Verisign sucks
Latest crap

October 23rd, 2003: Don't take my word for it... Take the opinions of several hundred network engineers, among other users: Paul Vixie's survey solicited from the North American Network Operators' Group. I'm pretty sure NANOG knows what they're talking about...

October 7th, 2003:Verisign has obeyed ICANN's demand to suspend the SiteFinder hijack. They're whining like little bitches about how it's "stifling innovation," etc, but at least they took that bastard service down. Whattya know - ICANN showed their teeth. WOO!

Verisign has lost all trust and credibility with this last escapade. I personally consider them untrustable, and will never buy SSL certificates from them again, nor will I ever register domains through their services. I recommend the same to my customers. Wake up, Verisign - you do not own the internet.

What happened? What does this break?

September 15, 2003: Verisign, the US Government-appointed corporation in charge of the .com and .net top-level domains, added wildcard entries to both the .com and .net zones. This action hijacked all unregistered domain names in .com and .net, redirecting those unregistered domain names to Verisign's own advertisement servers. Verisign derives revenue from hits to these advertisement servers in the form of paid advertising sold to other entities.

For example, if you accidentally type "" into your web browser, your connection will now be automatically redirected to Verisign's SiteFinder service. You have no choice - Verisign has removed that for their own financial gain. Be assured that links you click on while on SiteFinder generate revenue for Verisign - up to $150 million dollars, according to their own estimates. All for spending nothing hijacking the global .com and .net zones. Pretty handy.

Just for kicks, click on "Terms Of Use" at the bottom. Scroll all the way to the bottom, and read #14. By mispelling a domain name, suddenly Verisign thinks you're bound by their terms of use agreement. How does that sit with you, knowing that your misclick or mispelled domain suddenly "enters you into their terms of service?" Is that legal? Do you agree with each of their terms of service, for being redirected with no choice?

How would you feel if your telephone company redirected all of the wrong numbers you dial to a telemarketing firm? Perhaps, a telemarketing firm that they themselves own? This is precisely what Verisign has done. And you can't choose another Verisign. Yet.

  • DNS troubleshooting. There is no longer a useful way to instantly determine a mistake. Previously, your web browser would return a "no such domain" error. Well, guess what - now every single domain possible exists. There are no domains that "don't exist." And Verisign "owns" every single one not already registered. For free.
  • Certain types of spam filtering. Some spam filtering softwares check for non-existant domain names, when checking incoming mail. Guess what - all domains within the .com and .net zones now exist... This method of filtering has been subverted by Verisign's hijacking. Although, given Verisign's past track record of selling contact data to spammers (oops, sorry, "business affiliates" or "partner sites"), this shouldn't surprise anyone - they're helping the spammers get around filters.
  • Ethics. They just claimed millions of domain names for themselves, for no charge, and they're raking in the money because of it. They're removing all choice from any internet user that attempts to communicate with a .com or .net domain and mispells something. They are abusing the trust placed in them by ICANN and the Federal Trade Commission to maintain the .com and .net zones, and they're thumbing their noses at them in the process.
  • Your trust. Security and privacy researchers have already discovered code on SiteFinder that passes POSTed data to a third party marketing agency. Ie, if you mistype a URL that contains a username, or an email address, or anything else that you'd rather not have public, it's being passed on against your wishes. And you have no choice.
  • Privacy. They're also answering SMTP connections for these nonexistant domains. Verisign says that they are simply refusing the emails, but who knows what they're logging? Are they collecting emails for spam lists? Will we ever know?
Well, what can we do?

Do what I did - I just finished transferring my last domain away from them, to a competing registrar. One that doesn't consider themselves above the law, above question, or above review. Personally, I'm guessing this sort of action is what drove them to this level of lawlessness - customers are quite simply pissed off with their incredible level of customer disservice, their questionable (illegal?) business practices, and their complete willingness to forget about ethics and go right for the buck. Customers have been fleeing Verisign's registration services like rats abandoning a sinking ship, so they're becoming more and more desperate.

Customer service does matter, and Verisign hasn't provided any of that for the past four years.

When it comes time to renew your SSL certificates, refuse to do business with Verisign. They've breached the entire internet community's trust by implementing these wildcards, as well as continuing their shady business practices. They're untrustable. Purchase your certs from someone else that you can trust.