The Security and Stability Advisory Committee (SSAC) of ICANN (the Internet Corporation for Assigned Names and Numbers) has launched a probe into the practice of what it calls domain name front running.
This is where a person checks if a desired domain name is available to register, then finds that it has been taken when they return shortly afterwards to register the name.
ICANN said that there are widespread suspicions that checks for availability are being monitored and the information used to register desired addresses in order to sell them back to the user at a profit.
"When the domain name of interest for which an availability check is made is registered shortly after such a check, the individuals making the availability check may reasonably assume that the organization operating the web site or service they used to determine the availability of the name pre-emptively registered the name," said the report by the SSAC.
It said that through there was not yet firm evidence of how or even if the practice was widespread, it had received complaints.
"Registrants have filed complaints with ICANN, registrars, and with intellectual property attorneys that suggest domain name front running incidents may have occurred," it said. "SSAC does not yet have any hard data to draw conclusions regarding the frequency (if any) of the occurrence of domain name front running."
The name 'front running' comes from the world of finance and refers to stock brokers buying or selling stock in a company after being instructed to take action by a client that will affect the price of shares. That name originally came from the wild west and referred to the purchase of soon-to-be-valuable land when acting on insider information.
People who want to buy a domain name usually check its availability first on websites such as whois.net, or through registrar companies. It is at that point that unscrupulous operators may be registering names in order to profit from the demand for them.
The security committee has listed a number of plausible methods that could be in operation stealing domain ideas. It said that there could be software installed on users' computers which relays domain queries secretly back to an operator, who then exploits that information.
Alternatively, it said that any website could host a whois application and abuse the information gathered.
The SACC report also said that companies operating DNS systems or even registrars and registries themselves could be abusing the query information they receive, or could have staff who do so.
The report said that it is unclear which, if any, of these methods are being used. It said that there could be other explanations for users' finding that checked domains were suddenly registered.
"Alternative explanations have also been suggested. Apparent instances of domain name front running may be mere coincidence or a consequence of domain name tasting," said the report. "In any given month, over a million domain names can be tested for their potential to be profitable for monetization, and there is a reasonable chance that some of these names may coincide with names that have been subject to some form of a domain name availability check during that month."
The report calls for information about and evidence of domain front running from users and companies, and suggests that the internet community formulate a policy of acceptable practices in relation to domain registration to avoid tarnishing the internet and domain industry's reputations.