Copyright © Flavio StanchinaJuly 22, 2009 at 00:48:28
On September 15, 2003, Verisign added a wildcard record to the .net and .com Top Level Domains. What this means, in case you don't get it already, is that they effectively hijacked ALL unused .com and .net domain names.
The reaction has been immediate and overwhelming on various fronts. See, for example, this article on Slashdot, the NANOG mailing list, the BIND users mailing list and this patch to BIND provided by the ISC. However, I was so outraged that I lost my usual temper and fired off a nastygram to Verisign:
Date: Wed, 17 Sep 2003 15:13:05 +0200
From: Flavio Stanchina <my.address AT work>
To: nstld AT verisign-grs.com, info AT verisign.com, legal AT verisign.com,
abuse AT verisign.com, support AT verisign.com
Subject: Take Site Finder down *NOW*
Site Finder is breaking the spam filters on several servers I manage,
plus several other services that rely on getting the correct answer for
nonexistent domains. I believe that some helpful upstream admin has
blocked all traffic on 64.94.110.11 port 80 because I don't get the
search pages anymore, but many other services are suffering.
I kindly ask you to take the "service" down immediately, otherwise I
will have to indiscriminately block all .com and .net domains at my
routers to prevent abuse. I am willing to resort to legal action if this
matter cannot be resolved in a friendly way, but given the overwhelming
amount of backlash you are receiving from everyone else, I sincerely
hope you understand that Site Finder service cannot stay up as currently
implemented.
(Sorry for the long list of addresses, but apart from the email address
in the "Site Finder Implementation" whitepaper, the Verisign contacts
page was unhelpful in identifying who to contact regarding this matter
so I came up with some likely addresses.)
--
Best regards,
Flavio Stanchina
Informatica e Servizi
Trento - Italy
Frankly, I didn't expect an answer, but this is what I got back instead:
From: Support <support AT verisign.com> Date: Wed, 17 Sep 2003 09:14:38 -0700 Dear Flavio, VeriSign's Site Finder service improves the web browsing experience when the user has submitted a query for a nonexistent second-level domain name in the .com and .net top-level domains. Before this service was implemented, when a user entered a URL containing a nonexistent (e.g., unregistered) domain name ending in .com or .net, their web browser returned an error message that contained no useful information. With the introduction of Site Finder, users now receive a helpful web page offering links to possible intended destinations, related categories, and the ability to conduct additional searches immediately. For more information, please email: sitefinder AT verisign-grs.com Thank you, [a woman's name] VeriSign Customer Support [original mail followed]
Of course, if the introduction of this "feature" outraged me, trying to explain how it "improves the web browsing experience" of poor little users did not get an armed response only because I'm against the use of weapons under all circumstances, but I was nearly about to make an exception. However, an ever more toxic email was in order:
Date: Wed, 17 Sep 2003 20:47:34 +0200
From: Flavio Stanchina <my.address AT work>
To: support AT verisign.com, sitefinder AT verisign-grs.com
Subject: Re: Re : Take Site Finder down *NOW* (#xxxx-xxxxxx-xxxx\xxxxxxx)
Support wrote:
> VeriSign's Site Finder service improves the web browsing experience
> [quoting of original mail followed]
I have several years of experience as a system administrator and several
more as a computer user, so I know how the net worked before Site Finder
was implemented, thank you. When a user entered a nonexistent domain,
the web browser would display a message stating that the host name was
not found, and this was more than enough for most users with a brain to
understand that they probably mistyped the URL. I believe that Site
Finder, as currently implemented, is on the edge of fraud because
Verisign gets to define what "possible intended destinations" and
"related categories" means, and I'm being told that some of the results
are paid advertising and/or may point to competitors of the mistyped
URL. Excuse me, but this falls entirely within the definition of
cybersquatting and as far as I know every court in the world found that
such behaviour is not tolerable. However, I'm not really concerned about
this part: what I *am* completely, absolutely outraged about is that
Verisign is returning a valid IP address to a range of spam filters and
other services that previously would detect that the domain did not
exist and fail nicely, but now get stuck trying to contact an address
that they have every reason to believe is valid. In some cases the
software is incorrectly retrying a connection even after it is told that
the service is not available, but in some other cases (I'm mostly
concerned about spam filters here) just returning a valid IP address for
a non-existent domain violates all estabilished practices and, I
believe, at least the spirit of current RFCs.
> Thank you,
>
> [a woman's name]
>
> VeriSign Customer Support
--
Best regards,
Flavio Stanchina
Trento - Italy
Waiting for an answer... Meanwhile, I'm grinding my axe.
A reader's letter to The Register suggests a nice and all-too-deserved way of retaliating, if your spam filters are being confused by this change.
Another interesting thing that I discovered thanks to this mess is OpenNIC, a "user owned and controlled Network Information Center offering a democratic, non-national, alternative to the traditional Top-Level Domain registries". Not a solution to the problem at hand in the short term, but definitely a good idea in the long term.
Copyright © Flavio Stanchina
July 22, 2009 at 00:48:28