Network Solutions Tries To Auto-Enroll Users Into Its $1,850/Year Domain 'Protection Plan'

from the network-solutions-execs-decide-to-take-company-down-from-the-inside dept

Any service that is going to require additional time, money or labor from a user should be opt in, period. Making something opt out is for cowards and scammers. If you think the new whatever might be unpopular but you want to make it happen anyway, you make it opt out and delay the outrage until after the implementation. That’s how cowards run the shop. If you’re just trying to generate some income without actually earning it, you make the new paid service (or pricier service) opt out, and hope that the additional funds outweigh the cost of lost business.

Here’s what hosting company Network Solutions (a.k.a. recently tried to hit software developer Brent Simmons with, in the form of an “opt out” service. (via Techdirt reader Andrew F)

I got an email from Network Solutions — where I still have two domains, originally registered in the ’90s — that informed me I have been enrolled in their WebLock Program.

To help recapture the costs of maintaining this extra level of security for your account, your credit card will be billed $1,850 for the first year of service on the date your program goes live. After that you will be billed $1,350 on every subsequent year from that date. If you wish to opt out of this program you may do so by calling us at 1-888-642-0265.

That’s must be some pretty hefty security, especially considering hosting usually runs about $40 a year. Simmons first thought was that it was a scam (which it kind of is…) being run by someone not related to Network Solutions. He contacted the company and was somewhat surprised to hear that it was indeed planning to jack his plan up from $40/year to $1,850/year on the anniversary date. Needless to say, Simmons informed Network Solutions that he would find somewhere else to host his domains.

Kevin Poulsen at Wired followed up with Network Solutions to see if it could explain why it was planning on increasing Simmons’ rates by 2,300% and, as if that wasn’t bad enough, doing it as an opt out program.’s COO, Jason Teichman, offered this explanation:

“I will admit that email is not worded properly, and not worded in any way what represents what we’re going to do,” says Teichman. “No customer will be enrolled in this program without their consent, period. No customer will have to opt out, period.”

Teichman declined to elaborate on how the email came to be phrased as it did. He says the email went to only 50 customers, and that only 30,000 customers — about one percent of Network Solution’s base — will even be offered the program. “Our intent is to focus on customers who have a lot of traffic and who have highly visible brands,” he says. “When these domains are hijacked the cost is insane.”

“Not worded properly.” Simmon’s has a screenshot of the entire email at his website, and to say the email wasn’t “worded properly” is to call into question much of the language surrounding the astronomical leap in price.

The first few paragraphs rationalize the price jump, citing stats about the increase in domain hijackings. It’s when the email finally starts talking money that phrasing becomes important. There’s nothing in here that indicates a word or two was simply out of place.

Starting 9:00 AM EST on 2/4/2014 all of your domains will be protected via our WebLock Program.

This doesn’t look ambiguous. Whether Simmons wants or needs “WebLock,” he’s getting it, starting on Feb. 4th.

To help recapture the costs of maintaining this extra level of security for your account, your credit card will be billed $1,850 for the first year of service on the date your program goes live. After that you will be billed $1,350 on every subsequent year from that date. If you wish to opt out of this program you may do so by calling us at 1-888-642-0265.

Nothing here seems unclear, either. Maybe the email was supposed to say “opt in” instead of “opt out” in this paragraph, but the wording earlier in the letter seems to indicate the choice has already been made for Simmons by Network Solutions. That definitely makes it “opt out” in the context.

Now,’s apology and non-explanation is accurate about one thing: this won’t be happening to all of its users. It’s targeted at the more popular sites it hosts. Larry Seltzer at ZDNet tracked down exactly who is (well, was) attempting to force to “take advantage” of its auto-enroll, opt out, extremely expensive service.’s criteria for selecting sites for WebLock were:

1. Domains registered to a Fortune 1000 or a Global 5000 company

2. High Traffic: Domains that fell within Google Page Rank >6 and an Alexa rank of 1-250,000.

(Sidebar: always great to see a forward-thinking internet hosting company is relying on Alexa for traffic rank data… [insert eyeroll emoji before going to press])

If Network Solutions had been able to auto-bill 50 users for $1,850, then it grosses almost $200k for a service that’s about as useful as an extended warranty. Sure, if you do get hijacked, it’s worth it, but the odds are low that it will happen and any hosting company should be doing its best to prevent this from happening anyway, even without stealthily lifting nearly two grand from your credit card balance (almost) unannounced. And there’s no way this service should cost this much. Seltzer points out that “any honest registrar” already offers Weblock-style protection… for free.

First, a little background: Back in the middle of the last decade there was a major problem with domain name theft. Through a variety of fraudulent techniques, bad actors could trick a domain name registrar into transferring your domain name to them. Good luck getting it back when that happened.

It took a long time, but to address the situation a new feature was added which is standard with domain names: the REGISTRAR-LOCK option. When you turn this option on, then modification of the domain name or contact details, as well as deleting or transferring the domain, are all prevented. You have to unlock it first, and the procedures for that are intentionally cumbersome. And REGISTRAR-LOCK is free from any honest registrar.

Seltzer also notes that he spoke to another rep from Network Solutions, CTO Jane Landon, who explained the email to Simmons was a mistake (because his domains weren’t ranked high enough to qualify for the extra protection) and that making it opt out was a completely legit way to do business. Obviously, things changed in the few hours between ZDNet’s conversation and Wired’s conversation.

But Landon’s wrong there as well. Chances are the big name customers wouldn’t even give the email a second glance if it landed in their inboxes. This is the subject line Network Solutions chose to use:

Your domain is being enrolled in the WebLock Security Program

To anyone scanning their inbox, it looks like nothing more than a commonplace announcement from a company they do business with. It would possibly prompt a “well, that’s nice” from the recipient and not much else. Nothing indicates there’s an $1850 charge hiding in the wings. Nothing about it demands additional attention — and that seems to be the point.

Network Solutions meant to target big names and popular sites, ones whose inboxes are stuffed full every day and who would very likely not notice a large expenditure being billed to the corporate card. While the service does indeed have some value, it relies on trusting your hosting company to have your back when your site is compromised. But sneaking a rate hike in under the cover of “A boring, routine announcement about your site” eliminates that trust and results in a growing number of former customers.

Maybe Network Solutions felt it could mitigate the losses in its customer base by collecting $1850 a piece from a percentage of the 30,000 customers it chose to opt in to its program. If so, that’s an even worse way to run a business. Service providers should not be actively undermining their customers’ expectations and trust in this fashion, and even with all the post-exposure explanations and hand-waving, there’s no indication that the company thought handling it this way was a bad idea until it was caught.

Filed Under: , , ,
Companies: network solutions,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Network Solutions Tries To Auto-Enroll Users Into Its $1,850/Year Domain 'Protection Plan'”

Subscribe: RSS Leave a comment
madasahatter (profile) says:

Who Was the Idiot?

If you are announcing new paid features they should by always be opt-in. Not for any legal reason, I am sure opt-out notices are legal in the US but for customer relations. Angry customers complain and leave for competitors and you get articles such as this. If someone asked me about Network Solutions I would not recommend them based on this.

sehlat (profile) says:

As I commented recently to similar idiocy...

in an email to Customer Service. The email included a PDF of my order acknowledgement from Amazon for the same merchandise I’d tried to purchase and been abused by [redacted]’s website for the attempt:

If you read the attached PDF, you’ll note I saved a dollar on your price for each of the two units, and got free shipping as well.

Please remind your supervisors that every customer in the world can always vote with his mouse.

kenichi tanaka (profile) says:

I have to say that I have never had a problem with someone stealing my domain name. While I had a problem with getting a previous webhost provider unlocking my domain so I could transfer it, I was able to convince the registrar of my domain name to unlock it so I could transfer my domain name.

Most webhost companies provide domain name “lock” to prevent anyone from hijacking your domain name. In the event that such a thing did happen, my registrar would be able to regain control of my domain name and transfer it back to me.

Domain name hijacks usually occur when someone hasn’t ‘locked’ their domain name from such actions.

Anonymous Coward says:

Re: Re:

Actually stealing a domain name is actually pretty difficult to do. Most of the time what happens is they hack the account, change the name servers to point to one with a zone that points the domain to a different host that they’ve setup and then they change the password so that the actual owner can’t login and fix it easily. To get it changed back then requires calling the registrar, getting them to verify your identity, and correct the settings on your account to change it back and reset your password for you. Sure it’s a pain in the ass and because of the DNS propagation it doesn’t fix it immediately until all the cached DNS records expire, but you still didn’t lose the domain at all. It just got pointed somewhere else. Actually losing the domain requires you transferring it to a completely different registrar with new account information that is different than yours so that they don’t have any record of who you are. That process is by design a slow, cumbersome process that if not done exactly properly fails and requires you to attempt again at from the beginning to get it transferred specifically to prevent this sort of abuse. It’s also the reason that once a domain is transferred ICANN prohibits it from being transferred again for 60 days so that someone cannot transfer it multiple times in quick succession to hide the ownership trail and cover up fraud. It is also why ICANN only allows you to transfer active names and not expired ones and once your domain expires the registrar has to allow only you to renew it for a good period of time before they make it available for someone new to register it for themselves. Someone actually losing their domain is really quite rare for these reasons and requires someone usually requires an owner who is quite oblivious for a very long time to be successful.

Skeptical Cynic (profile) says:

Netsol has live is a bygone era.

They refuse to see the changing Internet landscape. I used to host over 200 domains and websites for clients with Netsol in years long past because they were the place to host domain names and websites. But for too many years than I can remember they are not even close to market rates. SO they lost over 120 domains and hosting accounts.

This is just their deathknell. They are looking to milk the last of the revenues the can from the those that were to stupid to leave them 5 years ago.

John Fenderson (profile) says:

Re: Re: Netsol has live is a bygone era.

Yeah, Network Solutions has a number of highly questionable practices. The one I notice the most is that a few months before my domains are set to expire, I get these letters from them that look an awful lot like bills to renew them.

Except that I don’t use Network Solutions as my registrar, and my domains are automatically renewed by my actual registrar. What NS is doing is a skeevy attempt to trick people into switching to them when what they think they’re doing is a simple renewal.

Anonymous Coward says:

Ok I'm confused here...

Although they are often done through the same company, a hosting provider and a domain registrar are completely different things and do not have to be from the same company at all. It sounds like it’s the registrar side, but the hosting side has absolutely nothing to do with it when it comes to the type of domain hijacking that this protection is designed to prevent. Of course, hacking the DNS service (which can even be at either the host or the registrar or somewhere else completely different) to change the zone for the domain is another way to hijack an domain but would have nothing to do with the registrar. Also if the host and the registrar are different how the hell would the registrar have any idea about how much traffic the domain gets?

John Fenderson (profile) says:

Re: Ok I'm confused here...

The kind of hijacking that they’re talking about is where someone submits an order to change registrars & registered owners without the original owner agreeing to the change.

This sort of thing is pretty easy to guard against, and there’s no way it should cost so much. With my registrar, if a change is ordered, they simply contact me directly to confirm it before doing the change. Problem solved.

Anonymous Coward says:

Re: Re: Ok I'm confused here...

As I explained above, stealing a domain by transferring it to a new registrar is usually pretty hard to do. It usually has to be unlocked first, then the request has to be sent through the new registrar that passes the request on to the old registrar that then sends a confirmation email to the owner that has to be returned within a period of time back to the old registrar and before it can be released once they check that it is even eligible for transfer and then any transfer fees charged by the new registrar have to be paid within a certain period of time before it will actually go through and this whole process can take around 6 weeks to complete and if any part of it fails they will often not tell you that it failed or why but you still will have to start all over again with a new request from the beginning. It’s a pain in the ass by design simply to prevent this sort of thing from happening easily.

Rich Kulawiec (profile) says:

You will never find...

…a more wretched hive of scum and villainry.

Lauren Weinstein has covered this story as well, on his “nnsquad” mailing list (which I highly recommend): has the initial report, has the confirmation, has the reversal, and has more backing away and posturing.

Also worth noting from nnsquad — and just a week earlier: which explains how they sent an illiterate email message that really did look like a badly-written phish.

It’s difficult to imagine why anyone would remain with Network Solutions at this point. I highly recommend Nearly Free Speech, who not only have serious technical clue, plus excellent support, plus a track record of defending their users and the ‘net, plus competitive prices: (Disclosure: I’m a customer. And a pretty darn happy one so far. I don’t expect that to change.)

On a more general topic: Tim’s comments on opt-in vs. opt-out echo something I’ve been saying for decades: opt-out is ALWAYS abusive. It’s used by cowards, liars, scammers, spammers, and similar people who know, up front, that few if any people actually want what they’re peddling — which is why they’re signed up for it involuntarily. Compounding this problem is the unpleasant reality that opt-out is invariably made obscure, onerous, and time-consuming — and sometimes, silently reversed at a later date. (Or never honored at all.)

Anonymous Coward says:


Network Solutions isn’t exactly “aka”. Network Solutions is OWNED by which purchased them in 2011, just like they purchased in 2010. Network Solutions offers registrar services and hosting services that are directly in competition with each other, in much the same way that various radio stations all owned by Clear Channel compete directly with each other even though they are owned by the same parent company.

vastrightwing (profile) says:

Network UnSolutions is still relevant?

I dumped them decades ago when they were charging $30/domain (today $39) while others were offering domains for $8.00. Their interface was old, clunky and outdated. Their “service” was expensive and I couldn’t see the value then. I have since gone through 4 alternative registrars, due to continued price hikes, as each registrar takes me for granted.

Why do people stay with NS when you get much better value with any number of alternatives?

TJG0524 (profile) says:

Network Solutions Bait & Switch

NS pulled a major bait and switch on me last fall. There was an ad on a Yahoo! page: “Register a new domain – $10 for first year!”.
Well, I clicked the link, logged in with my existing account, filled out the screens and got to the final Click-Here-To-Submit-Your-Order screen.
7.5 microseconds before I clicked Submit I saw the total was $54.95. Too late. Yep, totally my fault.
Got on the phone with NS, they got all kinds of apologetic but said that the Yahoo! ad had expired, should not have been there, and yes, it really should have said that this was for new customers only but the ad should not have been there anyway.
Bottom line was that they brought down the price to $24.95, which I grudgingly paid rather than risk losing the domain name.
As soon as I could I transferred all domains to another registrar, after going through multiple unnecessary steps and call to move them. But that is another story.

Anonymous Coward says:

If anyone remembers when they tried front-running in 2008, this should come as no surprise. What’s not well-understood by Network Solutions’ customers is that locking the name at not just the registrar level, but the registry level, is available to them. The cost for this additional feature to the registrar is nominal, and is the way this service ought to be provided.

ChrisR (profile) says:


I just got a call from them and they offered me the “deal” (I do have some great names) and it was $4000 per year! (That was for the 8 names remaining at NSI). I told them I was a small company (true) and that was just too much, but they didn’t seem interested in coming down.

Google offers two-factor identification for free. Too bad NSI wants to make a quick buck vs providing a reasonable priced service. Nice job

hans atrott (user link) says:

Networksolutions' scams has become incredibly fraudulent. It offers many programs against misuses and frauds. However, the first necessity is to save the customers from I started being a client with in the 1990ties. Each time when I sent my newsletter of about 3000 recipients, – without any notice in advance or afterward – blocked my email address for days if not weeks but industriously tried me to persuade staying with this provider. Finally, I made up my mind to change the host. Then, I had no problems to send my newsletter. tried everything to foil this move to the “new” provider. a) One gets emails from addresses defying the migration, to which one cannot reply. b) Before changing, one should call to (even from other continents!). This is a self-fabricated condition of cancellation services that is illegal. The information of the client that one wants to change is to comply and nothing else. In the same way, they could stipulate that one first has to kiss the shoes of the boss of this fraudulent company, before going away to another host…
Finally, I succeeded to change my email provider. However, this was not the end of my experience with About one and a half year later – when already having forgotten this fraudulent company – I received an email from “Order confirmed – Your credit card charged with 219,80 US$ for ns-mail.” Of course, again it was an email with a no-reply address of this company. I was flabbergasted! I do not know what ns-mail is. I never used it. In addition, charged me about a service I did not know, never used and never will do so, two months in advance before the sham of “service” expired. The cost of this “ns mail”, in addition, exceed the ones of my now email address, many times. This means that works with scams of sham services and if people change to another provider, they, nevertheless, become charged without a service in return by Already offering a “service” which the customers do not notice to lack if severing from means that the company fleeces its customers with wholly superfluous or even faked “services.” If you are customer with this company, do the following things:

1.) Never authorize this company for “auto renewals” and
2.) never give your credit card data to the company.

Serious and honorable companies inform you that in two months a payment of this or that amount is due. without any notice charges you for sham services two months in advance so that you cannot contradict the fraud, in advance. once was a good company. However, today, it is the reverse of that what it was in the 1990ties.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...