Register.com--BEWARE! Wildcarding YOUR Subdomains as a Default Setting!

[Ms Domainer]

*

I just discovered something distressing.

Register.com is wildcarding YOUR subdomains and PARKING them on their own parking page. It's the default setting for your A Record.

I just found my A Record setting:

*.Poets.net points to (IP Number).

This means that an infinite number of subdomains off my premium domain is potentially making Register.com $$$.

For those in the know, what would happen if I simply deleted the * in my A record?

Should I replace it with www, even though I already have used the CName alias (ghs.google.com)?

Register.com seems to be off for the Easter break, but I definitely plan to get in touch with them.

Do other registrars do such sneaky stuff?

EDIT: Another question: Is it possible to set ALL the subdomains to simply forward to the main site?

*

 

[Ms Domainer]

*

Are you able to change the designation yourself?

GoDaddy gives you complete control over your panel, but maybe Moniker does not?

Still, this kind of activity needs to be exposed.

As domainers, we are somewhat savvy to these kinds of nefarious activities, but what of the other millions who simply register their domains and choose to redirect and/or choose to use a Cname alias?

It took me four years to discover this--I mean, who would think that one's own registrar would siphon off traffic from a customer's infinite number of subdomains?

This is not simply a money issue BUT a reputation one as well.

I urge anyone owning Register.com domains to check your A Record for subdomain wildcarding (*).

Also, check a few random subdomains.

If you have changed your nameservers TO Register (for hosting) I would also check that as well, especially if you aren't using your subdomains.

By the way, Sedo is doing this as well. I just checked my.joker.us, and it took me directly to my parked page. It is unclear, however, whether I benefit from this subdomain designation or if the company is simply siphoning this money for itself.

I don't want to click too much on my own pages (to check other subdomains), but I think one can infer that the infinite number of third level domains times millions of domains = $$$$$$$$$$$$ for registrars and parking companies.

*

moniker.com did a similar thing too. They parked one of my domains (developed as a site). They added a CNAME called ww1 that redirected my domain to a parked page. I've contacted them, once they asked me my account ID and domain they did nothing about resolving the issue. 3 days passed and no action/reply from them.
I am really disappointed from moniker.

 

[Ms Domainer]

*

Interesting Wikipedia article about Verisign wildcarding unregistered domains on SiteFinder (between 15 September 2003 and 4 October 2003):

[ame="http://en.wikipedia.org/wiki/Site_Finder"]Site Finder - Wikipedia, the free encyclopedia[/ame]

ICANN was not happy:

On July 9, 2004, the ICANN Security and Stability Advisory Committee (SSAC) handed down its findings after an investigation on Site Finder. It found that the service should not be deployed before ICANN and/or appropriate engineering communities were offered the opportunity to review a proposed implementation, and that domain name registries that provide a service to third parties should phase out wildcard records if they are used.

I wonder if this policy ought to extend to registrars regarding customers' subdomains.


*

 

[ioana_bv]

I wanted they to resolve the problem. Now I did it by myself and I have to wait till the A and CNAME records update.
I'll remove my domains from them and will write bad articles about moniker.

 

[Ms Domainer]

*

Unfortunately, disclosed or not, this practice has the potential to land a domain in a UDRP, especially if a trademarked term as the subdomain is searched and indexed in Google (like asdasdasd.poets.net and london.poets.net have already done), and the searcher is the trademark owner who may be researching ways to win a domain in a "bad faith" case. The domain owner may be unknowingly infringing on someone's TM, and how does one prove ignorance?

Remember, wildcarding involves an infinite number of subdomains and does NOT exclude TM and adult terms.

For example, what would happen if Apple.corp.com (not mine) redirected to a parking page? (Thankfully, it doesn't resolve at all, which is why I feel confident using it as an example). Could the Apple Corp. record company go after that owner?

Also, all those Sedo parking pages are at the same risk, given that Sedo also wildcards subdomains.

Yes, Google does not usually index parked pages, but sometimes it does. Why, I don't know, but that could be a problem as well.

I did read an article that suggests that a UDRP cannot be won using subdomain designation as proof of bad faith, BUT it seems that these rules change day by day, that precedence means nothing in UDRP decisions.

Thoughts?

ADDED: Evidently the owner of corp.com has figured this out--kind of fascinating (seems to be safe):

http://corp.com/

*

 

[2knew]

*

Thoughts?

*

I think it would be reasonable to expect we are not liable for 3rd party actions - Someone exploiting a wildcard DNS entry to send me unwanted traffic wouldn't be the same as explicitly setting the DNS entry for the subdomain. ( A trademark.mydomain.tld DNS entry _I_ create would be pretty hard to explain away... )

Either way, I don't expect a registrar to serve content on behalf of my domain for their financial benefit ( unless I left it default parked with them - that's different imho ).

 

[Dave_Z]

Unfortunately, disclosed or not, this practice has the potential to land a domain in a UDRP, especially if a trademarked term as the subdomain is searched and indexed in Google (like asdasdasd.poets.net and london.poets.net have already done), and the searcher is the trademark owner who may be researching ways to win a domain in a "bad faith" case.

UDRP doesn't address subdomains or wildcard DNS per se. A court could, although that's still iffy.