Sanctioned Domain Name Theft

Update: the Washington Post is also covering this story. There's also a writeup on The Register.

VeriSign, the company which has been charged with the responsibility of managing the database for all ".com" domains, has been accused of misusing that information in attempts to steal customers from its competition.

Although you can now register your domain with other companies, called Registrars, all registration information is maintained by VeriSign. Despite this, many companies, including, began registering domain names with alternative registrars. Many people felt VeriSign had wielded monopoly power to the detriment of its customers, over charging for services and providing substandard technical support.

With the economic dot.bomb and slowing economy, many companies faced with decreasing profits chose moral bankruptcy over the real thing, having been reduced to cheap marketing tactics like spamming or reselling personal information about their customers. It would appear that VeriSign has begun exploiting the information entrusted to its care.

It started with letters received via U.S. postal mail. They were addressed from companies like Interland, a "VeriSign Alliance Partner" and warned that our domains were about to expire. They looked like bills, containing a list of the domains registered to us which were about to expire. They claimed "no other aspect of your domain name registration, including registrant, or Web site hosting will be affected." However, "this service is provided 'as is' and without any warranty."

This was a blatant lie. We have heard one nightmare tale after another in which companies have mistakenly paid these phony bills. In one case, the registrant information (that which states who owns the domain) did change. Contact information was altered so as to prevent the rightful owner from making modifications. In addition, the domain was pointed to another hosting company. Guess which "VeriSign Alliance Partner" took over the hosting?

Except that they didn't. VeriSign was now pointing the domain at Interland, but Interland never actually set the domain up on the servers. Consequently, the customer's Web site was down--for a long time. Before the domain could be pointed back at the servers actually hosting the domain, all the contact information had be changed. The process included faxing information to VeriSign. It took VeriSign a week to respond to each fax.

Months later, the information still isn't correct as advertised on the VeriSign Web site. However, the domain is pointed at the correct hosting company. At this point, the domain seems to be caught in limbo between two databases. We had hoped VeriSign would receive enough flack from this effort to prevent them from continuing along this path and take corrective actions, however, the article linked to above actually shows a letter addressed from VeriSign themselves. They've apparently cut out the middle men and have embarked on a whole new round of domain thievery.

If you have received one of these mailings, or have experienced any other attempt to steal your domain names, we recommend making use of the Registrar Complaint Forum, though we've yet to see any response from complaints, much less corrective action.

Question: who sanctions domain name registrars and put the ".com" database in VeriSign's control? The governing body is ICANN, a nonnonelectedrporation consisting of a small group of nonelective and unaccountable officials.

Latest Net News Net News Archive

Privacy Policy    Copyright Policy Internet Services
24 Crescent Street Ste 401, Waltham, MA 02453 USA
+1 (508) 430-1776