Criticism is quickly growing over VeriSign's surprise decision to take control of all unassigned .com and .net domain names, a move that has wreaked havoc on many e-mail utilities and antispam filters.

On Monday, VeriSign began to redirect domain lookups for misspelled or nonexistent names to its own site, a process that has confused Internet e-mail utilities and drawn angry denunciations of the company's business practices from frustrated network administrators. The Mountain View, Calif.-based company enjoys a government-granted monopoly as the master database administrator for .com and .net.

VeriSign's new policy is intended to generate more advertising revenue from additional visitors to its network of Web sites. But the change has had the side effect of rewiring a portion of the Internet that software designers always had expected to behave a certain way, snarling antispam mechanisms that check to see if the sender's domain exists, complicating the analysis of network problems, and possibly even polluting search engine results.

A representative for VeriSign did not respond to a request for comment Tuesday. On Monday, VeriSign released an eight-page paper describing the implementation of its "Site Finder" program, saying it "improves the user Web-browsing experience when the user has submitted a query for a nonexistent second-level domain in the .com and .net second-level domains...(Previously) his or her Web browser returned an error message that contained no useful information."

In an unusual kind of grassroots movement, some network administrators have begun to invent and launch technical countermeasures against VeriSign. A discussion thread on the North American Network Operators' Group mailing list was titled "What *are* they smoking?" and offered technical tips on how to configure routers and servers to block access to VeriSign's site, so Web users would receive the traditional "nonexistent domain" error message.

"There are already modifications to BIND software to take responses that contain that VeriSign address and turn it into a nonexistent domain error," Karl Auerbach, a veteran Internet engineer and former board member of the Internet Corporation for Assigned Names and Numbers (ICANN), said about the standard utility used for domain name lookups. "There are also several Internet service provider-type people dealing with routing information who are already talking about blocking (the VeriSign site). I believe some have."

VeriSign is not the first domain-name company to try to profit from typos and errors, but because .com and .net represent such a huge percentage of Internet names, its decisions have the most profound impact. Some of the other top-level domains that have adopted a similar policy include .cc, .museum, .nu, .ph, .tm and .ws. Microsoft's Internet Explorer also returns a similar error message and search box, but because the redirection is performed by the end user's computer, the effect is limited.

Verisign's Antispam Foil »