Verisign Launches Mother-of-All Typo-Squatting Campaign

[SlashRoot.Com]

Verisign is laughing all the way to the bank by Typo-Squatting.

Most of us have to buy traffic, or bust our chops for better ranking at SE, and for getting better SERPs.

Verisign has launched today their latest typo-squating program that affects all .net addresses, and will probably do the same for the entire .com name space as well.

If someone mistypes your .net address or types in a .Net address that does not exist, it now resolves to Verisign's website -in stead of generating a 404 error. So if one of your customer mistypes your .Net addresses (as well as .com addresses real soon), they will be now sent to Verisign's typo-squatting-mega-traffic-generating website.

All of a sudden every un-registered .net domain now resolves to Verisign's website. Talk about typo-squatting: iiibmm.net, ibbbmmm.net, yahhhooo.net, yhayoooo.net, they all now point to Verisign.

Don't believe it? Check out how these made-up-names now resolve:

verisign-typo-squatting-really-sucks.net A 64.94.110.11

this-setup-really-sucks.net A 64.94.110.11

this-setup-really-really-sucks.net A 64.94.110.11

this-setup-really-really-really-sucks.net A 64.94.110.11

You get three guesses to tell me what that address points to. Your are right!
11.110.94.64.in-addr.arpa PTR sitefinder-idn.verisign.com

Soon addresses like the following will start resolving to Verisign's new typo-squatting mega site.

http://www.typosquatting-really-sucks.net

They have not even started this for .com addresses, yet their traffic is already out of this world! I will post a link here with stats on Alexa ranking for their Mother-Of-All-Typo-Squatting-Campaign-Site-at-Verisign.com

Stay tuned!

How much would you, I and Joe Public would have pay to acquire this much of traffic? How much does it cost Verisign to do this typo-squatting? Not a red cent.

They don't have to even register these names, just monetize the traffic! No worry about any trademark violations, UDRP, lawsuites, reg fees, nothing! This is professional misconduct & corporate greed at its worst!

This is typo-squating in its worst form, practiced by the very folks who are trusted with the registry, and management of the entire .com/.net name space.

I sure hope ICANN wakes up from its deep coma and takes away .com/.net name space management from these bottom feeders!

:red:
This affects ALL of us, folks! Think about it!

As I see it, Verisign seems to be clearly abusing its monopoly as a registry for .net/.com namespace.

Do you see lawyers on the horizon? I do.

 

[Brian]

bah, now i'd love to just have 1 hours worth of the traffic they will be getting now. This is a true monoply if i've ever seen one, and people complain about microsoft?

 

[RJ]

I saw this for the first time earlier today. It's not doing it at the moment though. Did 64.94.110.11 crash under all the typo traffic? Or is it just me?

 

[SlashRoot.Com]

Looks like their web server has crashed, or just quit working for these folks. I can picture it pinching it's nose and walking out singing: "take this job and shove it..."

All un-reg'ed .Net names and typos of reg'ed names continue to resolve to their IP address. It's ringing, no one is answering the call.


Or if we are lucky, they did answer the call, and it was ICANN asking them to back off! Highly unlikely that ICANN would act so fast, but I am an optimist to the bone!

UPDATE:
Looks like VeriSlime is stealing traffic by not only typo-squatting non-existant domains, but also from domains in Pending Delete, Redemption Grace Period (RGP), as well as from ACTIVE domains with no nameservers.

 

[Coastalguy]

The rich get richer.

ST

 

[RJ]

Originally posted by SlashRoot.Com
UPDATE:
Looks like VeriSlime is stealing traffic by not only typo-squatting non-existant domains, but also from domains in Pending Delete, Redemption Grace Period (RGP), as well as from ACTIVE domains with no nameservers.

Oh, that is BAD! I can't see them getting away with that.

 

[SlashRoot.Com]

Originally posted by Coastalguy
The rich get richer.

ST

No, I think The Slimy gets Slimier is better way to describe it.

I recall many moons ago, they had nerves to auto-forward Internic.net to Netsol.com. They obviously felt there is no seperation of their role as a registrar (NSI) and their role as the trustee of the registry, i.e Internic. I don't think they still get it.

Just because they can wild card DNS at the root servers to monetize all such traffic (for all unreg'ed names, as well as many active names with no NS entried), it does not make it RIGHT for them to do so.

No wonder many are beginning to think their true name is VeriSlime and not verisign!

 

[Coastalguy]

Whois verislime.com
Domain Name: verislime.com

The results below are provided by Verisign Naming and Directory Services (http://www.verisign.com/nds/naming/) (whois.internic.net)

This domain is registered at Verisign Naming and Directory Services (http://www.verisign.com/nds/naming/)
Their whois server (whois.internic.net) is currently unavailable.


ST

 

[SlashRoot.Com]

No matter how they slice it, it's still balogna!

Here is Verisign's posting on this subject:
--------------------------------------------------------------------
Date: Mon, 15 Sep 2003 19:24:29 -0400
From: Matt Larson <[email protected]>
Subject: Change to .com/.net behavior

Today VeriSign is adding a wildcard A record to the .com and .net
zones. The wildcard record in the .net zone was activated from
10:45AM EDT to 13:30PM EDT. The wildcard record in the .com zone is
being added now. We have prepared a white paper describing VeriSign's
wildcard implementation, which is available here:

http://www.verisign.com/resources/gd/sitefinder/implementation.pdf

By way of background, over the course of last year, VeriSign has been
engaged in various aspects of web navigation work and study. These
activities were prompted by analysis of the IAB's recommendations
regarding IDN navigation and discussions within the Council of
European National Top-Level Domain Registries (CENTR) prompted by DNS
wildcard testing in the .biz and .us top-level domains. Understanding
that some registries have already implemented wildcards and that
others may in the future, we believe that it would be helpful to have
a set of guidelines for registries and would like to make them
publicly available for that purpose. Accordingly, we drafted a white
paper describing guidelines for the use of DNS wildcards in top-level
domain zones. This document, which may be of interest to the NANOG
community, is available here:

http://www.verisign.com/resources/gd/sitefinder/bestpractices.pdf

Matt
- --
Matt Larson <[email protected]>
VeriSign Naming and Directory Services
------------------------------------------------------------------

 

[Jeff]

Originally posted by SlashRoot.Com
UPDATE:
Looks like VeriSlime is stealing traffic by not only typo-squatting non-existant domains, but also from domains in Pending Delete, Redemption Grace Period (RGP), as well as from ACTIVE domains with no nameservers.

Ouch!
They also control the ".TV" namespace, as well ... I'll check in to this further in the a.m. This is very disconcerting, I'll agree Shri.

 

[DuffMan]

Doesn't seem to be going anywhere for me, but this is truly horrible. I see several lawsuits happening soon.

 

[sumthin]

anybody have contacts in the media?
hopefully the public outrage will make them retract from doing this
really is disturbing news.

 

[SlashRoot.Com]

Originally posted by DuffMan
Doesn't seem to be going anywhere for me, but this is truly horrible. I see several lawsuits happening soon.

They had activated wildcard support for .Net for a test run lasting few hours only. I am sure they will be back soon.

Today VeriSign is adding a wildcard A record to the .com and .net
zones. The wildcard record in the .net zone was activated from
10:45AM EDT to 13:30PM EDT. The wildcard record in the .com zone is
being added now.

 

[Matt]

Ok, Just got off the phone with Kim Davies. He's the "Technical Policy Adviser" for CENTR (COUNCIL OF EUROPEAN NATIONAL TOP-LEVEL DOMAIN REGISTRIES).

Apparently this was not wwarned to any regulatory body in Europe. There is a closed assemby in Saltsburg regarding other issues, but this will no doubt dominate the meeting. Full miutes and slides of the meeting will be posted on there site on Firday morning.

Apparently there was a crash on there systems after they "tested" it and will be answering questions. It is AGREED by CENTR that this is a massive monopoly move by Verisign and they DO NOT agree with it.

Verisgn is trying to implement this on : .com / .net / .cc / .tv and .us

The other domains are left un-affected.

I'm droping him a mail now and he will mail me when the minutes and slides are online.

If anyone here wants to contact him, I have his direct line aswell

Rgds

MAtt
-------------------------------------------

Hi Kim,

thanks for talking to me.

I have passed on the comments you made to the community and would love to get an official statement from you guys should that be possible so there are absolutely NO crossed lines or mix ups.

Please let me know when the minutes are posted so we can review them. There are many people as you are no doubt aware, from smaller players like ourselves, to the large companies. It seems this is VeriSign trying to compete with the same system that UltSearch has adopted. If this is the case, then I would assume a Class Action from Internet Domainers would be viable.

Many thanks

Matt Wheeler
-------------------------------------------

 

[Matt]

The whole system has been just activated.

I'm getting sent to there search page. Seems to me they are trying to compete in the market that ULTSEARCH have created.

Matt

 

[SlashRoot.Com]

Originally posted by SY4
Seems to me they are trying to compete in the market that ULTSEARCH have created.

Matt

This is way bigger than that.

There is no other redirector that hijacks traffic from non-existent domains, deactivated domains, active and valid domains if they don't have any NS records, pending-delete, or those in redemtion state.

Think about it: you may have paid for and be current owner of a valid domain registration today, but if you don't attach an NS record, they will steal your type-in traffic away! Same is true of your name servers get hosed for some reason. You guessed it right - these sharks are waiting to steal your traffic!


Verislime has just proven the fact that they can not be trusted to run the .com/.net name space.

Consider patching up your DNS.

DNS patches are now being released to convert the Verisign returned IP back to NXDOMAIN:

http://www.imperialviolet.org/dnsfix.html

Good temporary measures, me thinks.

 

[Matt]

Ok....IMO, war has been declared.

Slash....

I've just sent a scathing mail to Kim @ CENTR.

I've also set up STOPVERISIGN.com

with email forwarding for a petition.

Can I use the links for the DNS fix?

Chrs

Matt

 

[SlashRoot.Com]

Originally posted by SY4

Can I use the links for the DNS fix?

Chrs

Matt

Sure, that info IS in public domain.

That's how I found it!

 

[Matt]

cool. STOPVERISIGN.COM will be live as soon as NameCheap sort out DNS.

Rgds

MAtt
((to view.... http://verisign.sy4.com ))

 

[SlashRoot.Com]

If y'all are done with patching up your DNS resolver, cast your vote -for or against - Mr. Stratton D. Sclavos, CEO, Verisign. There is a place to leave a comment too, if you feel so motivated.

http://www.forbes.com/2003/05/01/cx_ceointernetpoll.html

Get your votes in!

 

[Matt]

PLEASE VERYONE REMEMBER.... what is being voted on is "IS HE DOING A GOOD JOB WITH VERISIGN AS A CEO"

Not the present issue with verisign.!!!!

when NameCheap Resolves it, gooto STOPVERISIGN.COM to register your complaint!

 

[aliepayne]

http://sitefinder.verisign.com/lpc?url=stopverisign.com&host=stopverisign.com

:o

That just takes the p*ss.

-Alex

 

[SlashRoot.Com]

There is a petition online now at:

http://www.petitiononline.com/icanndns/

Hope this grass root movements wakes up ICANN from its deep coma and gets them to listen to reason -for a change.

Originally posted by SY4
PLEASE VERYONE REMEMBER.... what is being voted on is "IS HE DOING A GOOD JOB WITH VERISIGN AS A CEO"

Not the present issue with verisign.!!!!

How can you say the present issues with verisign has nothing to do with how he is doing his job at verislime? The buck stops there, right on his desk.

There is a whole lot of bad-karma piling up at Verislime under his leadership(?).

They have long history of doing these kinds of slimy things. This is a trend, not an isolated incident.

Here is a breif recap of verislime's wrondgoings:
Unverified MAIL-FROM authentication, Broken PGP authentication, Keeping expired domains for ever, Claiming they own domain names and then allowing customers to use them as a service, Redirecting the InterNIC neutral site to themselves (it's rumored that Feds had almost yanked their license that time), holding domains for a $150 ransom during the domain holding period, The Domain Registry of America scam, The CA screwup, The current DNS wildcard scandal, and the list goes on.

Looking at Verislime's track record, isn't it apparent they're clearly unfit to provide the services for which they are being trusted by the Internet community? What are they smoking at Verislime these days?

Check out the Internet Architecture Board's response to Stuart Lynn's (ICANN) email request for advice:
http://www.iab.org/Documents/icann-vgrs-response.html

 

[Matt]

Thanks Shri,

Interesting Read. I am MOST suprised that they still went ahead with it despite being told it is completely against what they stand for and are allowed to do.

Maybe it's time for the media to expose this more heavily. It seems it's all happening at very low level and should be exposed.

Matt

http://www.silicon.com/news/165/1/6045.html?et=search

 

[SlashRoot.Com]

ISC, mainterner of BIND (name server software that powers over 80% of DNS servers) has released a patch for BIND that filters out:
"wildcard" or "synthesized" data from NAT boxes or from authoritative name servers whose undelegated (in-zone) data is of no interest.

ISC.Org release:
http://www.isc.org/products/BIND/delegation-only.html

Here is another Interesting article on Wired:
http://www.wired.com/news/technology/0,1282,60473,00.html

enjoy!