So we got the resolution of our domain-squatting adventure. We still don’t know how they were able to hijack our preferred domain name, but it no longer matters. We’ve moved on. We’ve chosen a different name, already have the new design, etc.

But it still bewilders us that this could have happened.

After we realized that domain squatters had “borrowed” our chosen domain name, we sent them a couple of emails asking them if they’d sell us the name. I offered $150, assuming that a 15x return (the domain name would have originally cost us $10) might be enticing. I didn’t really expect them to jump for joy with the offer, but then again, I didn’t feel like paying a lot of money just because someone infiltrated EuroDNS’s security.

They never even responded to my offer.

But they did respond to Carlos’s email, which didn’t specify a price limit. They generously offered to sell us the domain name for $14.900 — that is, $14.890 more than we would’ve paid if they hadn’t hijacked our domain name.

Isn’t that extortion? Maybe they’ll find some other sucker, because we’re not interested.

Following is the text of the email exchange.

————————————–
From: “information@webadvertisingcorp.com”
Date: 8 de agosto de 2007 22:14:57 GMT+02:00
To: Carlos Mantero
Subject: Re: Purchase of [XXXDomainName].com

We are happy to announce that the domain is currently for sale.
Our offer is $14900 US.
Sincerely yours

On Jul 30, 2007, at 11:41 AM, Carlos Mantero wrote:

Hello,

We are interested in the domain [XXXDomainName].com. Can you tell me the price of the domain please?

Cheers

————–

We had a nasty surprise the other day when we went to buy our domain name. As I wrote about recently, we are going to launch our first vertical under a new brand. Migoa will be umbrella brand and we will have separate names for each vertical product. To choose the name of the first vertical, we had an internal contest. One name won by a wide margin, so we began to think about buying the domains. We checked on godaddy.com and on eurodns.com, and all of the domain names were free. So far, so good.

For whatever reason, eurodns’s site was giving us problems late on Friday evening, so we decided that we would try again on Monday. What’s the worst that could happen over the weekend, right?

Well, we found out. On Monday morning, we went back to godaddy.com and found that the domain name had been bought by a domain-squatting company. They had put up a garbage website with lots of cheap-looking ads about Brazil, inviting people to bid for the domain name. They had bought the name about 24-hours after we tried to purchase it on eurodns and had immediately placed ads on it.

How did this happen?

We reasoned that there could be five possibilities (listed in order of likelihood):

• A spy within our midst: An interesting, very “Jason Bourne” possibility that would make life a lot more intriguing, but we trust our staff and had no evidence of corporate espionage. Plus we’re not that important . . . yet!
• Lack of proper Internet/email security: I am no techie, but I think it’s important that all start-ups make sure that they take Internet/email security very seriously. It’s something that my tech team is also going on about, and now I will take it even more seriously. But who’d be interested in monitoring us (asks the naive non-techie)?
• Loose lips: Possible. Given that we took a democratic approach to naming, a lot of people knew about the various candidates and knew that all of the domain names were free. One person talks to another person . . . and six degrees of separation later, a competitor — or even worse, a domain squatter — has bought your chosen domain name for $10 and now wants to sell it to you for a few hundred — or for a few thousand — euros.
• Bad luck: Not so convincing, though very possible. Plus we needed someone to attack. Blaming it on bad luck doesn’t provide you with much of an emotional release.
• Domain squatters: The most likely explanation. According to an article on eWeek.com, appropriately titled “Whois Hijacking My Domain Research?”, this kind of thing happens a lot. When we called GoDaddy, they told us that it was impossible that a domain squatter would know that there were repeated recent inquiries about a particular name. They told us that we needed to improve our IT security. But according to this article, it might be the domain registration and “Whois” sites that are being compromised and hacked into. The author does a variety of experiments checking out domain names, waiting 24 hours and in many cases a domain squatter has registered the name and placed cheap ads on the site, just like what happened to us (and to the reader that brought this practice to the author’s attention). The domain squatters say that it’s all part of an automated process that randomly chooses names, waits 5 days to see what kind of traffic the domain gets and then releases the name to whoever wants it. The truth is that no one — other than the domain squatters — knows how they get access to the information that a domain name is in play.

But the take-home message is clear:

If you find a domain name that you like, and you have checked on some service that the name is available, BUY THE DOMAIN NAME AS SOON AS POSSIBLE if you don’t want a domain squatter to “borrow” your domain name and sell it back to you at a much higher price.

This was not the first time that we have had problems with domain squatters. When we first started the Company back in April 2006, we initially bought migoa.com and a few of the other domain extensions, not having it 100% clear what our expansion plan would be (plus, we were — and still are — poor entrepreneurs!). Once we got the first bit of cash from an investor, we checked and found that a potentialcompetitor (at that point the business plan was still a work-in-progress) had already registered our domain name in various countries, and that he did so in May 2006 — that is, 1 month after we constituted our company and way before we had even done much related to the project. The only thing that we’d done at that point was attend the Innovate!Europe event in May 2006, and it seems that it was enough to cause this person to buy our domain name. We were still working on the alpha version and had no money other than our own feeble funds, most of which went to paying employees and being able to attend the Innovate!Europe event.

In this case, I have no doubt that it was based purely on domain-squatting speculation. The strange thing is that I see this person at various networking events in Barcelona. I hope that he will have the elegance to sell us back our domain name at some point. If not, I think we’ll be okay in any case.

But again, the bottom line is the same as above: WHEN YOU BUY A DOMAIN NAME FOR YOUR COMPANY, BUY ALL POSSIBILY RELEVANT DOMAIN EXTENSIONS. Borrow a few hundred euros from your folks if you have it. The extra domain names usually don’t cost that much more, and it’s a lot cheaper to buy them now than it will be after the domain squatters attack.