Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

VeriSign DNS in Trouble

CmdrTaco posted more than 12 years ago | from the thats-so-terrible-for-them dept.

News 222

hesiod writes "Over at CNet News, there is an article reporting that VeriSign may lose their ability to sell domains. Evidently, ICANN is miffed because VS's WHOIS database has incorrect information. Not exactly news to most of us, but they have been given 15 days to fix the errors, or risk losing the ability to sell domains."

cancel ×

222 comments

Sorry! There are no comments related to the filter you selected.

Yeah (-1)

l33t j03 (222209) | more than 12 years ago | (#4197195)

VA Linux is in trouble too, but I don't see any artciles about that.

Re:Yeah (2, Insightful)

blochsound (62116) | more than 12 years ago | (#4197207)

Have they actually abused their power? Or is this just politics?

Re:Yeah (1)

javahacker (469605) | more than 12 years ago | (#4197254)

They didn't abuse their power, at least that's not what has them in trouble with ICANN. They aren't doing their job, part of which is maintaining a connection between the domain name and the domain name's owner.

The abuse of their position and power is an entirely different matter, although it also is a way they are not doing their job properly. Because they haven't tracked the ownership of some domains properly, they are unable to transfer them to another domain registrar. Convenient for them because they get to keep charging the domain owner, but bad because they are getting called out by ICANN on it. Of course there is the matter of the pot (ICANN) calling the kettle black.

Re:Yeah (0)

Anonymous Coward | more than 12 years ago | (#4197343)

In other news, they (VA) are outsourcing sales offshore [yahoo.com] . CSS will be "reselling" soresforge "licenses". That is a hoot. Don't these people know the FREE code is here [gnu.org] .

Silly Faggots, Dicks are for Chicks!

~ R.W.S. gagged

Oh my ... (1)

RinkSpringer (518787) | more than 12 years ago | (#4197204)

I wonder if this includes their right to sell SSL certificates too... it's probably an entirely different matter, but still... if they can't handle domains, why should they be able to handle SSL certificates?

SSL operations seperate from DNS operations (2, Informative)

sjanich (431789) | more than 12 years ago | (#4197290)

The DNS operations are a completely different thing from the issuing of SSl certifications. So, there is no fear in that going away.

Re:Oh my ... (2)

timeOday (582209) | more than 12 years ago | (#4197326)

AFAIK, the "authority" behind a Verisign SSL certificates is... Verisign itself. So the question raised is not whether Verisign can continue to sign certificates, but whether anybody should trust Verisign's assurance that company X is legit.

Uh (2)

autopr0n (534291) | more than 12 years ago | (#4197391)

How could ICANN stop them from selling SSL certificates?

It'll be intresting to see if VeriSign can actualy fix this in the time alloted, given their amazingly shitty technical skills.

Re:Oh my ... (1)

Matty_ (74368) | more than 12 years ago | (#4197496)

There is no governing body which says who can or can not issue SSL certificates. It pretty much comes down to whether the browsers are aware of the certificate authority.

Lying with statistics (2)

AndroidCat (229562) | more than 12 years ago | (#4197598)

I love the lying with statistics in this statement: "Out of 10.3 million records, they pulled out 17 of these that have inaccurate data on it," "That doesn't diminish the fact that VeriSign sees this as an important issue, but 17 names out of 10.3 million would hardly be considered a pattern."

Uh-huh, and how many did ICANN check to get those 17? Is that 17 out of 10.3M or 17 out of 32? Verisign obviously thinks everyone is dumber than they are.

Steal Alanis Morrissette's Look! (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#4197208)

STEAL ALANIS MORISSETTE'S LOOK! .

Hair
For Morissette's princess look, hairstylist Danielle Russell let her hair air-dry and applied Kiehl's Creme with Silk Groom to take away the frizzes. She then used American Crew pomade, running it through her hair with her fingers, followed by a little heat from a dryer. She used a straightening iron to keep Morissette's luxuriant waist-length locks sleek (even in front of a wind machine). "We made it messy for the realistic part of the shoot, then made it very coifed and piecey for the period," says Russell.

Eyes
"I don't like it when my lips steal the show," says Morissette. "If the eyes are the windows to the soul, I'd rather people look there first." Makeup artist Cheryl Platt used Stila Barefoot Contessa shadow and a wet black liner on the upper lash line. Maybelline Great Lash mascara in Very Black, applied to curled lashes, finished the look.

Lips
"We used MAC Spice lip pencil and blended it," says Platt. "Then we applied a soft ruby gloss."

Clothes
Stylist Leesa Evans chose a White Trash Charms unicorn necklace (pictured here, $195; 310-854-1058) to suit the video's mythical theme. Morissette wore nine different outfits in the video, including a cotton knit navy-and-white-striped print shirt by Earl Jean, Theory low-rise linen trousers and an Urban Outfitters gray cotton spaghetti-strap tank top -- for the video's reality scenes. "One thing I love about her is that she's not afraid to be a sexy woman," says Evans.

VeriSign business plan (2, Funny)

Anonymous Coward | more than 12 years ago | (#4197209)

1. Mess with WHOIS database
2. ?
3. Profit

The shocking secret second step is: (-1, Troll)

Anonymous Coward | more than 12 years ago | (#4197228)

2. GOATSE [goatse.cx] !



oh dear, did I just say that out loud?

Re:VeriSign business plan (0, Troll)

stratjakt (596332) | more than 12 years ago | (#4197250)

Whoever modded that up as funny needs to be dragged out and beaten.

Those lame ass jokes haven't been funny in years.

Re:VeriSign business plan (0)

Anonymous Coward | more than 12 years ago | (#4197335)

Honestly, I know what you mean. It's a sickness.

Re:VeriSign business plan (-1, Flamebait)

Anonymous Coward | more than 12 years ago | (#4197384)

Excuse me, I know this is a bit forward, but could I trouble you for a second. I have been nominated to ask if you are a homosexual. I know, you might not want to be outted today, but there is a growing consensus that you are partial to canning 8=MANHAM=D~. You attention to this matter would be appreciated Mary.

R W S

Re:VeriSign business plan (0)

Anonymous Coward | more than 12 years ago | (#4197398)

Well... sometimes they're funny, but not this time. That was just lame.

Of course, if they'd just prefixed it with "The obligatory...", everyone would be rolling in the aisles. Hmmmmm.

Re:VeriSign business plan (1)

cyranose (522976) | more than 12 years ago | (#4197369)

4. Pretend expired domains are not expired by filling in false owner information.
5. Profit more.

Re:VeriSign business plan (2)

strredwolf (532) | more than 12 years ago | (#4197392)

1. Mess w/WHOIS database
2. Spam 'em all
3. Profit

Re:VeriSign business plan (0)

mrobinso (456353) | more than 12 years ago | (#4197462)

> 1. Mess with WHOIS database
> 2. ?

? = Spam, junkmail, bogus invoice-looking marketing material, extraneous and duplicitous billing, and popup ads.

> 3. Profit

Of course.

Verisign andgry at ICANN ... (1)

Hayzeus (596826) | more than 12 years ago | (#4197211)

ICANN angry at Verisign. Who's gonna get all pissy next? Satan?

Screw ICANN (1, Troll)

anthony_dipierro (543308) | more than 12 years ago | (#4197217)

Pay for my P.O. Box and I'll update my contact information. I'm not giving people my home address.

Re:Screw ICANN (1, Informative)

Anonymous Coward | more than 12 years ago | (#4197256)

Say "Good Bye!" to your domain(s) then, skippy! I need to go and submit your domain to rfc-ignorant.org [rfc-ignorant.org]

Re:Screw ICANN (0, Flamebait)

anthony_dipierro (543308) | more than 12 years ago | (#4197276)

Say "Good Bye!" to your domain(s) then, skippy!

I seriously doubt my domain name is going to get taken away just because I failed to change my address when I moved.

I need to go and submit your domain to rfc-ignorant.org

Go for it. You can add the fact that I block abuse@ and postmaster@ to your list of complaints.

Re:Screw ICANN (0)

Anonymous Coward | more than 12 years ago | (#4197313)

If they want to keep on selling domains they will. I am sure they will look in to in now that I have alerted ICANN about it. Enjoy! :)

Re:Screw ICANN (2)

anthony_dipierro (543308) | more than 12 years ago | (#4197383)

I don't use Verisign.

Re:Screw ICANN (2)

Alrescha (50745) | more than 12 years ago | (#4197286)

"Pay for my P.O. Box and I'll update my contact information. I'm not giving people my home address."

Why did you say this? Where does it say that a P.O. Box is problematic?

A.

Re:Screw ICANN (1)

Software (179033) | more than 12 years ago | (#4197370)

He doesn't HAVE a PO box. According to Verisign's policies, he has to list an address. He can either list his home address (which he doesn't want to do) or get a PO box. He doesn't want to do either.

Re:Screw ICANN (4, Insightful)

(startx) (37027) | more than 12 years ago | (#4197382)

he's saying the only way he'll put in accurate info is if that info is a P.O. Box, which costs money. He doesn't want to list his home address for obvious reasons.

Re:Screw ICANN (2)

Alrescha (50745) | more than 12 years ago | (#4197426)

"he's saying the only way he'll put in accurate info is if that info is a P.O. Box, which costs money. He doesn't want to list his home address for obvious reasons."

Thank you, I didn't twig to that. On the other hand, I must point out that if the poster doesn't already *have* a P.O. Box (or the equivalent) that game has already been lost.

A.

Who has had a P.O. Box all of his adult life.

Re:Screw ICANN (2)

anthony_dipierro (543308) | more than 12 years ago | (#4197482)

On the other hand, I must point out that if the poster doesn't already *have* a P.O. Box (or the equivalent) that game has already been lost.

What game is that? Yes, it's possible to track down my address from my domain name, but it's sufficiently difficult to stop most people.

Re:Screw ICANN (2)

Alrescha (50745) | more than 12 years ago | (#4197551)

"What game is that?"

Well, the previous poster claimed 'obvious reasons'. I interpreted that to mean 'wants to keep physical address more or less private'. You may or may not actually feel that way. I was also thinking more generally than just domain names. If you don't use a P.O. Box, your real address appears in far too many places to consider it private.

A.

-100 Offtopic

Thank god. (0)

Anonymous Coward | more than 12 years ago | (#4197219)

There are so many better ways to get a domain name than going torough VS. I might also mention that VS customer service is 110% worthless.

17 out of 10.7M (1)

RebelTycoon (584591) | more than 12 years ago | (#4197223)

that ain't bad... give them a break...

If the IRS was this accurate then taxes would be a lot less since all those slipping through the system would be caught...

Re:17 out of 10.7M - 30K out of 10.7M, if not more (1)

JayDude (323615) | more than 12 years ago | (#4197357)

That was a quote from a Verisign Exec. There's at least tens of thousands with bad data.

There's a whole block of Worldnic (owned by Verisign) records that down't have correct email addresses for the admin contact...

Calls? (1)

ackthpt (218170) | more than 12 years ago | (#4197231)

My info is out of date, it's got an old address. Mysterious messages about updating account information have been left on my answering machine.

I wondered who that was... Anyone else get called by them?

Re:Calls? (2)

Neon Spiral Injector (21234) | more than 12 years ago | (#4197283)

No, but I just registered a domain with godaddy.com last week, and got a post card from Versign today saying I can transfer domains to them for $15, and get a 1 year extension.

Funny I've been considering transfering my 3 domains from Verisign to Go Daddy for half that. That postcard sold me, I will now.

Surprised? (3, Funny)

VisualStim (130062) | more than 12 years ago | (#4197234)

Ok, everyone who has a domain registered through VeriSign, please rasie you hand ... for shame ... you are all sentenced to 100 MetaModerations a day for a month. Now get to it!

Re:Surprised? (1)

gmhowell (26755) | more than 12 years ago | (#4197273)

Blah, blah, blah. They were the only game in town first time. Second time was inertia. This time, so long Verisign.

Not me (2)

autopr0n (534291) | more than 12 years ago | (#4197401)

Register.com for a couple, godaddy now that I managed to get my own DNS server running :P

How significant... (1)

nairnr (314138) | more than 12 years ago | (#4197236)

Will there be a more in depth search of the records? It seems to me that 17 records is not a lot for a major site. The address look perfectly legit - They happen to be some of the addresses I give for online forms :-)

I think the real question now is does Verisign drop the domains that don't have legit info to satisfy this complaint. It is a good resource for tracking down abusers and other complaints. I have used it a number of times to track down contact info of providers of people who have attempted to crack my system...

Re:How significant... (0)

Anonymous Coward | more than 12 years ago | (#4197489)

17 addresses of many. The ones mentinoed were just the ones complained about. I didn't know where to complain to about improper registrations. Besides even one would be enough if they can't take care of the problem in a reasonable amount of time (which they haven't)

Maybe they should change their name (0)

Anonymous Coward | more than 12 years ago | (#4197244)

to VarySign?

Linux banned in iraq (-1, Troll)

Anonymous Coward | more than 12 years ago | (#4197247)

Hi, Im a secret fbi agent posting from my illegal linux box in The IRAQI desert. Saddum Hussain has just banned Linux because of the open source nature of the code. They dont want us to find out about their plans and theyve replaced all their linux boxen with properitry BSD boxen with propeitry file formats. If Im caught with this linux box it will mean an instant death pentalty, so im posting as Anonymous Coward through a chain of 20 Anonymous proxies with UA spoofing and FVWM95.

PR Stooging (3, Insightful)

alexmogil (442209) | more than 12 years ago | (#4197248)

"Out of 10.3 million records, they pulled out 17 of these that have inaccurate data on it," said VeriSign spokesman Brian O'Shaughnessy. "That doesn't diminish the fact that VeriSign sees this as an important issue, but 17 names out of 10.3 million would hardly be considered a pattern."

I'm sorry, but my rebuttal is: "HAHAHAHAHAHAHAHAHAHAHAH!"

Only Seventeen?! I'd wager 15% of the domains on there are pointed to the phone number 123-456-7890 at the address of 123 Main Street. I'd call that the beginning of a pattern. Buncha jerks.

Re:PR Stooging (1)

H1r0Pr0tag0n1st (449433) | more than 12 years ago | (#4197306)

I would say that a bigger issue than this, and the real reason that Verisign should lose the ability to sell domains, is thier incredibly un-ethical marketing practices. You know the Renew with verisign spam even though you didnt enroll with then in the first place...

This isn't entirely Verisign's fault (4, Insightful)

wowbagger (69688) | more than 12 years ago | (#4197259)

True, bogus WHOIS data makes it very hard to track down spamm^H^H^H^H^Htroublemakers on the 'Net, but is this really Verisign's fault?

If I register floobydust.com, and I fill in a contact email that becomes invalid three days after I go live, is that Verisign's fault? What should they do, spam everybody in their WHOIS and purge the bounces?

I can think of lots of reasons to yank Verislime's ability to sell domains, but I'm not sure this is one of them.

Re:This isn't entirely Verisign's fault (1)

garyevesson (192353) | more than 12 years ago | (#4197274)

Given Verisign's attempt to invoice me for a domain that is not registered with them, I'd be happy with any excuse to prevent them from selling domain names ever again.

I no longer use them - for certificates or domain name registrations. I transferred everything elsewhere.

Re:This isn't entirely Verisign's fault (1)

kiltedtaco (213773) | more than 12 years ago | (#4197478)

"The last temptation is the greatest treason, doing the right thing for the wrong reason" -- T.S. Elliot

Re:This isn't entirely Verisign's fault (2)

G27 Radio (78394) | more than 12 years ago | (#4197411)

On the other hand as customers we shouldn't have to repeatedly ask them to fix inaccuracies and be ignored until we threaten to switch all our domains to another registrar. I ditched VS over a year ago due to some sleezy crap they pulled with a couple of my personal domains when I tried to transfer. Unfortunately I still have to deal with them for customers that didn't know better when they registered either.

Re:This isn't entirely Verisign's fault (1)

emc (19333) | more than 12 years ago | (#4197519)

Your Registrant should be FORCED to be the name/entity listed on the Credit Card that was used to purchase the domain, and should NOT be alterable.

Re:This isn't entirely Verisign's fault (1)

emc (19333) | more than 12 years ago | (#4197540)

sorry, it should read -
The Registrant Field...

too anxious

is april 1? (1)

squarefish (561836) | more than 12 years ago | (#4197260)

ok, this and adobe story are just too good to be true.

One record in question.. (2, Informative)

molo (94384) | more than 12 years ago | (#4197262)

One of the records in question is that for dundjerski.com, in which there is false information for the Administrative Contact:

Dundjerski, Marina (MDE220)
Marina Dundjerski
000 Blank St.
No city, XX 00000
US
123-123-1234

However, on the same record, the "Registrant" field lists an address for the same name as above. If this is the worst that they can come up with, I hardly consider this a big deal.

-molo

That can't be right! (1)

burgburgburg (574866) | more than 12 years ago | (#4197263)

Verisign losing the ability to sell domains would be helpful. There must be some sort of mistake here.

Oh, wait. I know: They'll take it away from Verisign and give it to Microsoft. Okay. That makes sense. Then you'd need a Passport ID to buy a domain.

How convenient (4, Informative)

gmhowell (26755) | more than 12 years ago | (#4197268)

Verisign has given me about 15 days to renew my registration of domain.

Not gonna happen.

Hello gandi.net

About time!! (1)

vonkraken (228236) | more than 12 years ago | (#4197269)

I have been trying for 2 weeks now to get my information updated for my 1 (that's single folks) domain. I have gone the through the forms and the calls, but still no love. If it takes the threat of their removal from the Domain Name business, so be it, at least they will get on the ball and get things moving.

OAO,

VonKraken

Informative links (-1, Troll)

Anonymous Coward | more than 12 years ago | (#4197270)

You can the letter ICANN has sent to Verisign in full here [goatse.cx] . I know in the past that Verisign has done some bad things and it's cool on Slashdot to not trust them. But ICANN is the greater evil.

We are always fixing this one... (2, Interesting)

nutznboltz (473437) | more than 12 years ago | (#4197272)

# whois Dundjerski.com

Whois Server Version 1.3

[...]

Administrative Contact:
Dundjerski, Marina (MDE220) marina10@EARTHLINK.NET
Marina Dundjerski
000 Blank St.
No city, XX 00000
US
123-123-1234

# date ; whois Dundjerski.com | grep updated
Wed Sep 4 18:12:24 EDT 2002
Database last updated on 4-Sep-2002 18:12:24 EDT.
# date ; whois Dundjerski.com | grep updated
Wed Sep 4 18:12:25 EDT 2002
Database last updated on 4-Sep-2002 18:12:25 EDT.
# date ; whois Dundjerski.com | grep updated
Wed Sep 4 18:12:26 EDT 2002
Database last updated on 4-Sep-2002 18:12:27 EDT.

Re:We are always fixing this one... (2)

Neon Spiral Injector (21234) | more than 12 years ago | (#4197311)

You don't want the date that the database was updated, you want the date the domain information was updated:

Updated Date: 15-jan-2002

17 records (0)

Anonymous Coward | more than 12 years ago | (#4197280)

Does this mean a total of 17 records out of the 10M were bogus: not bad at all. Or does it mean 17 randomly picked records were all bogus: very, very bad.

The letter to verisign! (1)

joeldg (518249) | more than 12 years ago | (#4197281)

http://www.icann.org/correspondence/touton-letter- to-beckwith-03sep02.htm I was howling laughing reading this letter to Verisign

The text of the letter (0)

Anonymous Coward | more than 12 years ago | (#4197292)

[ICANN Logo] Letter from Louis Touton to Bruce Beckwith Regarding Breach of VeriSign Registrar's Accreditation Agreement (Whois Data Accuracy) 3 September 2002 3 September 2002 Via FedEx, Fax, and E-mail Bruce Beckwith Network Solutions, Inc. Registrar 505 Huntmar Park Drive Herndon, VA 20170 Tel: 1-703-742-4817 Re: Notice of Breach of ICANN Registrar Accreditation Agreement Dear Bruce: This letter is a formal notice of seventeen instances of breaches of sections 3.3 and 3.7.8 of the Registrar Accreditation Agreement (RAA) that Network Solutions, Inc. Registrar (VeriSign Registrar) signed in May 2001. Under section 5.3.4 of the RAA, VeriSign Registrar has fifteen working days to cure the breaches described in this letter. If the breaches are not cured in that period, then ICANN may give notice of termination of the RAA, after which VeriSign Registrar may initiate arbitration to determine the appropriateness of termination. Under section 3.3 of the RAA, each ICANN-accredited registrar has agreed to provide free public Whois service giving information about the registrations it sponsors in the registry. Among other elements, the information must include: * The name and postal address of the Registered Name Holder; * The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the technical contact for the Registered Name; and * The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the administrative contact for the Registered Name. Section 3.7.8 of the RAA sets forth the obligations of ICANN-Accredited Registrars regarding the accuracy of Whois data. It provides as follows: 3.7.8 Registrar shall abide by any specifications or policies established according to Section 4 requiring reasonable and commercially practicable (a) verification, at the time of registration, of contact information associated with a Registered Name sponsored by Registrar or (b) periodic re-verification of such information. Registrar shall, upon notification by any person of an inaccuracy in the contact information associated with a Registered Name sponsored by Registrar, take reasonable steps to investigate that claimed inaccuracy. In the event Registrar learns of inaccurate contact information associated with a Registered Name it sponsors, it shall take reasonable steps to correct that inaccuracy. This notice of breach concerns VeriSign Registrar's obligations under section 3.3, under which VeriSign agreed to provide specified Whois information for each sponsored domain name. It also concerns the second and third sentences of section 3.7.8 quoted above. In summary, in those sentences VeriSign Registrar agreed to take reasonable steps to investigate and correct its Whois data in response to any reported inaccuracy. Despite these promises, VeriSign Registrar appears frequently to publish incomplete Whois data, and to routinely ignore reports of inaccurate and incomplete contact data in its Whois database. The following are seventeen examples of VeriSign's failure to comply with its contractual obligations: 1. yorkstreethardware.com: On 21 February 2001, ICANN's Chief Registrar Liaison, Dan Halloran, sent you an e-mail pointing out that the contact details for yorkstreethardware.com were inaccurate. According to VeriSign's Whois data, the domain was registered to "Toto", residing at "the yellow brick road" in "Oz, KS 06750". (We also noted that you might want to consider whether the registrant's provision of that obviously false data constituted "willful provision of inaccurate or unreliable information," which is a breach of VeriSign's service agreement and a basis for cancellation of the registration.) On 21 May 2001, we sent you a follow-up note regarding the still-inaccurate data for this domain. Included was a link to a story in that day's NY Times in which the registrant admitted that she had registered the name with false data as a test "to see how easy it is." We asked you, some three months after the initial report, if you had indeed been able to confirm that the domain had been registered to "Toto", and if not if you could please "re-initiate the process of investigating and correcting the inaccuracy." It is now more than eighteen months after we notified you of the inaccuracy, and the domain is still registered to Toto at the yellow brick road, Oz, KS 06750. We have not even received any explanation of what specific steps VeriSign Registrar has taken to investigate and correct this situation. 2. kokorouta.net: On 15 June 2001, we forwarded a report to you indicating that VeriSign Registrar's Whois shows an apparently invalid e-mail address for the administrative contact for kokorouta.net: "no.valid.email@worldnic.com". It has been more than fifteen months since we sent the report, but the invalid e-mail address is still included in your Whois data today. And once again, we have no indication of the specific steps VeriSign Registrar took to resolve the inaccurate information. 3. dundjerski.com: On 24 January 2002, I wrote to VeriSign (Miriam Sapiro, Roger Cochetti, and Phil Sbarbaro) regarding the Whois data for dundjerski.com. A story in that morning's Los Angeles Times reported that the registrant of that domain had been told by a VeriSign representative that she could not have her personal information removed from the Whois database, but that she was given the following advice by VeriSign: "But they did tell me to just make up an address and put it in there. So that's what I did." My 24 January message to VeriSign noted that VeriSign's Whois database indicated that the mailing address for the administrative contact was "000 Blank St., No city, XX 00000" with a phone number of "123-123-1234". In that message I "strongly urge[d] VeriSign to take prompt and decisive actions to ensure that its Registrar business operates in a more responsible manner than reflected in the article, and to publicly reaffirm its commitment to accurate Whois data." You replied over a month later, on 5 March 2002, stating that VeriSign takes the subject of Whois accuracy "extremely seriously." You indicated that VeriSign was sending the registrant a letter requesting verification, and that "if no reply or update is received shortly, the domain will be deleted, in accordance with our existing procedures and contractual requirements." It has been almost six months since you wrote that, but the administrative contact address is still "000 Blank St., No city, XX 00000", and the phone number is still "123-123-1234". 4. internic-backbone.org: On 6 March 2002, we sent you a report concerning inaccurate contact data for internic-backbone.org. The data for that registration had what appeared to be an incomplete mailing address, and the telephone number for the contacts was listed only as "Restricted." We sent you reminders concerning this reported inaccuracy on 14 May 2002 and 18 June 2002. When the data still had not been corrected on 22 August 2002, we sent you (and your attorneys) a "final informal request" asking you to provide information about the status of your investigation. We finally did receive a status report on 27 August 2002, but it indicated (by copy of a letter to the registrant) that VeriSign Registrar had not even begun to take action to correct this data until 26 August 2002, nearly six months after you received the initial report. 5. sunnyside.com: On 24 April 2002, we sent you a report concerning the false telephone number for the administrative contact for sunnyside.com: "650-555-1212". We sent you a follow-up inquiry about the same problem on 14 May 2002. You wrote back on 16 May 2002 and told us to "feel assured that it is being addressed in as an expeditious manner as possible." It is now more than three months later, and the data still has not been corrected. 6. jaxx.net: On 7 May 2002, we sent you an e-mail requesting that you investigate and correct the whois data for jaxx.net. We pointed out that the administrative contact's telephone number was listed as "000-000-0000". It has been over three months since that notification, yet the false telephone number listing has not been corrected in VeriSign Registrar's Whois data, nor has VeriSign advised us what specific steps have been taken to investigate and correct the inaccuracies. 7. visosite.com: On 15 May 2002, we forwarded to you a report concerning inaccurate data for visosite.com. The report indicated that the mailing address for the registrant and contacts was inaccurate (the report included a link demonstrating that there is no "Walker Way" in Orangeburg, NY) and that the telephone number for the administrative contact was not functioning. Although over three months have passed since VeriSign Registrar received this report, it has not corrected the false data, nor has it advised us what steps have been taken to investigate and correct the situation. 8. fufus.com: On 18 May 2002, we directed to you a report concerning an invalid e-mail address in the Whois data for fufus.com: "no.valid.email@worldnic.com". On 27 May 2002, we sent you another note on this issue, including a copy of a message from a VeriSign Customer Service Representative who declined to investigate the inaccuracy - stating that "It is up to the current registrant to keep the domain information current." We asked you to carefully review this. It has been over three months, and the false data is still being published in VeriSign's Whois service. VeriSign has not stated what steps it has taken, nor given any explanation as to why its representative stated that it would not fulfill the promise it made in its registrar accreditation agreement to investigate and correct false data. 9. digeronimo.com: On 21 May 2002, we sent you a note concerning an invalid e-mail address in the Whois data for digeronimo.com: "no.valid.email@WORLDNIC.NET". Over three months have passed since that notification, yet VeriSign has not corrected the false data. Nor has VeriSign advised us what specific steps it has taken to investigate and correct the false data. 10. kasparatisco.com: On 23 May 2002, we forwarded to you a report concerning inaccurate contact details for kasparatisco.com. The report indicated that the information listed for the administrative contact was invalid - the law firm that answers at the telephone number listed for the administrative contact has never heard of the administrative contact, Sally Jocks. Although over three months have passed, this invalid data still had not been corrected as of the time of the sending of this letter. Nor have we been advised of the specific steps (if any) taken by VeriSign to investigate and correct this false data. 11. nsi-direct.com: On 13 June 2002, we sent you an e-mail asking VeriSign Registrar to correct inaccurate Whois data in the record for nsi-direct.com. The administrative contact e-mail address for that registration is still listed as "no.valid.email@WORLDNIC.NET". We sent a test message to that address last week - it bounced back with an indication that the address was not valid. Over two months after the initial report, the invalid data is still being reported in VeriSign's Whois service. 12. city-guide.com: On 18 June 2002, we forwarded to you an e-mail we had received that indicated that the telephone number for the contacts for city-guide.com ("813-562-5354") was disconnected. More than two months later, the telephone number has still not been updated VeriSign Registrar's Whois listings. Calling the listed number results in a message that "your call cannot be completed as dialed." 13. aboutsrichinmoy.com: On 10 July 2002, we sent you an e-mail reporting an inaccuracy in the Whois data for aboutsrichinmoy.com. As of today's date, over six weeks later, the registrant mailing address for that name is still listed as "1 xxx, NY, NY, 11432". We have not received any indication of the specific steps that VeriSign Registrar has taken to investigate and correct this clearly false data. 14. stepup.net: On 17 July 2002, we sent you a message indicating that VeriSign Registrar's Whois database was completely missing any data for stepup.net. As of today, the registry still reports that VeriSign Registrar sponsors this domain, but VeriSign Registrar's Whois server still reports no match. Your server still returns only the cryptic message "Domain not found locally, but Registry points back to local DB. Local Whois DB must be out of date." 15 and 16. animerica.com and japanh.com: On 19 July 2002, we sent you a report indicating that the contact details for animerica.com and japanh.com were inaccurate. The administrative contact telephone number for animerica.com was listed as all three's: "333-333-3333". The administrative contact telephone number for japanh.com was listed as all one's: "111-111-1111". The fax number was all two's: "222-222-2222". Each of these numbers (and also the phone number for the technical contact that they share) is inoperative. This data still had not been corrected as of the time this letter was being prepared - over one month later. 17. namezero.com: On 29 July 2002, we notified you that VeriSign Registrar's Whois data for namezero.com (a domain sponsored in the registry by VeriSign Registrar) was inaccurate. The phone number is listed as "111-111-1111".) We asked you to investigate and correct this inaccurate information pursuant to RAA 3.7.8. It has been over thirty days and the data still has not been corrected. As noted above, section 5.3.4 of the Registrar Accreditation Agreement agreed in May 2001 between VeriSign and ICANN provides that notice of termination of VeriSign Registrar's accreditation may be given if these breaches are not cured within fifteen working days. The pattern of neglect demonstrated by the above circumstances is troubling. In its May 2001 accreditation agreement (as well as in that agreement's predecessor), VeriSign agreed to publish complete Whois data, to undertake reasonable efforts to investigate every notification of Whois data inaccuracy it receives from any person, and to correct any inaccuracies found. The above recitation demonstrates that VeriSign Registrar has repeatedly taken what appears to be a cavalier attitude toward the promises it made. As outlined in ICANN's recent "Registrar Advisory Concerning Whois Data Accuracy" http://www.icann.org/announcements/advisory-10may0 2.htm, registrars have a vital role in maintaining the accuracy of Whois data. We believe that advisory gives valuable guidance to registrars how they can act responsibly toward the public as well as complying with their contractual obligations. VeriSign Registrar's conduct has fallen far short of both its responsibilities to the public and its agreements. We therefore provide this formal notice of breach of VeriSign Registrar's accreditation agreement with ICANN. ICANN's goal in this matter is to promote accuracy of Whois data, which requires cooperative efforts by VeriSign Registrar in meeting its obligations. We hope that VeriSign Registrar will act promptly to cure the breaches outlined in this letter, and will become more responsive and cooperative in dealing with data inaccuracies as they are discovered. Please feel free to contact me if you have any questions. Best regards, Louis Touton Vice-President and General Counsel ICANN cc: W.G. Champion Mitchell, Executive Vice President and General Manager, VeriSign Mass Markets Division (by e-mail) Bobby Turnage, Esq., VeriSign, Inc. (by FedEx, fax, and e-mail) Phil Sbarbaro, Esq., VeriSign, Inc. (by e-mail) Stuart Lynn, President and CEO, ICANN (by e-mail) Comments concerning the layout, construction and functionality of this site should be sent to webmaster@icann.org. Page Updated 16-April-2001 ©2002 The Internet Corporation for Assigned Names and Numbers. All rights reserved.

Is it just me... (0)

Anonymous Coward | more than 12 years ago | (#4197284)

Or did all you /.er's got too frenzied up about this article that you /.'d /. ??

Send Verisign back where they came from: (0)

Anonymous Coward | more than 12 years ago | (#4197298)



The other side of the River Styx.

New slashdot advertising (0)

Anonymous Coward | more than 12 years ago | (#4197302)

Did you see it? About 10 large ads on the front page for MSVS.Net. And thats not all, slashdot is offically fucked up for life. Thank you Johnkatz.

i'm forgetting again (5, Informative)

gsfprez (27403) | more than 12 years ago | (#4197309)

what law is it breaking to have incorrect data?

in fact, i have incorrect data because i and my wife were being stalked - and the WHOIS database is where he thought i lived. He went looking for us at the old address.

and what's the worst part of all - to have ANY level of security from a whois search that could give sickos and perverts your address is by getting a P.O. Box.. from the USPS!

Imagine, the key to internet privacy is the Postal Service. Now that's just great.

It soon will be. (2)

www.sorehands.com (142825) | more than 12 years ago | (#4197358)

There is talk of a law that makes it illegal to have false whois data. This is to handle people trying to make money buying domains and selling them to trademark owners.

Currently you are contractually obligated to provide correct whois information by the terms of service that propagated from ICANN.


SPAMMERS usually use false domain information to hide. Maybe the spammers don't want us breaking into their houses to watch TV and use their computers? Why not, their houses are connected to public roads, so we can use them. Right???

Re:i'm forgetting again (3, Interesting)

anthony_dipierro (543308) | more than 12 years ago | (#4197412)

what law is it breaking to have incorrect data?

None yet, but if ICANN gets their way they'll buy this law [loc.gov] .

Re:i'm forgetting again (5, Interesting)

jdreed1024 (443938) | more than 12 years ago | (#4197460)

what law is it breaking to have incorrect data?

There is no such law. But what's your point? If Ashcroft or someone from the justice dept were pursuing them, and there was no law, then you'd have a point.

They did, however, sign a contact with ICANN, in which they agreed to have up to date data. They chose to take a big shit on that contract. That's why ICANN is pissed.

Personally, I'd love to see Verisign out of business. Someone stole my identity two years ago and bought $1000 worth of services from Verisign. Verisign took a YEAR to remove the domains, claiming they needed to verify with the registrant before they could be cancelled. (Thieves have more rights than I do, apparently). They still refuse to remove the bogus whois information that the thief supplied using my correct name and address, but a fake phone number and e-mail. They claim I can't remove it, because I told them I didn't enter it in the first place. They also don't answer the phone anywhere but the sales department.

They're a bunch of lying, thieving, ignorant wankers, who deserve to have the book thrown at them. Not that it'll happen, since ICANN will probably give up at the last minute (c.f. United States v. Microsoft).

Re:i'm forgetting again (1, Troll)

anthony_dipierro (543308) | more than 12 years ago | (#4197493)

Someone stole my identity two years ago and bought $1000 worth of services from Verisign.

Wow. What did it feel like to not have an identity?

They claim I can't remove it, because I told them I didn't enter it in the first place.

Sounds like a legitimate reason to me.

this isnt about bad whois data (3, Insightful)

leto (8058) | more than 12 years ago | (#4197310)

It is about
- Getting rid of Verisign in the .org deal
- Getting rid of Verisign before they get the 3
year on .net and 5 year on .com names
- Getting rid of a company that is going bankrupt
and is highly fraudulent (snapnames, bogus
invoices etc)
- ICANN itself getting out of the spotlight for
firing its At Large Directors

Just transfered from VeriSign (3, Interesting)

stompro (24721) | more than 12 years ago | (#4197334)

I have just finished a month long battle with VeriSign to get access to a domain. I would fax them an authorization letter, they would email me back saying I missed the coma on the 21st page after the statment of intent blah blah. I finally got everything to their liking but they didn't respond for a couple more weeks. So I headed over to domainmonger and did a transfer, and was up and running in a day and a half.
I can kind of understand why a larger company would like to know that someone has to jump through major hoops before someone can hijack their domain, but for me all there security was a major pain in the ass. Plus, the last time I checked, they were using some ibm ssl software that doesn't let you use mozilla to manage your account. I am going to plug domainmonger here, I have no affiliation with them, I am just a happy customer.
domainmonger.com [domainmonger.com]
I have had such good luck with domainmonger, they are not a large operation, but I have never had trouble getting ahold of someone if I have had a problem.

....
posting makes you feel goooooodd.

Re:Just transfered from VeriSign (0)

Anonymous Coward | more than 12 years ago | (#4197406)

> I have had such good luck with domainmonger.com, they are not a large operation, but I have never had trouble getting ahold of >someone if I have had a problem.

I use godaddy [godaddy.com] and couldn't be any happier.

Does this really "a"ffect anything? (1)

DaytonCIM (100144) | more than 12 years ago | (#4197341)

So ICANN pulls the plug on Verisign and hands it to another company... what changes? Does this new group have some magical software that will "verify" every registry, every address, every phone number, and add security? I think not.
Sounds suspiciously like someone is willing to fork over a pile of cash to some key ICANN people in return for Verisign's business.

no bulkregister domains (1)

bberg (516819) | more than 12 years ago | (#4197347)

It seems ever since the nonsense with bulkregister none of the bulkregisters domains show up in netsols whois. You just get a page that says "error". Works in any other who is though.

Letter from Louis Touton (5, Informative)

nutznboltz (473437) | more than 12 years ago | (#4197361)

This explaines a lot.. Re:Letter from Louis Touton (1)

dracocat (554744) | more than 12 years ago | (#4197454)

It looks to me like ignoring repeated attempts from ICANN to fix a problem is not the best business strategy.

What is amazing is not that they have incorrect data, but that after 15 months and repeated letters from ICANN about a single domain, that they still haven't done anything.

I guess if this is how they do business, its no wonder that they are rated so poorly in customer service.

Verisign slap on the wrist? (2, Interesting)

Charlie Bill (34627) | more than 12 years ago | (#4197366)

I'm sure ICANN can't be too happy with VS for its somewhat shady business practices recently. Is this just them using a techinicality to nibble at them (akin to tax law suits lodged against bootleggers)?

New Art Of Domain Hi-jacking sponsored by ICANN (1, Interesting)

Anonymous Coward | more than 12 years ago | (#4197375)

ICANN are introducing a 15-day challenge to correct Whois data. If the data is not corrected within 15 days, the domain is pulled. Gone. Poof.

Even if the Whois information is 100% correct and you don't respond within the 15 days, it's gone. Poof.

It works something like this:

  1. Take out a dropped domain name registration using WLS or SnapNames.
  2. Complain about the Whois data for the domain you want.
  3. Wait 15 days
  4. When the domain name is dropped, the name is reregistered through WLS or SnapNames and becomes yours.
Slashdot.org will be mine. You have been warned.

Re:New Art Of Domain Hi-jacking sponsored by ICANN (0)

Anonymous Coward | more than 12 years ago | (#4197536)

Even if the Whois information is 100% correct and you don't respond within the 15 days, it's gone. Poof.

Interesting. Where exactly is this mentioned in the service agreement that I agreed to?

Don't threaten, just do it. (3, Insightful)

uncoveror (570620) | more than 12 years ago | (#4197377)

ICANN should not threaten to take Verisign's licence to sell domains, they should just do it. The scam they ran trying to get customers of other registrars to switch to them with bogus renewal notices should be all the impetus ICANN needs. I recieved those bogus notices for uncoveror.com, and dontbuycds.org, but godaddy.com had already warned me they were bogus.

#11 is the gem (3, Funny)

stox (131684) | more than 12 years ago | (#4197389)

Oh, this is priceless:

11. nsi-direct.com: On 13 June 2002, we sent you an e-mail asking VeriSign Registrar to correct inaccurate Whois data in the record for nsi-direct.com. The administrative contact e-mail address for that registration is still listed as "no.valid.email@WORLDNIC.NET". We sent a test message to that address last week - it bounced back with an indication that the address was not valid. Over two months after the initial report, the invalid data is still being reported in VeriSign's Whois service.


Wasn't this this the "spam" arm of NSI?

Missing the point (2, Insightful)

FreshMeat-BWG (541411) | more than 12 years ago | (#4197390)

The problem isn't that Verisign has incorrect data. The problem is that they "agreed to take reasonable steps to investigate and correct its Whois data in response to any reported inaccuracy" and have not done so. It is that they KNOW they have incorrect data and haven't corrected it.

So what happens to existing domains... (0)

Anonymous Coward | more than 12 years ago | (#4197397)

that have been registered through Network Solutions/Verisign? Will these then need to be transferred to another registrar? Which Registrar? How will this new registrar be chosen? What type of disruption should we expect (other than something massive that makes our clients angry??)

They have a point (4, Insightful)

Kiwi (5214) | more than 12 years ago | (#4197407)

I think the point ICANN is making here is not that Verisign has to make each and every single WHOIS contact info accurate. The point is that Verisign does not even care that their WHOIS contact informaiton is bogus more often than not.

People would complain to Network Solutions about spammers having obviously bogus WHOIS information (such as phone numbers of --- --- ----), and their reply was that "WHOIS information is ot guaranteed to be accurate".

I think the response is that, if a given set of WHOIS contact information is bogus, and people complain about the bogus information, Verisign should pull the domain in question until they update the information to have legitimate contact info.

A spam-friendly domain without real WHOIS contact information should be pulled until the information is updated. People should be held more accountable for what they put up on the internet; non-bogus WHOIS contact info is a start.

- Sam (Pot. Kettle. Black. I've moved since signing up for my [samiam.org] domains [maradns.org] , and have not updated the WHOIS contact info)

An interesting entry... (1)

numark (577503) | more than 12 years ago | (#4197429)

On 29 July 2002, we notified you that VeriSign Registrar's Whois data for namezero.com (a domain sponsored in the registry by VeriSign Registrar) was inaccurate. The phone number is listed as "111-111-1111".)

So Verisign has false contact information for a site with whom they've worked closely for the last few years, and no one caught it and corrected it before now? Yeesh...

Ongoing VeriSign problems (0)

Anonymous Coward | more than 12 years ago | (#4197466)

Because of some major internal problems, VeriSign may lose their ability to sell domains. Evidently, ICANN is miffed because VeriSign's WHOIS database has incorrect information. That is not exactly news to most of us with a clue. I understand that they have been given 15 days to fix the errors, or risk losing the ability to sell domains. Let's see what happens.

Rare for anyone to be held responsible (2, Insightful)

rbanzai (596355) | more than 12 years ago | (#4197476)

My company had about eight domains registered through Verisign and were subjected to a few of Verisigns fraudulent business practices as well as their hideous, hideous service.
If they get punished for ANYTHING that will give me a little satisfaction. It's kind of a rarity for companies to be held responsible for being arrogant f-ups. Let's hope this gets carried through and they get the spanking they deserve.

Musings over WHOIS. (2)

Corvaith (538529) | more than 12 years ago | (#4197477)

First of all, I'd be willing to bet the numbers are rather high for fake addresses, across a good number of domain registrars besides VeriSign. There have to be some people out there creative enough to make up addresses that sound plausible... but just don't happen to belong to the person registering the data. (As opposed to 123 Main St, (123) 456-7890.)

I realize that keeping data on who domains belong to is somewhat important, but I don't see why this data has to be made available to the general public. Yes, it lets people trace the supposed owner of a domain... which can mean nothing, if the owner and the person maintaining the website aren't the same. It can also give people an avenue to harass you, especially if you happen to host any content that's in any way controversial.

Once, owning a domain was something businesses did. The average person had an email like jdoe@isp.net, and a web address that probably looked like http://www.isp.net/~jdoe. There are still plenty of those out there. There are also those of us who aren't content with the tiny amount of capability our ISP accounts come with, and so pay for third-party hosting... and a domain.

My domain holds a bunch of stuff. A forum for a hobby of mine. My public journal. Some links. Nothing out of the ordinary. I don't see why it's in any way important for other people to have easy access to my address and phone number. If the police need it, let them get it from my registrar.

I don't think there should be a blanket assumption that domains are going to belong to businesses who don't have anything to lose from their contact info being public.

What do you want from them?! (3, Funny)

fireboy1919 (257783) | more than 12 years ago | (#4197491)

Do you expect a company to keep track of the mailing addresses and names - the very IDENTITY of its clients?

I mean, are there even companies whose business is to guarantee that someone is who they say they are and that they provide accurate information?

The very idea is ludicrious!

Seriously though...why not have government controlled digital signatures? They could use the passport system (not Microsoft's...the kind you get before you go to another country) as a starting point. It seems like one of the rare chances for beneficial government interference. Sure, we'd lose a particular private sector, but it'd give lots of people the same warm, fuzzy feeling that the FDIC does.

They've already got one # to represent each person anyway.

Really looking for (negative) responses here; I can't see anything bad about this (and I'm usually against government intervention).

Die VS DIE! (0)

Anonymous Coward | more than 12 years ago | (#4197515)

Flog 'em all!!!!!

In the News (1)

Herkum01 (592704) | more than 12 years ago | (#4197516)

ICANN meets to determine whether they can get away with charging $20 to domain name owners, and finally gets around to doing the job their supposed to do, more at 11...

ICANN's press release (1)

n8_f (85799) | more than 12 years ago | (#4197532)

The press release ICANN sent out can be found here [icann.org] . It looks like the article was written straight from this with a reaction from VeriSign, which just muddled the real issue.

The problem isn't that VeriSign has incorrect information in the WHOIS database, it is that it makes no effort to correct that information. They have been notified to correct several records and they haven't. And in one case, VeriSign told a registrant to put in an incorrect address.

No, they aren't breaking the law, but they are breaking their contract with ICANN and so ICANN is enforcing that contract. And this isn't a personal privacy issue; that is completely separate from VeriSign not updating WHOIS records when requested and telling customers to give false information. Please, no more pity posts for VeriSign!

Who gives a shit about the whois database anyway? (0)

Anonymous Coward | more than 12 years ago | (#4197538)

I mean what use does it serve? Does a website in the virtual world need to be tied to a physical address? Sure it might be useful for someone to track down the owners of a domain name for whatever reason, but why make it necessary?

They big enough? (2)

cheese_wallet (88279) | more than 12 years ago | (#4197554)

I wonder if they are established enough in the net community to fork DNS and start up their own DNS architecture.

How about this penalty? (1)

Deal-a-Neil (166508) | more than 12 years ago | (#4197559)

Increase their cost from the $5.00 or so per domain, to $100.00 per two years -- make 'em feel the pain like we used to a few years back. :-)

Might not be the fault of VeriSign (0)

Anonymous Coward | more than 12 years ago | (#4197561)

True, bogus WHOIS data makes it very hard to track down spamm^H^H^H^H^Htroublemakers on the 'Net, but is this really Verisign's fault?

If I register floobydust.com, and then I fill in a contact email that becomes invalid three days after I go live, is that Verisign's fault? What should they do, spam everybody in their WHOIS and purge the bounces?

I can think of lots of reasons to yank Verislime's ability to sell domains, but I'm not sure this is one of them.

What does ICANN expect? (1)

Ra5pu7in (603513) | more than 12 years ago | (#4197579)

What does ICANN expect VeriSign to do if it cannot get updated information?

"Update the database" sounds easy enough, except that people that fill in that kind of bogus information don't want their accurate information listed and, if contact is possible, will likely give equally false information that sounds more real (i.e. 2957 Barracuda Lane). With all contact information deliberately falsified, it would be next to impossible to reach those people anyway.

Should VeriSign shut down every .com that doesn't have a valid verifiable addresses? Listen to those screams from all the legitimate sites who didn't want personal information easily available to the world.

Blatant Misdirection on ICANNs Part (2, Interesting)

limekiller4 (451497) | more than 12 years ago | (#4197605)

17 records out of 10 million? This is ICANN "making hay" to look like they're sticking up for the little guy and a blatant public relations move after they went ahead and pushed through WLS despite an overwhelming vote against it [kuro5hin.org] by pretty much everyone ...except for the gTLDs (ie, .COM and .NET, which, amazingly enough, Verisign controls.).

ICANN is so in bed with Verisign it's not even funny. This is a nudge-nudge wink-wink arrangement between them so ICANN can look like they're doing their job and Verisign takes a black eye that nobody will remember in a year so that WLS happens.

Do not be fooled.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?