VeriSign Urged to Lose SiteFinder

by Jim Wagner

An overdue report reinforces what many Internet experts have been saying since VeriSign's controversial service went live last year.

A panel of experts from the Internet Corporation for Assigned Names and Numbers (ICANN) said VeriSign moved too soon with its controversial SiteFinder service and recommends it never be used in the public realm again.

The report, "Redirection in the Com and Net Domains," released over the weekend by the Security and Stability Advisory Committee (SSAC) finds VeriSign's marketing endeavor, SiteFinder, violated fundamental architectural principles and well-established codes of conduct within the Internet community.

In September 2003, VeriSign, managers of the .com and .net registry (a directory of the domains and owners of every Web address within those top-level domains), started redirecting Web users who typed in an incorrect or unused Web site or e-mail address to a paid advertising page, SiteFinder.com, rather than returning the industry standard RCODE3 "name error" code.

Introducing a DNS "wildcard" for incorrect addresses into the mix had the side effect of "legitimizing" every e-mail address sent, which snarled the scripts in many spam-blocking applications around the world. Many anti-spam filters were predicated on the fact that bogus e-mail addresses were spam. Administrators scrambled to adjust their scripts to accommodate the unforeseen change.

Registrars, ISPs and network administrators alike cried foul, saying the service was an improper use of VeriSign's management of the world's two largest top-level domains (TLDs).

VeriSign, at the time and today, insist the SiteFinder service is a benefit for end users who typed an incorrect Web site address or e-mail address. At ICANN's insistence, VeriSign suspended the service October 4, 2003, pending the results of the SSAC report, which was originally due for publication in January.

The committee found that VeriSign "did not have network-shattering effects" but "violated fundamental Internet engineering principles by blurring the well-defined boundary between architectural layers," the report stated.

The SSAC's biggest complaints are two-fold: that VeriSign arbitrarily introduced changes to the DNS and that it made the change without telling anyone about it first. ICANN's first indication of the launch September 15, 2003, came from media reports announcing SiteFinder as a revenue-generating service.

"Such reportage in the largely mainstream press hardly conforms to the process of review and comment to which the Internet technical community is accustomed within the framework of the Internet Engineering Task Force (IETF)," the report stated.

The SSAC, formed in the wake of Sept. 11, 2001, to find ways to ensure the safety and stability of the Internet came up with four recommendations:

  • Synthesized responses should not be introduced into TLDs or zones that serve the public.
  • The use of these synthesized responses should be phased out of any TLDs or public zones where they exist today.
  • Clarification of the Request for Comments (RFC) specifications at the IETF regarding synthesized responses in the DNS protocols.
  • Future changes at VeriSign should take place only after a "substantial period" of notice, testing and coordination.

Brian O'Shaughnessy, VeriSign director of corporate communications, said they expected the report's findings to rule against the registry.

"We are not surprised by the outcome, because key members of the ICANN committee indicated that they were against the SiteFinder service even prior to holding hearings," he said in a statement. "We are surprised, however, that after nine months of review, they still haven't provided data to back up their claims."

VeriSign is in the middle of a protracted legal battle with ICANN over the SiteFinder service and other programs instituted by the registry to make money.

In February, the company filed a lawsuit against the Internet-governing body on seven counts, including the delay and suspension of the SiteFinder service.

Officials feel ICANN has overstepped its boundaries as a technical body ensuring the safety and security of the Internet, as mandated by its memorandum of understanding (MOU) with the Department of Commerce (DoC), and is dictating policy, which isn't in its charter.

A judge recently dismissed the antitrust claim in the suit but kept the other six charges alive. VeriSign officials had no comment on the SSAC report's effect to its current lawsuit.

This article was originally published on Tuesday Jul 13th 2004