I’ve read quite a lot about domain snatching recently, best summed up in this article by Daily Domainer. The accusation being made is that domain availability searches are not being kept private and this data is either being sold or somehow obtained by other registration companies.

The usual complaint is that people are carrying out domain research and return some days or hours later to find the domain mysteriously purchased. In some reports this can even happen between the availability lookup and payment screens. As Daily Domainer suggests, an interception used to take days - now it can be completed within minutes.

Last week an associate of mine was bulk-checking 200+ generic typo domains through a software that shall remain unnamed for now. All of the domains were available. But less than 2 minutes later, more than 50 of the domains had been registered by a number of different offshore companies from the Bahamas.

There is no way this could be a coincidence. And if you read the more recent comments in the above mentioned article, it’s clearer than ever before that there are severe leaks somewhere that allow domain tasters to compromise your domain searches and steal your domain ideas.

While this is easy enough if you set up your own domain availability tool, these accusations are being leveled at some of the best known Registrars in the industry. The questions people are asking is who is involved and have they sold this information willingly or is their security compromised?

According to the AP Newswire, the Security and Stability Advisory Committee of ICANN have termed the practice “domain name front running” and likened it to a stock broker buying or selling shares ahead of a client’s trade, in anticipation of a movement in price.

Although they have no proven cases they want to stop this this, “perception from evolving to accepted wisdom” and have launched an investigation into the complaints.

Officially they have suggested this phenomenon may be caused by computer viruses, unscrupulous third-party sites or coincidence rather than pointing the finger at Registrars. While it maybe hard for ICANN to prove anything through this investigation, the extra attention may pressure those involved to stop before they are publicly exposed.

If you have information that can be useful to this investigation you are asked to contact ICANN. Details can be found on their PDF advisory. They have also called for the domaining community to suggest measures that could restrict or stop this practice. Personally I would force any registrar, registration agent or domain tool that sells or stores user lookup data to disclose this in their privacy policy, that would be a start.