VeriSign destroys the internet, film at 11


Categories: GeekStuff

It’s hard to explain how important this is. Most of you won’t notice much; you’ll get a bit more spam today, and maybe your email will be a little slow, but who’d notice? The sysadmins, though… Most of us are noticing.

Sunday and Monday of this week, VeriSign introduced intentional errors into the zone files for the .com and .net top-level domains. That is to say, they changed it so that, if the domain you try to browse to doesn’t exist, you get redirected to a “portal” page they’re running, which is supposed to help you buy services from VeriSign.

That’s as far as most coverage goes. It’s a web page thing, whatever.

That’s the tip of the iceberg.

The real problem here comes in with email. Spammers have always loved to use made-up names. Thanks to VeriSign, the defenses most mail systems have against those made-up names stopped working today. It’s only a couple percent of the incoming spam - but it’s the most expensive part to deal with. When the mail comes in, you check for a valid address. Until Sunday, if the spammer had just made up a string of letters, you could reject the mail right away, knowing it was invalid. Now, it looks like a valid name, so you accept the mail. Your user gets spam. Of course, maybe you bounce the message. In that case, your bounce message gets routed to VeriSign’s very very overloaded machine, so it takes a long time (and possibly a few tries) to bounce it, and then the bounce fails - because there’s nowhere to deliver it - and the sysadmin gets a copy of the spam, complete with records showing why the bounce couldn’t be delivered.

So, thanks to VeriSign, that’s another hundred or more messages a day for tiny sysadmins. Another million for the big guys. A friend of mine is a sysadmin at a major company, and he says this is loading their servers more than SoBig did.

What’s happening here is simple. VeriSign is hijacking the internet. Again. The FTC smacked them for their fraudulent “renewal” notices sent to people who weren’t even their customers. They were running out of scams. So, today, they are squatting, not just on likely typos, but on every possible string of letters which isn’t already spoken for. And they will be, until they’re stopped.

Hanlon’s Razor (often misattributed to Heinlein, but Robert J. Hanlon was a different person) is the incredibly useful “never attribute to malice that which can be adequately explained by stupidity”. We now have the VeriSign Corollary: “Some things can only be adequately explained by a combination of malice and stupidity.”

Related links:

Comments [archived]

From: Beauty
Date: 2003-09-16 19:13:29 -0500

And here I thought there was open competition among the Registrars? What better way to monopolize the purchase of new as yet unregistered domains!(incredulous look)

That’s enough for me to point clients in another direction…Away from Verisign.

From: Bruce Lane
Date: 2003-09-24 13:24:16 -0500

Hi, Pete. Thanks for putting up this page. I’ve taken the liberty of placing a link to it, tucked inside your nicely-done ‘Verislime’ logo, on the main page of my web site. Please let me know what you think if you have a moment.