May domain name news in review.

Memorial Day is coming to a close, and that means May is wrapping up. Here’s a look back at the top five stories on Domain Name Wire in May, ranked according to total views.

1. Breaking: Sedo to Sell Sex.com Domain Name – Sedo had been in talks with some of Escom’s owners to broker Sex.com for a while, but not all of the partners agreed. Now, assuming the bankruptcy court gives its blessing, Sedo will get its chance to broker the domain name.

2. Domain Auction Site Bido Closing Down – was that really just earlier this month? The founders plan to sell the web site, but no word yet on if that has been successful.

3. First Sex.com, Now SanDiego.com. What Has Gone Wrong? – SanDiego.com joined the ranks of web sites pushed into foreclosure. The note holder kept the domain.

4. Jackpot! Slots.com Domain Name Sells for $5.5 Million – Moniker brokered the sale of Slots.com for $5.5 million.

5. Where to Get Best Prices for .Co Sunrise and Landrush Domain Names – a price comparison or registrars offering sunrise registrations for the .co domain name.

CamRoulette.com subject to lawsuit.

It’s the deal that keeps on giving.

The domain name world was shocked when CamRoulette.com sold for $151,000. The original registrant of the domain name was kicking himself for selling it for only $1,400. But now he has bigger problems: another person says he had an agreement to buy the domain name for $700. He’s suing for $150,300, the difference between what he offered to buy the domain for and what it sold for at auction.

The original registrant, Craig Snyder of Florida, posted his story about being sued on DNForum [Update: DNForum deleted the thread], saying he’s just a self-employed high school grad with very little money to his name. The company that filed the lawsuit claiming it had agreed to buy the domain, FRASER DB, Inc. (owned by Fraser Brown) apparently thinks that he’s actually another Craig Snyder with more money to his name. You can read the complaint here.

In addition to suing for the difference in sale price, the plaintiff is asking for specific performance of the sales agreement. The plaintiff apparently wanted CamRoulette.com so he could start a competitor to ChatRoulette.com.

A couple thoughts about this lawsuit:

1. I suspect that the plaintiff will rethink the strategy when they realize the defendant has very little money.

2. If this case moves forward, it could be a reminder to many domainers of what constitutes and offer and agreement.

Panel gets decision right, but misses mark on RDNH.

Burn World-Wide, Ltd. d/b/a BGT Partners of Miami, Florida, has lost a UDRP case to get the domain name BGT.com from Banta Global Turnkey Ltd, which is now part of RR Donnelly.

The facts of the case are pretty egregious. Banta was founded well before BGT Partners and even registered the domain name before BGT Partners was formed. The three person arbitration panel found that the domain name wasn’t registered and used in bad faith. But shockingly, it did not find that BGT Partners attempted reverse domain name hijacking by bringing the case.

Up front, the panel wrote that the circumstances of the case would normally constitute RDNH:

Such a finding would normally follow having regard to the longevity of the Respondent’s registration of the disputed domain name, commencing many years before the Complainant adopted its trademark.

But then it tries to rationalize why that isn’t the case here:

A number of considerations, however, lead to the conclusion that such a finding is not warranted in the present case.

First, in addition to its use for the portal, web mail and ftp server services historically provided by the Respondent, the disputed domain name has resolved since 2007 to the website which mirrors RR Donnelly’s general website which promotes a range of goods and services much wider than the activities historically conducted by the Respondent. This change was consequent on RR Donnelly acquiring Banta Corporation. It is arguable, as the Complainant contends, that the usage in relation to at least some aspects of that website may infringe the Complainant’s rights. The Panel, however, expresses no concluded view on that question in view of its findings above. Nonetheless, the Respondent has not adequately explained why the disputed domain name resolves to such a general website rather than one related to the specific services comprised in the Respondent’s business.

Moreover, the Complainant was not in a position to ascertain that the Respondent was continuing to provide its services through the disputed domain name as it would appear that knowledge of the specific subdomains being used by the Respondent, and possibly appropriate passwords, was required.

Thirdly, the Octogen and Mummygold cases could be seen as at least opening the door to the Complainant’s claim.

That’s pretty weak. Note the mention of the Octogen cases that the complainant brought up. This is the newly popular theory amongst some panelists that a domain name doesn’t have to be registered in bad faith; only used in bad faith.

Scam makes its rounds with a new phishing URL.

[Updated: Go Daddy has successfully shut down the phishing site. But the offender will surely just set up another. So here are a couple points from Go Daddy:

-Official Go Daddy e-mails will always address you by name, unlike those from phishers (who do not know this information).

-Customers are also reminded never to provide credentials to an unsecure website. Always make sure the web address starts with “https:” or contact Go Daddy’s 24/7 customer support if you are unsure.I think this has made the rounds before, but this phishing scheme has a new URL registered just today.]

One of my readers sent a copy of this phishing scheme, modeled off of GoDaddy’s annual whois reminder notices. Here’s how it looks:

Dear User,

it is that time of year again. ICANN(the Internet Corporation for Assigned Names and Numbers) annually requires that all accredited registrars (like GoDaddy.com) ask their domain administrators/registrants to review domain name contact data, and make any changes necessary to ensure accuracy. According to our records you are the ADMINISTRATIVE CONTACT for one or more domains registered at GoDaddy.com, Inc. as of May 1st, 2010.

To review/update your Account data, simply:
+ Login to https://dcc.godaddy.com/ default.aspx?isc=ICANN0908a& amp;ci=8987
+ You will be taken to a landing page and asked to enter your account information
Please take a look that your account and domain information is up to date.

If, however, your domain contact information is inaccurate, you must correct it. (Under ICANN rules and the terms of your registration agreement, providing false contact information can be grounds for domain name cancellation.) To review the ICANN policy, visit:http://www.icann.org/ whois/wdrp-registrant-faq.htm

Should you have any questions, please email us at support@godaddy.com or call our customer support line at (480) 505-8877.

Thanks for your attention and thank you for being a GoDaddy.com, Inc. customer.

Sincerely,
GoDaddy.com, Inc. Domain Support

If you are the domain administrator of more than one GoDaddy.com domain account, you may receive this notice multiple times.
—————————— —————————— —————————— —
Copyright (c) 2008 GoDaddy.com, Inc. All rights reserved.

I looked up an official GoDaddy whois reminder email and it looks basically the same. There are few tips in the phishing version that people probably won’t notice: “it i” isn’t capitalized at the beginning, there’s a spacing error in the first paragraph, and the copyright date is 2008. Another key difference you should always look for: the official GoDaddy messages will address you by name, not “user”.

Nonetheless, clicking the hyperlink in the email brings you to Goddaiddy.com instead of GoDaddy.com. And the landing page looks a lot like GoDaddy’s home page. The whois information on Goddaiddy.com appears to be bogus.

Dynadot secures domains with mobile phone security.

In April I wrote a few stories about domain name security tools offered by various registrars. One tool I missed was Dynadot’s SMS security tool.

It works like this:

Account holder receives a 6-digit code (sent via SMS) on his cellphone and then enters the code in his Dynadot account before he can do the following:

- Get a domain’s auth code
- Unlock his domains
- Change his account information

All 6-digit codes expire 1 hour after they have been sent. The account holder gets 3 tries to enter in the correct code. If he enters in the wrong code too many times, the system will automatically lock down the account.

Dynadot tells me they created this system in house.

As security concerns grow, more and more domain name registrars are offering security tools like this. And many of them are offering the tools for free. If your registrar isn’t offering similar free tools, you should start pushing them to do so.