Network Solutions Tries To Auto-Enroll Users Into Its $1,850/Year Domain 'Protection Plan'

from the network-solutions-execs-decide-to-take-company-down-from-the-inside dept

Any service that is going to require additional time, money or labor from a user should be opt in, period. Making something opt out is for cowards and scammers. If you think the new whatever might be unpopular but you want to make it happen anyway, you make it opt out and delay the outrage until after the implementation. That's how cowards run the shop. If you're just trying to generate some income without actually earning it, you make the new paid service (or pricier service) opt out, and hope that the additional funds outweigh the cost of lost business.

Here's what hosting company Network Solutions (a.k.a. Web.com) recently tried to hit software developer Brent Simmons with, in the form of an "opt out" service. (via Techdirt reader Andrew F)

I got an email from Network Solutions — where I still have two domains, originally registered in the ’90s — that informed me I have been enrolled in their WebLock Program.

To help recapture the costs of maintaining this extra level of security for your account, your credit card will be billed $1,850 for the first year of service on the date your program goes live. After that you will be billed $1,350 on every subsequent year from that date. If you wish to opt out of this program you may do so by calling us at 1-888-642-0265.
That's must be some pretty hefty security, especially considering Web.com hosting usually runs about $40 a year. Simmons first thought was that it was a scam (which it kind of is…) being run by someone not related to Network Solutions. He contacted the company and was somewhat surprised to hear that it was indeed planning to jack his plan up from $40/year to $1,850/year on the anniversary date. Needless to say, Simmons informed Network Solutions that he would find somewhere else to host his domains.

Kevin Poulsen at Wired followed up with Network Solutions to see if it could explain why it was planning on increasing Simmons' rates by 2,300% and, as if that wasn't bad enough, doing it as an opt out program. Web.com's COO, Jason Teichman, offered this explanation:
“I will admit that email is not worded properly, and not worded in any way what represents what we’re going to do,” says Teichman. “No customer will be enrolled in this program without their consent, period. No customer will have to opt out, period.”

Teichman declined to elaborate on how the email came to be phrased as it did. He says the email went to only 50 customers, and that only 30,000 customers — about one percent of Network Solution’s base — will even be offered the program. “Our intent is to focus on customers who have a lot of traffic and who have highly visible brands,” he says. “When these domains are hijacked the cost is insane.”
"Not worded properly." Simmon's has a screenshot of the entire email at his website, and to say the email wasn't "worded properly" is to call into question much of the language surrounding the astronomical leap in price.

The first few paragraphs rationalize the price jump, citing stats about the increase in domain hijackings. It's when the email finally starts talking money that phrasing becomes important. There's nothing in here that indicates a word or two was simply out of place.
Starting 9:00 AM EST on 2/4/2014 all of your domains will be protected via our WebLock Program.
This doesn't look ambiguous. Whether Simmons wants or needs "WebLock," he's getting it, starting on Feb. 4th.
To help recapture the costs of maintaining this extra level of security for your account, your credit card will be billed $1,850 for the first year of service on the date your program goes live. After that you will be billed $1,350 on every subsequent year from that date. If you wish to opt out of this program you may do so by calling us at 1-888-642-0265.
Nothing here seems unclear, either. Maybe the email was supposed to say "opt in" instead of "opt out" in this paragraph, but the wording earlier in the letter seems to indicate the choice has already been made for Simmons by Network Solutions. That definitely makes it "opt out" in the context.

Now, Web.com's apology and non-explanation is accurate about one thing: this won't be happening to all of its users. It's targeted at the more popular sites it hosts. Larry Seltzer at ZDNet tracked down exactly who Web.com is (well, was) attempting to force to "take advantage" of its auto-enroll, opt out, extremely expensive service.
Web.com's criteria for selecting sites for WebLock were:

1. Domains registered to a Fortune 1000 or a Global 5000 company

2. High Traffic: Domains that fell within Google Page Rank >6 and an Alexa rank of 1-250,000.
(Sidebar: always great to see a forward-thinking internet hosting company is relying on Alexa for traffic rank data… [insert eyeroll emoji before going to press])

If Network Solutions had been able to auto-bill 50 users for $1,850, then it grosses almost $200k for a service that's about as useful as an extended warranty. Sure, if you do get hijacked, it's worth it, but the odds are low that it will happen and any hosting company should be doing its best to prevent this from happening anyway, even without stealthily lifting nearly two grand from your credit card balance (almost) unannounced. And there's no way this service should cost this much. Seltzer points out that "any honest registrar" already offers Weblock-style protection… for free.
First, a little background: Back in the middle of the last decade there was a major problem with domain name theft. Through a variety of fraudulent techniques, bad actors could trick a domain name registrar into transferring your domain name to them. Good luck getting it back when that happened.

It took a long time, but to address the situation a new feature was added which is standard with domain names: the REGISTRAR-LOCK option. When you turn this option on, then modification of the domain name or contact details, as well as deleting or transferring the domain, are all prevented. You have to unlock it first, and the procedures for that are intentionally cumbersome. And REGISTRAR-LOCK is free from any honest registrar.
Seltzer also notes that he spoke to another rep from Network Solutions, CTO Jane Landon, who explained the email to Simmons was a mistake (because his domains weren't ranked high enough to qualify for the extra protection) and that making it opt out was a completely legit way to do business. Obviously, things changed in the few hours between ZDNet's conversation and Wired's conversation.

But Landon's wrong there as well. Chances are the big name customers wouldn't even give the email a second glance if it landed in their inboxes. This is the subject line Network Solutions chose to use:
Your domain is being enrolled in the WebLock Security Program
To anyone scanning their inbox, it looks like nothing more than a commonplace announcement from a company they do business with. It would possibly prompt a "well, that's nice" from the recipient and not much else. Nothing indicates there's an $1850 charge hiding in the wings. Nothing about it demands additional attention -- and that seems to be the point.

Network Solutions meant to target big names and popular sites, ones whose inboxes are stuffed full every day and who would very likely not notice a large expenditure being billed to the corporate card. While the service does indeed have some value, it relies on trusting your hosting company to have your back when your site is compromised. But sneaking a rate hike in under the cover of "A boring, routine announcement about your site" eliminates that trust and results in a growing number of former customers.

Maybe Network Solutions felt it could mitigate the losses in its customer base by collecting $1850 a piece from a percentage of the 30,000 customers it chose to opt in to its program. If so, that's an even worse way to run a business. Service providers should not be actively undermining their customers' expectations and trust in this fashion, and even with all the post-exposure explanations and hand-waving, there's no indication that the company thought handling it this way was a bad idea until it was caught.



Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    BentFranklin (profile), Jan 28th, 2014 @ 9:02am

    Maybe those big customers will force Network Solutions to dissolve.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    John Fenderson (profile), Jan 28th, 2014 @ 9:16am

    Insane pricing

    My registrar offers the same service (opt-in), which I subscribe to. It costs me an extra $40/yr -- a price that I thought was pretty steep until I heard about this! Who knew I was getting such a great deal?

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Jan 28th, 2014 @ 9:17am

    Google

    are not the services that Google provides an "opt-out" service and not opt-in, after all Google takes my time with its adds, and I cannot opt out of that, SCAMMERS...

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    madasahatter (profile), Jan 28th, 2014 @ 9:18am

    Who Was the Idiot?

    If you are announcing new paid features they should by always be opt-in. Not for any legal reason, I am sure opt-out notices are legal in the US but for customer relations. Angry customers complain and leave for competitors and you get articles such as this. If someone asked me about Network Solutions I would not recommend them based on this.

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    techflaws (profile), Jan 28th, 2014 @ 9:27am

    Back in the middle of the last decade there was a major problem with domain name theft. Through a variety of fraudulent techniques, bad actors could trick a domain name registrar into transferring your domain name to them.


    Which sounds like the registrar being the problem. So why would the customer have to pay for their stupidity?

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    sehlat (profile), Jan 28th, 2014 @ 9:30am

    As I commented recently to similar idiocy...

    in an email to Customer Service. The email included a PDF of my order acknowledgement from Amazon for the same merchandise I'd tried to purchase and been abused by [redacted]'s website for the attempt:

    If you read the attached PDF, you'll note I saved a dollar on your price for each of the two units, and got free shipping as well.

    Please remind your supervisors that every customer in the world can always vote with his mouse.

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    kenichi tanaka (profile), Jan 28th, 2014 @ 9:38am

    I have to say that I have never had a problem with someone stealing my domain name. While I had a problem with getting a previous webhost provider unlocking my domain so I could transfer it, I was able to convince the registrar of my domain name to unlock it so I could transfer my domain name.

    Most webhost companies provide domain name "lock" to prevent anyone from hijacking your domain name. In the event that such a thing did happen, my registrar would be able to regain control of my domain name and transfer it back to me.

    Domain name hijacks usually occur when someone hasn't 'locked' their domain name from such actions.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Jan 28th, 2014 @ 9:39am

    Evil

    If you'd like me to not rob your ass blind please call!

    1-888-642-0265.

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    Violynne (profile), Jan 28th, 2014 @ 9:41am

    "Making something opt out is for cowards and scammers."
    So, would TD be a coward or a scammer for several if its opt-out features?
    ;)

    Though, I completely agree. I can't stand the new Google mentality of doing something just because they can do it.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    Ninja (profile), Jan 28th, 2014 @ 9:44am

    Re:

    Hah, I see what you did there. And I kind of agree. However what we are presented here with opt-out setups does not cost additional money.

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    Ninja (profile), Jan 28th, 2014 @ 9:47am

    Re: Google

    And many other online ad companies do the same. If you use Google services you are exchange your "time" instead of money with Google which is not that bad. And you can use tools to avoid some of the ads and tracking (or all if you don't mind losing some functionality).

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Jan 28th, 2014 @ 9:51am

    Re: Google

    Adblock?

    If you don't use it you are looking at the internet through a very distorted web browser!

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    mdpopescu (profile), Jan 28th, 2014 @ 9:51am

    Charge-backs

    If they get hit with a couple thousand charge-backs, won't that be really bad even for a company as big as NS?

     

    reply to this | link to this | view in thread ]

  14.  
    icon
    JWW (profile), Jan 28th, 2014 @ 9:58am

    Shakedown

    Ya know, it'd be a shame if something were to … happen to your domain.

    Hows about you pay us eighteen hundred fifty bucks..

     

    reply to this | link to this | view in thread ]

  15.  
    icon
    Skeptical Cynic (profile), Jan 28th, 2014 @ 10:02am

    Netsol has live is a bygone era.

    They refuse to see the changing Internet landscape. I used to host over 200 domains and websites for clients with Netsol in years long past because they were the place to host domain names and websites. But for too many years than I can remember they are not even close to market rates. SO they lost over 120 domains and hosting accounts.

    This is just their deathknell. They are looking to milk the last of the revenues the can from the those that were to stupid to leave them 5 years ago.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Jan 28th, 2014 @ 10:09am

    Re: Netsol has live is a bygone era.

    They have refused to accept that they are no longer the only game in town for a very long time. They still act like it's 1996 when they were the only registrar available. Their customer service is one of the worst I've ever had to deal with.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, Jan 28th, 2014 @ 10:17am

    Ok I'm confused here...

    Although they are often done through the same company, a hosting provider and a domain registrar are completely different things and do not have to be from the same company at all. It sounds like it's the registrar side, but the hosting side has absolutely nothing to do with it when it comes to the type of domain hijacking that this protection is designed to prevent. Of course, hacking the DNS service (which can even be at either the host or the registrar or somewhere else completely different) to change the zone for the domain is another way to hijack an domain but would have nothing to do with the registrar. Also if the host and the registrar are different how the hell would the registrar have any idea about how much traffic the domain gets?

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    artp (profile), Jan 28th, 2014 @ 10:20am

    Looks like fraud to me, nothing else

    So where is the attorney general?

    And since when do you expect people committing fraud to start telling the truth about it?

     

    reply to this | link to this | view in thread ]

  19.  
    icon
    John Fenderson (profile), Jan 28th, 2014 @ 10:32am

    Re: Re: Netsol has live is a bygone era.

    Yeah, Network Solutions has a number of highly questionable practices. The one I notice the most is that a few months before my domains are set to expire, I get these letters from them that look an awful lot like bills to renew them.

    Except that I don't use Network Solutions as my registrar, and my domains are automatically renewed by my actual registrar. What NS is doing is a skeevy attempt to trick people into switching to them when what they think they're doing is a simple renewal.

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    John Fenderson (profile), Jan 28th, 2014 @ 10:35am

    Re: Ok I'm confused here...

    The kind of hijacking that they're talking about is where someone submits an order to change registrars & registered owners without the original owner agreeing to the change.

    This sort of thing is pretty easy to guard against, and there's no way it should cost so much. With my registrar, if a change is ordered, they simply contact me directly to confirm it before doing the change. Problem solved.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Anonymous Coward, Jan 28th, 2014 @ 10:38am

    Re:

    Actually stealing a domain name is actually pretty difficult to do. Most of the time what happens is they hack the account, change the name servers to point to one with a zone that points the domain to a different host that they've setup and then they change the password so that the actual owner can't login and fix it easily. To get it changed back then requires calling the registrar, getting them to verify your identity, and correct the settings on your account to change it back and reset your password for you. Sure it's a pain in the ass and because of the DNS propagation it doesn't fix it immediately until all the cached DNS records expire, but you still didn't lose the domain at all. It just got pointed somewhere else. Actually losing the domain requires you transferring it to a completely different registrar with new account information that is different than yours so that they don't have any record of who you are. That process is by design a slow, cumbersome process that if not done exactly properly fails and requires you to attempt again at from the beginning to get it transferred specifically to prevent this sort of abuse. It's also the reason that once a domain is transferred ICANN prohibits it from being transferred again for 60 days so that someone cannot transfer it multiple times in quick succession to hide the ownership trail and cover up fraud. It is also why ICANN only allows you to transfer active names and not expired ones and once your domain expires the registrar has to allow only you to renew it for a good period of time before they make it available for someone new to register it for themselves. Someone actually losing their domain is really quite rare for these reasons and requires someone usually requires an owner who is quite oblivious for a very long time to be successful.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Rich Kulawiec, Jan 28th, 2014 @ 10:45am

    You will never find...

    ...a more wretched hive of scum and villainry.

    Lauren Weinstein has covered this story as well, on his "nnsquad" mailing list (which I highly recommend): http://www.nnsquad.org/archives/nnsquad/msg08522.html has the initial report, http://www.nnsquad.org/archives/nnsquad/msg08524.html has the confirmation, http://www.nnsquad.org/archives/nnsquad/msg08525.html has the reversal, and http://www.nnsquad.org/archives/nnsquad/msg08526.html has more backing away and posturing.

    Also worth noting from nnsquad -- and just a week earlier: http://www.nnsquad.org/archives/nnsquad/msg08508.html which explains how they sent an illiterate email message that really did look like a badly-written phish.

    It's difficult to imagine why anyone would remain with Network Solutions at this point. I highly recommend Nearly Free Speech, who not only have serious technical clue, plus excellent support, plus a track record of defending their users and the 'net, plus competitive prices: https://www.nearlyfreespeech.net/ (Disclosure: I'm a customer. And a pretty darn happy one so far. I don't expect that to change.)

    On a more general topic: Tim's comments on opt-in vs. opt-out echo something I've been saying for decades: opt-out is ALWAYS abusive. It's used by cowards, liars, scammers, spammers, and similar people who know, up front, that few if any people actually want what they're peddling -- which is why they're signed up for it involuntarily. Compounding this problem is the unpleasant reality that opt-out is invariably made obscure, onerous, and time-consuming -- and sometimes, silently reversed at a later date. (Or never honored at all.)

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Anonymous Coward, Jan 28th, 2014 @ 10:48am

    Re: Re: Ok I'm confused here...

    As I explained above, stealing a domain by transferring it to a new registrar is usually pretty hard to do. It usually has to be unlocked first, then the request has to be sent through the new registrar that passes the request on to the old registrar that then sends a confirmation email to the owner that has to be returned within a period of time back to the old registrar and before it can be released once they check that it is even eligible for transfer and then any transfer fees charged by the new registrar have to be paid within a certain period of time before it will actually go through and this whole process can take around 6 weeks to complete and if any part of it fails they will often not tell you that it failed or why but you still will have to start all over again with a new request from the beginning. It's a pain in the ass by design simply to prevent this sort of thing from happening easily.

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Anonymous Coward, Jan 28th, 2014 @ 11:08am

    Also...

    Network Solutions isn't exactly "aka Web.com". Network Solutions is OWNED by Web.com which purchased them in 2011, just like they purchased Register.com in 2010. Network Solutions offers registrar services and hosting services that are directly in competition with each other, in much the same way that various radio stations all owned by Clear Channel compete directly with each other even though they are owned by the same parent company.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Anonymous Coward, Jan 28th, 2014 @ 11:47am

    Starting 9:00 AM EST on 2/4/2014 all of your domains will be protected via our WebLock Program.

    This doesn't look ambiguous. Whether Simmons wants or needs "WebLock," he's getting it, starting on Feb. 4th.
    It is ambiguous—they could have been referring to April 2nd.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    vastrightwing, Jan 28th, 2014 @ 12:41pm

    Network UnSolutions is still relevant?

    I dumped them decades ago when they were charging $30/domain (today $39) while others were offering domains for $8.00. Their interface was old, clunky and outdated. Their "service" was expensive and I couldn't see the value then. I have since gone through 4 alternative registrars, due to continued price hikes, as each registrar takes me for granted.

    Why do people stay with NS when you get much better value with any number of alternatives?

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Tim, Jan 28th, 2014 @ 6:55pm

    $55,500,000

    At $1,850 each, $55,500,000 is what they stood to earn of each of the 30,000 customers turned out to be as stupid as they hoped they'd be.

     

    reply to this | link to this | view in thread ]

  28.  
    icon
    blue skies (profile), Jan 29th, 2014 @ 12:12am

    Re:

    I made that same mistake at first. Fortunately in the article the month gets mentioned in alphanumeric too.

     

    reply to this | link to this | view in thread ]

  29.  
    icon
    Spointman (profile), Jan 29th, 2014 @ 3:05am

    I have to wonder ... how would this have worked with companies that have multiple domain names? E.g., example.com, example.org, example.net, exxample.com, exampel.net, etc. With dozens of possible misspellings, and $1850 per domain ... that could have been brutal.

     

    reply to this | link to this | view in thread ]

  30.  
    icon
    Nicolas (profile), Jan 29th, 2014 @ 4:26am

    Domain registration sleaze

    Why is it that domain registration seems to attract companies whose integrity, on average, would make the pawn industry wince?

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    TJG0524, Jan 30th, 2014 @ 4:35am

    Network Solutions Bait & Switch

    NS pulled a major bait and switch on me last fall. There was an ad on a Yahoo! page: "Register a new domain - $10 for first year!".
    Well, I clicked the link, logged in with my existing account, filled out the screens and got to the final Click-Here-To-Submit-Your-Order screen.
    7.5 microseconds before I clicked Submit I saw the total was $54.95. Too late. Yep, totally my fault.
    Got on the phone with NS, they got all kinds of apologetic but said that the Yahoo! ad had expired, should not have been there, and yes, it really should have said that this was for new customers only but the ad should not have been there anyway.
    Bottom line was that they brought down the price to $24.95, which I grudgingly paid rather than risk losing the domain name.
    As soon as I could I transferred all domains to another registrar, after going through multiple unnecessary steps and call to move them. But that is another story.

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    Anonymous Coward, Feb 6th, 2014 @ 7:29am

    If anyone remembers when they tried front-running in 2008, this should come as no surprise. What's not well-understood by Network Solutions' customers is that locking the name at not just the registrar level, but the registry level, is available to them. The cost for this additional feature to the registrar is nominal, and is the way this service ought to be provided.

     

    reply to this | link to this | view in thread ]

  33.  
    icon
    ChrisR (profile), Feb 24th, 2014 @ 1:23pm

    $4000

    I just got a call from them and they offered me the "deal" (I do have some great names) and it was $4000 per year! (That was for the 8 names remaining at NSI). I told them I was a small company (true) and that was just too much, but they didn't seem interested in coming down.

    Google offers two-factor identification for free. Too bad NSI wants to make a quick buck vs providing a reasonable priced service. Nice job Web.com.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This