North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: VeriSign SMTP reject server updated

  • From: Michael.Dillon
  • Date: Mon Sep 22 05:12:27 2003

>before we deployed root-delegation-only here, i was also annoyed that my
>e-mail tool could not tell me about misspelled domain names at "send" 
time
>and i had to wait for the wildcard mail servers to bounce the traffic. 

In other words, Verisign is actually increasing the amount of misspelled
domain name traffic by sabotaging the spell-checking feature of your
email program. Under normal circumstances you would have noticed your
error and corrected it before sending the email.

This implies that Verisign could be collecting a much larger number
of valid email addresses by logging these seemingly misspelled domain
names and then "correcting" the misspelling by closest match against
the .COM database. This would be an immensely valuable list for spammers
to acquire, whether they do it by paying Verisign or by infiltrating the
company to steal it.

And don't pay any attention to Matt Larson's comments regarding logging.
If he is unable to shut off the wildcard redirection then he has no say
over what data is collected and what is done with it. Verisign could 
easily
reassign him with a promotion and then turn on the logging and collection
of email addresses. We already know that this company is unscrupulous and
not to be trusted.

In future we need to ensure that the registry operating the .COM domain 
works under some sort of contract that controls how they function. This is
a public resource that we ourselves have created and not a commercial 
asset
to be milked for profit.

--Michael Dillon