Depending upon your viewpoint on the world, the people at Verisign have done something which makes them either the scum of the Earth or some of the smartest people in business today. Excluding the normal foaming-at-the-mouth ravings against Microsoft and Bill Gates, I have rarely seen anything like the venom now being written against this decision.
"Oh my God. I just can't believe how evil this is.", writes one webmasters on Webmasterworld.
One writer on Slashdot wrote, "I've got to wonder: where do they come up with such evil ideas? Verisign must have a Beowulf cluster of insensitive clods..."
So what could Verisign have done to produce such venom? Did they begin torturing people or were they distributing terrorist propaganda? What vile acts could they possibly be doing to get these horrible, insulting comments from so many people?
Technically what they did was such a small, little thing that I wonder why they didn't do it years ago. It's such a simple change to the internet, yet the ramifications are so huge ...
Verisign simply changed the root DNS for .NET and .COM to direct web browsers to their own custom, "helpful" search page. What does this mean? Previous to the change, anyone who typed a non-existent .NET or .COM domain received an error page, displayed directly by the browser. Some browsers would direct the person to a search engine page (often MSN or Google) and others would just display an error page.
Now any time a domain name of .NET or .COM is entered, the user will see the "helpful" Verisign page which includes a search engine entry field and a directory of topics, as well as the Verisign copyright and privacy pages and some helpful information.
Why would they do this? According to a spokesperson, "Like many registries, we're continually exploring ideas on how to enhance the user experience." Yeah, right. Verisign doing something for the public good? That's in the same league as boarding your favorite prize cow at the local slaughterhouse, or asking your local gang members to guard your 15-year-old virgin daughter.
Forgive my little bit of cynicism for a company which traditionally has made the abuses of Microsoft seem petty and trivial in comparison. There is absolutely no possibility that this company even considered for a single millisecond making this change for the public good.
So what is Verisign really want? Money. Buckets and buckets of money. Money hand over fist. You see, the "helpful" page is actually a portal into Overture, and Versign makes a small amount of money (anywhere from fractions of a penny to hundreds of dollars) off of every single click. Imagine how much money they could conceivably make. It simply boggles the imagination.
Some issues caused by the Verisign change include:
Verisign does the same kind of redirection with email (SMTP) domains, which simply means that any attempt to send email to a non-existent .NET or .COM domain will no longer fail. Instead, they will be delivered to Verisign and "bounced". This is different than the old behavior and produces some issues for email systems.
One significant problem with this email implementation is previously spam-filtering software could check that the host name in the FROM field of the message exists. It could be safely assumed that email from a non-existent domain is spam and undesirable. Since Verisign now resolves all non-existent domains, this feature no longer works. Thus, any spam filtering software which used this method to eliminate some spam will now mark spam messages as valid.
Another problem is the implementation makes it much more difficult to find and fix problems in MX (the email portion of the DNS entry) records. For example, assume you had a domain "blah.com". You want the mail delivered to "mail.blah.com" and, if that system is down, to instead go to "second.blah.com". If you had mistyped "mail.blah.com" in the MX record as "mal.blah.com" previous to the Verisign change, mail would still get delivered to "second.blah.com". After the change, it would not, since "mal.blah.com" is now defacto defined by Verisign. The mail would thus be bounced (by the Verisign email system) instead of returning an error indicating the domain doesn't exist.
So what should we do? Send a letter (not an email as letters have far more impact) to your ISP, to ICANN and even to your congressmen and legislatures. Simply make it know that unethical practices of this kind are not to be tolerated.
Connect with me
Unless otherwise noted, all photos and text is Copyright © Richard G Lowe, Jr.