Domain stalking, or how to have fun at a multi-billion dollar companies expense for a mere $35 investment

Domain stalking is a term I came up with to describe the act of catching a company in the error of not renewing thier domain names on-time and saving thier butts and having fun by paying for them. The inner glee that can be generated by having a $900 million dollar company thanking you for saving thier butt.

The idea first appeared a couple years ago in December 1999. During Christmas, Michael Chaney noticed Microsoft's Hotmail was down. What he noticed and what MS did'nt, was that the passport domain had expired and the system pulled the plug. So all he did was whip out his credit card and pay for it, thereby reviving Hotmail. All the gory details are at

My foray started almost exactly one year later.

After the above passport situation I took it upon myself to note down the renewal dates of various big-name Anti-Virus companies domain names and checked them a day or 2 before hand to see if they had been renewed or not, just to see if any would forget. It did'nt take long. In early January 2001 I noticed that (Network associates main site) was due for renewal. I checked the whois record and they had renewed it for about 10 years, so I would'nt bee able to do anything with that one for a while. On a whim I checked the full name of and found to my glee, they had neglected to renew the domain and it was about 40 days overdue (generally at 45 days the plug gets pulled). Since I did'nt have any room left on my credit card (I was'nt my normal grinch at christmas) I called Rob Rosenberger of vmyths whom I'd had previous dealings and I knew he'd see the fun to be had. Rob Paid for the domain and then put up a rather humerous article on his site about the situation (archived here) and a press release to every reporter and virus researcher he knew. All we wanted was some fun and for NAI to re-imburse Rob the cost of the registration to the Muscular Distropy Society. In the end Gene Hodges, head of the Mcafee division of NAI saw the humor and ordered a $1000 donation to the Muscular Distrophy Society for us. The warm feeling you get from something like that can't be matched (well I can think of a few things).

Fast forward to September 2001. In my usual checks of domains I checked out, the Symantec product line. Much to my entertainment, it was about 2 days from expiring. I checked it a couple times a day after that to make sure that no-one had caought it and even let it go 48 hours overdue to make sure payment was not just stuck in transit. No such luck on Symantecs part. So I whipped out my credit card and unloaded $35 to pay for the domain and keep it on-line. I sent a nice e-mail to the domain administrative contact, nicely explaining what happened and how I helped them and my cell # to get ahold of me. a couple hours later, my phone rang. It was the manager of the domain contact who was very thankful for my help. It appears that up until recently, each department was responsible for their domains and thier re-registration. They own over a hundred domains and as such, it can get a little un-ruly, so they were moving to a centralized system, but had'nt been moved thier yet and fell through the cracks. They immediatly offered to recoup me the $35 fee, but I had them send it to the Red-Cross instead (they really need it more than I do). They also offered product, but as a linux user, most of it's not useful for me (though a velociraptor firewall would be useful, hint,hint). I also hinted that the competition donated more than that for a similar situation and that they would'nt want to appear cheap now would they? I'm still waiting for a letter from them letting me know what all they did. When I get it, I'll post it along.

The fun from all this is in the fact that a little computer security enthusiest in Canada can catch these companies in dumb errors, kind of an "Emperors new clothes" situation. These are companies that if you even have a domain that looks like any of thier intellectual property, they turn around and sue your pants off (Check this out) even if you have every right to have that property. The first rule of intellectual property is that if you want to hold it, you have to defend it. What would happen if I just let the domain lapse and go back on the block? I'd probobly get my ass sued. At least this way I can get thier attention, a soapbox, and do some good for a charity, all at the same time.

What you can do.

Is there a company you'd like to bring down a notch? It's easy. Just find out what domains they own (often listed on thier sites, or through any one of a number of nameserver searches) and just monitor them. Play watchdog. If you get lucky and pay for one, make sure to let them know in a nice and polite way. A phone call or e-mail to the Admin contact letting them know they slipped up will often get a quick response. Just simply ask for re-imbursement (DO NOT DEMAND MORE!! This becomes extorsion really easily and get really messy). They should legally refund you the fee, but now you can lay a guilt trip on them and levereage that for donations to charity, thank you letters, or maybe the chance to talk to the head of the company to let them know why you don't like them.

Use your imagination, be polite and patient and don't get too cocky. These guys usually have lawyers and are really legal trigger happy when you go near intellectual property

If you successfully stalk a domain, let me know and I'll post your experience. This could be the start of something interesting


Return to Main