WHOIS does two checks usually, one with Internic, and then one with the registrar itself. The registrar can still monitor these queries.

True. But if the domain isn't registered, there's no registrar and hence no second query. (FWIW, I only query whois from the command line -- why take any chances?)

That is strange that the same company targeted three seperate domains I was watching! It looks like they register TONS of domains every day though, so it probably coincidental.

I was researching the name of the "company" that registered them, and I found this tidbit: "Typosquatters targeted credit union domain names this weekend with one of the largest bulk registrations of credit union-like domains, ever seen." See the full link at [cuispa.org...]

Does anybody here know who this "Maltuzi Holdings" is? I've been seeing the name pop up with several instances of questionable domain name activity, one being the cenlamar.com domain name, which they eventually relinquished.

[edited by: Rx_Recruiters at 4:11 am (utc) on Nov. 9, 2006]

The most irritating one was with my niece this summer. I registered a made up name for her to start a hobby/company. It was late, my internet connection was dropping out and so I only got the .com. Went back the next morning to others, less than 12 hours later, and found the .net, .org, .us and .info were taken in that span of time. All by one person.

Facts:
- On the average day 500,000 to 3,500,000 domains get registered by domain tasters.
- Tasters delete 99% of what they taste.
- There are less then 1,000,000 English words including (Proper English, Old English, Chinglish, Compound words, Hollyword English, Ebonics, and other forms of English)
- There are 169 Million deleted .COM domains.
- There are 58 Million active .COM domains.
- 6 Billion people, how many people have the same name?
- "On average women say 7,000 words per day. Men manage just over 2000."

With all these facts in mind... think about the possibility that your domain idea has never before been registered and one of the 169,000,000 delete domains! The taste testers register these delete words over and over again. Five percent of all deleted domains are currently alive in a five day test.

I like to play guess the domain name....

MadonnasBaby.com (true or false)
GreenShorts.com (true or false)
HealingMemories.com (true or false)
PushdownBra.com (true or false)
BushLied.com (true or false)
InvisiblePlastic.com (true or false)
InvisibleCat.com (true or false)
RedGrass.com (true or false)
FunLawyers.com (true or false)

Only one of the following domains has never been registered before. There is a second domain on the list that is one of those 169 Million deleted. I guarantee it will be registered again by someone on this thread. The point is any name you can think of has or will be thought of if it is generic in nature. When you get into people names first name then last name. The trend is last names are long gone. But first name last name are shrinking.

I have personally interviewed GoDaddy's executives and countless other executives at domain registrars. There is no spying on whois queries.

What I will say is, if you type it in a search engine, watch out. Meta searchers and DNS queries at your ISP are being monitored. Phrases and Search Terms are being mined. People looking up domain records account for less then 1 percent of the people out there. The real mining happens closer to the people.

The short of it is, any major registrar or large whois website does not and will not mine whois queries.

I registered a made up name for her to start a hobby/company. It was late, my internet connection was dropping out and so I only got the .com. Went back the next morning to others, less than 12 hours later, and found the .net, .org, .us and .info were taken in that span of time. All by one person.

There are services that provide up-to-date lists of every new registration. Or, if you care to go to the trouble, you could do it yourself.

This is why tasting should be eliminated. It's too easy at minimal cost to taste and see if somebody jumps on it because they want to sweep the TLDs.

If you want all of the TLDs to go with your domain, get them all at once.

OTOH, I have a domain where I got the .com, .net, .org initially, a few months later .us, .biz, .info, then a few months after that .mobi. 9 letters, 2 or 3 keywords, depending on how you look at it (second word is compound). Not a type-in candidate, but I think a darn good brand name. (I am developing.) Nobody swooped down on them, as far as I know. I don't know if somebody tasted in between, though, because I didn't check.

So, it remains a mystery - just like the guy that apparently just rapelled off my roof. But THAT mystery I was able to solve... (See foo.)

[edited by: jtara at 5:07 am (utc) on Nov. 9, 2006]

That being said, what did you think of the EWeek article referenced earlier where the writer had "proof" of "whois" spying on a third party whois check?

[edited by: Rx_Recruiters at 5:10 am (utc) on Nov. 9, 2006]

Answers from above:

MadonnasBaby.com (true, but only after playing this game three weeks ago infront of a room or domainers when it was false)
GreenShorts.com (true)
HealingMemories.com (true)
PushdownBra.com (false, still...)
BushLied.com (true)
InvisiblePlastic.com (false, but I see it is registered now! :) )
InvisibleCat.com (true)
RedGrass.com (true)
FunLawyers.com (true)

Keep hunting people.

Something will turn up . . . unless Kaiser Sose [imdb.com] has tipped off all the usual suspects.

[edited by: Webwork at 5:52 am (utc) on Nov. 9, 2006]

In that context there may be legs to the "it just ain't so" theory. However, when you take into account nonsensical garbage-esque type queries that suddenly turn up as registered a few hours or even minutes after the query, then you kinda have to go "Hmmmm..."

Onya
Woz

Wow - I'm finally a "Junior Member"!

Quiet there Junior, let the Seniors talk.

FWIW, back in the day, I noticed a few domains I was looking for one day when picking a new company name gone the next. It wouldn't have been such a coincidence except about 10-20% were gone in ONE day.

No clue if they were just trying to rip me off, we just picked something else.

The only thing I learned from the process was buy anything you might want right up front, blow a few hundred dollars because the worse you can do is load up the extra sites with crap to get traffic and resell them later ;)

[edited by: incrediBILL at 6:57 am (utc) on Nov. 9, 2006]

- 2003 Jan 4th = Random person (perhaps taster) registers nonsensical garbage-esque type domain
- 2003 Jan 7th = Random person deletes name
- 2004 March 16th = taster 2 registers name
- 2004 March 18th = taster 2 deletes name
- 2005 Feb 24th = taster 3 registers name
- 2005 Feb 27th = taster 3 deletes name
- 2006 November 7th = victim wants name
- 2006 November 8th = taster 4 registers name
- 2006 November 9th = victim finds name taken
- 2006 November 12th = taster 4 deletes name
- 2006 November 13th = victim finds name is available again

In this situation it appears to the "victim" that someone spied on them. But in fact the tasters have a pattern of just circulating through garage.

I have seen a situation where a name gets tasted for several weeks in a row, like a hot potato. The name of the game for the taster is to find domains that are worth more then $6 a year. If a domain makes $4 a year then they loose money. So they taste away on a name hoping it will crack the projection of $6. If it never does then they delete permanently. But they can play hot potato and keep tasting a name for a long time. It may appear available in the whois but the whois is 12 hours delayed. So in this 12 hours it appears available. But what happened was the taster deleted the domain on hour 0, then registered it again in an hour. The whois lag makes it look like it was available. In reality the domain was available for 5 hours out of 4 weeks. That is the harshest form of domain tasting.

I have seen it happen, then complained to ICANN, Verisign makes money off of tasters that keep that 1% for the long term so their doesn't seem to be a demand to kill this type of domain tasting practice.

What seems like garbage to you, may actually be a much sought-after word in another language (and not necessarily an easy-to-identify one for most people like French or Spanish)

In that context there may be legs to the "it just ain't so" theory. However, when you take into account nonsensical garbage-esque type queries that suddenly turn up as registered a few hours or even minutes after the query, then you kinda have to go "Hmmmm..."

Yes you do. I was skeptical but I got to watch this happen this week; a number of persons belonging to a client organization performed a flurry of queries on a never-before-registered .com domain composed of two words, neither of which is a word in English and neither of which is the same language as the other (the organization is an English-language organization located in an English-speaking region).

Less than one hour later, the domain was registered by a certain company (also mentioned in another WebmasterWorld thread on this subject) named after a certain country in northwestern Europe (and unfortunately, they seem to have decided to keep it...)

Even amongst a pool of millions of potential domain-registrations, I very much doubt that someone randomly attempted to register a domain named after the organization in question at exactly the same time as that organization.

-b

1. How did they do the whois in the first place? Registrar, Whois site, Command line?
2. "never-before-registered", how do you know this? It is a bold claim to say it has never before been registered.

Not that I don't believe you but if you have specific example please sticky me. I would love to dig around and get the history on the name.

So in this 12 hours it appears available. But what happened was the taster deleted the domain on hour 0, then registered it again in an hour.

That is not true at all. When I query a name at my registrar, when it is available, I expect that it should be available immediately and I have not encountered once when I register it and it isn't available.

The nameservers the registrars are querying aren't typical dns servers of your ISPs so there is no 12-72 hours propagation requirements.

The thing that interests me most with this thread is NOT the fact that some sneaky ratbag somewhere might want to somehow spy on my ideas and attempt to capitalise on them - that I can believe. But the part that staggers me most is the sheer numbers you guys are talking about.

And these people are "tasting" millions of domain names? Then cherry picking and paying up for 1%, and dumping the rest back in the pool, without paying for those? And you're saying that these people are allowed to do that?

Well that's rort if I ever heard one.

Since losing some superb domain names then (querying on Whois, then coming back two hours later and finding them gone) I've usually bought immediately I've found a good domain name.

Occasionally I dither, and bang, the names are gone when I come back...

Perfect systematic proof of it? Nope. I've got a life and a business to run, and there's no value to me in running the experiment (or even in recording these instances in perfect detail when they occur.) Nonetheless, I've learned this one from experience.

[edited by: Leonidas at 10:05 am (utc) on Nov. 9, 2006]

MyUnusualLastNamesBargainBasement.com

I checked it one day, along with a pool of about 50 others. But, this name was the last name I looked at and unlike the others, I had checked .com, .net and .org to see if the three piece set was available, since we were fairly certain we wanted that domain name set. I had read earlier that day, that buying the three piece set was a good idea.

When we had talked it over, and I came back a few days later, the dot.com was gone. The liklihood of anyone registering that domain name other than to squat because they knew somebody wanted it, was pretty much nil.

I speculated that because the domain name was obviously a business name, somebody assumed we would want that domain name for an existing business, and we would be willing to pay for it.

That same registrar, a major one, pulled a dirty trick on us some time later. When we switched servers and registrars, having all our domain names transfered, a few months later they moved the domain names back to their server, on the anniversary of our registration date.

This was before we could lock our domain names to prevent this type of fraud. They claimed it was an accident. We saw it as the same kind of "accident" as registering our choice of
MyUnusualLastNameBargainBasement.com out from underneath us. That same registrar spammed my snail mail with registration expiration notices for years.

I learned from that lesson. Ever since, when I check a domain name, first I type in the url into the address bar. If there is a live site, I move on. If not. I make a note of it. When I am ready to register a name or names, then, and only then do I check it through the registrar. Once I find it is available, I register it immediately.

There was one other time... about four to five years ago.

I had decided to register about 90 domain names, that comprised a very specific set for retail. The concept had never been done on the web at that time. I had a list, and began registering the domain names. At the end of the day, I had missed one set of four domain names in a sub-set, but I had checked to see if they were available at the beginning of the registration process. When I realized it the next day, I tried to register the sub-set, and ONE domain name was gone. Without it, the entire four piece sub-set was worthless to me.

But, I noticed when I checked the url, that there was a blank page up for the domain, that was not there two days before. I checked it again several days later, and it was up for sale, for the tidy sales price of $2,500. I passed on it, and the other three I had wanted. I checked it every so often over a couple years, and it was parked the entire time, well beyond the legal period for keeping a domain name parked.

Now, I only check domain names through my server, and only when I am ready to register.

Sometimes you don't need proof, it is just plain obvious there is slight of hand at play. The time it takes to gain 'proof', could be better spent working your business.

If you are not willing to follow it to a natural conclusion, and take on a fight in the end, you are wasting your time. If you take on the fight, again, you are wasting time better spent working your business. It is a lose-lose scenario. Choose another domain name and move on.

Only, and I say ONLY if you have a brand that is well-known, is a squatter's suit worth the time and effort. If this is for a new enterprise, choose another domain name. You don't have to have the company name as your url, contrary to some opinion. I actually find it more beneficial to choose a more logical domain name, instead of the company name.

Two weeks ago, I registered two new domain names. I was surpised to see when I checked Google for the domain name a few days ago, there was one search result. It was for a registrar that had posted all the domain names registered that particular day, including mine. They were not my registrar. This is the first time I have seen this.

Sometimes you don't need proof, it is just plain obvious there is slight of hand at play. The time it takes to gain 'proof', could be better spent working your business.

absolutely spot on! I've known for three years at least that you don't go to whois without your credit card in hand. I have seen it happen with 2 Italian friends who wanted a one-in-a-zillion domain name:

ItalianSurname-ItalianSurname-EnglishWord-ItalianWord.com
(so we're talking unique like carboni-murgias-office-mobili.com!)

We went straight in to buy it, then realised no-one had a credit card on them, so we went back about 5 hours later and it was taken.

That, my friends, needs no special research or investigation. That is underhand whois spying and it's just something most battle-hardened webmasters have had to learn to deal with.

Actually, the only real surprise in this thread is that there are still those who DON'T believe it happens. :)

My guess, though, is that it's not automated and comprehensive, but manual and occasional.

When we had talked it over, and I came back a few days later, the dot.com was gone. The liklihood of anyone registering that domain name other than to squat because they knew somebody wanted it, was pretty much nil.

I think it's more likely that someone in your inner circle was the culprit in this instance.

There is a small fee for tasting, but does this truly cover the costs? Does it cover ALL of the costs to ALL of the parties involved?

Or are the rest of us subsidizing this?

I sent a list of 15 domain names to WebWork with a screencap of the query I made at a reasonably low-rent registrar/hoster. Included in the screen cap was the system clock panel showing the date and time.

I queried the names across 12 TLDs, for a total of 180 queries.

This was yesterday, around 24hours ago.

Today I went onto a *nix box to do a command line query through the WHOIS registry for all 180 domains (thank GOD for the up-arrow access last command - saved a pile o' typing.)

The result? After 24 hours, NOT ONE of the domains had been picked up. If this type of activity is happening, then it would almost certainly have to be happening on an automated basis. Even with the smaller registrars, the sheer volume of queries going through negates any hope of a live human manually monitoring for "good" names.

Nobody can read that fast.

So, if the process is automated, 24hours is plenty long enough for a conclusive negative response. At least as far as that particular registrar is concerned.

Am I saying it doesn't happen? No. But I've been hearing pot-smoking conspiracy theorists rant on about whois snif and scoop and registration snif and scoop for almost ten years. And in ten years I've seen not one bit of conclusive proof that it's happening.

And now for my Domain Sniff and Scoop Test Part II:

Some of the domain names I checked were not half bad. I couldn't help twitting WebWork's nose with my choices. I'm going to post the TLDs I tested across, and the names themselves here. With the crowd that hangs out here, and the rapidity that WebmasterWorld gets indexed in Google, I have no doubt that next week when I have a chance to check again (I go back to work tomorow, and will essentially fall off the planet for 5 days), one or two of these names will have been picked up.

The TLD's

com net org biz info co.uk org.uk us ca tv eu mobi

The Domain Names

webworkisfresh webworkisgreedy webworkknowsnothing webworkknowsbest webworkisarrogant webworkisnew webworkisgreen webworkisdaman webworkisright webworkisstale webworkishumble webworkiswrong webworkisred webworkisold webworkismodest

Read the thread, something like a dozen people have had this happen to them. That's very suggestive to me, although in this and pretty much all matters I remain an agnostic.

Our "inner circle" was my husband and I.

Make one up to the coincidence theory. But it does happen.

The result? After 24 hours, NOT ONE of the domains had been picked up.

It is highly relevant which registrar or whois you used. We (at least not I) are not accusing all registrars of this. It would also help all of us to know which registrar/whois searches we can trust. (hopefully this can be an exception to the ToS).

Where are the initial whois searches being done that leads to them being taken later?

Are they at a generic whois site? At a registrar? At a reseller's site?

Some places seem more "susceptible" to a sniffed whois than others. It would be interesting if there was a common source to be found.

I know for a fact that there are off the shelf domain reseller scripts that tie into major registrar api's that can record what domain searches are being done on their reseller site.

Like Davezan said, it's no different than being able to see which searches are done on your blog or which queries are being done on your adsense for search box.

The technology is there.

Another interesting question is:

Assuming there are people doing this in an automated way or in a less consistent way, what would be their motivation for registering a "nonsensical" domain name? What would be their criteria for trying to register *your* domain out of thousands of other possibilities?

Now I could see it being financially worth it if they were plucking names from someone who's spending habits they have on record. This would have to be someone directly behind the scenes and not a third party.

If I had access to spending habits, and domain name queries, I'd be tempted to play that game.