Some experiences in the last couple weeks have me thinking about the need for registrars to rethink their approach to the secondary market for domain names and how we deal with each other when high-value domain names are hijacked. In this post I would like to briefly examine this and make a specific suggestion that I believe will help in credibility and therefore efficiency.
There is no question that the secondary market for domain names has become much more efficient. The number of transactions involving high-value domain names has greatly increased which can be seen simply by looking at the weekly results from Buy Domains and Sedo (for the purposes of this post I am thinking about transactions greater than $500). We can also see greater efficiency with the maturing of the various listing services (DDN, DLS, MLS) and with greater integration by registrars of secondary market domain names in their domain name search results.
The last few years have seen a huge increase in the importance of the secondary market for domain registration relative to the whole domain name economy. While many of the major players are the same, there are also important differences and those differences require some fresh thinking about how to make the secondary market more efficient and more effective.
Of course as this market becomes more lucrative it attracts more “bad guys”. Anecdotally, all the large registrars are seeing increases in the number of hijacking attempts. When aimed at registrars themselves, these seem to be well dealt with, but when these hijackings stem from a hack aimed at third-party email services there is little that registrars can do at a system security level.
We have been involved in two situations recently, one where we were in receipt of a domain name that was thought to be obtained illegally and one where a registrant of ours had a third-party email address compromised. In the first, we worked with the losing registrar and, with the proper protections, returned the domain name to them. In the other, the gaining registrar felt their obligation was to their customer who claimed to have obtained the allegedly stolen domain name from a third-party. They would not help us at first instance. I expect this latter situation to be worked out but it did have me thinking.
With the secondary market the players are different. There is essentially no registry involvement and, probably more importantly, there is no formal role for ICANN to play other than as it relates to its contracts. As well there are additional players, specifically owners of high-value names and the various secondary market marketplaces.
These secondary market transactions are of a much higher dollar value than those in the primary market. They warrant a different approach.
Of course there are best practices and additional security measures and services that all owners of valuable domain names should avail themselves of. I expect these services to greatly increase in both scope and sophistication in the coming year. And of course their adoption will not be universal.
I believe that registrars should develop a more standardized approach as to how they deal with these situations. We should set out appropriate practices. Of course there will be exceptions and of course any guidelines cannot be too proscriptive. BUT if we are effective in doing this we will accomplish two things. First, we will make the market safer for those customers who own high-value domain names. Second, we will make things much more difficult for those who attempt to steal the property of those rightful owners AND for those who provide liquidity for the hijackers by buying the stolen property, often with little repercussions.
While in Korea this week for the ICANN meeting I will have the opportunity to meet with representatives of most of the major registrars. We all have an interest in making the market cleaner and more efficient. It is still early days and I have no doubt that this will be warmly received as would any input from other interested parties.