Old domain refrains

ALLOW ME TO declare this once and for all: VeriSign’s domain registration operation is out of control.

The outfit formerly known as Network Solutions has made many an appearance in The Gripe Line over the years, and I wonder if it isn’t futile to continue discussing it. But for the name on the door, nothing seems to have changed through the years. The oldest complaints about Network Solutions remain in the VeriSign era and are, in fact, more obvious than ever. And new ones arrive too thick and fast to look into them all, even if I were going to write about them every week. I’m nothing if not stubborn, though, so let’s try one more time.

One thing I can do a little differently is to eschew my customary practice of focusing on a specific issue in favor of trying to paint the bigger picture of what I’m hearing from readers about VeriSign. Many of the stories are old refrains. Back in the days when Network Solutions’ monopoly on domain registration was absolute, the main gripe about the company was that it didn’t know what it was doing. One wag once suggested Network Solutions got its name from trying every possible solution to fix its back-office problems: inadvertent cancellations, double billings, mythical invoices, hacker break-ins, service outages, spam attacks, etc. You would think all that would have disappeared as soon as security-minded VeriSign, headquartered in Mountain View, Calif., took over and the domain registration business was opened up to other registrars. But readers have again raised each of those issues.

For example, this week one reader reported his company’s principal domain, which had five years left on its registration with VeriSign, was shanghaied by an overseas hacker who managed to change the registry records. VeriSign told the reader it had no responsibility to help, as the crime was not a case of theft. (The courts say domain names aren’t property.)

Within a few hours, another reader was telling me that many of his clients using another registrar recently acquired by VeriSign have had their domains abruptly shut off. A glitch in VeriSign’s system is apparently ignoring the payments the clients made to their old registrar, but no one at VeriSign can be bothered to track down the bug. So what if people’s businesses are at stake? VeriSign’s terms of service say you can’t sue it.

There is a constant litany of similar complaints. Disastrous muddles even occur when customers are transferring domains to VeriSign from another registrar. In such cases, it’s obvious the situation didn’t arise out of any malicious intent on VeriSign’s part — it’s just too incompetent or too indifferent to fix the problems.

The existence of alternative registrars has ushered in a whole different category of complaints from customers trying to transfer domains to other registrars, and with them VeriSign’s intent is very much an issue. Last year we talked about the phony expiration notices VeriSign mails out to customers of other registrars. Looking like an invoice, the letters can easily fool the unaware into transferring registration back to VeriSign, probably at a higher rate than the current registrar is charging. VeriSign continues to send those letters out, aided by Internet Corporation for Assigned Names and Numbers (ICANN) rules that require all registrars to sell each other bulk access to their customers’ contact information.

I’ve also discussed the transfer-blocking mechanism VeriSign has implemented by requiring that a confirmation e-mail be filed before it’ll release a domain. Large numbers of readers keep reporting that they were denied a transfer without ever receiving VeriSign’s e-mail requesting the confirmation. And now would-be transferors are encountering another obstacle in the company’s maze of error-prone procedures.

A number of readers who tried to transfer a domain a few weeks before it expired have recently received the same rather puzzling message denying the transfer. The message, which always seems to be sent the same day or the day after the current registration with VeriSign expired, informs the recipient that the transfer was denied because “the domain name is beyond the record expiration date” as of that day. To transfer the registration, “the domain name must be in paid status,” meaning that the customer has to pay VeriSign for another year and then file the transfer request again with the customer’s chosen registrar. How can VeriSign claim the domain is unpaid when it clearly had a valid registration a day earlier? Why, if the domain has expired, does it not just revert to being a name that is eligible to be registered with anyone?

What’s particularly disturbing is that some of the recipients who called VeriSign to complain were told that the transfer was rejected because they did not give the company 30 days termination notice as required by VeriSign’s service agreement. A VeriSign representative denied the company requires 30 days notice for a transfer, but his only explanation for the message was that many factors can lead to a rejected transfer under ICANN-established policies.

I suppose it’s true that VeriSign is not actually requiring 30-days notice for all transfers, because if it always did there would be virtually no transfers. But it’s disquieting that VeriSign personnel would cite such an obscure term from their service agreement. (Interestingly, parts of the service agreement that relate to domain registration are still pointedly written to be governed by Virginia law, rather than the laws of California, VeriSign’s home state. And we know what Virginia law includes: UCITA.) The monopolist legacy of Network Solutions won’t end any time soon with that kind of attitude.

So what can be done about VeriSign? I wish I knew. As we can see, voting with your feet by going to another registrar isn’t always permitted. ICANN has always seemed to be more ICANN’T when it comes to reining in VeriSign’s abuses. The same could be said of Congress and the entire domain registration system it has created. So you tell me — is there anything to be done about VeriSign, or should I just give it up?