VeriSign Looks At Earning Money on Domain Typos

Harald Paulsen writes "In a recent article Computer Business Review uncovers how VeriSign Inc is testing a service that would return a webpage if a user mistypes an URL. Basically all nonexistant domain queries could return an IP address and if the user was trying to access a page with a webbrowser they could get redirected to a search-engine, or worse: a page asking them to buy a domain. This is most certainly breaking the DNS standard and could be compared to cybersquatting (Hey Ford, want to have a banner ad whenever someone mistypes Toyota?). This is interesting in relation to an earlier story about register.com and holding-pages."

Typical Verisign/Network Solutions crap...

[LinuxMan]

So not only do they spam us, reserve weird rights to our domain names, and cybersquat, but now they are doing this. It is really too bad there is not some kind of ICANN policy against this type of thing... Then again, ICANN is made up of a bunch of organizations like them anyway, so the whole thing is corrupt.

Code and Other Laws of Cyberspace

Re:Typical Verisign/Network Solutions crap...

[Lehk228]

Want to know a Secret.... The only reason ICANN and Verisign have any control is that people agree to use them as the basis for DNS, anyone who wants to could set up a network of DNS servers with names identical to those that exist on existing DNS servers that point to totally different websites and there would be nothing illegal about that.

Re:Typical Verisign/Network Solutions crap...

OK, I agree with you on ICANN. Totally gamed, and totally flawed.

Vint Cerf of ICANN said "this will break the internet" in the Wall Street Journal tech section last Friday.

Paul Mockepetris, author of the actual RFCs on DNS, completely says the opposite.

Do you trust fact from a person who is technically clued and directly involved in the actual technical function such as Paul, or do you go with the ivory tower opinion of 'the father of the internet' Vince?

This is a no brainer on who to believe about this being something bad or good.

Re:Typical Verisign/Network Solutions crap...

[CaptnMArk]

Anyone have a dns->Google: I feel lucky mapper?

Re:Typical Verisign/Network Solutions crap...

I propose that if they follow through with this, open DNS software implements a Verisign filter such that replies to domain requests which return IP-addresses from Verisign are modified to return errors instead. Except for legitimate Verisign addresses, this would restore the standard behaviour. Politically correct people could allow Verisign domains to go through unmodified, but I would certainly count on the punishment factor of treating them as just another non-existent domain.

Re:Typical Verisign/Network Solutions crap...

[NickFortune]

Yes, but how do you know they've been modified?

If the software already knows the correct resolution then it doesn't need a DNS service. If not, it has to trust them to return the proper values.

If they decide to return paid pages for each and every typo, how do you tell their "corrections" from proper DNS resolutions?

Anyony fancy a sweep? How long before someone decides that the correct spelling of "Linux" is W-I-N-D-O-W-S?

Re:Typical Verisign/Network Solutions crap...

The returned address records could be used to distinguish between results which have been generated on the fly and results which are registered domains: If they always redirect you to a search engine, then sanitize all replies which contain addresses from the search engine's pool. This of course only works if they don't send you directly to a variable site based on the domain you entered. The NeuStar tests redirected to a search engine.

Re:Typical Verisign/Network Solutions crap...

[NickFortune]

The problem dosen't lie in them directing me to some cheesy gateway, the problem lies in them directing me to something that looks like what I wanted but isn't. Unless there's a "typo-corrected" flag on the returned DNS entry then I don't see how I can detect the change.

Even if such a flag exists, I'm not sure I trust them to honour it once a scheme like this starts generating revenue for them. They could morph their business from service provider to internet censors overnight. That'd be a popular movce in certain corporate and governmental circles.

Re:Typical Verisign/Network Solutions crap...

If a typo directly leads to a competitor's server, the trademark law issues are obvious. I think I can hear the corks pop in law firms everywhere. It would effectively be identical to someone exhaustively registering the codespace around other domains (aka cybersquatting extreme) at a discount. The one thing which has been tried (redirecting to a search engine) is detectable, the other way unleashes the lawyers.

Re:Typical Verisign/Network Solutions crap...

[NickFortune]

That's not how they'd use it.

They'd leave the big boys. the ones with the atack lawyers, alone. On the other hand, if you were a small company who'd have difficulty fighting the battle in court, they might accidentally misclassify your domain as a typo BullyCorp Ltd and wait to see if you noticed.

And if, god help you, you were a private citizen who happened to be saying something unpopular, well the cahnces of an administrative "error" would go way up. And if you didn't like it, you can go to court. Assuming you have the time and money that is.

Not that I'm cynical or anything...

Re:Typical Verisign/Network Solutions crap...

[dwsauder]

All your domains are belong to us!

Re:Typical Verisign/Network Solutions crap...

[lightspawn]

I propose that if they follow through with this, open DNS software implements a Verisign filter such that replies to domain requests which return IP-addresses from Verisign are modified to return errors instead.

Or maybe they should return the address of a web site exposing verisign's business practices?

Re:Typical Verisign/Network Solutions crap...

I have gotten similar behavior for some time (first it was a page from national.net, now it's moniker.com, both for actual typo-ed URLs and sometimes for legitimate sites as well. I'll get a page telling me that the site I typed is registered with them and inviting me to register my own name.

Re:Typical Verisign/Network Solutions crap...

[42forty-two42]

You'd think someone would have done that by now...

Re:Typical Verisign/Network Solutions crap...

[$javamaniac]

That is a great idea. But I think that with the advent of IPv6 we should, as a community, take the opportunity to take back the network. The concept underpinning the internet is the absence of centralised control. And while we're at it, we need a root certificate issuer that isn't corporate. How about parts of the keys being held in separate countries just to keep it well out of the clutches of any jurisdiction?

You can't cybersquat....

...when there is nothing to cybersquat on. One must actually buy and have an actual domain registered and functional for cybersquatting to occur.

Re:You can't cybersquat....

[dhwebb]

The issue is that all unused domains to come to a versign ad basically. What about the other registrars that you could register through. This seems like a mis-use of power.

Re:You can't cybersquat....

[Dark+Nexus]

EXACTLY!

As soon as someone registers the page and points it somewhere, the DNS listing for that address would take over from the typo-redirection.

Re:You can't cybersquat....

[Otter]

But that /is/ basically what they're doing. They control the DNS for some key TLDs and essentially setting up typorn sites on all unoccupied domain names.

At least it's better than that frightening site that was/is (I'm not looking) at anazon.com. They had bestiality pictures on the main page!

Re:You can't cybersquat....

[dosius]

Someone I knew accidentally typoed "linc.sourgeforge.net" instead of "linc.sourceforge.net" ...OMG, it rivaled Goatse! Please...Let the Net work as it's supposed to... If there is no site, ERROR OUT!

-uso.

Re:You can't cybersquat....

[Niteshade]

strange that at anazon.com (I looked) now lurks an anti-Verisign website.

Re:You can't cybersquat....

[Jeremy+Erwin]

How many times do I have to say this? Posters, please verify your links before including them in your posts. I was promised bestiality--Instead, I go a link to a "Verisign is a bad company" protest site. At least it's on topic.

Re:You can't cybersquat....

Cyber Squatting is bad thing. It is breaking the Law. If someone parasite on Domain name of others, must be punish by Law. Mary

Re:You can't cybersquat....

[arivanov]

And this exactly why they will get whacked with an antitrust suit by half of the registrars on the planet if they try it. So no real reason to fret about it. Yet...

This is also done with domain suffixes.

[YahoKa]

This is also done when .org, .net, .com, .ca, etc. are confused. For example, Gnome and Gnome

Re:This is also done with domain suffixes.

[Ateryx]

Unfortunately/Fortunately the wonderful people at slashdot have secured www.slashdot.com which switches over to .org as most people know. Better yet, a fellow slashdotter in the name of slashdot precured www.slashdor.org because he was sick of the timeout messages.

Re:This is also done with domain suffixes.

[7759-60784-1-E]

Or, to much more hilarious effect, White House and White House.

Re:This is also done with domain suffixes.

I am proud to say that in my music collection, there are no artists signed with records that are members of the RIAA.

Why the fuck are you so 'proud'? Just be glad that maybe you actually listen to real music, instead of crap.

Re:This is also done with domain suffixes.

What's with all the wwws? http://slashdot.org does the job, and makes more sense (read the whole URL aloud...)

Re:This is also done with domain suffixes.

ok, i will make it say "happy."

I'm confused

[JayBlalock]

VeriSign is evil... Microsoft is evil... AOL is evil... WHO DO I ROOT FOR? I don't know what to say... Um... um... Uh, San Dimas Open Source ROCKS!

Re:I'm confused

Apple. If they break their agreements to say stay out of the music selling business to avoid confusion with another apple that sells music, they are to be given a party, blowjobs and complimentary cocaine. They are a lesser evil, and if we don't celebrate their evilness they will never become a greater evil.

Re:I'm confused

How could you have forgotten to mention the Spurious Criminal Organization.

Re:I'm confused

[mobets]

I'd say root them all, then delete all their files, but that might be a little less than legal...

Oh, root _for_ ... *shrug* good luck.

Re:I'm confused

[MegaFur]

Corporations* are always evil to some degree or another. (Yes, that includes you, IBM--and you too, Redhat (et. al.).) Your mistake was in seeing things as a contest in which you root for some team to win. They're all evil. The only way that we win is to have the really, really evil ones take each other out (if we're very lucky), and try to somehow prevent the other ones from becoming as bad as the most evil ones. It pays to be cynical.

* echo Corporations | sed -e s/pora/rup/ and you will see why.

Oh, and never believe anything you read on slashdot... including this.

Re:I'm confused

I don't think piping text through sed is really a trustworthy source of information.

echo MegaFur | sed -e 's/r/r is a cocksusker/'

Oh wait. maybe there is something to it after all...

Re:I'm confused

[saden1]

Since one is corporate business a sport? I root for the Redskins, I don't root for IBM. Yes, I know professional sports is business, but until I see the IBM executives physically duke it out with SCO executives I ain't rooting for anyone.

Re:I'm confused

[00420]

Yes all companies are evil, yet most of us that know this still continue to buy their products. Doesn't that make us evil too?

Re:I'm confused

[00420]

err... I meant corporations, not companies.

Re:I'm confused

[g0at]

You unintentionally made a great on-point pun.

"Root for" is exactly the key to this issue: if a de facto majority started using alternate root servers (say ones that were administered by a commonly sanctioned, independent, non-profit, sane third party) then Verisign would have no leverage to make this occur.

-ben

Re:I'm confused

Maybe just stupid.

Re:I'm confused

[fuzzix]

Businesses never stop yammering on about competition and worse, how it encourages progress. Business competition often does more to stifle new developments that come from, say, a university or an inventor's shed. It's the scholars, inventors and hackers who enable progress. It's Business that runs new ideas through marketing and management to turn what is potentially useful and interesting into a commodity or a gimmick.
Thing is, often the only way to get your idea out there is by dealing with a competition oriented business who will market your idea and manage your benefits - all in the name of healthy competition, you understand.

Re:I'm confused

[ichimunki]

That seems like a pretty shallow analysis to me. Competition does promote progress. Question is: do we have a level playing field that promotes competition? With the way copyright and patent law work, and with increasing regulation and taxation, I have to wonder.

But of course businesses run their ideas through marketing to see if they'll sell. Unlike the guys at a university, businesses don't have the force of taxation to help pay for their research... if the goods don't sell, businesses lose money. Managers who allow that sort of thing are irresponsible. When a business doesn't do well, people lose their jobs and investors lose their investment.

Re:I'm confused

You're on /., you should know the answer to that: Apple and Penguin computers for Hardware, Apple, RedHat, and SUSE for software, all the game companies except Microsoft ....

Re:I'm confused

Your attempt at being clever is foiled by the fact that you called him a cocksucker. Name calling is a low blow no matter how you do it.

If they wanted to be heroes...

[Atario]

...they'd create a service that sends you to the page you wanted when you mistype the name. Instead, they're out for a fast buck that annoys us. Feh.

Re:If they wanted to be heroes...

[someguy456]

hmm... mod parent up! Hopefully some mozilla or konqueror developers are reading this? Hint, hint...

Re:If they wanted to be heroes...

[weston]

And the funny thing is, they could probably even make some money off of that. Large companies like Toyota and Merill Lynch probably could afford it and would pay for the right to have users taken directly to them. Additionally, Verisign could have a service that guesses close domains built in, giving suggestions to a misguided user while serving a banner ad or two -- or heck, just says "Another service of Verisign".

But that's the problem with modern business thinkers. It's not about providing a service and seeing if you can get paid for it. It's about controlling channels and leveraging that control.

Seriously, I don't even suggest for a moment to anyone I know that they consider using Verisign for anything. They're the antitheses of trust.

Re:If they wanted to be heroes...

[mr_sas]

RTFA "If VeriSign were to offer such a service, it would likely be of concern to Microsoft Corp and America Online Inc, which could stand to lose money, as well as the intellectual property lobby and advocates of adherence to internet standards." If there was something that could be practically be done about it don't you think that AOL or MS would do it?

Re:If they wanted to be heroes...

[Xzzy]

> But that's the problem with modern business
> thinkers. It's not about providing a service and
> seeing if you can get paid for it.

Wasn't this the type of thinking that prompted the entire dotcom bubble? :)

Re:If they wanted to be heroes...

[BiggerIsBetter]

Um, why do it at the DNS level? How about the next version of Mozilla includes a domain name correction? Type ahead does this to some degree, but a dictionary based system should work ok for many sites that aren't in browser history.

Re:If they wanted to be heroes...

[blackeye]

C'mon, someone out there has to see the irony in Verisign being the "antitheses of trust." :)

Re:If they wanted to be heroes...

[I+Want+GNU!]

Yeah, like they can't find the 100 most common typo riddled versions of their domains and afford to pay $500-1000 per year to redirect those.

Re:If they wanted to be heroes...

[ratamacue]

But that's the problem with modern business thinkers. It's not about providing a service and seeing if you can get paid for it. It's about controlling channels and leveraging that control.

That is a direct result of big government, and the overly complex, ambiguous, and exploitable system of law which naturally accompanies big government. People want a piece of the pie because they see others getting a piece, and they want theirs too. Why try to profit by the rules of voluntary association, as the free market requires, when you can simply profit through the force of government?

The solution is not to bake more pie, as government naturally proposes, but to reduce the size of the pie. Only through strict limits on the size and scope of government will business compete on fair and honest grounds.

Re:If they wanted to be heroes...

[Lord+Kholdan]

Um, why do it at the DNS level? How about the next version of Mozilla includes a domain name correction? Type ahead does this to some degree, but a dictionary based system should work ok for many sites that aren't in browser history.

www.eexample.com

I'm sorry dave, you can't go there * Redirects to www.example.com *

I dont want to have to think whether the www.address.com is the DNS version or the version of my ISP is paid to serve or the version my browser gives...

Re:If they wanted to be heroes...

[ultrasound]

Oh my god, you mean they're the anti-trust?

Re:If they wanted to be heroes...

[GavK]

In Modern day capitalist Russia:
3. Profit!

2. Buy Football club
1. ???

Re:If they wanted to be heroes...

[TummyX]

They shouldn't be returning positives for incorrect queries. I bet big companies could afford to properly register the misspelt domain names themselves.

Re:If they wanted to be heroes...

[smclean]

Nah, this would be a horrible thing. If have a website, akol.com, I don't some goddamn window saying 'did you mean awol.com?'

People like you invented clippy..

Comment removed

[account_deleted]

Comment removed based on user account deletion

URL typo's

[someguy456]

Hasn't that happened already? A while ago, I could've sworn http://www.gogle.com pointed to one of those all-in-one search pages usually in place for dot-com busts.

Re:URL typo's

[rolocroz]

That's just by people who register common typos to point to their sites. Another example is homestarruner.com, as opposed to homestarrunner.com.

Re:URL typo's

[schnits0r]

So that's what the real MArzipan looks like, whoooo!

Statistics on mistyping of "slashdot "

[prakslash]

http://slsahdot.org

It is an abuse

[mindstrm]

of a position of trust.

They should maintain the registry from a technical perspective, period.

Re:It is an abuse

[lgftsa]

Judging by the light most people hold them in, it's more an abuse of a position of mistrust.

Inverted Typos

[yanestra]

Hm, how much would it be to make Versisign redirect typos of volkswagen.com on my porn site?

Re:Inverted Typos

[AntiOrganic]

VW-SLUTS.COM

Dirty sluts will bend over backwards for you in a New Beetle! (Of course, they have to, or they can't possibly fit.)

Re:Inverted Typos

[b1t+r0t]

Dirty sluts will bend over backwards for you in a New Beetle!

And if you visit our site before September 30, they'll put an iPod up their {{xx||{{{x[x||{
NO CARRIER

And people trust Verisign?

[Edgewize]

"Paxfire's Sullivan said his company's service is set up so that only web traffic returns an IP address. Domain queries for non-web applications such as email or FTP are dropped or return error messages, he said."

Bullshit. He's lying or clueless, or both. It's not like DNS requests have a flag saying "I'm sending this query for a web page!" My take? They're lying to hide the side-effects of this blatant violation of internet standards from the general public.

Re:And people trust Verisign?

[Chmarr]

IT could very well be that they're saying that queries for www.sometyponame.com will return an IP address, but sometyponame.com will return a negative result.

Re:And people trust Verisign?

[hyfe]

Yes, you are so right.

Nobody receiving a dns query for www.somesite.com would eeeever guess its a query for a web page.

(/me is off filing a patent for a advanced method of determing a DNS querys target, based on advanced algebra comparing a subset of the DNS-query against a pre-compiled list of types. I even have an implentation already, now its just two months of patentwriting remaining:
def advancedalgorithm(url)):
if url[-3:] == "www":
return "webserver"
return "something else"

Re:And people trust Verisign?

[Edgewize]

That's assuming that all websites have www in the name, and those things without www in the name cannot be websites.

In other words, email@www.somesite.com will still go to a bogus IP, ftp to www.somesite.com will still go to a bogus IP, and misspellings of slashdot.org will never be caught.

So... the speaker is still lying or clueless, or both, and trying to mislead people as to the side effects of this system.

I hate it when I'm wrong, but I hate it more when I'm right.

Re:And people trust Verisign?

[gregmac]

IT could very well be that they're saying that queries for www.sometyponame.com will return an IP address, but sometyponame.com will return a negative result.

That's another misuse of standards though. The "www" prefix is just a 'common' way of setting up websites. It's not required. It's no different from any other zone, for that matter.

If Verisign is going to only do these for 'www.' prefixed records, it may be a bit less of a problem, but it's still a problem. Among the things I can think up off the top of my head (I'm sure other people have mentioned these, and there are many more)

• Proxies would be caching extra data
• Web applications (or non-web) that validate user input by checking for existance of a domain are going to break
• For sites that don't have a www prefix, it could confuse users, since they'll see a (different) browser specific error message.
• Obviously, lockin to a certain vendor - suddenly verisign decides who you use for searches, and what happens when you make a typo, instead of your browser settings.

this is just YASTAPTDE (yet another solution to a problem that doesn't exist)

Re:And people trust Verisign?

http://slashdot.org/
ftp www.mysite.com

How is the DNS server going to tell which one is a browser, and which one is the ftp-command to upload my own website?

(mysite URL is just an example, NOT my webpage, which btw. uses rsync over ssh, and not ftp).

Re:And people trust Verisign?

[adb]

VeriSign handles second-level domains. You would ask VeriSign for the nameserver for whatever.com, then ask that server for www.whatever.com. The only way Verizon could do what they claim would be by falsely claiming that whatever.com exists.

Re:And people trust Verisign?

[adb]

Er... "Verizon" should have been "VeriSign" there. Silly me, confusing two dishonest companies that changed their names to start with "Veri" so people would trust them again.

Re:And people trust Verisign?

Don't forget about Verio. ;-) Same boat.

Re:And people trust Verisign?

[dmadole]

VeriSign handles second-level domains. You would ask VeriSign for the nameserver for whatever.com, then ask that server for www.whatever.com. The only way Verizon could do what they claim would be by falsely claiming that whatever.com exists.

That's not true because that's not how DNS works. The full question is always asked of the name server and it returns the best answer it can, which may be a referral to a better server. The root servers indeed would receive a query for 'www.whatever.com' to which they would answer "I don't know, go ask these servers" and return the servers for 'whatever.com', which the client would then ask the same question of.

The root servers could just as easily return an answer instead of the referral.

There is no special-case logic in name resolvers for 'levels' of domain names. They just send the full query to the best-maching server they already know, based on cached and hint data. It's really a brilliantly simple scheme.

Re:And people trust Verisign?

[Chmarr]

Oh... I never meant to imply that I thought this was a GOOD thing. I'm just trying to make sense of the Verisign rep's comments, and figure out WHAT he could possibly mean by 'it'll only redirect web queries'.

Doing the redirect thing on www. domains is the only thing I could think of.

Re:And people trust Verisign?

[Nurgled]

If they were to auto-correct domain typos, they'd have to make the name resolve to an IP of a simple HTTP server which just doles out redirects to the correct domain. If they make it resolve to what they think you meant, cookies will break amongst other things which are tied to domain name. (SSL keys, for example)

For .tv, they've already got this kind of thing, but the server it points at redirects you to a domain purchase page rather than guessing what you meant.

Re:And people trust Verisign?

[Rod.Dorman]

>Among the things I can think up off the top of my head ...

One major issue I can think of is e-mail servers that check if the HELO/EHLO hostname is valid.

It won't take long for spammers to discover that www.bogusdomain.com is a free pass past this test.

Re:And people trust Verisign?

[adb]

Huh. That's news to me; I just assumed that the implementation was consistent with the abstraction. Certainly having the root servers or the TLD servers returning results for third-level domains does not sound right to me: there's a reason DNS has a hierarchical structure, after all.

I've said it before

[toddhunter]

and I'll say it again, 'this internet is stuffed'.
Anyone else have the dream whereby us computer people create a new internet and leave this heap of crap behind for corporate and marketing types to die in?
And whilst we are at it, lets do away with the ISP's and telcos so information doesn't cost anything anymore. Surely we can work something out?

Re:I've said it before

I think that when we build the second geek internet, it will probably ride "under the radar" on the public net. Kind of like a "speak easy" in earlier times.
One would imagine that it would exist mostly in the open but have some kind of "barrier to entry" before you can use it (man geeknet anyone? )

Re:I've said it before

[cying]

Dream? We're already here! You're missing out! Come on over, we'll take care of you. You don't have to worry about all that rubbish anymore. There's no government, no laws, and food and clothing? It grows, it always grows. Just be sure not to go out on your own after dark, and sleep in large groups.

Weena! Don't touch that nice man's machine!

Re:I've said it before

[ChozCunningham]

For the web, It's here
http://freenet.org

and for IRC, here:
http://www.invisiblenet.net/index.php

And I2P is coming, sort of an invisible internet protocol.

Re:I've said it before

[NoMoreNicksLeft]

You're going to hear freenet so much, probably won't notice me. But I'm building an actual IPv4/IPv6 network, not some hyped up p2p on steroids.

Networking geeks build networks at layer 2-4, not layer 7 like some of the other crap out there.

Re:I've said it before

[toddhunter]

Why not have a giant doom 3 map as entry? You login, and it you can't make it to the final gate, you can't get access. It would be fun to run past the dying n00bs as you bunny hop towards the goal ;)

Re:I've said it before

[toddhunter]

those things are great, but they are for the web. I still have to pay my $30 a month or whatever, and I can still be shut down by the government or stuffed around by the ISP if they so desire.
What we need is to break away from the infrastructure we use now so that anyone can acess the internet, for free, whereever they are in the world. Maybe some time of universal wireless connection. Dreaming sure, but we can do these things.

This is already done

Tell me how this is different from IE giving you a "Domain not found" page when you mistype a URL, complete with microsoft search engine, suggested related domains, and an offer to buy the nonexistant domain name?

I've always hated that, especially because it lets MS log every single incorrect URL typed.

Re:This is already done

[puck71]

You change change that screen. See http://www.google.com/options/defaults.html for details.

Re:This is already done

Its different because you can choose not to use IE... if you want to hit a .com or .net, you're gunna be using VeriSign, like it or not

Re:This is already done

[notyou2]

There are numerous known methods for disabling that feature, such as 1, 2, 3

Re:This is already done

[stratjakt]

It's different because if I go to a command prompt, type ping www.domainthatdoesntexist.com, I'll get a DNS error.

Now I'll get a ping from some verisign server?

There's more to the internet than the web.

Re:This is already done

That's probably how they get all those millions of hits that shows them on top of the charts. Otherwise who in their right mind would use msnsearch ?

Re:This is already done

[lurvdrum]

...because suddenly there are no invalid URLs on the Internet. It will break every app under the sun which does simple verification of the validity of alleged domains. How fast can you say "spam"? This looks like a disastrous proposal to me.

Re:This is already done

[ericspinder]

The real difference is that Verislim - who holds the root DNS servers will be able to "have" every unregistered domain for their advertising. And even when someone does register a new domain, a local DNS cashe may hold that Verislim address.

Re:This is already done

[42forty-two42]

IE isn't the only web browser.

Precedent?

[DarkBlackFox]

If precedent is already set as per online advertising through a competitor (think Gator, where it was deemed legal to show pop-ups of a competing company when visiting certain sites, or sites with certain keywords), how would something like this hold up, where it is the user's fault for mis-spelling the intended domain?

If it's legal to pop up competing websites without consent, then surely it's legal to redirect to a competing website when there is indirect consent (e.g. the user types in the erronous address).

Not that it's a desireable thing, just based on past precedent it seems the direction the legal system is heading.

I just thank my lucky stars I don't get redirected to some obscure/spyware infested search engine when I misspell slashdot- just a simple page informing me I've misspelled it, with a convenient number of how many others are afflicted with the same travesty.

Re:Precedent?

[mobets]

I'd like to see the page, what misspelling takes you to it?

Re:Precedent?

[Horny+Smurf]

the gator case is entirely different.

Gator was installed and running *with the user's permission*.

How you agree to have a dns root server show ads?

OTOH, the gator ruling also applies to ad-removing software installed by the user as well :)

Won't someone think of the pr0n?

[worst_name_ever]

I wonder if this will cut down on the number of pr0n sites that register commonly-misspelled domain names... e.g. www.whitehouse.com, www.alttavista.com, etc. (okay, the second one redirects you to the real site nowadays, but you get the idea)

...and, now that I RTFA, I guess this will only apply to unregistered domain names, so as long as the pr0n folks keep registering typo-domain-names, people will still be able to claim they got "accidentally redirected to a pr0n site" when they're caught at work.

try corn.com

see where it went?

Re:try corn.com

[Bill+Dimm]

More importantly, did you see where it bounced you through some jerk's affiliate link before you got there so that he would get paid if you bought anything?

Re:Statistics on mistyping of "slashdot "

[gomoX]

You also have http://www.salshdot.org which is a kind redirect to good ole' /.

Re:Statistics on mistyping of "slashdot "

[cdrj]

What is really interesting is the fact that between the months of March and April, the number of errors increase at least ten fold, for only one moment. Maybe this page was linked to before? http://cricket.asimov.net/index.cgi?target=%2Fslas hdot-misspellers%2Fslsahdot-org;ranges=y

Slahdot.

[Oscar_Wilde]

Thats funny you'd think a portal such as Slahdot would have a big story such as this in their news section....

Re:Slahdot.

I hate netster. OK, so I mistype a domain name. Netster, pops up, redirects me to some lame portal site, and changes the entry in the url to some semi random string. Now I have to retype the damn URL. And, I don't want to buy fucking flowers.

Re:Slahdot.

[Oscar_Wilde]

I know its bad form to reply to your own posts but I was trying to make a joke (a bad one I admit) about mistyped URLs. Maybe my post deserved to be modded as flamebait.....

Anyone tried variations of Slashdot (.org)?

[R33MSpec]

I've tried a couple of variations like slashdto.org and slashodt.org - seems to go to just the types of pages the article is describing.

Re:Anyone tried variations of Slashdot (.org)?

Verisign is not operating .org, that is PIR/Affilias

Did you expect anything less...

[Bloodmoon1]

From the same company that not all to long ago tried a scam to steal away domain names from their initial registrars, and is now being sued class-action style and being investigated by the FTC?

Re:Did you expect anything less...

[Omnifarious]

What, exactly, would you do with an ECM unit, 1000 km fullerene cable (possibly long enough for a space elevator), and tactical nuke?

Re:Did you expect anything less...

[WhiteKnight07]

Hold one hell of a party...

Re:Did you expect anything less...

[Bloodmoon1]

Throw a birthday party for a foreign dignitary, of course. :) Just use your imagination. I'm sure you can come up with some truly amazing possibilites for orbital use of tethered, tactical nukes. Actually, it's a quote from Andromeda. The whole quote is:

"Requested items: One Mark V ECM unit, 1000 km of fullerene cable, one low yield nuclear warhead. Stated purpose: birthday party for foreign dignitary."
--Argosy Special Operations Service requisition form, CY 9512

I think it sums up my general views of how foreign policy should be executed nicely.

more IPs, less domains...

[illumina+us]

With IPv6 on the verge of being implemented, how will this affect domain names? There will be a plethora of IPs but less and less usable domain names to bind to. Unless of course people want to start using stuff like y4h00.com! or 47t4v15t4.com; registering unused domains for comerical purposes is a detriment to the world wide web, and also, forces developing groups to use awkward domain names.

Re:more IPs, less domains...

[Hamstaus]

With IPv6 on the verge of being implemented...

Ha ha! Ah ha ha! Ha!

*wipes tear*

Thanks dude, I needed that.

Re:more IPs, less domains...

[FrozenDownload]

well more ip's less domains, but uh still the same amount of growing users... i seriously doubt that even w/ a ton of ip's people arn't gonna buy domains...even for things like www.portaltomymicrowave.com :)

Re:more IPs, less domains...

My guess would be that some sort of network of links combined with trust built on the semantic web and trust networks will make domain names a bit more arbitrary.

And besides, you can always use purl.org, right?

Re:more IPs, less domains...

[moncyb]

Well maybe this will keep companies/ non-profits/ individuals on IPv4, and they'll start using IP addresses instead of domain names. It would be much easier to type 66.35.250.150 than theplaceyouwant1sslashdot.org, and risk the user typing theplaceyouwantisslasdot.org and getting a search engine or pr0n site--perhaps they'll end up thinking that is the real site...

Now here's why thats stupid....

[geesus]

If they did it for simple mistypes, fine, I can deal with that. But if they non existant domains, it makes network testing a hell of a lot harder. For example, say im connecting to an IRC network thats having DNS problems, I dont want it trying to connect to verisigns webservers. And why let one company have a monopoly on that anyway even if it was going ahead, yea sure the .cx and .tk TLD's have crap like that, but not for .com please

Damn it someone already has slushdot.org

Are they trying to build up a slush fund on the backs of poor typists?

Re:Statistics on mistyping of "slashdot "

[gregmac]

Hm, great example of what happens when you use GUAGE instead of COUNTER.

Flame Design Group

[SHEENmaster]

Root for companies that no one has heard of; it makes you sound cool.

(San Dimas Operations...)

Re:Flame Design Group

[JayBlalock]

There's actually an IT group named San Dimas? I was making a Bill and Ted joke. Funny.

Re:Flame Design Group

[Galvatron]

Um, no, Santa Cruz Organization is SCO, I think he was trying to making a followup joke (SDO).

But yeah, Bill & Ted were great. "Ted my friend, strange things are afoot at the circle-K."

It's already big business

[Superfreaker]

Well, maybe not BIG business, but I know of several people who make a good living from mistyped url's.

If site www.xyz.com has a $10 referral bonus, these people will buy www.xyx.com and do a redirect the poor-typing surfer to the correct wite with their affiliate code included.
I'm sure the /. editorial team alone has filled a few pockets of these people given their typing skillz.

Cool, eh?

Re:It's already big business

amazon.com's affiliate TOS disallows that sort of thing.

Re:It's already big business

[mog007]

correct wite with their affiliate code included. *Typo detected, redirecting Superfreaker to goatse....* *collecting 10 cent hit from goatse...* There, everyone is happy.

AT&T cable -- they already did this

AT&T did this for a while with all unrecognized DNS queries on their cable modem service, about a year ago. You got some junky portal.

Don't you see

[LoneIguana]

You all should stop complaining it's obvious versign is trying to _help_ you: "Like many registries, we're continually exploring ideas on how to enhance the user experience,"

These are the same....

[c1ay]

arseholes that sent me an expiry notice on a domain that I had just renewed for 2 years with my original registrar and had never had it listed with them in the first place. Fortunately my false and misleading notice came in the US Mail so the postmaster was quite happy to take up their fraudulent use of the mail.

Re:These are the same....

[DA-MAN]

I wonder if postmaster@usps.com is the mail administrator of usps.com or the actual postmaster

Because the Internet is not just 'The Web'

[The+Monster]

Exactly. If I try to ping mispel.com, it should give me a DNS error, not create such an IP address out of whole cloth. Beware the temptation to make the Internet a 'smart' network. It works because DNS doesn't know about such things as web browsing. The ONLY place to address this is at the application level. I should be able to configure my browser to go google for the right spelling.

Oh, I already DID configure it to do that. So I don't need this alleged 'service', thankyouverymuch.

Re:Because the Internet is not just 'The Web'

[ePhil_One]

Oh, I already DID configure it to do that. So I don't need this alleged 'service', thankyouverymuch.

For you, I'll arrange a refund of all money paid for this service.

Has nobody noticed other TLD's have been doing this for ages....

Re:Because the Internet is not just 'The Web'

because they don't matter :)

Re:Because the Internet is not just 'The Web'

Which TLD is doing that? Honest question.

Re:Because the Internet is not just 'The Web'

[Richardsonke1]

How about the .cc TLD? http://jlkdfjlasdkf.cc/

They're geniuses!

[cookd]

I can't think of a better way to exponentially increase the number of domains registered. Currently, FooBar company knows that nobody has registered any typo names, and that if anybody does, they can probably get rid of the type names through a lawsuit. Therefore, FooBar registers only foobar.com.

If this takes effect, the story changes. FooBar knows that if any customer makes a typo, Verisign will get to show an ad for Widget.com. The only way to make this go away is to register all of the possible typo names. So FooBar registers every single possible domain name that could possibly be considered close to FooBar. Bad for FooBar. Bad for anybody who wants a domain name (now they will ALL be taken), but good for Verisign.

Re:They're geniuses!

[donnacha]

Mod the above up, this is exactly what they're doing, this will undoubtedly cause a run on variations of existing domain names.

Re:They're geniuses!

[hpmsource]

But, if I can sue FooBar Company for registering typos that closely resemble my trademark, can't I sue Verisign for using typos that closely resemble my trademark? I don't see much of a difference here. I think that Verisign's actions open it up to an enormous number of lawsuits from the biggest companies in the world.

Ugh. No!

[Geekenstein]

You know, this is just going to place a good bit more load on everyone's nameserver, not just the roots. Every request that used to be discarded from NS caches because it didn't exist will now be cached normally as a "good" request. 10-12% more data load might not be much for small DNS uses, but for companies like AOHell and other large ISPs, VeriSign is just screwing them over.

On another note, this would have to be some form of nameserver hack, not a root file hack(correct me if I'm wrong). But not all of the root servers are controlled by Verisign. Are those independant roots going to go along with this? Why should they?

Re:Ugh. No!

[samj]

Good point. A djbdns user myself, I'm not sure how BIND handles wildcards, but presumably the independent roots would have to get behind this for it to work 100%. It wouldn't necessarily matter if they didn't have *all* the roots, but one could argue that the roots should all return the same answer for a given query.

Re:Ugh. No!

[The+Clockwork+Troll]

This also paves the way for a new kind of denial of service attack, perpetrated by a dictionary "attack" on DNS servers with the intent of flooding resolver caches with garbage.

Re:Ugh. No!

[Electrum]

On another note, this would have to be some form of nameserver hack, not a root file hack(correct me if I'm wrong). But not all of the root servers are controlled by Verisign.

This wouldn't be done on the root name servers. This would be done on the .com and .net name servers, i.e. gtld-servers.net, all of which VeriSign controls.

Yahooo!

[cloudless.net]

I made a typo of Yahoo sometime ago, and it worked:
http://www.yahooo.com

Another reason the "R" word?

[release7]

R-r-r-r-regulation! Jesus, when are we going to wake out of the ideological stupor that holds that there's no place for government in a utopia? Despite what your Republican and Libertarian friends tell you, regulation can be a good thing.

Re:Statistics on mistyping of "slashdot "

[ncc74656]

You also have http://www.salshdot.org which is a kind redirect to good ole' /.

Maybe that's just how CmdrTaco most frequently misspells Slashdot...

suddently Verisign gets new insight......

[xxdinkxx]

on how gain a monopoly on the known internet.... and at cut rate prices now they can buy up all remaining domain names... and sell them to their competitors... This domain by up was brought to by Micro$oft your chapter 11... our passion....

More Verisign Shenanigans and Tomfoolery

[samj]

On one hand, Verisign wants us to believe they are sufficiently trustworthy to extort as much as USD1595.00 from us for a handful of 1's and 0's (SSL Certificates), and on the other they expect to be able to get away with the dispicable, annoying business practice of hijacking users' web requests? This is annoying enough as it is with opportunistic larrikins buying up misspelt domains, without the custodian of the database abusing its' position by returning effectively forged replies to queries for domains which do not exist. Reminds me of their recent foray into the domain 'Back-Order Domain Acquisition Service business.

I guess with competitors closing the gap by offering virtually the same thing for a fraction of the price, they must be getting desparate.

Re:More Verisign Shenanigans and Tomfoolery

What you're paying for is insurance. It's a free market, buy from someone else.

Re:More Verisign Shenanigans and Tomfoolery

[samj]

I'll take care of my own insurance with the $1,570.00 change if you don't mind. And then I'll go on a holiday with the change from that.

mistypes an URL

mistypes a URL.

Re:mistypes an URL

... unless of course you pronouce it earl rather than U-R-L

Re:mistypes an URL

I have a question...If you say "a Uniform Resource Locator" why would you say "an unlicensed..."? Is the letter "u" just a weirdo word or something? Or are we used to the improper use of a/an?

Re:mistypes an URL

[TheIzzy]

Phonetically:

Uniform: u = yu (soft beginning)
Unlicensed: u = u (hard beginning)

At least that's how it's pronounced in SoCal.

Re:mistypes an URL

Here's a good guide (look he even avoided Top posting! Oh, the virgin net in those days! How it has been abused by Microsoft!):

Date: Sat, 2 Mar 1996 21:30:59 -0800 (PST)
From: "Clay M. Bond" (bondc@indiana.edu)

On Fri, 1 Mar 1996, M K Rippberger wrote:

> Use "an" when the following word begins with a vowel SOUND:
> a university
> a United Nations proclamation
> an anonymous letter

Let me add to that a quotation from the Chicago Manual of Style, 6.49:

Such forms as "an historical study" or "an union"
are not idiomatic in American English. Before a
pronounced *h*, long *u* (or *eu*), and such a
word as *one*, the indefinite article should be *a*:

a hotel
a euphonious word
a historical study
such a one
*but*: an honor, an heir
a union

---
Clay Bond, Team OS/2
CELT Writing Coordinator, Computer Administrator
bondc@indiana.edu
http://copper.ucs.indiana.edu/~bondc/

Re:mistypes an URL

Ah, yes, that makes a lot of sense. Thanks! =)

It's already being done

[Sneftel]

Ever gone to a site like jdfhawkejrhawk.museum? Same deal. Not that many people would accidentally go to www.slashdot.museum....

MOD PARENT UP!

Oh so true.

that kind of thing should be illegal

[SweetAndSourJesus]

Doesn't that sort of thing violate laws about enticing children to view pornography?

Homestar probably gets a ton of hits from children, and children are most likely to mistype urls.

If they're not trying to get kids, who are they trying to get?

"Think I'll watch some Homestar toons. Oh, wait, porno!"

Re:that kind of thing should be illegal

[stratjakt]

You think some semi-obscure web toon is bad?

What about all the kids in school doing a paper on the white house?

Though looking at it now, they toned down the front page at least. The got a lot of press about it.

Application Breakage

[samj]

I wonder what applications will fall over in a screaming heap if this is implemented? One would have a strong argument against this should it break something important - statistics perhaps?

Re:Application Breakage

If it would be broken before, it would be broken afterwards. I can't see this as a strong point

Re:Statistics on mistyping of "slashdot "

[the_other_one]

hmmmmm...

salsadot.org

Now, I just need to invent a few recipes for hot sauce with caffeine.

It breaks no standard

[FunkyMarcus]

This is most certainly breaking the DNS standard

No, it's most certainly not.

It uses DNS as the means to some questionable ends, but it doesn't break anything.

As a matter of fact, the master file format (which is not the DNS standard as we care about it in this context anyway) explicitly provides for wildcard records.

Watch your location (URL, address, URI, whatever) bar:

See?
Again?
One more time?

Now, what standards have we broken? What's to prevent the web server from deciding what content to give us based on the Host header field we send?

Mark

Re:It breaks no standard

Except those are subdomains. Not domains

Re:It breaks no standard

It uses DNS as the means to some questionable ends, but it doesn't break anything.

An anonymous coward has already remarked that this opens up a DoS attack against the DNS infrastructure - generate queries from a dictionary with the intent to fill resolver caches with junk. I might add that generating names randomly would be more effective, as dictionary words are likely to be registered and would get replies from a cache.

Posting AC as I modded up the original AC....

Re:It breaks no standard

[FunkyMarcus]

An anonymous coward has already remarked that this opens up a DoS attack against the DNS infrastructure

But not a new one. As I've already shown, slashdot (among others) uses wildcard records today. For useless values of [useless], look up [useless].slashdot.com. Practically, this is no different from [useless].com, unless you're close to the 255-character limit.

Mark

Re:It breaks no standard

My money, I'd drop them in a heartbeat.

Diminishing returns

[indros13]

This will seem a little offtopic, but I think the market for misspelling is declining. After all, features like auto-complete in browsers mean that for repeated visits, it's a lot harder to end up at the wrong place.

Unless, of course, you are like me and your incorrect spelling is saved in the auto-complete: damn http://slsahdot.org!

Aren't they already doing this?

[mccready]

Whenever I mistype something with IE, I end up on a page that says 'SEARCH! Info, Jobs, Games, Music....E V E R Y T H I N G !!!'. I was all ready to blame by rat bastard ISP, but I tried ilikekittens.com with konqueror and just got an unknown host error. Fantastic, I guess I have some evil spyware on my win box. On linux, nslookup/dig gives nothing, but on win, nslookup gives 67.96.63.112 for the ilikekittens/rat-bastard-search-page ip. Anyone know what spyware might have done this? If you want to look at it, turn off pop-ups or javascript first, or use lynx or wget.

Re:Aren't they already doing this?

[fordboy0]

A great little (sorta) freeware app that I use(d) on all of my Winboxen (I have officially been COMPLETELY Win-free for about 3 weeks) is Ad-Aware. It can be gotten from LavaSoft's home page. If you are the "just gimmie the goods" type; click here to go to the TuCows download page.
It does a pretty nice job of removing *most* spyware. I actually haven't seen any that it doesn't detect... That is if you keep your refs file updated! (Just like everything else)

Enjoy!

-FB

Re:Aren't they already doing this?

[mccready]

I installed ad-aware, and it did find a lot of junk (mostly cookies, but one odd IE extension), but it didn't fix the problem, so I dug a little deeper. Unfortunately, the cause turned out to be even more sinister than spyware: my own stupidity.

Whenever I setup a machine at home, I always set the domain name to home.net (or, in this case, option domain-name "home.net"; in dhcpd.conf) but I forgot to make the local dns server authoritative for the home.net domain. So what happens when windows can't find a host X? It searches again with X.localdom. So ilikekittens.com turns into ilikekittens.com.home.net, which ds1.domainspa.com is happy to tell me is located at 67.96.63.112.

I didn't have the problem under linux because nslookup there will only retry X.localdom if X contains no periods. (and konqueror seems to ignore localdom altogether)

The interesting question is, why is IE totally unable to lookup hosts sans domain name even if no domain name is set on the local machine? If I strip home.net from dhcpd.conf and the dns host list, nslookup on win has no problem telling me tivo is 10.0.0.7, but IE cannot find http://tivo/ui ??

At least I don't have to see that damn search page ever again.

hmmm...I wonder

[Tumbleweed]

Is Veirsign or Verising taken yet? :)

VeriSign is "Innovating"

[joenobody]

The .cx registrar domains.cx already does this. Try any random thing ending in .cx and you'll get their signup page.

This may be a stupid question..

[SixDimensionalArray]

.. but why would they only forward "misspelled" domain names.. why not EVERY SINGLE combination of letters and numbers that is not being used?? I mean, why not just register a bunch of domain names that might be popular and forward them to advertising pages? That's essentially what they are coming close to doing.

Not to give them any ideas mind you, but it just screams ILLEGAL that they are trying to steal traffic from people's mistakes. That has to have some implications, if not completely violating the notion of standards.

Remember, standards are what made the Internet in the first place, and standards are what keep it ALIVE!

Re:This may be a stupid question..

i'm sure they have stats on the most misspelled dns requests.

Re:This may be a stupid question..

[zangdesign]

Remember, standards are what made the Internet in the first place, and standards are what keep it ALIVE!

Actually, what keeps it alive is funding. Standards provide a method of making sure we are all playing on the same field.

Frankly, I think the standards process is holding back progress (among a lot of other things) by retarding the rate of change. But that's the process, not the actual standards themselves.

Re:This may be a stupid question..

[NickFortune]

More to the point they are stealing my mistakes. My mistakes have value to me.

Without the DNS returning an error for domain-not-found, I can't know if mis-typed. That is error correcting feedback (for me, not the computer) and I want it left on!

This is not an empty channel; this is not an unused resource, and what verisign are proposing is theft.

Not that that should come as a huge surpise to anyone, I suppose.

Verisign abusing its com/net monopoly again

[GeorgeK]

I wrote the following letter to ICANN when it first cropped up:

Hello,

We already have the example of WLS in Verisign abusing its monopoly (and ICANN not stopping this abuse -- see www.stopwls.com).

Planning to monetize all typos by rewriting DNS error codes to instead point to itself (i.e. instead of returning error codes, it will no longer return errors, but instead bring the surfer to Verisign money-making pages) is yet another example of an abusive monopolist. See here:

"Some organizations have shown a propensity to make technical changes happen and then ask for permission later," Afilias's Mohan said. "Given the economics of it, I think that's what will happen here."

Given the huge technical standards that Verisign would be violating, as well as the Intellectual Property and economic issues (e.g. a typo of one letter of your domain name could send a client to a search engine listing your competitor as #1, or worse; John Zuccarini is in JAIL for his typo-squatting!), can someone in the Names Council, or the ICANN Board that has a spinal column please pre-empt this Verisign move by forbidding unilateral action of such a nature by means of a vote of some kind, through the introduction of a motion?

From the comments at ICANNWatch when this abuse last came up, perhaps the way to frame the motion is "gTLD Registry operators WILL return NXDOMAIN for ALL DNS queries for which where there is not a REGISTERED domain name." Period.

Once you start tampering with things at the DNS level, as Verisign is intending to do, you threaten the security and stability of the internet, as I think Vint Cerf properly recognizes (being right at least half of the time; bad call on WLS, but the courts and the US governmet will take care of that one eventually). For a company whose slogan is "The Value of Trust", Verisign makes a mockery of the caretaker role it has been given as guardian of the com/net registries. I trust them as much as I trust John Zuccarini.

If the US government had a problem with Microsoft embedding the Internet Explorer browser into its operating system, what will they think given Verisign has an even greater monopoly when it comes to DNS resolution? The power should belong to the users, who should have the choice (through their own software) how to resolve errors. That's why we have technical standards. Making that decision for them, by BREAKING technical standards and the applications that rely on those standards, as Verisign plans to do, and making loads of $$$$ while doing it, smacks of an abusive father-knows-best monopolist. Verisign is the father you wish you never had! Calling it a "service" adds insult to injury, as they did with WLS, especially when it's a MONOPOLY service, for which one has no choice. When you make a typo for a telephone call, does the 1-800 operator (AT&T, MCI, Neustar?) start playing paid jingles for your competitors, instead of telling you that you misdialled via a message?

Ultimately, folks know Verisign wants to milk every last penny out of its monopolies, and doesn't care who they have to step on to do so. Take a look at Games.TV which shows:

games.tv is available and can be registered immediately for $100,000.00/year

to understand what Verisign's goals are (Verisign runs .tv). Do you think you really own your .com domains? What price would Verisign like to charge you for your domains?? Once they wipe out some registrars through WLS, and other monopoly abuses, who will be left to stop them?

If Verisign is permitted to g

Re:Verisign abusing its com/net monopoly again

George, I clicked on your link and there was a barrage of for profit links and advertisements to click on.

Isn't this some of what you are saying that Verisign should not do?

Eat your own dog food, amigo.

Who are you really a lobbyist for?

Re:Verisign abusing its com/net monopoly again

[GeorgeK]

There are for profit links on Slashdot, too! The big difference, though, between this and Verisign's planned abuse, is that we *pay* for our domain names, via registration. If someone pays their $10/yr, there's less of an issue. I and Slashdot and others aren't squatting on other people's typos using free domains.

Furthermore, as a registry, Verisign isn't a party to UDRP, but instead would be cybersquatting on *all* domain typos, requiring lawsuits by each relevant domain holder for abuse of their trademark rights.

Re:Statistics on mistyping of "slashdot "

[crazyprogrammer]

I went there and click on "cricket graph" but its not working.... I think we slashdotted slsahdot!

Monopoly

[coene]

If NSI implements this, its 100% iron clad proof that they have a monopoly (read: too much control) over the domain name market.

This is not Wildcard in the Root, only com and net

Hopefully this is not another obtuse and clueless posting like many of the other ones I see here.

This wildcarding the zones for COM and NET is just such a simple and fundamentally good idea, I applaud them.

I don't get the argument for this being bad.

How many companies put *.DOMAIN.TLD into their DNS for their zone.

All this does is move the wildcard to the right one dot. Anyone on this list who knows DNS will know that this is not going to break anything.

Don't just take it from an anonymous coward, though . . . Paul Mockepetris' own words from the second article illustrate that this breaks nothing, and it is a feature that has been part of DNS since the original RFC. He should know, he authored it.

Verisign only is authoratative for the COM and NET zones (recently losing .ORG to PIR), and it sounds like that is what they are wildcarding.

Putting Wildcard into the authoratative root zone would make almost any TLD that was nonexistent suddenly work.

Lets be clear, that is not apparently what is happening here. I can't see them mucking with the root unless the Department of Commerce and ICANN direct them them to.

I think that they (V) operate their own Nameservers that are authoratative for .COM or .NET. That would be where the changes would likely happen.

FWIW, ICANN gamed lotto TLD selection process round one winners, .museum have had a wildcard all along, and it hasn't broken a darn thing.

This isnt evil this is brillant business...

This sounds very similar to when MCI bought the common missdials of 1800callatt and directed those numbers to 1800collect. Brillant.

Interestingly enough...

[Akardam]

... neither misspelling seems to be actually registered (no WHOIS information), yet both do indeed resolve. Curiously enough, the first resolves to a Sprint netblock (which in turn is subdevided) and the second to a Verio netblock. What's more is they both resolve consistantly over multiple name lookups. Kinda interesting, if this is an unknown wildcard redirect, that different typos would end up different places. Perhaps this is part of the strategy?

Re:Interestingly enough...

[graxrmelg]

What are you talking about? There's nothing magical going on. Both are registered:

Registrant:
Alvaro Collazo (SLASHODT-ORG-DOM)
Manuel Oribe 2028
Tarariras, Colonia 70000
R.O.U.
+1.7029778198
info@alvarocollazo.c om

Domain Name: SLASHODT.ORG

Administrative Contact:
Alvaro Collazo info@alvarocollazo.com
Manuel Oribe 2028
Tarariras, Colonia 70000
R.O.U.

Technical Contact, Zone Contact:
Alvaro Collazo info@alvarocollazo.com
Manuel Oribe 2028
Tarariras, Colonia 70000
R.O.U.

Record last updated on 23-Jul-2003.
Record expires on 21-Jul-2004.
Record created on 21-Jul-2003.

==========

Registrant:
Joaquin Navarro
Plaza Lizana 6
Huesca, Huesca 45000
ES
0034963527520

Domain Name: SLASHDTO.ORG

Administrative Contact:
NAVARRO, Joaquin rayder@iname.com
Plaza Lizana 6
Huesca, Huesca 45000
ES
0034963527520

Technical Contact:
NAVARRO, Joaquin rayder@iname.com
Plaza Lizana 6
Huesca, Huesca 45000
ES
0034963527520

Record expires on 04-25-2004
Record created on 04-25-2003

Re:Interestingly enough...

[b1t+r0t]

Are you sure you're doing the WHOIS query correctly? The .org domains no longer use the same database any more.

$ whois -h whois.directnic.com slashdto.org

...
Registrant:
Joaquin Navarro
Plaza Lizana 6
Huesca, Huesca 45000
ES
0034963527520


Domain Name: SLASHDTO.ORG
...

Infinite Domains == Infinite Spam

[udoschuermann]

BUY OUR SOFTWARE TO GENERATE 9x10^9999999 TOTALLY FUCKING UNIQUE EMAIL ADDRESSES ON INFINITE NUMBERS OF DOMAINS AND MAKE MILLIONS OF DOLLARS FROM PEOPLE WHO WANT THEIR PENIS ENLARGED. ONLY $99 IF YOU CALL NOW: 1-905-555-1212...........

(groan)

They do realize that any of those domains MUST have a postmaster@... address, yes? Someone's gonna have a field day with that!

Re:Infinite Domains == Infinite Spam

[DA-MAN]

Thats if you are being compliant with standards, but not everyone follows the standards on the internet.

Microsoft could do this already

[Krellan]

From the client side, Microsoft is already collecting every mistyped URL and substituting their own search engine!

In MSIE, a hostname that is not found will be sent to Microsoft. A page will be auto-generated, containing links to similar hostnames, and the Microsoft MSN search engine.

Microsoft is already receiving this information. I'm sure that there is a high commercial value in knowing the exact data on which domains are mistyped the most often! I would be surprised if Microsoft doesn't use this information internally, or resell it to the highest bidder.

Since MSIE is 90% of the installed browser base, I would be very surprised if server-side information on mistyped domains (as Verisign is logging) is very different from client-side information. The client-side information might even be more accurate, due to intermediary DNS servers doing caching of negative results!

Does anybody know for sure what Microsoft is doing with their large database of mistyped domains?

Re:Microsoft could do this already

[the_mad_poster]

The whole point is that it is left to the aplplication to determine what to do with DNS errors. Besides, not only can you prevent this in MSIE through the settings, you could always get a real browser if that started to bother you. It must not bother most people, however.

What Verisign is attempting to do is hijack ALL typos for their own personal gain at the DNS level. That means that unless you start coding to recognize Verisign stupidity, you lose control over handling of the results of a DNS query in ALL applications level code. Not cool.

Re:Microsoft could do this already

[Tin+Foil+Hat]

This is not unacceptable. Microsoft has control over how it's browser interprets error codes, and that's a good thing, regardless of the specific interpretation.

User-agents (browsers) must have control over what happens when they encounter error codes. If yours does something you don't like, you should complain to it's manufacturer (MS in this case) or choose a different product (such as Mozilla). What you should not do, is press for outside regulation. That type of thing merely serves to repress innovation.

What Verisign is doing, however is completely different. They are interfering with the system of error codes that browsers rely upon to properly interpret conditions under which they operate. Verisign wants to change the DNS error code system so that user agents will no longer be able to determine if they have reached a legitimate website or not. That can only have negative effects, regardless of what Verisign claims.

Re:Microsoft could do this already

[Tin+Foil+Hat]

I should add that Verisign's actions could have implications reaching farther than just the world of user agents. This would also affect search engine spidering. It could seriously mess up Googles Page Rank system. Verisign would immediately become the single most popular website due to the fact that so many other websites contain broken links.

Re:Microsoft could do this already

[Reziac]

But in IE, this behaviour can be changed by the user (IIRC, you simply configure it to "never search", then typoes will get you the generic "page not found" which is internal to the browser itself). What VeriSign wants to do will happen no matter which browser or settings you are using, with absolutely no user-control at all.

OT: MySearchNow.com

[i_am_nitrogen]

If you go to mysearchnow.com (don't go there), there's a toolbar that can be installed, and somehow they tricked my parents or one of their younger children into installing it, so now IE has an affiliate-stealing random popup-displaying toolbar always enabled. The toolbar's name in the context menu is always a different random string of letters, so I can't just find it in the registry and delete the file off the hard drive. Ad-Aware did not get rid of it.

Does anybody know how to get rid of the MySearchNow.com toolbar? My parents won't let me reinstall Windows on their computer.

Re:OT: MySearchNow.com

[devnullify]

According to their help page, this program will remove the toolbar. I don't know that I'd trust it though...

VeriSign Joins the Typosqatting Club!

John Zuccarini arrested just a couple of weeks ago for typosquatting! Yes he was pointing miss-typed domains to porn but what about miss-spelt words that are close to trademarks!? Wonder if some thought has been put into this. Hmm... Check this out for what may be ahead for VeriSign...

What about...

[Igmuth]

Ok, they want to redirect sleshdot.org to their seach page. What about goobledegook.slashdot.org (assuming that slashdot didn't have *.slashdot.org in the DNS tables).
Would they redirect that?
Could they rightly do so?

One Way To Fight These Bastards

Assuming that, like me, you are not pleased with Verisign abusing their special position of control over TLD domain lookups to make money from lookups without paying to register them, here's something we can do:

Everybody that wants to join up runs a little daemon on their network that sits there and watches DNS or HTTP traffic going by. From those, it obtains valid domain names which it then permutes into "mistyped" names and performs lookups with a little while later. If an IP is returned, it issues the HTTP query to fetch the "error" page and parses it for a banner to fetch.

Every valid DNS lookup from your network would result in an accompanying invalid lookup a little while later and if an ad was returned, Verisign would serve a banner and whoever was foolish enough to contribute money to this scheme would see no sale as a result. The more the better.

Who ordered a sub?

[yerricde]

From the perspective of a DNS server or client, what's the difference between a subdomain and a domain? Isn't "slashdot.org" a subdomain of "org"?

These are subdomains: sub 1 sub 2 sub 3

Kick 'em hard

[Door-opening+Fascist]

I say if they go ahead with this, ICANN should yank their registrar status. This is in blatant disregard of Internet standard (RFC, good practice, etc.) and should not be tolerated in any way.

Re:Kick 'em hard

[swordgeek]

As much as I dislike the idea, what internet standard are they violating here? Which of the RFCs?

Most of the 'good neighbor' related RFCs relate to excess or inappropriate packets, not actual behaviour.

But,

[Niet3sche]

Hasn't this been going on for a LONG time now? Example: oogle.com and friends. Typically I've seen them go to that god-awful mp3search or whoever that throws up about 20 popups. >|-[ Makes me mad.

Old News

[spacefight]

This is already done with any given .tk Domain. www.alkksjdflksjf. So what? We know that VeriSign is evil, but they are not the only one doing this sh*t.

how to defeat this

[wotevah]

I am sure we will find a way to defeat this "improvement". Possible options include (with the caveat that they might find another way to do this):

• Have the browser (or proxy, for unfriendly browsers) pair a "www.domain.com A" lookup with a "domain.com NS" (expecting the NS query to return NXDOMAIN)
• • If the NS query does not fail and returns something, we can check that the domain nameserver's address is NOT owned by a Verisign or affiliated company (using black lists if we must, since this is not the kind of setup that is easy to change). I am expecting them to use a different set of nameservers for this than the roots (because the roots are critical infrastructure and the others are not, and also because these fake nameservers will be a different type of setup, database, management and all), so it should be fairly easy to catch. This might also cause the temporary domain pages to become unreachable, I am sure no one will miss them. I don't know how we would handle people who use redirects with them though.
  • If the NS record looks suspicious (such as if it has the same TTL as the www record, or some other indicator that suggests it has been returned and cached from the previous www.domain.com query) force a direct query to the root servers to make sure. This might cause unnecessary load on them but hey they are asking for it.
  • Variations of the above such as trying to query the SOA and MX records on the domain and check them against the www record.
• Do whois on the domain (slow).
• Do not use Verisign's root servers. The zone files for .com and .net are available. (requires significant resources, but I am sure someone out there, such as larger ISPs will do this)
• Use bayesian filtering on the web pages to make the browser learn of the pages you do not want to see and the ones you do. This can probably work for a lot of other things too. Distribute a pre-taught package that is able to discriminate the verisign and other annoying content. Even better, have proxy modules for squid and the like that can enable the proxy to participate in the filtering.

I'm sure there are a lot more possibilities. Oooh let them try and do this.

Re:how to defeat this

[pongo000]

Do not use Verisign's root servers. The zone files for .com and .net are available. (requires significant resources, but I am sure someone out there, such as larger ISPs will do this)

OpenNIC performs this very service with volunteer labor, a globally-distributed set of root servers, and several other alternative roots as well. Don't continue to be a slave to the machine.

Re:how to defeat this

doomed to failure due to their childish selection of root tlds.

Easy work-around

[ozzee]

I'd be willing to help add a patch to Bind 9 to check for DNS responses that are "from verisign's redirection" and respond with an empty response.

This is REALLY quite annoying for a 3 pinky typist like me !

Why type...

google.com when you can merely type gogle.com

Or, if you've got a lot of free time, try out gooogle.com

Like .museum with ads?

[Kerry]

Sounds sort of like what .museum does. Try this or even this.

Could be very successful

I'm always skeptical about these kinds of claims, but... I remember a story from about 4 years ago. A student registered a bunch of domain names that were close derivatives or typos on a popular site. The site was one of those "refer your friends and get money" kinds of sites. When you mis-typed the domain, you'd get redirected to the actual site *but with this guy's referral code* on it.

Supposedly, this worked for months before they realized what was going on. By that time, he had already made tens or hundreds of thousands of dollars (depending on the source of the story). This reeks of Urban Legend, but I see no snopes article on it.

Isn't this collusion/deceptive business practice?

[BiOFH]

Isn't this collusion (with the website who gets the hit) to initiate a deceptive business practice?

I mean, if the user doesn't realise he's hit CompanyZZZ instead of CompanyZZ, isn't this the same as selling someone a box of Fruit Loops instead of saying you're out of Cap'n Crunch?

Re:Statistics on mistyping of "slashdot "

[killenheladagen]

http://slsahdot.org

Great! You just made me and some 500 other people to test the URL and ruin the statistics.

Re:This is not Wildcard in the Root, only com and

[Electrum]

.museum have had a wildcard all along, and it hasn't broken a darn thing.

If you accidentally send email to a non-existant .museum domain, it will sit in the mail queue for the queue lifetime, instead of bouncing immediately like it should.

.nu

[fred_nd]

.nu does this already, try www.gfrgdfg.nu

/Fred

Re:Statistics on mistyping of "slashdot "

You've just slashdotted slsahdot!

But only in their web browser

[Malcolm+Chan]

This is done at the application level. So, for instance, if you use another (non-WWW) network enabled app, it isn't affected by any funnies Verisign might try.

This is actually a pretty important point. The server pointed to by any name that happens to have a "www" prefix may well offer many other services, accessed by apps other than a web browser. What Verisign would do in that case, is point such apps to a different but existing server, if the server name was somehow misconfigured in the apps. That could completely confuse the app or the user. What Microsoft does with IE just affects the web, only if one uses IE and at least, in a way which does not (normally) confuse the end user.

Banner ad

Dear Slashdot,

Yes please.

Yours,

Ford Motor Company Limited.

Hey... This is Bert's Bad Idea 1.

This is remarkably similar to Bert's Bad Idea 1. BBI 1 was proposed as a funding model for ICANN. It seems that Versisign did not yet implement the 'typo mailbox' part of the bad idea.

Sum summarum

[Steeltoe]

This is what you get
when you let corporations
run everything.

I for one Hail our new capitalist Overlords!

Re:Sum summarum

[jon787]

I for one Hail our new capitalist Overlords!

Don't blame me, I voted for Kodos!

Re:Sum summarum

[Steeltoe]

Don't blame me, I voted for Kodos!

Hehe, describes the current system beautifully, doesn't it ;-)

system instability caused by Verisign?

Sounds like lots of law suites aimed directly at Verisign.

Scenario:
1. An application is written which contains an undetected bug: when it starts it first tries to bind to some non-existent hostname (i.e. somehostname.com). It's default behaviour in name lookup failure is to log a warning and bind to 0.0.0.0.
Obviously this application could easily slip through testing and go into production.

2. Verisign implements changes, and suddenly somehostname.com come resolves. Application is restarted (perhaps scheduled restart) and fails to start with an error as the app cannot bind to the external ip address returned by verisign.

System is now down and .. usual hell of downed production systems.

==
This scenario is not all _that_ unlikely. There is a lot of applications out there... after all, how likely are typos?

==
If Verisign goes through with this, it is a complete and utter abuse of their position.

-Hugh
(and no I didn't write an application like this.. except perhaps _your_ airport traffic control / banking system :P )

dns spamming happens to me already

This happens to me already. Example:

$ ping google.zzzz
PING ds1.domainspa.com (67.96.63.112) 56(84) bytes of data.

It's damn annoying getting responses to queries that should return errors, especially when using IPv6 when the A query should return nothing.

Crowbarring out unfriendly domains.

[Channard]

What worries me - it may be tinfoil hat time again - is that the logical extension of this this would give Verisign the ability to block out unfriendly domains. I don't just mean typo porn sites but sites perhaps critical to big companies registered with Verisign. For example, suppose Best Buy had a problem with a Best Buy protest site called www.bestsucks.com. It might be possible to, instead of going to court to get the domain given back to Best Buy (and, I suspect failing), to just have the site redirect to Best Buy's official site.

This has already been done.

Try going to

www.[anythignyouwantthatdoesn'texist].nu

you can buy that domain!
good for you.

MONGOOSE!

Re:Statistics on mistyping of "slashdot "

[theedge318]

Think about it is two sites were to pay for this "service"

say: sLashdot.org and sMashdot.org

Then you get someone with engRish, who types sRashdot.org

How do you determine who should get the pointer? You can't both are perfectly valid versions. The only way to resolve this would be to pay for each individual misspelling that they want ... WAIT ... why don't they just *register* the domain.

This is why you should get the DNS error, and then the user can go to their favorite search engine, and try there ... OR have their web browser do it for them automatically.

Verisign have been doing this for .tv for years

[rklrkl]

I'm surprised the article failed to mention that typos in the .tv domain have been "hijacked" by Verisign almost since it began. For example, try this non-existent domain and see what I mean. I never liked this, especially since it comes up with a price for the mis-typed domain right away and offers it for sale to you...

TLDs are public

[mabu]

I am under the impression that the TLD servers are public services, at least they originally were. It seems inappropriate to co-opt unregistered domains by any party.

I've heard reports from friends that some of the domain registration services are analyzing the whois requests by people and in some cases, preemptively registering domains that people seem to be searching for.

However, Microsoft seems to be already capitalizing on hostname mistakes by customizing the browser error pages and redirecting them to their proprietary search engine.

Aside from that, I applaud NSI/Verisign! I continue to think that this company has reached the pinnacle of sleaziness but nooo, they've only just begun.

Bad idea

[karel1980]

No no no no no! This is computers we're talking about. They're supposed to be GIGO-compliant, or I'll get all confused.

Scary implications for e-mail

[SmilingBoy]

I fear that there could be far worse consequences to e-mail than to web browsing.

Imagine I want to send a confidential e-mail to starlawyer@lawfirm.com. However, I mistype it as starlawyer@lwafirm.com. Right now, unless someone has registered lwafirm.com, the message will bounce immediately. However, under Verisigns proposed system it will be delivered by default to anyone who wants to pay for this. This is scary.

And now don't tell me that you shouldn't send confidential e-mails unencrypted. It happens. All the time. IMHO, it is a big difference whether someone malicious intercepts the message or if the message is delivered to the wrong recipient by default.

Re:Scary implications for e-mail

[SpiritedAway]

Thats very true about typos in email addresses.

Basically we are about to be forced by Verisign to "trust" that they will not act on any of the emails and just bounce them back.

DNS from email or browser different... how?

[InsomniaCity]

Paxfire's Sullivan said his company's service is set up so that only web traffic returns an IP address. Domain queries for non-web applications such as email or FTP are dropped or return error messages, he said.

How on earth can they distinguish between a DNS request originating from my browser, and one originating from my email client? Is there any technical basis for this?? I thought I unnderstood DNS...

Re:DNS from email or browser different... how?

One of my friends recently asked me to test his anti-DoS strategy, so I resolved www.myfreindsdomain.com and saturated his connection as vigorously as I could. It was only after he called me the next day to ask when I would start that I realized his domain is www.myfriendsdomain.com. If there's a way for my non-HTTP "application" to ask for a service-specific address, I sure didn't know about it...

This sort of thing is widespread already

[ralphclark]

It seems to me that roughly half of URLS containing a mistyped or otherwise invalid domain/host already result in a redirection to a name registrar's advertisement.

.nu has done this for a long time

[tlund]

Just for everyones info, the .nu ccTLD has done this for a long time, for example:

$ host th15d035n0t3x15t.nu
th15d035n0t3x15t.nu A 212.181.91.6
th15d035n0t3x15t.nu A 64.55.105.9

$ host whateverdomainthatdoesntexist.nu
whateverdomainth atdoesntexist.nu A 212.181.91.6
whateverdomainthatdoesntexist.nu A 64.55.105.9

This could make cybersquatting easier

[SpiritedAway]

Look at it this way - the said cybersquatter no longer needs to type WHOIS insert-domain-here or they can save a little bandwidth if they scripted the whois.

All they need to do is type (or script it) the web address or do a DNS lookup and see where it points too. It will usually point to a certain block unless they were to spread the load out and use a setup similar to Akamai.

It still opens a huge can of worms though. (what about other registrars who use the same TLDs?)

Trademark lawsuit

[Julian+Morrison]

Strikes me that they're walking right into the teeth of the trademark lawsuit from hell.

Google to the rescue!

[Blrfl]

Actually, I think Google and the other search engines will solve this problem for us. There are so many broken links out there that VeriSign's web servers are going to get a steady stream of queries as the bad links are followed into their ads. Even if they put a robots.txt on their server or use a redirect to another page, they're still going to get queried at least once. I notice that .cx redirects to a URL containing the domain name and a unique ID number, so even plain redirects aren't going to cut it. The risk could be reduced by only returning an address for things that are truly typos, but I don't imagine VeriSign's going to want to reduce their eyeball count by doing that.

God help 'em if people started creating pages that genereted a few hundred thousand bad links...

Side note: I have a friend inside VeriSign who reports that people in the the non-NSI part of the company don't think very highly of the NSI part. (If this were Fark, I'd put an [OBVIOUS] tag on that.)

Re:Statistics on mistyping of "slashdot "

[Accipiter]

And then you have http://slahsdot.org/ which is *clearly* some scumbucket squatter page.

Hey...

[Guppy06]

Until they start forcing major TCP/IP stacks to put my hosts file lower in the heierarchy than their DNS servers, what do I care?

Hell, I could rig verisign.com to point to goatse.cx if I wanted to. What are they going to do, sue me?

(Don't answer that.)

Re:Statistics on mistyping of "slashdot "

http://cricket.asimov.net/index.cgi?type=png;targe t=%2Fslashdot-misspellers%2Fslsahdot-org;dslist=mi sspellers;range=151200;rand=711

LOL! Can you spell "overflow"?

DIRTY!

DIRTY DIRTY DIRTY!

Mod him up for humor or down for whining

[Polymath+Crowbane]

Either mod this guy up for a dose of morning humor, or mod him down as a whining troll.

Yes, let's have a hyperfast internet where everything is free, free, free...I'm sure we can work something out. We only need two things:

Some government to print 80 bajillion currency units (if it's free, we can't tax anyone to build it)

A bunch of /.ers willing to spend the next three to five years of their lives working for free (if the service is free, we can't pay the people who are building it, after all)

My apologies to the above poster is this is sounding churlish...it's too early in the morning for me to be reading yet another such wishful posting.

TANSTAAFL

Re:Statistics on mistyping of "slashdot "

[ControlFreal]

Or, for that matter:

http://slashdor.org.

this is just a way to make money...

[yipyow]

obviously this is just another way to generate revenue for verisign. perhaps they are kinda hurting lately, and need to modify their business model a bit. the worst part is that they don't really seem to be thinking about the implications...

more IPs, FEWER domains, you clod

'Less' should be applied to a singular, and 'fewer' to a plural. Less sugar, fewer sugar cubes, for example.

DNS Wars

[querencia]

Can't any name server do this?

For example, couldn't my ISP return its web page instead of a broken link (since my nameserver is assigned to theirs via DHCP)?

Maybe this is good --- maybe we will choose our nameserver based on who does the most useful thing with mistypes. For example, I'll bet Google could do something very useful with a mistype, and figure out a way to make money without pissing me off.

Of course, if Verisign is returning bogus entries, a nameserver has an additional, but mostly trivial (probably as simple as IP address filtering), job of filtering BS Verisign links to identify mistyped urls.

Re:DNS Wars

Google already does something useful with a mistype, thet pop up a dialogue that says "Did you mean "

No Different Than

[Bruha]

Half of the search engine/Porn redirects that you get when you misspell a domain. Take Linuxgames.net for example. Linuxgames.com is the actual domain but someone has linuxgame.net going to a search engine.

Re:Statistics on mistyping of "slashdot "

[Johnny+Mnemonic]

Make sure you look at the timestamp of the parent, and then look at the graph at that page.

Christmas Island has been doing this for a while

[Nurgled]

The company which runs the Christmas Island country-code domain (cx) has been doing this for a while now. Any unregistered domain within the cx top-level domain will resolve to 219.88.106.80, which then redirects to their site for buying the domain.

Of course, if you put, say, mail.dfjhkhkjdhfgdfgfg.cx into your email client as your POP3 server, you'll end up connecting to 219.88.106.80 on port 110, which thankfully doesn't have anything on the other end of it.

A quick survey reveals that it's also being done for .nu, .tv and .cc. Note that .tv is run by VeriSign, so they've already been trying this - I guess they observed that it worked quite well for getting people to register and have decided to try it for the international domains.

It annoys me that external companies have managed to grab hold of country codes for countries whose ISO codes happen to spell something "cool" in English and started selling them off to organisations in English-speaking countries. It's just plain wrong, damnit.

User Behavior

[DeRobeHer]

Have you watched relatively non-computer savy people use the web? Give them Google as their start page, and they'll never use their address bar again. My wife only ever uses google, and when I point out that it takes two steps to get to where she wants to go instead of one, she doesn't care, because Google always gets her to where she wants to go.

I wouldn't be surprised if in two or three browser revisions that the address bar isn't show by default, but a google search field is always available in the toolbar. It's getting close to that now, with both Safari and IE having Google Search fields available in the browser control area (IE requires that you install the Google Search Bar, but who doesn't have that?).

Its already happening

[mmmjoy]

Has anyone been to slahsdot.org recently??

If it happens, I know what to do...

[drheld]

The way this would be implemented by VeriSign would be to match *.com to an IP or a list of IPs.

If VeriSign actually did start doing something so ridiculous, I would modify my nameserver to substitute the known result from *.com for NXDOMAIN.

Then, as long as I'm using my nameserver or another with similar modifications, I don't even realized that VeriSign has done anything. I'm sure that if VeriSign carries through with their idea that in not too long there will be a plethora of name servers that do exactly that.

Some people are commenting on how Microsoft already does this. That is true, but you can easily opt out by not using Internet Explorer. To opt out of VeriSign's system, a custom nameserver that isn't exactly "right" is required.

Here's to hoping the world stays less insane.

"gray area"

[operagost]

There's also the suggestion that returning live web pages instead of error messages could break with the Internet Engineering Task Force standards on how DNS should work. Some say it's a "gray area".

Gray area?

I hate their guts.

[AchmedHabib]

Companies that advertise on pages that make a living of getting traffic from typos are in my book in the same category as spammers and seeing them on a "typo" page would lower my opinion of them if I had one and if I didn't, I would see them as a company to avoid.

Domain Name squatters

[JonKatzIsAnIdiot]

Domain name squatter are the scum of the earth. Really. They're worse than spammers.

Re:Inverted Typos [ot]

[FroMan]

I do see the "Funny", but this kind of stuff bugs me as much as spammers. It pisses me off when someone has a porn site with a typo-domain. I think it hurts the credibility of folks online for not wanting an .xxx domain. If you have to trick folks to find your page, maybe there is a reason for folks disliking your product.

.cx

[griffinn]

The NIC for .cx has been doing this for some time already.

Example 1
Example 2

Positive feedback poisoning of search engines.

[RalphTWaP]

Heh.

If this becomes commonplace, I can finally see paying "Only $50 usd to leverage your site through our search engine submission program. Submit your site to...." Then just list a bunch of amusingly wrong links on the page, bingo poisoned searches. Mind you, google gets my exemption, but the new MS search engine effort...

Easy to stop--and impossible too.

[swordgeek]

Offensive corporate behaviour is the easiest thing in the world to stop. Don't support them. If Ford is buying ads from VeriSign on mistyped Toyota domains and you feel that it's wrong, then don't buy from Ford! People toss around the word boycott as if it's a special act, but unless it's done as an organised, concerted effort, then boycotting is just personal choice in action.

Every time we spend money (or not), we are making a choice. When we buy something, we are buying a product based on our needs, wants, perceptions, and beliefs. When you buy something from a company, you are supporting that company and their actions. When you decide against buying something from a company which you would like to have, you are making a statement that you will NOT support them, based on...whatever you're not supporting, be it sleazy advertising (spam, or the Ford example), bad corporate behaviour (Microsoft, the major RIAA members), or unethical products (Tobacco companies).

PERSONAL ACTION is an easy easy easy easy easy way to prevent most corporate excess. Unfortunately, it's also nearly impossible, because not enough people are willing to implement it. "Yeah, I've heard about the problems with the RIAA, but I want the new (x) album." Even such things as, "my old stereo is fantastic, but this year's model is NEWER (with less features, poorer specs, etc.)" defeat a big chunk of personal action.

Can you imagine what would happen to companies like VeriSign if EVERYONE actually made all of their decisions consciously, and let the companies know about it? Why, we might have corporate responsibility.

Re:Easy to stop--and impossible too.

[Dirtside]

and let the companies know about it?

This is the important part -- it's not enough to simply not shop at a store or not buy a company's products. They have to know WHY you're not doing it, otherwise they won't know what they need to change.

Imagine if even a third of the adults in America (around 70 million people) sent one snail-mail letter a week to a company of their choice, explaining why they don't buy their products or services. That could be a powerful force for change.

Of course, the big hurdle is that people have to be aware of the fact that companies do bad things in the first place...

I already see this with buydomains.com

[smallpaul]

I'm surprisied nobody else has noted that they already see behaviour like this. I certainly do. Every time I mistype a domain I get a web page from "buydomains.com". This is true even from virtuous open source software like curl, so it isn't a software thing. I'm on a Mac so it is unlikely to be spyware. I can only presume it is my ISP that has sold me out... If many ISPs are moving in this direction then it is actually quite understandable why verisign wants a piece of the action. The end-user is going to be screwed either way, so why shouldn't they use their monopoly to screw the middle men? The user isn't any more screwed by getting a versign page rather than a buydomains page.

It is going on with google.com

At this moment, I and everyone in my company are getting an internic.co.uk page when I type in www.google.com! This from Virginia, USA.

Holy crow.

I can still get to google using their IP(http://216.239.53.100/)

Why this is a GOOD thing!

This is a good thing because it robs microsoft of the exact same thing. First of all, I don't know what you're all whinging about, MS and Netscape do this already, and I don't know why you're not complaining about that.

Anyway, the good thing is that most people are using MSIE, hence they get sent to MSN every time they make a typo that doesn't resolve to something else. Now MS lose that revenue stream (Yipeee!) and Verisign get it instead! Maybe that means they can reduce domain prices (he dreams hopefully).

Re:Why this is a GOOD thing!

[litewoheat]

The browsers catch DNS erros and redirect to a search page, NOT the DNS servers. In that case all DNS queries would resolve to something. Doing it from DNS would break other software. What if a mail client was going to a bad address and instead of reporting that there is no such address it would report that there is a problem with the server? It a stupid idea. Its the job of DNS to give me an address for a valid query and give me an error for an invalid query. Nothing more, nothing less.

Hey, this is actually a benefit!

[jbottero]

From one of the VeriSign drones: "Like many registries, we're continually exploring ideas on how to enhance the user experience,"

Re:Inverted Typos [ot]

Do you think the people who register these typo-domains are going to meekly stop doing so just because an xxx domain is introduced?

Re:Inverted Typos [ot]

[FroMan]

No, I doubt folks would stop registering typo-domains. I would wish folks would realize how scummy they are if they require lying (or at a bare minimum misdirecting) someone just to get a hit on their page.

I dunno

[phorm]

Wait until IBM has their own squad of cute cheerleaders, I'll root for 'em then. They've got a few legal tackles going already, and SCO is fumbling the ball right now...

That's why Data Escrow is needed

Check out:

http://www.rdearchive.com

Hence the reason why ICANN is proposing a data escrow initiative.

Try perusing through ICANN's website instead of making retarded remarks that they don't know what they're doing.