Rust Consulting has begun e-mailing out the SnapNames rebate offers to all affected customers. I received my e-mail earlier this morning, although it ended up in my Gmail spam folder by mistake. SnapNames customers will have until November 6, 2010 to accept the offer, which is one year from today.

The terms of the Rebate Offer Acceptance Agreement include giving up the right to lawsuits against SnapNames and SnapNames employees. I contacted a SnapNames spokesperson to see if that would limit customers from pursuing a claim against the former SnapNames employee, but they were unable to comment on legal matters. I contacted Rust Consulting who were also unable to determine the answer, but they promised to investigate and get back to me.

There is no word yet on how many customers plan to accept the settlement offer instead of joining a potential class action lawsuit, and no lawsuits have been announced.

In conversations I’ve had with domain investors affected by the Nelson Brady scandal, the general impression is that Oversee.net has done a good job  supporting and communicating with customers. Working with FTI Consulting, a third-party auditor who conducted the forensic accounting, was a good move that helped with transparency. Also, working with Rust consulting to immediately offer rebates has gone a long way to reestablishing customer trust. The only remaining complaint that keeps coming up is the desire for SnapNames to release comprehensive auction histories so that customers can conduct their own audit. With SnapNames giving customers a year before the rebate expires, that is just the latest positive step towards resolving the halvarez mess.

A detailed look at the whois history of domains won by SnapNames VP of Engineering Nelson Brady shows that he pointed at least one domain to SnapNames DNS servers by mistake, and let a good domain expire.

Sometime in 2008 between June and September, whois records indicate that Brady transferred one of his ill-gotten domains, simsextremos.com, from registrar TuvaluDomains to his preferred registrar, eNom. According to DomainTools, when the domain turned up at eNom it was sporting the OregonNames.com DNS servers that SnapNames traditionally used to park deleting domains.

It is unclear how this mistake was made, but it is possible that Brady had set his default DNS servers incorrectly at eNom. While this mistake alone would not have alerted the SnapNames management to the scam, it is the type of mistake that domain investors on the message boards might have used to prove that halvarez possibly worked for SnapNames.

Brady’s second mistake was letting a five-digit domain expire, 90523.com. He acquired it in April of 2008 for $51, and failed to renew it the following year. What’s interesting about this deal was that it was not a pre-release auction, but one of the $9 post-drop auctions.

Click image for larger PDF

Some gave me a hard time for not including more facts in my previous story that speculated on how the SnapNames scam was uncovered. I admit that my previous article was vague where clear facts would have sufficed. So let me set the record straight and dive into the minutia of whois histories that drove my initial conclusions.

After searching Google, I found the following domains that were identified as won by halvarez (Nelson Brady, ex-VP of Engineering at SnapNames) on a number of websites and forums including dnforum.com and domain.cn. I focused on domains that were said to have been won (instead of lost) by halvarez because they would have a whois history on DomainTools of the winner. Looking at the whois history would prove or disprove the sometimes outlandish claims made in the forums. Here are the  21 domains that were said to be won by halvarez:

hamvuiclub.com
cinemagazine.com
lifeclips.com
searchescorts.com
tvizle.com
googletrends.com
extrawallpapers.com
fashionindia.net
jeniferlopez.com
tinhlathe.com
only-maps.com
hannahmontanna.com
nanotorrent.com
mature-club.com
curlyhair.net
simsextremos.com
moslemlink.com
90523.com
itttech.com
alphadating.com
xxbox.com

All of them except for two had an important commonality: being registered at one point in time by DomainQueue of Tacoma, WA. It was this pattern that proved the Tacoma address was the primary address of halvarez. Of the two domains that I could not link definitively, one I suspect was registered by DomainQueue/halvarez (alphadating.com) because it was eventually registered to iREIT but lacks whois history for all of 2006 and 2007. The other appears to have no link whatsoever (xxbox.com).

Now that we have a list of 19 domains that were won by halvarez, we can look at the acquisition date (when he won the auction at SnapNames), if any were transferred to iREIT, and where they are today. This is the data I used to generate the graphic at the top of this article.

I believe that due diligence for iREIT acquisition of the DomainQueue portfolio began around September 20th, 2006. This is the first date that DomainQueue domains (tvizle.com) began to point their DNS to iREIT DNS servers. This is a common practice for domain owners looking to prove that their domains have traffic to a potential buyer.

Nine days later on September 29th 2006, iREIT issued a press release announcing that Craig Snyder had joined iREIT.

On November 30, 2006 the DomainQueue domains (cinemagazine.com) began changing whois ownership to iREIT.

Looking at all domains acquired by DomainQueue before November 30, 2006, it appears that iREIT bought almost the entire portfolio. Credit should be given to them for avoiding the more controversial adult domains and “celebrity typo name” domains and focusing on the traffic portion of the portfolio.

The reason I am pointing out all of these patterns is to show why I speculated that Craig Snyder was the person who discovered the scam after joining SnapNames. I am not accusing iREIT of any wrongdoing. In fact, they are one of the most risk-averse companies operating in the domain aftermarket and they would not have touched the DomainQueue deal with a 10 foot pole had they been aware of the troubled source of the domains.

As I mentioned in my previous article about the SnapNames fraud, iREIT may have purchased a portfolio of domains from Nelson Brady in late 2006. An iREIT spokesperson declined to speculate on the accuracy of my claim, but whois records indicate that a number of domains were transferred from DomainQueue of Tacoma, WA to iREIT in late 2006.

So how did SnapNames discover the fraud? Craig Snyder may be the missing link.

Craig has been described as a sincerely principaled businessman by those who know him, and is famous for cofounding Marchex. He started working at iREIT in September 2006, just a few months before the DomainQueue domains were transferred to iREIT.

DNW speculated that Snyder may have been hired by Oversee.net in August of this year to “clean up the company.” Given Craig’s deep understanding of the domain industry, his role overseeing SnapNames, and his insider knowledge about the DomainQueue deal, it may have been an easy scam for him to uncover.

UPDATE: I wrote a supplemental article with more details.

In an e-mail this morning, SnapNames CEO Jeff Kupietzky and general manager Craig Snyder notified SnapNames customers that an ex-employee was involved in up to 5% of auctions between 2005 and 2007. They have also announced a reimbursement program for some of the affected customers. Customers who won auctions where the ex-employee is believed to have bid up the price will receive a refund of the difference with interest. I spoke to a SnapNames employee this afternoon who confirmed that the fired employee was in fact Nelson Brady who used the handle ‘halvarez’ when bidding on SnapNames auctions. A photo of Nelson Brady is available on DNjournal here.

For the sake of full disclosure, I have been a customer of SnapNames since 2002 and bid in many auctions against ‘halvarez’.

There are a few questions that were left open by the e-mail from SnapNames, most importantly why they will only be notifying customers who won auctions. It seems to many an equal loss for customers who lost domain auctions to the ex-employee. The other question is whether or not SnapNames will attempt to reclaim the domains won by the ex-employee.

Earlier this morning I spoke to Mason Cole, VP of Communications for Oversee.net. He was unable to comment on many questions because of ongoing legal and criminal actions, but he did reiterate that SnapNames has had an ongoing policy that prohibited employees from participating in SnapNames auctions. I am waiting to hear back from him about whether or not customers who lost to ‘halvarez’ will be notifiied, in addition to customers who won.

It was just last month that we published an article about trusting domain auctioneers, and this timely disclosure by SnapNames must be giving customers pause. The good news is that disclosures such as these, especially if SnapNames discloses to customers the entire extent as it involves that customer, are a very positive sign. Full and relevant disclosures are consistent with ethical business practices and show a strong desire to be honest, regardless of the cost to the organization, and SnapNames should not lose any customers over this incident. In fact, one SnapNames customer I spoke to will be returning to SnapNames because ‘halvarez’ is no longer bidding.

I did some research on domains won by ‘halvarez’ at SnapNames, and they point to two different addresses:

2661 N Pearl St #255
Tacoma, WA 98407

and

2346 NW Clarion Suite 303
New City, NY 10956

The first address located in Tacoma is a UPS store that sells mailboxes. The second address does not appear to be valid, according to Google maps. However, the e-mail address associated with both of those addresses, domainqueue@gmail.com, has 6591 domains associated with it according to DomainTools. The Tacoma address makes geographic sense because SnapNames was based in Portland, OR, only two hours by car from Tacoma.

According to DomainTools, Nelson Brady was listed as the primary whois contact for the snapnames.com domain from 2002 until February 14th, 2007.

Many are speculating about the motivations and strategy employed by Brady. Some have accused him of being involved in auctions for any domain where he saw one other bidder. Others have accused him of utilizing the SnapNames parking statistics to determine which domains to bid on and how much to bid.

Tracking some of the halvarez domains indicates that he may have sold a significant portfolio to iREIT in November 2006, although a call and e-mail to iREIT were not returned as of this writing. If Brady was focusing on traffic domains, purchasing with insider parking information and then flipping them to iREIT would make for a rock-solid business model.

For many customers the SnapNames website has added frustration to the matter. Sometime in the last year SnapNames removed auction history from before December 2007 which prevents customers from conducting their own investigation into the impact of this fraud. Ironically, it was SnapNames saving the auction histories that set a higher standard for transparency in the domain aftermarket. Perhaps SnapNames could continue to show their committment to openness and transparency by re-posting the historic auction data.

Last Monday, October 12 the World Intellectual Property Organization (WIPO) Arbitration and Mediation Center convened a conference in Geneva, Switzerland to mark the 10th anniversary of the Uniform Domain Name Dispute Resolution Policy (UDRP). The UDRP is the most enforceable legal instrument for trademark owners to defend a mark when used in a domain name.

Francis Gurry, Director General of WIPO, kicked off the conference with an address where he spoke about the history and the future of the UDRP which he called “a very successful experiment” and “a good solution to a real and pressing problem.” He spoke about the importance of the UDRP being a “predictable system of law” so that the man on the street would be able to comprehend it.

There were a number of sessions that followed, including “User Perspectives on the UDRP” where John Berryhill, a prominent lawyer who frequently represent domain owners, was part of the panel. Intellectual Property Watch reported that a domain owner complained of a WIPO bias for trademark owners, while trademark holders complained that defending their mark against so many violation is onerous.

WIPO is one of 16 specialized agencies within the UN and was founded in 1967 for the “protection of intellectual property throughout the world.”

GoDaddy has responded to Eolas’s Tuesday announcement of their filing a patent infringement lawsuit. Elizabeth Driscoll, Vice-President of Public Relations for GoDaddy told me,

“We have not seen the lawsuit and, therefore, cannot comment on it.  However, we are unaware of the basis for any such claims and we will defend the case vigorously.”

Judging by the character of the other 21 defendants in the case Eolas will have quite a bit of fight on their hands in addition to GoDaddy. But right now that is probably not Eolas’s biggest concern. Their most dangerous adversary is Bernard Bilski.

The Bilski case, primarily known for the potential to invalidate thousands of business method patents, has the potential to upend the Eolas’s gravy train by severely limiting the scope of software patents. The timing of this lawsuit is no accident when considering oral arguments before the Supreme Court of the United State in the Bilski case are less than one month away.

Texas company Eolas Technologies has filed a federal lawsuit against domain name registrar GoDaddy and 22 other companies alleging infringement of two patents involving embedded web applications and AJAX.

Eolas is famous for winning $565 million from Microsoft in 2004 before having its patent reaffirmed by the USPTO twice. The history of their litigation and patent reaffirmations have given Eolas the confidence to take on some of the largest US companies, at the same time striking fear in those same companies.

There is no word yet from GoDaddy with their take on the matter, but litigation of this manner can be settled quickly or drag on for decades.

Many observers have labeled Eolas as a “patent troll,” defined by wikipedia as “… a company that enforces its patents … in a manner considered unduly aggressive or opportunistic, often with no intention to manufacture or market the patented invention.” On Eolas’s website under “Products” they mostly list patents, not products.

The entire list of defendants includes Adobe, Amazon.com, Apple, Argosy Publishing, Blockbuster, CDW, Citigroup, Ebay, Frito-Lay, GoDaddy, Google, J.C. Penney, JP Morgan Chase & Co., New Frontier Media, Office Depot, Perot Systems, Playboy, Rent-A-Center, Staples, Sun Microsystems, Texas Instruments, Yahoo! and YouTube.

I received an odd renewal notice today from a company I didn’t recognize. I looked to see if it was still in my account, which it was, and found the e-mail to be entirely fraudulent. This would be particularly dangerous for naive domain owners who take these kinds of e-mail at face value. The website is hosted at a Russian webhosting company, and the domain are registered in Latvia. The e-mail and whois records are below.

Additional information
ISPRenewal consults companies about their ownership of domain names on the internet. We supply information to companies about to their domain portfolios, administer domain addresses and when a domain name is due to expire we inform businesses that it is time to renew a domain name. If you wish to assign ISPRenewal to extend your domain, please click on the link above. If you do not not wish renew your domain, you may disregard this e-mail. Note! No changes will be made in the WHOIS information if you choose to your domain with us. You will still have your current Domain Service Provider. You may also request your resent Domain Service Provider to extend your domain. If you have any enquiries, do not hesitate to contact our customer service center at +44(0)20 33 55 4951 visit us on the web.

Here are the whois records:

Domain ID:D144355989-LROR
Domain Name:DOMAINRENEWAL-ONLINE.ORG
Created On:24-Apr-2007 11:02:20 UTC
Last Updated On:01-Oct-2009 13:01:59 UTC
Expiration Date:24-Apr-2010 11:02:20 UTC
Sponsoring Registrar:DomainInfo AB (R29-LROR)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Registrant ID:DI-86-GRU
Registrant Name:Pierre Grundstom
Registrant Organization:Domain Renewal SA
Registrant Street1:Berzu 3
Registrant Street2:
Registrant Street3:
Registrant City:Cesis
Registrant State/Province:
Registrant Postal Code:5400
Registrant Country:LV
Registrant Phone:+371.25977574
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:grundstromsthlm@spray.se
Admin ID:DI-85-GRU
Admin Name:Pierre Grund
Admin Organization:Domain Renewal SA
Admin Street1:Suite 9 Ansuya Estate
Admin Street2:Revolution Avenue
Admin Street3:
Admin City:Victoria
Admin State/Province:
Admin Postal Code:000
Admin Country:SC
Admin Phone:+32.28080515
Admin Phone Ext.:
Admin FAX:+32.28080516
Admin FAX Ext.:
Admin Email:domainrenewal@email.com
Tech ID:DI-86-GRU
Tech Name:Pierre Grundstom
Tech Organization:Domain Renewal SA
Tech Street1:Berzu 3
Tech Street2:
Tech Street3:
Tech City:Cesis
Tech State/Province:
Tech Postal Code:5400
Tech Country:LV
Tech Phone:+371.25977574
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email:grundstromsthlm@spray.se
Name Server:NS.SVIP.NET
Name Server:NS2.SVIP.NET
Name Server:NS.IVIDHOSTING.NET
Name Server:NS2.IVIDHOSTING.NET
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC:Unsigned

which forwards to this website:

   Domain Name: ISPRENEWAL.COM
   Registrar: DOMAINCONTEXT, INC.
   Whois Server: whois.domaincontext.com
   Referral URL: http://www.domaincontext.com
   Name Server: DNS1.PROXYWEBHOSTING.NET
   Name Server: DNS2.PROXYWEBHOSTING.NET
   Status: ok
   Updated Date: 17-sep-2009
   Creation Date: 21-apr-2009
   Expiration Date: 21-apr-2010

Registrant:

    Sia "ISPRENEWAL"

    Maris Vilumsons        (isprenewal@yandex.ru)

    Makonu 8

    Balozi

    ,LV-2112

    LV

    Tel. +371.25977574

Creation Date: 21-Apr-2009

Expiration Date: 21-Apr-2010

Administrative Contact:

    Sia "ISPRENEWAL"

    Maris Vilumsons        (isprenewal@yandex.ru)

    Makonu 8

    Balozi

    ,LV-2112

    LV

    Tel. +371.25977574

Technical Contact:

    Sia "ISPRENEWAL"

    Maris Vilumsons        (isprenewal@yandex.ru)

    Makonu 8

    Balozi

    ,LV-2112

    LV

    Tel. +371.25977574

Billing Contact:

    Sia "ISPRENEWAL"

    Maris Vilumsons        (isprenewal@yandex.ru)

    Makonu 8

    Balozi

    ,LV-2112

    LV

    Tel. +371.25977574

Status:ACTIVE

Domain servers in listed order:

    dns2.proxywebhosting.net

    dns1.proxywebhosting.net

and the from address in the e-mail:

Domain ID:D157233993-LROR
Domain Name:ONLINEREMINDER.ORG
Created On:30-Sep-2009 21:51:15 UTC
Expiration Date:30-Sep-2010 21:51:15 UTC
Sponsoring Registrar:Regtime Ltd. (R1602-LROR)
Status:TRANSFER PROHIBITED
Status:ADDPERIOD
Registrant ID:CO570046-RT
Registrant Name:MARIS VILUMSONS
Registrant Organization:Private person
Registrant Street1:Maskavas 55
Registrant Street2:
Registrant Street3:
Registrant City:Riga
Registrant State/Province:Riga
Registrant Postal Code:LV1003
Registrant Country:LV
Registrant Phone:+371.25977574
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:ivihosting@inbox.lv
Admin ID:CA570046-RT
Admin Name:maris vilumsons
Admin Organization:Private person
Admin Street1:Maskavas 55
Admin Street2:
Admin Street3:
Admin City:Riga
Admin State/Province:Riga
Admin Postal Code:LV1003
Admin Country:LV
Admin Phone:+371.25977574
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:ivihosting@inbox.lv
Tech ID:CT570046-RT
Tech Name:maris vilumsons
Tech Organization:Private person
Tech Street1:Maskavas 55
Tech Street2:
Tech Street3:
Tech City:Riga
Tech State/Province:Riga
Tech Postal Code:LV1003
Tech Country:LV
Tech Phone:+371.25977574
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email:ivihosting@inbox.lv
Name Server:NS1.NAMESELF.COM
Name Server:NS2.NAMESELF.COM
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC:Unsigned

After OnlineNIC refused to show up at the legal proceedings that resulted in the largest cybersquatting decision in history, I speculated that their decision to ignore the federal lawsuit may have been based on not having any U.S. presence.

Looking up OnlineNIC’s Oakland, California address raised more questions than answers for me, so I thought I would drop by to check out the location that is listed in their whois record.

The building, 351 Embarcadero East, is located in an industrial area of Oakland. The property is bordered by a cement factory and an empty lot, and it looks like the type of place where junkyard dogs are used for security. I looked around the building and found many businesses listed but no evidence of OnlineNIC or any other Internet company for that matter. Here are a few photos:

While it’s not uncommon for businesses to have unusual locations in high-rent areas such as the San Francisco Bay area, it’s interesting that a company accused of owning almost a million infringing domains would use such a discreet location.