Domain Kiting

Domain Kiting

June 12th, 2008
By Mark Edmead

An interesting attack against domain names is called domain kiting. This term was coined by Bob Parsons, CEO and founder of GoDaddy.com. The term "kiting" comes from the familiar and illegal practice of check kiting. Check kiting (also known as check floating) involves taking advantage of the time between the negotiation of the check and its clearance at the check-writer’s bank to draw out these funds. Domain kiting is an exploit that takes advantage of the domain name registration grace period where a person (or entity) registers, cancels, and re-registers the same domain name within that grace period to use, but avoid paying the registration fees, for the domain.

In essence, it works like this: A registrar scammer purchases several well-indexed but expired domains. The registrar generally has a five-day grace period between the time a domain is registered and the time payment for the domain is due. A temporary website is then established on these domains, and then loaded with paid advertisements or search engine links. Money is generated for the registrar when a user lands on this temporary site and clicks on any of the links. These domains are then dropped before the five-day grace period and the registrar requests and receives a full refund. If possible, the registrar can re-register the site again, resetting the grace period, and the process begins all over again. It is possible then that the registration fee is never paid, since the registrar cancels before the grace period expiration, and in the meantime profits are earned on these domains from the paid advertisements. And remember that while this scam is going on, the domain names are trapped in this cycle and remain unavailable to the general public. This can be an issue if someone wants a specific domain, but another person/entity is actively kiting the domain, effectively preventing the other person from successfully (and legitimately) registering the domain.

How bad is domain kiting? According to Bob Parson, in May 2006, 92.3% of domain registrations were kited domains. That is, out of the 35 million names that were registered, just over 2.7 million of those names were permanent registrations. So this means 32 million domains were kept of the market for legitimate use.[1]

Another interesting twist on this exploit is called domain tasting. In domain tasting, the registrar also uses the five-day grace period however, instead of placing advertisement links that could generate income, a cost-benefit analysis is performed by the registrar on the viability of deriving income from ads placed on the web site. Domains that are deemed "keepers" and retained by the registrar are those domains that were previously used and have since expired, misspellings of other popular sites, or generic terms that might receive type-in traffic. Many of these domain names could still be active in search engines and other hyperlinks. It is possible for the registrar to also sell this domain name (at a premium) to a third party. A report was issued in June 2007 by the Internet Corporation for Assigned Numbers and Names (ICANN) on the possible consequences of domain tasting. Some of the consequences include the destabilization of the domain name system, greater consumer confusion, increased costs and burdens on legitimate registrants, and the facilitation of trademark abuse and criminal activity.[2]

===
All links valid as of June 12, 2008
1. http://www.bobparsons.com/MayKiting.html?serendipity[searchTerm]=kiting
2. http://gnso.icann.org/issues/domain-tasting/gnso-domain-tasting-report-14jun07.pdf