Does “domain sniffing”, in which a third party registers domains you’ve searched for, really happen?
I’ve always been skeptical that domain sniffing happens on a wide scale. Here’s what domain sniffing is about: you query a whois site or domain registrar for a domain to check its availability. You wait a few days and then go back to register the domain. To your surprise, it has been registered by someone else. Domain sniffing means that someone was able to view (“sniff”) your domain queries and use this information to register the domains.
But does domain sniffing really happen? Few people point to evidence other than anecdotal incidents (“I checked for a domain, and three days later it was gone!”). My advice to people searching for a domain is to go ahead and register it when you find a good one. At $8, why risk it? Plus, it could just be coincidence that someone registered a domain you searched for.
Or maybe not. I looked up a domain about a week ago and didn’t get around to registering it right away. I went back a few days later to register it and it was taken. “OK”, I thought, “it’s reasonable that someone else might want this domain, even though it’s obscure”. However, there are a couple peculiar things about the registration. First, the registrant is protected by whois privacy. Why would this person want to protect their identity on a non-sensitive domain? Yes, it cuts down on spam, but this still raises a red flag. Second, the domain is parked at a major registrar. If someone snapped up the domain for parking revenue why would they keep it at this registrar and let the registrar profit? Again, it could be coincidence…or is it?
At this point I recalled an article by Larry Seltzer of eWeek. He researched a situation at CNET last year and detailed his findings. Someone complained to him that her search for a domain at CNET resulted in a registration by a third party. CNET’s search box aggregated domain queries to a number of providers, which opened the door for a number of potential sniffers. Seltzer searched for three random domains at CNET and they were all registered 30 hours later — by the same party.
There are other ways a domain could be sniffed. Here’s one theory from a thread at Webmaster World:
Place an advertisement at one one the popular domain check sites. Whenever a domain is checked, it shows up in the URL field of that particular user’s browser, and correspondingly shows up on the advertisers log as the URL from which the image (advertisement) was served. An simple automated script pulls the domains out of the log, checks for known words, number of characters, etc, and automatically registers those that fit the criteria. If they don’t get any traffic to the autmatically generated landing page, the domain drops after 5 days, and doesn’t cost the register anything. If they do, they pay the 6 bucks and keep the name.
Was the domain I searched for sniffed? If so, was it by the registrar or just some rogue employee? I’ve thought of a way to
find out who is hiding behind the whois privacy, although it will cost some money and time. I’m going to run test queries to look for patterns before proceding. In the meantime, if you have concrete evidence of a domain being sniffed, please e-mail the details to editor (at) domainnamewire.com.