Recovering stolen domains: no bigger reward than a Thank You

Morgan Linton is a smart entrepreneur, whom I’ve met during TRAFFIC in Las Vegas.

His latest project,, leaves a lot to be desired; I’m about to unleash a serving of advice and “tough love” based on experience.

For years, I’ve helped domainers (aka, resellers) and end-users alike recover numerous domain names. Such recoveries were successfully achieved only because the driving force was “to do the right thing”.

There was never any money involved, no compensation for costs incurred or time rendered.

When a domain is offered for sale, no artificial algorithm can somehow decide it has been stolen or even laundered several times over. To successfully determine that a domain has been hijacked, one needs to employ time and effort in a quest for the truth.

I won’t lie: DomainTools helps tremendously, it’s the single most important tool one needs in order to check past history of domain ownership.

And yet, even the most seemingly innocent domains can lay dormant in the hands of a thief, only to be offered for sale on every single domain platform available; often, after a quick laundering in ownership.

No domain owner would be willing to offer monetary compensation “as seen fit” with regards to recovering a domain asset. When two letter or three letter dot com domains, generic domains or otherwise valuable domain assets vanish in the hands of a thief, it often takes months of playing hide and seek with digital “ghosts” that originate half across the world, often in China, India and Iran.

Quite often, while in the process of reclaiming a stolen domain, one has to stop short of tagging it as such; there are reasons to follow a thief’s path quietly, as it often leads to a stash of other stolen domains.

It’s the wrong call, in my opinion, to offer a centralized database that can become outdated, or contain false positives at any given time. In the same manner that investigators don’t publicize their research in the daily newspapers, the recovery of stolen domains is an art that cannot be automated.


  1. Thanks for the post – always appreciate feedback!

    Just wanted to make sure you had time to look-through the site. The algorithm is only to filter-out the junk, all thefts reported to us are verified by hand. In fact we require the person reporting the theft verify their identity and we follow-up directly with the reported thief.

    Right now we are solidifying relationships with registrars and marketplaces so we have direct contacts that we can follow-up with within these organizations.

    So I think you may have read the press release incorrectly. Our automated algorithm is NOT used to determine if a name is stolen. It is instead used to verify if there was a chance that it was to literally filter-out SPAM.

    Once the algorithm determines there is a chance. Then it goes to a real human who follows-up with the previous owner, current owner, registrar, and local law enforcement.

    This is definitely NOT something that can be solved with an algorithm, we just want to limit SPAM and make sure we are spending our time helping people recover names and not filtering through a million false theft reports.

  2. hey Morgan – I must say that Ron Jackson’s report description of “all of the domains listed as stolen at will be verified by a proprietary algorithm called DTVS” made me believe it’s all somehow automated.

    The rest is of course my own opinion and commentary on the process of identifying and retrieving stolen domain names.

  3. If you read the sentence you quoted followed by the one after it then it should be more clear…

    all of the domains listed as stolen at will be verified by a proprietary algorithm called DTVS (Domain Theft Verification System). Linton noted, “DTVS does an initial check to ensure that the theft report is valid, then sends it to a member of’s task force for investigation.”

    The initial check is done by the algorithm and then it is sent to a member of our task force for investigation.

    We think that by putting the domain in a database (only if the owner requests it) within the first 30 days will make it much harder for thieves to sell.

    Always interested in sharing ideas though and improving as much as possible. The goal is to make it harder for thieves to sell stolen domains. If marketplaces like Sedo, Afternic, Aftermarket, eBay, Flippa, etc. check our database before listing a domain for sale it will become significantly harder for thieves to sell domains.

    This is done with cars, credit cards, etc. and works really well, I think this will make a huge impact in the domain security space.

    Would love to get some more feedback from you as you’re someone I really respect in the space and I think has a lot of great ideas!

  4. There are a series of issues that I foresee, first and foremost of which: how do you validate an owner?

    You’d be facing hundreds of claims or suspicions, some of which might be malicious.

    For example, Bob doesn’t like Morgan and lists Morgan’s domains as stolen in the database. It’s the same pitfalls that rein various anti-spam IP block services.

    The effectiveness of locating and retrieving stolen domains is questionable when the word is out there for the thieves themselves to peruse.

    In my opinion the service should be made b2b only: you populate the database with verifiable data and sell the service to domain selling platforms. Flippa is well aware of how many times we alerted them to stolen domains being offered for sale there, the same goes for Sedo, Afternic and forums such as DNForum.

    Then of course there is the whole issue with the retrieval mechanism, the interconnection with registrars and/or law enforcement (as far as I know, the FBI gets involved with loss claims worth $5,000 and up).

    Lastly, the database would have to be kept fresh; anything less than that and claims against domains that aren’t stolen can forever stigmatize perfectly good assets.

  5. I’d like to list both of you on the sidebar of my site, When I registered it, there were not many resources out there to recover a stolen domain name! Searches indicate people who visit are looking for resources to recover a stolen domain name.

  6. It is definitely an interesting idea, and I’d like to see it succeed. Although I’m not really sure I am grasping the whole compensation bit. I am finding it hard to envision that people will actually go to the website and search for “stolen” domains prior to purchasing. It seems like people will realize it is stolen after the fact regardless.

    Best of luck to Morgan though, I know he is fully capable of making this work.

  7. Hi,

    In the recent case, of the guy convicted stealing the doamin: “p2p” .com

    ”with an estimated value of between $160,000 and $200,000″ …

    It was stolen for more than year, before they bothered to notice…how does that happen?


    Best wishes with your new service Morgan.


  8. I tend to be a bit worried when I see “algorithms” mentioned in relation to domain names. In some respects this is like a domain cops, or rather domain vigilantes operation. However tracking and proving domain theft, as Acro said above, is very much an art. Would domain thieves be more likely to use established domain market sites or would they instead try to flip the stolen domains quickly on domainer forums?

Speak Your Mind