-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
As bad as the "domain tasting" problem really is, will anyone from
the Ops community speak up?
http://www.icann.org/announcements/announcement-2-10aug07.htm
I personally consider this issue to be one of the most insidious
policy issues facing the Ops community at-large.
$.02,
- - ferg
There are many problems, some old, some new. My realization was that unless we step up and work on it, no one else will.
So some of us did, and do. Others are always welcome.
When the different so-called governance organizations on the net search for where their relevance and then ability to affect change (for monetary or altruistic gains) went, we can point to the trash can outside.
Gadi.
I'd like to but I don't know of a practical way to measure the impact of
domain tasting on my services: how can I do 6 million whois lookups to
analyse a day's logs to find what proportion of our email comes "from"
tasty domains?
I tried the Support Intelligence domain tasting blacklist but it was not
reliable enough.
Tony.
I'd like to but I don't know of a practical way to measure the
impact of domain tasting on my services: how can I do 6 million
whois lookups to analyse a day's logs to find what proportion of our
email comes "from" tasty domains?
Probably not much. Domain tasting requires a registrar who is willing
to handle millions of AGP refunds without charging the registrant,
which effectively rules out anyone who isn't a registrar himself. The
goal of tasting is to collect pay per click ad revenue, which requires
that one have a stable enough identity to have Adsense et al pay you.
Spam these days all comes from zombies with real but irrelevant return
addresses, and the target URLs are more likely to be bought with
stolen credit cards.
The problems with domain tasting more affect web users, with vast
number of typosquat parking pages flickering in and out of existence.
The real way to get rid of tasting would be to persuade Google and
Yahoo/Overture to stop paying for clicks on pages with no content
other than ads, but that would be far too reasonable.
R's,
John
Domain tasting clearly affects assessments based upon domains. With millions added and removed daily as part of "no cost" domain tasting programs, the number of transitioning domains has been increased by an order of magnitude. Many of these new domains often appear as possible phishing domains. The high number of tasting domains obscures which are involved in criminal activities. This high number also makes timely notification of possible threats far less practical.
There is no advanced notification of new domains nor reliable information pertaining to domain ownership. There are significant costs associated with analyzing and publishing domain assessment information. Registries blithely ignore this reality by permitting the dangerous activity to continue free of change. Perhaps those harmed by the resulting chaos that domain tasting creates could start a class action. A coalition of financial institutions might prevail in both getting this program to end, and perhaps even require advanced notification of new domains.
Domain tasting is clearly buying criminals critical time due to the resulting high flux created for domain assessments.
-Doug
That's exactly the problem.... "the goal of tasting is to collect pay
per click ad revenue"...
Ten years ago the internet was for porn, now it's for
MLM/Affiliate/PPC scams. As long as we put up with companies abusing
the Internet as long as they are making a buck, they'll keep doing it.
The scams will change, but they'll still be scaming.
to be very clear, this 'domain tasting' (no matter if you like it or not)
is just using a 'loophole' in the policy/purchase that's there for the
safe guarding of normal folks. It just happens that you can decide within
5 days that you don't want a domain or 1 million domains...
So, to be clear folks want to make it much more difficult for
grandma-jones to return the typo'd: mygramdkids.com for mygrandkids.com
right?
-Chris
(yes, domain tasting is unlikeable)
The real way to get rid of tasting would be to persuade Google and
Yahoo/Overture to stop paying for clicks on pages with no content
other than ads, but that would be far too reasonable.
I don't see a practical way to enforce it.
I believe the Net is an unstable system that will eventually be rendered useless by spam/etc. It is a cheap unlimited resource - you pay for your connection, and you get access to things you are in no way paying for. I don't see a way to fix it.
Carl K
Chris L. Morrow wrote:
That's exactly the problem.... "the goal of tasting is to collect pay
per click ad revenue"...Ten years ago the internet was for porn, now it's for
MLM/Affiliate/PPC scams. As long as we put up with companies abusing
the Internet as long as they are making a buck, they'll keep doing it.to be very clear, this 'domain tasting' (no matter if you like it or not)
is just using a 'loophole' in the policy/purchase that's there for the
safe guarding of normal folks. It just happens that you can decide within
5 days that you don't want a domain or 1 million domains...So, to be clear folks want to make it much more difficult for
grandma-jones to return the typo'd: mygramdkids.com for mygrandkids.com
right?
Not just that, they want registrars to take a revenue cut.
I am assuming that
A. a registrar would get less business being "less forgiving" than others.
B. a registrar gets revenue from tasted domains that taste good.
I see no finical incentive for a registrar to change their policy.
Carl K
Grandma will still need to make a payment for the domain. Grandma is also unlikely to find a clause in her contract which removes a payment obligation after a few days. Provisions that enable domain tasting are unlikely to benefit individuals.
-Doug
If grandma-jones orders custom stationery and doesn't
manage to spell her name correctly, she'll end up with
misspelled stationery. The main difference is that
a misspelled domain name is likely to be a much cheaper
mistake than misspelled stationery.
A question to the registrars here: What fraction of legitimate
domain registrations are reversed because the customer
didn't know how to spell, and noticed that within the five
day "dictionary time"?
Cheers,
Steve
but today that provision is: If you buy a domain you have 5 days to
'return' it. The reason behind the return could be: "oops, I typo'd" or
"hurray, please refund me for the 1M domains I bought 4.99 days ago!". The
'protect the consumer' problem is what's enabling tasting.
I once ordered replacement checks, and even though I checked them
carefully when they arrived, I *still* went through several dozen
before I noticed the '106' in my street address was printed as '160'.
And yes, I ended up swallowing the cost on that one.
> So, to be clear folks want to make it much more difficult for
> grandma-jones to return the typo'd: mygramdkids.com for mygrandkids.com
> right?Not just that, they want registrars to take a revenue cut.
I am assuming that
A. a registrar would get less business being "less forgiving" than others.
B. a registrar gets revenue from tasted domains that taste good.
I think the policy change would most likely be at the ICANN level or
perhaps at the registry level. I got the impression that the current
policy 'loophole' was at the registry or ICANN level already. So, this
would probably
I see no finical incentive for a registrar to change their policy.
because they are often part of the tasting ... so they don't want to cut
off their revenue stream, which in no way touches grandma-jones and her
typo'd domain purchase, fyi.
> So, to be clear folks want to make it much more difficult for
> grandma-jones to return the typo'd: mygramdkids.com for
> mygrandkids.com
> right?If grandma-jones orders custom stationery and doesn't
manage to spell her name correctly, she'll end up with
misspelled stationery. The main difference is that
a misspelled domain name is likely to be a much cheaper
mistake than misspelled stationery.
I picked on example, there have been plenty of examples in the past of
folks just barely able to come up with 7$/yr for domain registration and
using donated hosting for their non-profit thing. I think the root isue
is: there is consumer protection today in the purchase system, do we want
to remove that in the future. Or do we want to find another method to
crack down on this problem without hurting consumers?
A question to the registrars here: What fraction of legitimate
domain registrations are reversed because the customer
didn't know how to spell, and noticed that within the five
day "dictionary time"?
I know that I've made one reversal... but maybe I was being picky 
So combine these ideas with the possibility that someone will claim various consumer protection laws apply to these transactions and want to cancel the contract within three days.
Instead, why don't we have a three day waiting period when the domain is
"reserved" but not active. Grandma could notice her typo, credit card processor's could notice fake card numbers, and so on and rescind the registration.
After three days the sale is "final." Only then the name is made active in the zone files.
Do people really not plan that far ahead, that they need brand new domain names to be active (not just reserved) within seconds?
This sort of chain of reasoning, one behavior for one purpose might
sometimes be a more insidious behavior for other purposes, makes me
nervous. I just think it's a treacherous way to make policy, except in
extreme cases.
Then again I'm not particularly bugged by people who run these ad-only
sites. Seems to me that's between them and the advertisers who pay
them so long as it's not inherently criminal. And where it is criminal
that should be dealt with, take any advertising medium in existence
and you'll find a percentage of fraud.
The real sin here is indicated by the terminology, "domain tasting".
Domains should be paid for in advance, not necessarily "by law", but
by liability.
That is, if you extend domains on credit w/o any useful accountability
of the buyer and this results in a pattern of criminality then the
liability for that fraud should be shared by the seller. This would
not be unique, there are lots of real world examples (e.g., if you
rented cars for cash and asked for no id's and they were often used in
crimes...)
So ya'd picks yer policy and ya'd takes yer chances.
I'm really not sure, but I can imagine a slew of issues where 'marketting'
doesn't plan properly and corp-ID/corp-branding end up trying to register
and make-live a domain at the 11th hour... This also seems like the
quick/easy fix. I'm not against any particular fix, but people need to
understand (and Sean you probably do, as does Doug I suspect) what the
implications of these design changes are and who'd be affected.
-Chris
Chris,
Suggestion B in ICANN's information request was:
"making the ICANN annual transaction fee (currently 0.20 USD per year)
apply to names deleted during the [5-day Add Grace Period],"Wouldn't this essentially end the bad-behavior domain tasting without
hurting grandma-jones with her typo?
This would incur a 20 cent/domain fee for return of the domain inside the
grace period, yes? that would add a slow drain to the taster's
pocketbooks, is that slow-drain enough to make tasting less profitable? or
'not profitable'? If so, then yes probably it'd slow tasting or end it.
I don't think that a 'processing fee' is abnormal on returned items so
that might even sit well enough with grandma-jones (in my example).
And if it was still profitable to taste domain names, wouldn't it pump
so much money into ICANN that they could lower the annual fees for the
rest of us?
hey lookie, a nice side effect
Chris L. Morrow wrote:
So, to be clear folks want to make it much more difficult for
grandma-jones to return the typo'd: mygramdkids.com for
mygrandkids.com
right?If grandma-jones orders custom stationery and doesn't
manage to spell her name correctly, she'll end up with
misspelled stationery. The main difference is that
a misspelled domain name is likely to be a much cheaper
mistake than misspelled stationery.I picked on example, there have been plenty of examples in the past of
folks just barely able to come up with 7$/yr for domain registration and
using donated hosting for their non-profit thing. I think the root isue
is: there is consumer protection today in the purchase system, do we want
to remove that in the future. Or do we want to find another method to
crack down on this problem without hurting consumers?
Assuming a change takes place (which I doubt, but will ignore) I bet a small non refundable fee (like $1) would drastically reduce the problem.
Carl K