the special sauce writes
"A few months back, our customers (we run a regional ISP) started receiving deceptive domain renewal notices from Verisign and Verisign partners such as Interland. A couple of our customers temporarily lost their domains in the process as the registrant, contact information and hosting company was all changed. Yesterday, I received an e-mail from a customer. He was forwarding a "reminder" e-mail he had received. It was an SSL certificate "renewal" notice from a UK company, Comodo. It instructed him to "upgrade" his current certificate (issued by Equifax) before it expired." More information on this charming practice follows...
the special sauce Continues:
"For those who don't know, Equifax was just bought out by GeoTrust, who offers a QuickSSL product. Comodo's e-mail was advertising an "InstantSSL" product, which I myself mistook for the GeoTrust product on first reading the e-mail. When I realized my mistake, I contacted Comodo and inquired as to their relationships with Equifax and GeoTrust and how they came by my customer's information. The response: "We have no relationship with Equifax or GeoTrust. The information on a certificate is public information which we have used to inform this company that they have an option when they come to buy their certificate." My interpretation: Comodo is harvesting contact information from certificates in bad faith, to market a competing product. Furthermore, I think they have targeted Equifax customers because the company was just bought out. In any buyout, confusion exists as to the "new" company's identity. I think they are offering a product whose name is confusing similar to a GeoTrust's product. The language in their e-mail does everything possible to obfuscate the fact that they are not affiliated with Equifax, encouraging customers to "renew" and "upgrade" their certificates. In reality, if my customer had clicked the links in the e-mail, he would have been purchasing a new certificate from a company with which he had no previous relationship.
So I ask, is this not cert slamming? I don't expect this to be as big a problem as Verisign's domain slamming: we simply host less certificates than domains so it is easier to warn all of our customers with secured web sites. Nevertheless, I've reported the practice to the FTC."
Slashdot Mirror
test post, please ignore.
Malike Bamiyi wanted my assistance.
Verisign is not "a good company." It is, other than one particular tow-truck company, the worst company I have ever done business with, or had to deal with in any other way. Over that last six years, I have never had what I would call a good experience with them. Each and every one has been annoying, agonizing, and more time-consuming than necessary.
I don't care what your internal view of the company was like. From the outside -- which is what counts to us consumers -- Verisign and Network "Solutions" suck. There is no two ways about it.
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
As a Verisign customer (still - against my will) - I'll say they have the absolute worst customer service I've run across on the web.
My domain was slammed over to Verisign. Called my old registrar to ask what was going on, they said it'd been transferred, so I called Verisign. They first told me that my registrar had been bought by them - complete fabrication. To retrieve my new "customer ID" and password, I had to fax something in to them (why not just send it to my registered e-mail address?) and wait 2 weeks.
By now I was thinking "oh yay, I can transfer away now". But no - even though their WHOIS records say that the domain expires in March 2004, they rejected my transfer because it had "already expired". I'm still trying to get it back and am thinking I'll have to sue them.
So, as a short response to Do you even know what you're talking about? - the answer is "yes, we do - Verisign sucks ass".