This page is for the convenience of students in Prof. Tim Richardson's e-commerce classes.
It contains a collection of info and links regarding all the marketing issues relevant to domain names.

This page last updated 2010 Feb 19
Domain Names
marketing issues
registration isses
scams and problems
scams, phishing
domain name hacking
domain disputes
Verisgn problems

. This page used in the following courses taught by Prof. Richardson
CCT 322
IEC 702
IEC 818
MGD 415
FCA 240
MGS 523
MRK 610
MRK 410
BCS 555
GNED 136

This page deals with

  o Registration vulnerabilities
  o Domain name scams - threat to register similar name
  o fake renewal notices which will change your Domain Registrar
  o Domain Name Dispute Resolution
  o Domain Name squatting - cybersquatting


Information on Registration Vulnerabilities

"Internet users rely on names to access on-line resources, making the Domain Name Service (DNS) a vital part of the Internet, as we know it. The software package commonly used to provide DNS has been the target of numerous attacks, highlighting the importance of system administrators keeping current with patches and upgrades. "

"Most DNS installations do not incorporate strong authentication, making it possible for malicious parties to insert false directory data into the DNS hierarchy. If an intruder can manipulate an organization's DNS, the intruder could then maliciously divert on-line traffic; e.g., a user trying to     access <> may be sent not to the real NIPC web site, but to a phony site with false information. DNS attacks can also be carried out for other malicious purposes, such as stealing data, harvesting account information, or denying Internet service."

"Another security concern lies in the domain name registration process. Central registrars maintain listings of domain names, their owners, and the name servers that provide DNS lookups. If an organization moves to a different Internet Service Provider or makes changes to its servers, it may change its DNS settings. In many cases, it does this by sending a simple e-mail request to the registrar and then confirming the desired changes in a follow-up e-mail message. If a malicious third party can forge e-mail from an organization, the former may be able to effect unauthorized changes in its domain name registration, thereby mounting an effective denial-of-service attack. This vulnerability was illustrated in  an incident earlier this year [2001] in which a number of institutions found their domains hijacked. Early one weekend, an unknown party forged e-mail  messages to a domain name registrar requesting that the domains of a number of universities, commercial enterprises, and nonprofit associations be redirected to a New Jersey provider of online services. The operator of the New Jersey site noticed the fraudulent domain  transfers and took corrective action. However, it took several days for the erroneous DNS settings to be rectified. Some of the institutions  victimized in this attack experienced significant disruptions in Internet connectivity. In response to this risk, some domain name registrars have implemented optional authentication procedures for DNS modification requests. Such requests are often required to be accompanied by a secret password or digitally signed by the domain's registered owner."

for further details, go to NIPC at

. During the 4th week of January 2006,  Richardson was interviewed by Amy Sharaf of Ryerson's Independent Newspaper " The Eyeopener Online" about fake websites that have URLs spelled similar to a legit site, and used to divert traffic for companies that are paying for "click throughs" 
. A fake Ryerson website has surfaced. is similar to, the page which prompted Ryerson authorities to send an e-mail of warning to students and staff in Dec 2005.

One of the Ryerson journalism students phoned Prof. Richardson to ask for advice and opinion.

Richardson was quoted as saying "These lead to links for companies that pay to get "click-throughs," which are "designed to drive traffic to another site and increase hits on a page," said University of Toronto e-commerce and internet marketing lecturer Tim Richardson. "For an institution like Ryerson, there's not a lot that can be done about it," he said. "Because that name is the name of an individual person that's been lent to the university, a word like Ryerson would be very difficult to control access to."


While "parked pages" lead to empty sites, active sites such as are also detested by search engine people because they can clog up legitimate search engine rankings, Richardson said.

"When you go looking for something, if it's not on the first three pages, you try (your search) again with different words. "If you don't rank high on one of the first ones, you don't exist."

He added that speculation of which URLs may come to be in demand may cause people to scoop up potentially popular names. "People watch American Idol 3, they find the names of the four people that can do the semis and that night one person goes on and buys trade names," Richardson said.

If names are taken, variations such as become the next best thing.


"Internet Registry Firm plays on People's Anxieties"
is the heading of an August 25th, 2000 article by Tyler Hamilton

Hamilton describes how some small and medium sized businesses are being scammed by companies contacting a firm and telling the firm that there is an attempt being made to register the same domain that they presently own, but with a different ending such as .org or .net. 

Hamilton explains that " ... the owners of  Aufgang Travel, a Bathurst St. travel agency, received an unsolicited fax that read ``urgent notice.'' The fax was very official-looking. It was authoritative and a bit intimidating. And it explained in legal-like jargon that somebody was attempting to register the domain name - a variation of the ``.com'' address that Rodach  and Aufgang had registered in February. The company that sent the fax - Electronic Domain Name Monitoring (EDNM), a division of Toronto-based NDNRegistry - gave Aufgang Travel ``first-right-to-use'' to register the ``.net'' name. It also offered to register the name on Rodach's and Aufgang's behalf for $70. Was somebody else actually going after the ``.net'' version? It wasn't immediately   clear, though it's always possible that it was being hijacked by a cybersquatter looking for a substantial ransom, a scenario outlined in the fax...  What was clear is that Rodach and Aufgang didn't feel comfortable with what seemed like an overly aggressive marketing tactic.  ``My gut said right away that it was a scam, but I wasn't sure,'' says Rodach,  explaining that he found it odd that, of all the names in the world to register, somebody would try to go after a unique local Web address based on a not-so-popular family name. .. ``It plays on people's anxieties,'' says Brian O'Shaughnessy, a spokesperson for Network Solutions Inc. of Herndon, Va. ``I've seen it before, and it's the price you're  going to pay for having an open domain name system.'' ... Network Solutions used to have a monopoly over the registration of Web addresses ending in .com, .net and .org, but the U.S. government decided in 1998 to open up the  market. Since then, hundreds of registrars have entered the market with their own creative ways to drum up business. ..NDNRegistry isn't doing anything illegal, says Detective Walter Turczyn of the  Toronto police fraud squad. "

The original story by Hamilton was at

"Domain Name Registration Scheme - or Scam" is the title of
Ken Campbell's Sept 21st, 2000 piece written for the section of the Toronto Star called Fast Forward

Campbell, like Hamilton, tells the story of a Toronto company that received a fax urging them to reply quickly because someone was trying to register an identical domain name with the .net or .org ending. The company that writers Campbell and Hamilton discovered, which is carrying out this questionable activity, is EDNM which calls itself Electronic Domain Name Monitoring and lists two offices in Atlanta and Toronto. Both Campbell and Hamilton got unsatisfactory responses when they tried to contact EDNM to obtain their side of the story.
Campbell told Tim Richardson Sept 22nd 2000  "The story may get deeper" so I suggest that students watch the Star for further articles on this topic to see where it goes.

Larry Chase advises that if another firm challenges your right to a domain name, the InterNICinforms you that you've got 30 days to vacate the domain while the dispute is settled. .. In order to prevent this you may want to protect yourself by trademarking the letters and words that make up your domain name and matching them to your publically known corporate phrases, slogans and mottos.

applies toChapter 10, page 356


originally from

"4.   Mandatory Administrative Proceeding.
4a. Applicable Disputes. You are required to submit to a mandatory administrative proceeding in the event that a third party (a "complainant") asserts to the applicable Provider, in compliance with the Rules of  Procedure, that

                  (i) your domain name is identical or confusingly similar to a
                  trademark or service mark in which the complainant has
                  rights; and
                  (ii) you have no rights or legitimate interests in respect of the
                  domain name; and
                  (iii) your domain name has been registered and is being used
                  in bad faith."



Canadians take a leading role in domain name disputes
Citing our military role as international peacekeepers, a story in ComputerWorld Canada in May, 2000 noted a Montreal company, named eResolution, backed by ICANN (Internet Corporation for Assignment Names and Numbers), is in a position to handle the full adversarial proceedings from initial complaint filing to the arbitration stage and transfer of evidence.

"eResolution plays the role of court clerk, registering complaints, handling evidence, transmitting case documents to the decision makers, and communicating any judgement to the applicable parties"

eResolution's press release says 
"... there are believed to be over 10,000 disputed domain names..."

Some people are going to extraordinary lengths to legally and illegally obtain rights to certain domain names. There have been a number of stories of people registering domain names with false identification. A June 7th 2000 story written by Vito Pilieci in the The Financial Post told the situation of finding that their domain had been stolen! Apparently someone had hacked into the Network Solutions computer and changed the files identifying the ownership of the domain "".

- caused by squatting


Mazzaher J. in BCS 555 in Sept 2003 found a good article online from that explains the circumstance of "Cybersquatting" -something which often leads to domain name disputes.

"Cybersquatting is the purchase of a domain name in bad faith. Usually this is done with the intention of reselling  that domain name back to the legal copyright holder, although sometimes there are other reasons. This is   considered a violation of the trademark laws.  An example of cybersquatting would be if someone purchased the domain name "" and then  proceeded to attempt to sell it back to McDonalds.  It would also be considered a violation of the law if the purchaser put up a web site describing how bad McDonald's food was or commenting on the service. Cybersquatting was made illegal by the passage of a federal law [in the U.S.] in 1999 known as the Anti-Cybersquatting Consumer Protection Act. The law became necessary because numerous large companies were forced to pay  large sums to buy their domain names from third parties. "

Permission to quote / link, came from Richard Lowe Dec 2004

The problem with enforcing laws about cybersquatting: 


Laws only work in the regions in which they can be enforced. eg. If you do something bad in Texas, you are only going to be arrested by the Texas State Troopers in Texas, if you escape to Argentina ....!

So, governments can pass a law about cybersquatting but it is difficult to enforce. If a person in Asia bought from a domain registrar in the Caribbean and had it hosted by service in Europe, how could American's enforce a law about cybersquatting??

Internet law is not the same as laws about murder, or child exploitation. In the case of serious violent crimes, most countries have extradition treaties that cover such circumstances. Extradition for internet crimes is very very rare.

The other problem with enforcing a law is the problem of identifying the criminal - there are many ways to buy and own a domain name without providing detailed personal contact information. As long as you pay the fees, most domain registrars don't care - therefore it would be difficult for the authorities to track you down.

  Prof. W. Tim G. Richardson ©