Boycott - a refusal to have dealings with an organization in order to express disapproval

A boycott against VeriSign

Thawte / Network Solutions / VeriSign have had a long record of poor customer service. We thought we had gotten away from them when we switched to another service provider, but then they starting abusing their role of registrar by their data collection practices. The role of registrar should not be handled by a for-profit company. They chose to sell Internet usage data from registrar without permission from the users and the users also have no way to opt out.

When VeriSign abused their position as registrar by routing all 404 errors to a page where they sold advertisements. This was a unilateral decision that they made without consulting with the users and oversight organizations. Even when the Internet community became outraged by their behavior, they refused to listen to the users and even defied the orders from ICANN to stop the hijacking of Internet traffic. The software developer depend on accurate error messages and users must comply with all accepted protocols in order to protect interoperability between servers. VeriSign decided to take over error traffic by force which broke millions of software applications. They only put things back to normal after they faced serious litigation from the community they were supposed to serve.

Here is our request to ICANN to strip the registrar privileges from VeriSign:
Letter to ICANN - read online or Letter to ICANN - PDF

Background

We strongly support the boycott against VeriSign (NASDAQ: VRSN) / Network Solutions!
We were outraged when VeriSign abused their position as central domain name registrar by placing "wildcard" entries into the .COM and .NET domain name servers (DNS) which redirected all Internet traffic to their web site for commercial purposes. The following is a quick description from the ICANN Advisory Concerning Demand to Remove VeriSign's Wildcard:

On 15 September 2003, VeriSign unilaterally instituted a number of changes to the .com and .net Top Level Domain zones, including the deployment of a "wildcard" service. VeriSign's wildcard creates a registry-synthesized address record in response to lookups of domains that are not otherwise present in the zone (including reserved names, names in improper non-hostname format, unregistered names, and registered but inactive names). The VeriSign wildcard redirects traffic that would otherwise have resulted in a "no domain" response to a VeriSign-operated web site with links to alternative choices and to a search engine.

Just a few of their registrar contractual violations:

• Violation of the Registrar Code of Conduct
• Violation of Equal Access Provisions
• Failure to comply with the obligation to act as a neutral registry service provider
• Failure to comply with the Registry Registrar Protocol
• Failure to comply with domain registration provisions
• Provision of an unauthorized Registry Service

What makes the actions of VeriSign even more repulsive is the fact that they refused to voluntarily suspend their new "service" even after repeated requests from ICANN and numerous advisory boards, and an overwhelming negative community reaction. It was only after ICANN gave them a stiff legal deadline that they decided to take the appropriate action to disconnect their service. This type of behavior from a domain name registrar is inexcusable, inappropriate, and displays a level of greed that can not be tolerated. The central domain name registrar is supposed to be a neutral entity.

We have written ICANN and requested that VeriSign be immediately relieved of their duties as a domain name registrar:

What's the Big Deal?

What if every unused telephone number was forwarded to a commercial entity and any time you dialed a wrong number you reached the sales department of that company? This company would have a marketing advantage that would be very unfair to its competitors. The actions that VeriSign took are very technical; but with above simple analogy you can clearly see the unethical business practice. Giving VeriSign this power is unfair to search engine companies who would not have the same privilege. It is also unfair to other domain name registrars, because the central registry is no longer a neutral entity.

What about people who pay for their Internet access usage (such as cell phone users)? A mistyped URL would normally result in a short "Domain Name Not Found" error message - but with the VeriSign "service" the user will now be charged over 17 times the bandwidth because they would receive an HTML page full of advertisements.

The most direct impact it had on our company was that this "service" broke our SPAM filtering software. When an email is received by our corporate email servers, the sending domain is checked to see if it is valid. If the sending domain name was fake, then the message was rejected without being processed. With this "service" in place, all domain names are now seen as valid so the number of unsolicited commercial messages we receive has dramatically increased.

There are numerous other technical issues that are described in great detail in the ICANN reports (see the link below).

Our Letter to VeriSign / Network Solutions

Submitted via their Feedback page on September 24th, 2003

My company aggressively fights SPAM, and to prevent email forgery our software verifies that the sender is coming from a valid domain name. If the domain name doesn't exist, we reject the email without processing it. If the domain name does exist and the message is unsolicited, then we use the sending domain as a starting point for liability.

Since your company is now taking responsibility for all unregistered domain names, I can only assume that you also accept the liability for them.

Please send me the address to your accounts payable department so that I can bill you for my time and expenses as a result of your actions.

When you launched your site finder service, you abused your power as a domain registrar.

I strongly encourage you to comply with ICANNs recommendations that you immediately suspend your "service." Not only are you facing numerous legal actions, but (more importantly) you have lost the trust of your existing customers.

We received an email response from their technical support team which referred us to their FAQ web page. This was useless, because it did not answer our technical question and they also failed to give us their billing address that we requested. Not very good customer support!

What Can We Do???

We suggest using GoDaddy.com for all of your domain needs. We transferred each of our domains to them for less than $8 each, plus we got a 1-year extension on each name! They are a member of the Better Business Bureau, and have a very good rating. [We have no affiliation with this company, other than being a very satisfied customer]

Write ICANN to voice your opinion.

We applaud ICANN on their quick response and their objective report on the seriousness and immeasurable impact of this "service"!

VeriSign Boycott News Links

Information Page: VeriSign's Wildcard Service Deployment
Advisory Concerning Demand to Remove VeriSign's Wildcard
Security and Stability Advisory Committee Recommendations Regarding VeriSign's Wildcard Service (22 September 2003)
VeriSign Reponse to ICANN Advisory Concerning Development of DNS Wildcard Service (22 September 2003)
IAB Publishes Commentary Highlighting Architectural Concerns on the Use of DNS Wildcards (20 September 2003)
Advisory Concerning VeriSign's Deployment of DNS Wildcard Service (19 September 2003)
CNET News article

From the BoycottVeriSign.com site (this site went down on 10/25/03, not sure why):
Boston.com
The Inquirer
Macworld.com
New York Times
Outlaw.com

VeriSign Boycott Websites

BoycottVeriSign.or
VeriSlime.org
BoycottVeriSign.com (BoycottVeriSign.com went down on 10/25/03, we are not yet sure why)

VeriSign Lawsuits

There are already many lawsuits pending, including a federal lawsuit requesting class action status. Forbes: An Internet search company filed a $100 million antitrust lawsuit
Go Daddy sues VeriSign

A Pattern of VeriSign Misconduct

Federal Trade Commission get Permanent Injuction against VeriSign for Deceptive Marketing Practices

We checked with the Better Business Bureau at BBB.org: VeriSign is not a member and has an unsatisfactory record prior to this latest incident.

Based on BBB files, this company has an unsatisfactory record with the Bureau. Specifically, our records show a pattern of non-response to consumer complaints brought to its attention by the Bureau.

Much concern has been expressed by the Internet community for many years regarding VeriSign behavior:
CNN article from April 2001
CNN article from March 2001

VeriSign is also a very large Certificate Authority (CA) [the certificates that make SSL secure communications possible] which makes us nervous. We're waiting to see if any action is taken in the CA arena....

VeriSign and Network Solutions are registered trademarks of VeriSign, Inc. (NASDAQ: VRSN)

Back to Boycott List or Back to Main Menu