Verisign Sending Deceptive Domain Renewal Mail?

General_Corto writes: "Declan McCullagh's PoliTech list just forwarded a message detailing how Verisign is sending letters to people who own domains through other registrars, attempting to make them change registrar on renewal. Looking at the letter it is very unclear that you are signing up with a different registrar. Sneaky games are being played."

"Trust is the foundation ..."

[wardbekker]

Yep, taken from the Verisign homepage:

" Trust is the foundation of every human relationship "

They probably forgot the *: Only applies when you owe us money ;-)

Reminds me of "slamming"

[Mnemia]

This strikes me as a similar, albeit different, tactic to what is known as "slamming" in the phone industry. It was once a common scam for the shadier long distance providers to change your carrier without your permission or consent; the practice was (I believe) outlawed in the 1996 Telcommunications Act (correct me if I'm wrong). This is slightly different because they are just being deceptive about gaining consent, but it does seem similar. Wonder if Congress will step in on this type of practice as well?

Not sure that's the best idea, but it will probably take Washington 10 years to notice this anyway and by then there won't be any players but Verisign left anyway.

"Interland" does this as well

[Evro]

My girlfriend got a "DOMAIN NAME EXPIRATION" notice from Interland. It said something to the effect of "if you don't renew now, you may lose your domain!" The problem is, she registered it through Network Solutions. NetSol must have taken notice of this and thought it was just a fantastic marketing technique.

I registered several through GoDaddy, by far the best one I have ever used, and Godaddy sent me a "warning" notice that Verisign is sending out these deceptive messages, and suggesting we write to icann about them...

---------- Forwarded message ----------
Date: 22 Mar 2002 20:52:05 -0000
From: service@godaddy.com
To: xxxxxxxxxxxxxx
Subject: A WARNING TO OUR CUSTOMERS

Please be aware that Verisign, Inc. (formerly Network Solutions) is sending via the US Mail, what we believe to be deceptive and predatory domain expiration notices.

The purpose behind these notices is to get the unsuspecting customer to transfer to and renew their domain name(s) with Verisign Inc. at significantly higher prices.

The domain expiration notices are designed so that it is not obvious that the notices are from Verisign, Inc. as opposed to Go Daddy Software. To see a copy of one of these deceptive expiration notices, please go to the following URL: http://www.godaddy.com/gdshop/private_vsrn.asp?dis play=letter.

Those customers who fall prey to the Verisign, Inc. scheme will have their domain name(s) renewed at a price more than 3 times higher than would be the case if they renewed with Go Daddy Software.

For a .com, .net or .org domain name renewal, the victimized customer would pay $29.00 to Verisign, Inc. instead of the $8.95 charged by Go Daddy Software.

Those customers who fall prey to this scheme, will not receive any better service or value. They will however be tricked out of $20.05 per domain name.

Renewal notices from Go Daddy Software are sent via email, and always mention the Go Daddy name. You can be sure that any communications you receive concerning your domain name that do not explicitly and obviously display the Go Daddy name are not from Go Daddy Software.

If you believe, as we do, that this practice of Verisign Inc. is misleading, predatory and improper, we invite you to make your feelings known by writing to ICANN (who is the governing body for all Registrar's and Registries) and to Verisign Registry. Email links for both are provided below.

Sincerely,

Bob Parsons, President
Go Daddy Software, Inc.

ICANN Registrar Complaint Form (hosted at InterNIC)
http://www.internic.net/cgi/registrars/ problem-rep ort.cgi

VeriSign Registry Customer Service
info@verisign-grs.com

Good reason for whois server changes

[Leme]

I really can't think of a good technical reason that I need to see the expiration date and other information off of the whois servers. Only information I really care about is the DNS servers and the admin/technical contact.

They should make the whois servers not give this information so other companies can use it as their own personal sales list.

I just recieved one.

[mesach]

But since my domain isnt registered with NSI, im going to send it back to them no postage necessary, and im going to write on it in magic marker "NO WAY IN HELL"

maybe ill add a few washers, since they pay by weight of the letter, thats what i suggest, hit em where the investors feel it.

Others do it as well

[iammichael]

I've gotten numerous letters from various registrars trying to get me to renew with them. None of them were very straightforward about the fact that they weren't my current registrar. Luckily, I know better (what's weird is that my domain is registered for the next 10 years, and some registrars still think it was expiring this year).

On a slightly related issue, I got a phone call a month or so ago from "The Domain Support Group". They tried telling me that since I owned a .com domain, I had early access to a .info or something like that. They repeatedly implied that they were just a support group calling, and not a company named "The Domain Support Group".

Paraphrasing a bit...

Who would be the registrar for the domain?
"We would be"

And who are you?
"We're your friendly Domain Support Group"

So you're not my current registrar?
"We're the domain support group".

Are you the same company as my existing registrar?
"Uh, no."

Yeah... so, I filed a complaint with the FTC.

Re:Nothing new

[hey!]

It's hard to beleive that the revenue from domain owners they manage to trick is worth more than the damage to their brand. First of all, people will make that mistake only once. Secondly, as the number of people who associate Verisign's name with skullduggery increases, the trust that underlies their certificate authority business will evaporate. Granted, this trust is more by default than anything else -- people don't know enough not to trust. But this is all the more reason not to blow it. There was never a monopoly built on such a flimsy foundation.

Not the only way Verisign plays dirty...

[thesolo]

Things like this are exactly why I no longer use Verisign/NetSol as my registrar. However, unfortunately this not their only dirty trick.

Aside from this, which is very similar to long-distance carrier slamming, Verisign also has a nasty habit of holding onto domains/not allowing customers to transfer their own domains. I know several people who were forced to wait for MONTHS for Verisign to finally go ahead and transfer their domains to another registrar, and that was only after repeated calls to them. Verisign's own transfer process was completely ignored, in the hopes of squeezing another $35 out of the billing contact.

Verisign also uses deceptive overbilling; if you register a domain with them for a year, come renewal time, they will send you a renewal bill for $70 or more! Of course, only in the very fine print do they tell you that it's $35 a year, so they are trying to make you renew for 2+ years. Yes, you can select 1 year, but they should not default to 2 years unless you previously paid for 2 years. It is very carefully worded to make it look like you actually owe them $70+.

Lastly, they make it ridiculously tough to modify your own contact information for a domain. I had a domain which was registered in my name, and with an email address that was now expired. So, you have to fax them a paper requesting a change of email address. Fine, no problem there. However, I had to send them nine faxes before it got changed. I would call to followup the fax, and they would repeatedly claim that it was never received. It took over 3 1/2 months for me to get an email address changed on a domain contact!! Of course, if you sign up for their expensive premium services, it only takes a day; glad to know where regular customers stand with Verisign.

I recommend that anyone who does use them to switch elsewhere. A company like Verisign/NetSol does not deserve our business.

Absolutely

[clark625]

I own a house. For those of you not fortunate enough to understand what that means, consider your average junkmail that you receive now in your rental house, apartment, whatever. Multiply that by roughly 15.

This letter may be somewhat deceptive. So is every other friggin' piece of mail in my mailbox right now. Most people do the same thing with all such letters--they throw them out. But, like always, there is a sucker born every minute who will just plop down the credit card number and send the thing in. That's the ropes, folks.

When I looked at the letter, I saw Verisign's name immediately. I also noticed that you are signing for "renewal and transfer authorization", not just renewal. Sure, this might not say explicitly that you're going to change registrars... but there's a heck of a lot of fine print near the bottom that I can't read. My guess is that everything is spelled out there very clearly--to the person who cares to read it anyways.

Sorry folks, that's life. There's enough stupid people in the world who fall for things like this to make it economically worthwhile. Maybe next time get mad at the people dumb enough to sign things without reading--cause it's really their fault in the end.

So how is this different...

[Jace+of+Fuse!]

So how is this different from the mail I got from several other Registrars?

I just now sorted through this month's mail, did my bills, and threw away a ton of junk. In my sorting, I had TWO paper mails from other registrars telling me that my domain was about to expire and that in order to keep them I had to re-register them. Well, guess what? I'm registered with Verisign, but both of the letters were from other Registrars. One of which was Registrar of America (or something like that). They're both in the trash now, but the point is, Verisign isn't the only one guilty of it.

Re:But how did they get the addresses?

[SuiteSisterMary]

Never done a 'whois' lookup, have you?

Re:it's a

[Da+Schmiz]

Scams through the Post Office are punishable under mail fraud laws.

See: http://www.usps.com/postalinspectors/fraud/MailFra udComplaint.htm

As for unsolicited postal mail, this search at Google will get you started.

Re:Nothing new

[letxa2000]

I agree. I used to have my domains registered with VeriSign. About three years ago we switched all our domains to Register.com. The switch went without a hitch and even doing a whois at NetSol shows the correct registar.

However, without fail we get invoice after invoice from Network Solutions with letters saying if we don't pay we will lose our domain. Duh...

They might not be the only one, but it is very deceptive. I think they send it so comapnies who have an A/P department see the low-dollar bill ($35/$70, whatever) and are allowed to pay it without authorization. Little do they know that they, by paying it, authorize NetSol to transfer the domains of their organization back to NetSol.

Bad, very bad. Kind of like an invoice I once received from somewhere in Europe for something like $1395. It was for being placed in some business directory. What? Obviously they were just fishing. It doesn't cost anything to send invoices and, who knows, someone might actually pay. All you have to lose is postage.

it gets worse - hosting companies getting burned

[mkbz]

i worked for a large company (read: s&p500 listing) that, as one of their services, did web hosting for small businesses - handling the domain registration and renewal internally. boy, did we start getting angry phone calls when people thought their domains were going to expire (and we weren't going to renew them inclusive to their contract/fee.)

doesn't internic have a policy of conduct for domain name registrars? i seem to remember there being a lot of concern when they broke the netsol monopoly that the 'alternatives' would provide poor customer service and business ethics. who's the pot, and who's the kettle NOW?

A lesson in POSTNET barcodes

[intuition]

If you look at the image of the letter you will see that they blocked out the address, but not the postnet barcode.

To my eyes the POSTNET barcode looks like this to me : (where t represents a tall bar and s a short one)

t ttsss sstst sstts stsst tssst ssstt ssstt sstst ststs sstst ststs tssts t

This decodes into 0 2 3 4 7 1 1 2 5 2 5 8.

which is ZIP+4+2: 02347-1125-25 Checksum 8

The way the POSTNET checksum value is given by (10-((Summation of all digits) Mod 10)). The total of our digits 02347112525 = 32... (10-(32 mod 10)) = 8. The checksum is valid and our decoding is probably successful.

Next step... head to the usps website to find that 02347 is in Lakeville, MA. Mind you, a ZIP+4+2 code in most cases is a unique address. However, the USPS is not going to make this easy for us.

Lets try our friend Google instead... searching for 02347-1125 give us the personal web site of Steve Douillette.

But how can we be sure that this is the letter Mr. Douillette recieved and diligently forwarded to godaddy to warn other customers? I wonder where Steve registered his domain name steve-d.com.

If you want to be anonymous, please be careful with what you post online.

This is illegal. See 39 USC 3005

[Animats]

It's illegal to send out a solicitation that looks like a bill. And the rules on that were tightened up recently. See the relevant sections of the postal regulations. There are some very specific requirements on sending out stuff that looks like bills. Like "THIS IS NOT A BILL", in 30-point type. See below.

• Any otherwise mailable matter that reasonably could be considered a bill, invoice, or statement of account due, but is in fact a solicitation for an order, is nonmailable unless it conforms to 1.2 through 1.6. A nonconforming solicitation constitutes prima facie evidence of violation of 39 USC 3005. Compliance with this section does not avoid violation of Section 3005 if any part of the solicitation or any information with it misrepresents a material fact to the addressee (e.g., misleading the addressee about the identity of the sender of the solicitation or about the nature or extent of the goods or services offered may be a violation of Section 3005).
• 1.2 Required Disclaimer
  The solicitation must bear on its face either the disclaimer required by 39 USC 3001(d)(2)(A) or the notice: THIS IS NOT A BILL. THIS IS A SOLICITATION. YOU ARE UNDER NO OBLIGATION TO PAY THE AMOUNT STATED ABOVE UNLESS YOU ACCEPT THIS OFFER. The statutory disclaimer or the alternative notice must be displayed in conspicuous boldface capital letters of a color prominently contrasting with the background against which it appears, including all other print on the face of the solicitation and that are at least as large, bold, and conspicuous as any other print on the face of the solicitation but not smaller than 30-point type (see Exhibit 1.2).
• 1.3 Surrounding Matter
  The notice or disclaimer required by this section must be displayed conspicuously apart from other print on the page immediately below each portion of the solicitation that reasonably could be construed to specify a monetary amount due and payable by the recipient. It must not be preceded, followed, or surrounded by words, symbols, or other matter that reduces its conspicuousness or that introduces, modifies, qualifies, or explains the required text, such as "Legal Notice Required by Law."

If you get a solicitation that looks like a bill, and you don't see those disclaimers in huge type, contact the U.S. Postal Inspection Service.