Feeds

Web community puts price on head of super highwayman VeriSign

Domain transfer madness at Hoopla.com

  • alert
  • submit to reddit

The essential guide to IT transformation

Domain registrar VeriSign has infuriated the Web community by wrongly transferring a New York writer's domain to an unchecked person in Germany.

The transfer of Hoopla.com was the result of a faked fax request but even though VeriSign has admitted its error, it has refused to sort out the situation, prompting real owner Leslie Harpold to hire a Florida lawyer in pursuit of the domain.

At the same time, hundreds of Internet users are working on a "Google bomb" to embarrass the company. A Google bomb works by putting up hundreds of links to a particular URL and naming it after the search term that people type into the Google search engine. In this case, the link is to Harpold's tale of events and the search name is VeriSign.

Hopes are not high though that either action will prompt VeriSign to do the decent thing and return ownership to Harpold, especially considering the company's track record. The trouble lies in VeriSign antiquated mechanism for changing domain name information.

The company, which owns Network Solutions, was the original Internet registrar, building and maintaining the first domain lists. However, following enforced competition in the domain name market, the company has faced many accusations that it is using unfair methods
to protect its ailing monopoly from cheaper competitors.

The seriousness of the situation - which has seen hundreds of domains wrongly transferred to others in the last two years - is such that Internet overseeing body ICANN even put registrar transfers on the agenda at its last meeting. Its recommendations are currently in a white paper which critics argue still do not tackle the main problem of verification.

The facts in this case are that VeriSign received a forged fax from a Sarah at a fake address in Berlin, stating that Leslie Harpold had given permission for the domain Hoopla.com to be transferred to her. The domain was not itself due for renewal until June this year. The company did so, and Harpold was frozen out the domain. Upon complaining, she was told that she would have to personally contact the new owner to agree terms, despite the fact that VeriSign never checked the transfer was correct.

Under ICANN rules, VeriSign is not actually obliged to doublecheck with the original owner that a transfer is agreed to, and it assumes authorisation is correct if the fax it receives contains the same email address as the contact address it has for that domain. This situation, inevitably, has led to hundreds of falsely transferred domains. The company efforts to prevent this happening by asking for extra authorisation have also met with criticism.

The problem lies with the company's insistence on using printed and faxed forms, rather than Web-based password-protected entry to registrant details that many other registrars use. VeriSign does offer more secure options but at a premium and even this has been seen to fail, with hijackers grabbing domains with even so-called top-level security (Internet.com is a case in point).

The company has been reluctant to move from its form method as it not only makes transfer to other registrars a more time-consuming and complicated affair, but also leaves it in ultimate power over the domain details. And there are no shortage of complaints that VeriSign continually refuses simple requests to change over to a new registrar or even that the forms have vanished between leaving the registrant and arriving at VeriSign. VeriSign does offer a $199 premium service however that will see domains re-registered within two days. There are no known complaints from those who have used this service instead of the cheaper $15 option.

But while the financial benefits of not creating a new, more secure system for domain details and transfers are clear, VeriSign is skating on thin ice. Despite a close relationship with those in power at ICANN, large sections of the Internet business and increasingly Internet community are at odds with its approach.

This was further heightened recently when the company sent emails to customers of competing registrars warning them they needed to renew their domain before it is was released to the public and apparently offering to save them $20 - months before the domain was actually due for renewal.

It is clearly a flawed system when a single fax can see the transfer of a domain that someone has worked on for years to a complete stranger without verification. If VeriSign doesn't mend the error of its ways, it could soon see itself as a minor player in what was once its playground. ®

Related Links

The Google bomb plan
What the hell have you done with my domain?
ICANN mulls the problem over

5 things you didn’t know about cloud backup

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
Mozilla's 'Tiles' ads debut in new Firefox nightlies
You can try turning them off and on again
No, thank you. I will not code for the Caliphate
Some assignments, even the Bongster decline must
Barnes & Noble: Swallow a Samsung Nook tablet, please ... pretty please
Novelslab finally on sale with ($199 - $20) price tag
Banking apps: Handy, can grab all your money... and RIDDLED with coding flaws
Yep, that one place you'd hoped you wouldn't find 'em
TROLL SLAYER Google grabs $1.3 MEEELLION in patent counter-suit
Chocolate Factory hits back at firm for suing customers
Primetime precrime? Minority Report TV series 'being developed'
I have to know. I have to find out what happened to my life
Netflix swallows yet another bitter pill, inks peering deal with TWC
Net neutrality crusader once again pays up for priority access
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.