The antispam foil
Yakov Shafranovich, co-chair of the Anti-Spam Research Group organized under the Internet Research Task Force, said some spam blockers are being thrown for a loop, because the computer that VeriSign uses to respond to misspelled or nonexistent domains is misconfigured. The VeriSign software--named the "Snubby Mail Rejector Daemon v1.3"--does not follow Internet standards, Shafranovich said. He also warned the VeriSign change was creating problems--for example, leading some older versions of SpamAssassin to view the entire Internet as a source of spam.

"Some of the antispam tools in our group broke because of this," Shafranovich said. "They put up an SMTP server, but it's not a real SMTP server."

One post to an Internet Engineering Task Force mailing list quipped: "This certainly qualifies as 'most broken SMTP implementation ever.' Will the protocol police please send out a squad car to pick up the suspects?" SMTP stands for the Simple Mail Transport Protocol, the Internet's workhorse standard.

 VeriSign's decision, which was done without consulting the Internet standards groups, came just a few days after the U.S. Federal Trade Commission accused the company of deceptive business practices for sending "domain name expiration notices" to competitors' customers in early 2002.

Neither ICANN, which in principle oversees VeriSign's actions as the domain name registrar, nor the U.S. Department of Commerce, which has a contract with VeriSign, responded to requests for comment.

An ICANN representative said, "We have no comment at this time, but I hope that we'll have something over the next few days."

A representative for the Commerce Department referred questions to ICANN and VeriSign. The government's contract says VeriSign "shall take all reasonable steps to ensure the continued...functionality and accessibility" of the domain name registration system.

Auerbach said he strongly dislikes VeriSign's new policy, but he admits: "ICANN and the Department of Commerce can't clearly say that (VeriSign is) violating Internet standards. It's impossible for Internet standards to enumerate all the dumb things you can do."

Critics say VeriSign's move evokes privacy and national security implications as well. Because passwords sometimes are included after the hostname in Web links, a misspelled domain name could transmit sensitive information to the company. Also, because of the way network providers cache domain name queries, VeriSign's policy means that it will take longer for new domains to propagate--something that could be a problem if a Web site is launched to deliver emergency information about an earthquake or a terrorist attack, for example.

Earlier this year, VeriSign was dealt a harsh rebuke in a similar matter by the highly regarded Internet Architecture Board. Referring to the Domain Name System (DNS), the board's unanimous statement said: "The system VeriSign had deployed for .com and .net contains significant DNS protocol errors, risks the further development of secure DNS, and confuses the resolution mechanisms of the DNS with application-based search systems."

VeriSign shares closed Tuesday at $15.81, up 4 cents.