxxxx
Subject: RE: [gnso-dt-wg] Two Additional Registrar Uses of AGP to get
captured

 

Mike,

 

In the report, there is a placeholder for the link to the MarkMonitor
submission, which has erroneous dates.  (Section 4.1).   The reference
to the dates should be from 8/3/07- 8/14/07 instead of two weeks in
July.

 

Also, I assume that the link will include the text of the entire
BrandJacking Indexes (Spring and Summer) submitted.   I have not seen
the actual link so I wanted to confirm this.

 

 

Thanks,  

 

Margie

 

 

 

________________________________

From: owner-gnso-dt-wg@xxxxxxxxx [mailto:owner-gnso-dt-wg@xxxxxxxxx] On
Behalf Of Mike Rodenbaugh
Sent: Thursday, October 04, 2007 3:26 PM
To: 'Jothan Frakes'; 'Rosette, Kristina'; gnso-dt-wg@xxxxxxxxx
Cc: 'Olof Nordling'; 'Robert F. Connelly'
Subject: RE: [gnso-dt-wg] Two Additional Registrar Uses of AGP to get
captured

 

To be clear, I will add the additional detail as well, I just disagree
that these need to be enumerated separately from the benefit already put
forward.

 

From: Jothan Frakes [mailto:jfrakes@xxxxxxxxxxx] 
Sent: Thursday, October 04, 2007 11:28 AM
To: Rosette, Kristina; gnso-dt-wg@xxxxxxxxx
Cc: Olof Nordling; mxrodenbaugh@xxxxxxxxx; Robert F. Connelly
Subject: RE: [gnso-dt-wg] Two Additional Registrar Uses of AGP to get
captured

 

Kristina-

 

Good edit, and objections noted.

 

Olaf, the revised sentence would be better stated as:

Testing of a merchant gateway or payment processing, to handle credit
cards, electronic check, PayPal, or other electronic fund processing
method is common in the development process, to resolve problems, or as
part of testing new pricing or bundles.

 

-Jothan

 

 

Jothan Frakes

  

Oversee Domain Services

......................................................

 

515 S. Flower Street, Suite 4400

Los Angeles, CA 90071

direct +1.213.925.5206

cell +1.206.355.0230

jfrakes@xxxxxxxxxxxxxxxxx

www.domainsponsor.com <http://www.domainsponsor.com>  

 

Confidentiality Warning: This e-mail contains information intended only
for the use of the individual or entity named above. If the reader of
this e-mail is not the intended recipient or the employee or agent
responsible for delivering it to the intended recipient, any
dissemination, publication or copying of this e-mail is strictly
prohibited. The sender does not accept any responsibility for any loss,
disruption or damage to your data or computer system that may occur
while using data contained in, or transmitted with, this e-mail. If you
have received this e-mail in error, please immediately notify us by
return e-mail. Thank you and have a nice day.  No lawyers were harmed in
the creation of this disclaimer.

 

________________________________

From: Rosette, Kristina [mailto:krosette@xxxxxxx] 
Sent: Thursday, October 04, 2007 11:18 AM
To: Jothan Frakes; gnso-dt-wg@xxxxxxxxx
Cc: Olof Nordling; mxrodenbaugh@xxxxxxxxx
Subject: RE: [gnso-dt-wg] Two Additional Registrar Uses of AGP to get
captured

 

For the record, and not unexpectedly, I object to the inclusion of the
text noted below.  We imposed a date cut-off on every other source of
information - the general RFI, the ccTLDs, the UDRP providers, and the
IPC Supplemental RFI.  There is no legitimate reason why the registrars
should be treated any differently.

 

As I assume my objection will be ignored, it would be helpful if the
first sentence of #7 was revised.  It's not clear.

 

Kristina 

 

        
________________________________


        From: owner-gnso-dt-wg@xxxxxxxxx
[mailto:owner-gnso-dt-wg@xxxxxxxxx] On Behalf Of Jothan Frakes
        Sent: Thursday, October 04, 2007 2:09 PM
        To: gnso-dt-wg@xxxxxxxxx
        Cc: Olof Nordling; mxrodenbaugh@xxxxxxxxx
        Subject: [gnso-dt-wg] Two Additional Registrar Uses of AGP to
get captured

         

        Olaf, 

         

        We received two additional uses of the AGP from the Secretary of
the Registrar Constituency and the RC wants these captured in the
document before it is finalized today.

         

        These should be trivial changes, and non-controversially worded.

         

         

        Replace the Findings Summary on page 24 with this:

        OLD

        Findings

        The results of the poll of the registrars yielded five (5)
perceived benefits of the AGP, unrelated to domain tasting and domain
kiting:

        1.         Correcting typographical errors made by the
registrant

        2.         Using a cart "hold" system to provide access to names

        3.         Mitigating fraud impacts;  

        4.         Proactively monitoring the security and stability of
their provisioning systems; and  

        5.         Addressing situations of Buyer's Remorse (defined
below) on behalf of the registrant

        NEW Changes Bolded

        Findings

        The results of the poll of the registrars yielded seven (7)
perceived benefits of the AGP, unrelated to domain tasting and domain
kiting:

        1.         Correcting typographical errors made by the
registrant

        2.         Using a cart "hold" system to provide access to names

        3.         Mitigating fraud impacts;  

        4.         Proactively monitoring the security and stability of
their provisioning systems; and  

        5.         Addressing situations of Buyer's Remorse (defined
below) on behalf of the registrant

        6          Development Testing of real-time production system   

        7          Merchant Gateway Testing and Development

         

        Also, please add on page 27, after AGP use 5, following the
paragraph that ends with "While the customer may be relieved and more
likely to be prudent the next time around, the presence of AGP allows
for better handling of these circumstances for all parties."

         

         

        AGP Use 6: Development testing of real-time production system

        The current secretary of the Registrar Constituency, Bob
Connolly, indicated that there are registrars that utilize the AGP to
relieve costs of development where test domains are registered within
the production environment at a registry, either when adding new
functionality to an existing cart system or when adding new TLDs to a
new cart system.

         

        Additionally some of the registrars within the constituency
offer reseller services to web hosting companies or ISPs, and those
resellers have to integrate and develop to incorporate the domain
registration process.

         

        If domains are created in this manner, they are typically
deleted immediately, and they may or may not resolve to a web site
briefly as part of the development tests, but typically would not
resolve to a monetization service.

         

        The AGP allows for costs associated with these tests to be
self-remedied by the registrar so that their systems are appropriately
tested in a manner that cannot be accomplished within the development
sandboxes or "OTE" (Operational Testing Environment) available at each
registry, as there is more frequently than not a requirement of domain
resolution to ensure a web hosting service environment is appropriately
provisioned and resolving.

         

        AGP Use 7: AGP returns from Merchant gateway testing or
development

        Though similar to the previously stated development use, it is
important that in order to ensure payment capture is functioning.  This
leads to test domains being registered, and the AGP is used to delete
the domains so that the development and testing does not create an
expense.

         

        In the event of a change of merchant gateway, or in the
development or integration of a new one, it becomes necessary to
simulate the process that would exist within a typical sales cycle to
incorporate the payment action within that cycle. Often it is necessary
to test multiple price packages, as domain term lengths (years
registered), quantity of domains at once, and additional services (quite
frequently, domains are sold at below the registry cost - at a loss -
assuming the costs would be recouped in the revenue from other services
sold in conjunction), or other price groupings impact the price to the
consumer. Registrars or their resellers want to ensure that the
appropriate actions happen both in terms of payment and fulfillment.

         

        This means that there would be domains provisioned and deleted
in the AGP, may or may not resolve while exiting, depending upon any
additional services purchased in conjunction with the domains.

         

         

         

         

        -Jothan

         

        Jothan Frakes

          

        Oversee Domain Services

        ......................................................

         

         

        515 S. Flower Street, Suite 4400

        Los Angeles, CA 90071

        direct +1.213.925.5206

        cell +1.206.355.0230

        jfrakes@xxxxxxxxxxxxxxxxx

        www.domainsponsor.com <http://www.domainsponsor.com/>  

         

        Confidentiality Warning: This e-mail contains information
intended only for the use of the individual or entity named above. If
the reader of this e-mail is not the intended recipient or the employee
or agent responsible for delivering it to the intended recipient, any
dissemination, publication or copying of this e-mail is strictly
prohibited. The sender does not accept any responsibility for any loss,
disruption or damage to your data or computer system that may occur
while using data contained in, or transmitted with, this e-mail. If you
have received this e-mail in error, please immediately notify us by
return e-mail. Thank you and have a nice day.

         

GIF image



<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy