They say they aren't front running and never have, and yet how many times have people looked up a domain on GoDaddy only to have it registered minutes or hours later by a GoDaddy account.
That doesn't mean that GoDaddy itself is doing this, but their employees certainly could be, or they could sell domain query data to a 3rd party to keep their hands clean. Some Godaddy employees certainly have access to the data of who is looking for what.
It would not be hard at all to have an algorithm that looks that those domains for dictionary words and possibly look at Google keyword search volume on each one and only buy the ones that pass some minimum criteria. That would be smarter than Network Solutions and harder to prove.
I personally stopped doing domain lookups on GoDaddy because they would register domains I didn't pull the trigger on fast enough and I've been moving domains away from them as well.
Just because some VP says they don't do it doesn't mean they aren't lying or there isn't some low level tech or manager who isn't doing this on their own.
This phenomenon is disgusting. Happened to me for a thirteen-letter domain name with fairly low search popularity. I presumed this was one of the reasons why Godaddy is considered evil. Nowadays the domain is parked @ domainbrokers.com
If a 3rd party is involved, shouldn't we move to stop Godaddy from providing this information to them? If it is a case of rogue employees domain squatting, shouldn't Godaddy act to put a halt to this practice?
This is disgusting, but everything is fair in love, war and business :(
I don't think any domain registrar will willingly not do it. There should be some kind of law, that makes this practice illegal - both the registrar doing it themselves, and giving the data to others so they could do it. In fact, there should be a law prohibiting the sale, sharing or even saving of this data completely. If I search for a domain at a registrar's site, that shouldn't be logged anywhere.
Not directly related, but - it would be nice if there is a law that says "any domain name can be sold only for a maximum of 10 dollars" - that would prevent the disgusting domain squatters. It would upset those who spent millions already, but it might have some affect on the future squatting of domains.
> This is disgusting, but everything is fair in love, war and business :(
Um, no. That's not true. Sending armed men into your competitor's retail store to trash the place and scare off customers is not "fair". This is also why, among other reasons, it's illegal.
Commerce is one of the many mechanisms by which we collaborate in making a better world. If you have found a way to abuse that mechanism to enrich yourself at the expense of others, then you're an asshole.
That you can get away with something for a while does not make it right, and it does not make you less of an asshole. Indeed, I'd say that finding a new way to fuck people over, and therefore forcing the creation of a new regulatory apparatus that burdens us all, makes you more of an asshole.
Some Godaddy employees certainly have access to the data of who is looking for what
This is scary for many reasons.
Although it barely made a bleep on HN, GoDaddy recently acquired Outright.com
Once upon a time, Outright had a great vision. To be like Mint, but for small businesses. For "the little guy". People sign up, plug in their bank account info, credit cards, eBay + PayPal, etc and voila! Here's your P&L. Makes doing taxes easy. Customers? Generally of the unsuspecting "lifestyle business", sole prop, a person / family business kind that just didn't know any better. Over time, Outright's servers became chock full of data (yes, even from deleted accounts), such that it could paint a live stream of a person's or a business's financial health.
This would be fine and dandy but for the fact that Outright was taken over by an incredibly unethical and morally incomprehensible CEO who, apparently, decided to sell out all of his users' privacy and security to one of his kind. So GoDaddy is now in the business of "accounting" and has access to the live stream of financial health of a whole lotta small businesses - to exploit and do who knows what with.
I was taken aback when a domain I owned expired and Godaddy "held it for me" to the tune of $80. I just waited a few months and re-registered after they dropped it.
Note: I own registrar and we are a competitor of godaddy.
That said a few points:
1) As others have pointed out the sheer volume of domain lookups that are done at godaddy make it unlikely this would be profitable for GD to do not to mention the PR problem for that matter. Registrars do pay for domain names. Currently the cost (including ICANN fees) are $8.03 per domain (plus some other minor type costs as well). All registrars pay the same price .com .net, volume doesn't matter. Very often registrars sell below cost btw.
2) "but their employees certainly could be, or they could sell domain query data to a 3rd party to keep their hands clean. Some Godaddy employees certainly have access to the data of who is looking for what."
Is possible of course. So far no proof of that. Important point of course is that even the info (as I pointed out in another comment) when you do a command line whois to the Verisign whois server can be sniffed and/or it's possible someone at Verisign is getting at the data (or that Verisign is selling it for that matter). Since GD is the largest registrar it is quite possible the info is sniffed elsewhere and registered at GD.
3) "algorithm that looks that those domains for dictionary words and possibly look at Google keyword search volume on each one and only buy the ones that pass some minimum criteria" Exactly the way back in the 90's that I registered domain names. Except it was by excite or yahoo I don't remember. I can vouch for that personally although most good names as we know are taken long ago.
4) "or there isn't some low level tech or manager who isn't doing this on their own." Then the culprit isn't GD but someone who works for them (in all fairness). So this could easily happen at any registrar. It is possible to setup a system where a rogue employee can't get at the data of course. But that doesn't prevent what can happen as detailed in #2 above.
I agree with you. I would say the same if I would do domain name front running. Who wouldn't lie in this situation? But there are more reasons for avoiding godaddy. Their CEO kills elephants, they had an important role in designing the SOPA bill(and moved back then) and they are expensive. I would recommend gandi.net or inwx(InternetworX) instead.
Gandi has the unique contract term where they can take your domain if you violate their "ethical code" or "fail to facilitate the fight against deviant use of the Internet"... which is pretty much a blanket right to revoke your domain at any time if you host user-generated content, among other things.
It does not matter what registrar you use if the TLD is managed by a US registry (.com, .net, .org, .name, .cc, etc). The government goes straight to the registry, not to your registrar, to change the records. Gandi would have no power to stop that.
Indeed, this proves nothing! Godaddy does millions of domain registrations a year. Imagine how many lookups they do in a single day. Just by sheer change it will happen often a domain is registered by somebody shortly after a someone else did a lookup. There's no proof either way.
Godaddy definitely does this, if not directly, they also can suggest the domain you've search to other people searching because it is likely a good domain...
It's the reason why I just use `whois domainiamsearching.com` from the command line whenever I look up domains I'm interested in. Way quicker than the web based look up, as well as not having to worry about some third party (or your isp) trying to snake a domain out from under you
For .com and .net names using the above method Verisign GRS has access to that info. There is nothing to prevent whois.verisign-grs.net (or the others they operate) from logging your request -or- from someone sniffing it by other means (it's plaintext after all).
Someone sniffing my line, while is of much greater concern, is also much less likely to occur. GoDaddy (or any other whois website frontend for that matter) automating registrations if a whois lookup purchase isn't made immediately is much more likely, purely on a practical level.
Is it possible that it's someone else registering the domain but using GoDaddy's privacy package to hide their registration details? I think it's domains by proxy or something along those lines.
Also, for every registration don't registrars have to pay the ICANN fees for each domain? At almost $10/domain it would seem unwise to automatically register any domain people are searching for as it could end up costing a lot of money in fees.
Disclosure: I work at GoDaddy, but I do not work on domains, so I have no knowledge about that area of the business.
GoDaddy has certainly been caught doing nasty things before, as explained in "GoDaddy goes to great lengths to hide its expired domain warehousing operations": http://domainnamewire.com/2008/12/03/standard-tactics-llc-ho... . Only the company's IPO revealed its internal structure.
This is a very interesting discussion. I've been flipping domain names as a side-biz for years and I've had ALOT of discussions with other guys who say that GoDaddy sniped a domain from them. In some cases the people have checked on 3rd party sites (like NS), found that the domain was available, then went to Godaddy for cheaper registration only to have GD report that the domain is unavailable. In a couple of instances guys would then go back to NS or their other favorite registrar only to find that the domain was registered by "Domains by Proxy", which is GoDaddy's anonymous registration partner/subsidiary.
I haven't personally had it happen to me, but too many people I trust say that it has happened to them for me to ignore it.
GoDaddy is the largest registrar, and anyone can use their anonymyzation. So 'checking other sites' and THEN seeing that some anonymous someone registered via GoDaddy provides little negative evidence against GoDaddy.
I agree. You couldn't go to court with this type of evidence, but you have to admit that for the site to be available, then within minutes of you searching for it on GoDaddy, it then becoming anonymously registered would raise eyebrows.
But that scenario -- searching only through GoDaddy (preferably HTTPS), and seeing that domain gone minutes later -- is not described in the comment I responded to. Nor in the parent linked article. Nor was it in the prior report this article mentions.
And yet, even if that did happen, GoDaddy gets millions of registrations per year, and many times that in lookups. So losing a domain minutes later is certain to happen many times per year for strictly innocent/coincidental reasons.
And some of the advice being given in these sorts of threads -- use DNS/whois lookups, use other random website services -- could be increasing the risk. (Those protocols are eavesdroppable, those services have less to risk than GoDaddy.)
Sorry guys, I'm pretty sure you're chasing ghosts. I was a development manager there a few years ago, and they go to extremes to avoid anything that even comes close to looking like this. The capability doesn't exist in their software, and it would be a massive effort to enable it.
In high volume systems, low probability events happen very frequently.
> The capability doesn't exist in their software, and it would be a massive effort to enable it.
What makes this a massive effort? I assume that GoDaddy has existing software to register a domain name given the name, and some fixed configuration like who should be listed as owner, contact, etc. So we need to call that logic, passing as input each domain that has been searched for.
Upon every search for a domain name, enqueue the search term to a queue. (This can happen e.g. after the page load completes.) The search results already indicate whether the name is registered, so only write unregistered domains to the queue.
Set up a fleet of workers to pull items from that queue and call the functionality that registers a domain.
It seems feasible to have a basic prototype of this functionality operational within a day or two of effort (e.g., a dumb implementation that simply registers every search term that's a valid domain). I'm sure the production version will need to be smarter, like not registering every single search, or estimating the value of a prospect and only registering high-value prospects - but wouldn't a basic flagrant implementation be fairly simple?
Well for one, if you have ever worked on a well established high traffic site, even to add a "simple feature" without breaking something is not that simple.
Going with your logic: User Searching for a domain; Godaddy adds it to the queue; Pulls out the domains one by one from the queue and registers it for themselves. Although it might seem simple there are few flaws in it.
a) What happens if the user want to register the available domain, wait but we already added it to our queue for automatic registration. So we need to check if the user goes through with the registration or not.
b) We are going to make millions $ holding domains hostages. But since every registration will cost goddaddy atleast $5.50 to ICANN and that there are millions of searches of domains in a month, well it certainly is one way to tank your company.
c) Alright lets then try to filter out only the popular domain name searches. But how do we determine what is popular and what is not popular. Common words? Trends? Hyphenation? Numbers? TLD? User Profiling?
d) Lets hold the domain hostage and make the user wait until they agree to backorder it from us. That will always work out for user retention.
Given that I used to own a lot of domains from Godaddy, I can attest to the fact that they have much simpler ways to hold your domains hostage if they wanted to. For example: When a domain is about to expire, the sheer volume of emails you get from Godaddy reminding you to renew is outright annoying. If they had to score better money, cut it down to just one and sent them about 4 weeks before the expiration. When most people forget to do it, go ahead and charge them $80 to get it back from redemption!!
Buy a whois protection from any registrar and the registrar's name shows up. Given the risk of publicizing your real email and the cost of just $3.99 per year, most people do opt for whois protection.
Am I just missing the sarcasm in this article? How on earth is "We can now honestly say that Godaddy is not involved with domain name 'front running'" a reasonable conclusion from that one sentenced email? The sender is someone we'd expect to deny this.
Edit: The author has since edited the post. The part I quote was a direct copy-paste of the last sentence from the original version. He's since made a half-hearted attempt to qualify this.
But if GoDaddy is front-running, and they outright lie and deny front-running, then it adds to their liability. Fraud is far less defensible than front-running itself (which could be defended as a good capitalistic use of asymmetrical information, after all).
Given the increase in liability the denial presents for GoDaddy, my sense is that it lends credibility to the assertion that they are not, after all, front-running.
This, plus the rather weak evidence that they're doing so (the lone assertion of a single blogger) makes me believe that there is reasonable doubt about whether they are doing it. Hey, if there are more people stepping forward, then lets see a class-action and get the proof in the light.
Back in 2008 I did a test on a couple of sites. I found that Easily.co.uk claimed a made up domain name "nobodywantsadomainnamewithlotsofnumbers1231891904817401" - used as a one time test string for this registrar alone - was already taken on 3 TLDs (I've got a screenshot saved) ... the chances of that being a random collision seem pretty low.
Recently, I was checking whois for a 5-letter domain which had just expired. It was available, but seconds after I checked it with Godaddy's whois (checked the update timestamp), it was taken by Domains By Proxy, LLC (Godaddy's company). So for anyone checking this out, consider they may only do it with recently expired domains or short domains.
They may also turn off this code if this blows up in public.
Pretty poor investigative journalism in my opinion... No testing, or planning to scope them out... just one email, and he can "honestly say" that they don't do it. Weak.
Sincerely, why do you think it illegal? Aren't they allowed to speculatively register domains to resell?
Please understand this is a sincere question. I'm asking because I think it's legal. If it's illegal, I want to know about that, and especially how the law might view a register's squatting and an individual's squatting differently.
Edit: Just so it's clear, by "register" I mean truly register the domain for a year -- not "taste" it for a few days and then cancel the registration, if that is even still allowed.
This has been happening for many years now. They sell the stream to other companies who register the domain for a few days for free. They stamp the for sale page on it and wait, drop it and maybe register it again.
I have had two domains, months apart (back in 2009?), that I looked-up via GoDaddy and then were gone the next day when I went to register.
These were obscure names, one with numbers.
This is just my experience, could be plain bad luck/timing. However at the time I wondered about this (nice to know it has an actual term) - emailed them angrily and got a placating response.
This absolutely happens. Only with GoDaddy? Not sure.
I have searched for some obscure domains in unpopular niches (imagine <extremely obscure keyword><extremely rare/popular suffix>.com> to find them registered mysteriously 24 hours later to someone on.. you guessed it.. Go daddy. This has happened enough times to me that I now only search for domains after I login into the control panel at the domain provider I use.
Many domain/whois tools do the same things.
My semi-educated guess is all searches are queued, sorted by popular keywords, and most likely hand picked off by an official employee, or someone who may have access to the data.
OTOH, I'm surprised no one has done a honeypot experiment to catch this type of behaviour in the act.
I had EXACTLY this situation with GoDaddy earlier this year. I was looking for a good domain name, found it (intelface.com), but decided to sleep on it. Next morning it was gone. I know you can't prove anything, but it looked very suspicious at that time.
Why is anyone relying on a 3rd party to check domain availability? You can do DNS lookups and whois searches from the comfort of your own machine. There's no need to let anyone else know you're interested until you're actually ready to pull the trigger.
That might be more dangerous. If you trust GoDaddy, and do a search in an HTTPS session with them, there's little risk a third-party could learn of your interest/idea and snap up the name.
OTOH, dns and whois are unencrypted protocols. Eavesdroppers could see your lookups. Depending on which DNS or WHOIS servers you are consulting, their administrators may be untrustworthy. For example, many whois installations default to asking NetworkSolutions, who at one point (2008) was definitely front-running by their own admission.
This once happened to me about 2 years ago. I got furious and called up godaddy wanting to talk to someone that could give me an answer. They said we don't buy domains but when a domain is looked up on our website sometimes it is publicly available and sometimes other people end up buying them on speculation.
I searched for the domain godaddysucksbigbigballs.com multiple times and it ended up being taken after 10 mins.
I assume that since there was a grace period where people could simply drop a domain and get a refund after a couple days that squaters somehow obtained the information and weree buying domains that people were searching in hoping to profit.
You might have to try a larger number of things that would score higher in terms of domain value. If I were front-running, I might concentrate on domains that were likely to have resale value beyond the original purchaser.
Also, given that GoDaddy is being accused of this right now, they'd be smart to stop any front-running for a few weeks.
Isn't that something you could investigate and prove? Look up 1000 randomly-generated domains from different IPs, check later if any of them are registered, done.
I suspect they would only register names that look somewhat "good". There are plenty of automated ways to valuate domain names -- then just pick the unregistered ones that exceed some value.
You could run a list of available domain names from a domain name suggestion service as lookups using an automated system. You'd want a botnet to avoid getting your IP blocked.
Wasn't the problem that the registrars could retain the domain names without having to pay for a few days? I thought that ICANN had addressed it but am pretty hazy on that point.
Make a LOIC-like program that queries, say, 100 domains per minute. Brute-force up to 20 char dns names. Let godaddy purchase a few million before they find out what's going on.
One could lower the queries per minute to make it not look so brute-force-y.
I'm shocked that anyone is surprised that this still happens.
The author claims he broke the news in 2008, but NetSol has been doing this for a very long time. I remember using a service that let you do wild card domain searches before going anywhere near a registrar. "Domain Surfer", I believe. These days I just pull the trigger instantly when I find an available domain. Pull the trigger!
I could have sworn this happened to me. I looked up my own name (.com) one day, and it was available. I checked back a week or so later, and it was taken.
I monitored the domain for a year and saw no activity. At the end of a year it became available, and I snagged it at a base price. Seemed like too much of a coincidence. I don't have that common of a name. I can't prove anything though.
Wouldn't it be trivial to perform some sort of analysis on this? That is, write a script to test an appropriately sized sample for domain availability. Then after some predetermined time, check the availability again. I'd imagine if GoDaddy is registering domains, then we'd find that our data was statistically significant.
Back in 2009 and 2010 when I was a novice (And I am still consider myself as a novice)in the field of web development, I do not remember how many times I have searched for a domain name (with a scientific terminology in it) to find that it is available but gone after few days and parked on a place such as Sedo.
Its quite easy to do a sting operation on them to prove the practice. I searched for a random domain name now. Silly name: YABODABODOODIDA.com. Took screenshots of the search and its availability. Lets see in a couple of days who owns this domain name.... Then rinse, and repeat the process...
Well, I'm glad I don't use GoDaddy - I'm always paranoid when searching for a domain name, though - if I find a good one, I tend to register it right away out of fear that it might be taken right after the search. Guess there's some truth to that.
I had such an presumption many years ago with another Registrar.
My guess is that they check manually all searched (yet free) domains and register the best ones after a while, it wouldn't even surprise me if this is the standard.
İ personnally experienced those kind of issues with GoDaddy and this was the main reason of switching to name.com. They don't front running all domains but I believe they do for some keywords which is relatively valuable
This happened to me. I checked if a domain was available, it was, I went out of the house to tell my friend. We went back to register it and it was gone.
Hell, GoDaddy didn't even bother registering my domain after availability lookup. They waited until I paid for it and then 6 months later parked the domain with their bullshit. I never changed any settings or anything, and yet if you go to my domain, all you see is GoDaddy's bullshit.
I'm not one to defend GoDaddy, but it sounds like you just never did anything with it. If you don't point the domain to a hosting account or change the nameservers, GoDaddy always displays the parked domain page by default. You can turn it off in your account settings if you want.
When I used GoDaddy they automatically park your domain until you configure the nameservers like you said. This is the most likely explanation of his/her account.
I realize it doesn't make any sense. It was working until it wasn't. I contacted customer service and they just gave me the steps on how to set up the domain from the documentation. Since I had already done that, and it appeared the settings were correct (since it was working for a while and I never changed it afterward). I didn't bother with it any more after that because it's not worth fighting GoDaddy over $15 or whatever, I'm just taking my business elsewhere.
Hmm, I can only speak from my experience where I checked domains with GD and when I came back one week later to register them I was greeted with a "this domain has been registered. but you can buy it for $50"-type message.
This was around 2003 and since then I'm avoiding godaddy.
They say they aren't front running and never have, and yet how many times have people looked up a domain on GoDaddy only to have it registered minutes or hours later by a GoDaddy account.
That doesn't mean that GoDaddy itself is doing this, but their employees certainly could be, or they could sell domain query data to a 3rd party to keep their hands clean. Some Godaddy employees certainly have access to the data of who is looking for what.
It would not be hard at all to have an algorithm that looks that those domains for dictionary words and possibly look at Google keyword search volume on each one and only buy the ones that pass some minimum criteria. That would be smarter than Network Solutions and harder to prove.
I personally stopped doing domain lookups on GoDaddy because they would register domains I didn't pull the trigger on fast enough and I've been moving domains away from them as well.
Just because some VP says they don't do it doesn't mean they aren't lying or there isn't some low level tech or manager who isn't doing this on their own.