Domain name dunces

Network Solutions fumbles its free e-mail scheme. Can we trust it with our Net addresses?

Published September 21, 1999 4:00PM (EDT)

Government monopolies are evil; private enterprise is efficient. In 1999 these truths are self-evident, right?

The sad saga of Network Solutions, the company that administers most Internet domain names, should give pause to anyone who blindly embraces such truisms.

Network Solutions is the Virginia firm that won a contract from the federal government in 1993, at the commercial Internet's infancy, to handle the registration of domain names in the ".com," ".net" and ".org" top-level domains. On the basis of that contract, Network Solutions built itself into a public corporation with a market capitalization of over $2 billion today.

Never mind that the contract is set to be superseded by a new system of competing registrars that's now being developed by a nonprofit group charged with opening up the domain-name business. And never mind that in fulfilling its central administrative role for the entire Internet, Network Solutions grew into a bizarrely unresponsive Kafkaesque bureaucracy that to this day causes system administrators everywhere to cringe with horror and frustration each time they have to deal with it.

Being a monopoly means never having to say you're sorry. Network Solutions now calls itself "the dot com people" and is trying to position itself as a provider of all kinds of Internet-related services to the millions of customers whose domain names it already assigns.

Last week, though, in the course of aggressively promoting one of those services, Network Solutions committed a series of boneheaded errors that make you wonder whether it ought to be trusted with anything as essential as the care and feeding of the domain name system.

Network Solutions seems to want to transform itself into some kind of portal for businesses online, and recently it decided to offer a new free "Dotcomnow" e-mail service to large numbers of its clients as part of a new program called "Dot Com Essentials." It sent off e-mail messages to these clients, informing them that they had a great new free e-mail account, already conveniently set up with their company's name.

The problem was, these accounts also all had temporary passwords that were sent via unsecured e-mail and that were created according to a simple formula that virtually anyone could figure out. All you had to do to hijack someone's "Dotcomnow" mailbox was to get to it before they did, plug in the temporary password and then, having gained access to the account, change the password to something only you, the hijacker, knew.

As I write this column on Monday, there's word of another, even more absurd security hole in the free e-mail services Network Solutions offers: A back-door URL published in 2600, the hacker journal, allows you to access all the e-mail for any free e-mail account on the Network Solutions system (shades of a similar recent problem at Microsoft's Hotmail service). Presumably by the time you read this the company will have blocked the hole. But before it did, 2600 gathered a selection of irate e-mails, sent by disgruntled customers to Network Solutions regarding its password snafu, that makes for amusing reading.

Now, it's true that being able to steal a free e-mail account that the original owner didn't even ask for is not something to lose too much sleep over. Who cares if some clown can masquerade as "Your Business@dotcomnow.com"? It might provide a few minor opportunities for con artists and frauds, but the Internet is a pretty happy hunting ground for them already.

What's upsetting about this fiasco isn't any material damage done, but rather the sinking feeling it engenders. It's hard not to conclude that the folks who run Network Solutions are utterly ignorant of the most basic social and technical realities of the network they play such a central role in managing.

It's tough enough to build totally secure systems on the Internet even when you're working hard at it and you know what you're doing. But the kind of goof Network Solutions made here reveals a serious kind of incompetence that confirms all one's worst suspicions about the company based on its previous track record.

For instance, the annals of the Net are filled with tales of people duping Network Solutions into changing the records for a particular domain registration by impersonating the legitimate owner. Domain names are incredibly valuable property these days, and businesses depend on them. Yet the company that administers them has never taken full responsibility for ensuring their integrity -- while at the same time it tries to use its bureaucratic monopoly as the foundation for a profit-making machine.

When Network Solutions wants to avoid liability for resolving disputes over the right to a particular name, it pleads that it is simply a lowly registration authority that cannot be held to account; but when it wants to persuade the public markets that it is a hot Internet-company property, it poses as the powerhouse behind the Net's infrastructure. And it acts with frequent disregard for the needs of the community it serves: For instance, last spring it shut down the old InterNIC registry site and service, routing all domain name inquiries to its corporate Web site instead.

The entire domain name system is a convenience -- a means for substituting easy-to-remember names for the long strings of numbers (IP addresses) that actually identify individual computers to the Internet. As such, it's relatively replaceable; it's easy to imagine alternatives. Yet to date all the proposals for extending the current domain name system by, for instance, adding new top-level domains (adding, say, ".news" for news sites or ".shop" for online stores) have stalled for lack of consensus or legitimacy -- or because of resistance from those with a vested interest in today's ".com" hegemony, like Network Solutions itself.

Meanwhile, the Internet Corporation for Assigned Names and Numbers (ICANN) is proceeding with its plans to open up the domain name registration business to competition. Given Network Solutions' history, it shouldn't be too difficult for new entrants in this field to provide better service. On the other hand, it's unclear how much the new, upstart registrars will still have to depend on Network Solutions and its existing systems in order to conduct their businesses.

ICANN has taken flak from all sides -- Network Solutions isn't happy about giving up one iota of its dominance, while some would-be "little guy" registrars complain that ICANN isn't moving fast enough or far enough in dismantling the existing monopoly. But ICANN's thankless task may be of the sort that can only be performed well by pleasing no one.

In the meantime, when next you hear Network Solutions refer to itself as "the dot com people," don't believe it! You and I and everyone else who's ever registered a domain or built a Web site are "the dot com people." On the basis of their performance this week, the folks at Network Solutions are the "don't know" people.


By Scott Rosenberg

Salon co-founder Scott Rosenberg is director of MediaBugs.org. He is the author of "Say Everything" and Dreaming in Code and blogs at Wordyard.com.

MORE FROM Scott Rosenberg


Related Topics ------------------------------------------