Network Solutions Tries To Auto-Enroll Users Into Its $1,850/Year Domain 'Protection Plan'

from the network-solutions-execs-decide-to-take-company-down-from-the-inside dept

Any service that is going to require additional time, money or labor from a user should be opt in, period. Making something opt out is for cowards and scammers. If you think the new whatever might be unpopular but you want to make it happen anyway, you make it opt out and delay the outrage until after the implementation. That's how cowards run the shop. If you're just trying to generate some income without actually earning it, you make the new paid service (or pricier service) opt out, and hope that the additional funds outweigh the cost of lost business.

Here's what hosting company Network Solutions (a.k.a. recently tried to hit software developer Brent Simmons with, in the form of an "opt out" service. (via Techdirt reader Andrew F)

I got an email from Network Solutions — where I still have two domains, originally registered in the ’90s — that informed me I have been enrolled in their WebLock Program.

To help recapture the costs of maintaining this extra level of security for your account, your credit card will be billed $1,850 for the first year of service on the date your program goes live. After that you will be billed $1,350 on every subsequent year from that date. If you wish to opt out of this program you may do so by calling us at 1-888-642-0265.
That's must be some pretty hefty security, especially considering hosting usually runs about $40 a year. Simmons first thought was that it was a scam (which it kind of is…) being run by someone not related to Network Solutions. He contacted the company and was somewhat surprised to hear that it was indeed planning to jack his plan up from $40/year to $1,850/year on the anniversary date. Needless to say, Simmons informed Network Solutions that he would find somewhere else to host his domains.

Kevin Poulsen at Wired followed up with Network Solutions to see if it could explain why it was planning on increasing Simmons' rates by 2,300% and, as if that wasn't bad enough, doing it as an opt out program.'s COO, Jason Teichman, offered this explanation:
“I will admit that email is not worded properly, and not worded in any way what represents what we’re going to do,” says Teichman. “No customer will be enrolled in this program without their consent, period. No customer will have to opt out, period.”

Teichman declined to elaborate on how the email came to be phrased as it did. He says the email went to only 50 customers, and that only 30,000 customers — about one percent of Network Solution’s base — will even be offered the program. “Our intent is to focus on customers who have a lot of traffic and who have highly visible brands,” he says. “When these domains are hijacked the cost is insane.”
"Not worded properly." Simmon's has a screenshot of the entire email at his website, and to say the email wasn't "worded properly" is to call into question much of the language surrounding the astronomical leap in price.

The first few paragraphs rationalize the price jump, citing stats about the increase in domain hijackings. It's when the email finally starts talking money that phrasing becomes important. There's nothing in here that indicates a word or two was simply out of place.
Starting 9:00 AM EST on 2/4/2014 all of your domains will be protected via our WebLock Program.
This doesn't look ambiguous. Whether Simmons wants or needs "WebLock," he's getting it, starting on Feb. 4th.
To help recapture the costs of maintaining this extra level of security for your account, your credit card will be billed $1,850 for the first year of service on the date your program goes live. After that you will be billed $1,350 on every subsequent year from that date. If you wish to opt out of this program you may do so by calling us at 1-888-642-0265.
Nothing here seems unclear, either. Maybe the email was supposed to say "opt in" instead of "opt out" in this paragraph, but the wording earlier in the letter seems to indicate the choice has already been made for Simmons by Network Solutions. That definitely makes it "opt out" in the context.

Now,'s apology and non-explanation is accurate about one thing: this won't be happening to all of its users. It's targeted at the more popular sites it hosts. Larry Seltzer at ZDNet tracked down exactly who is (well, was) attempting to force to "take advantage" of its auto-enroll, opt out, extremely expensive service.'s criteria for selecting sites for WebLock were:

1. Domains registered to a Fortune 1000 or a Global 5000 company

2. High Traffic: Domains that fell within Google Page Rank >6 and an Alexa rank of 1-250,000.
(Sidebar: always great to see a forward-thinking internet hosting company is relying on Alexa for traffic rank data… [insert eyeroll emoji before going to press])

If Network Solutions had been able to auto-bill 50 users for $1,850, then it grosses almost $200k for a service that's about as useful as an extended warranty. Sure, if you do get hijacked, it's worth it, but the odds are low that it will happen and any hosting company should be doing its best to prevent this from happening anyway, even without stealthily lifting nearly two grand from your credit card balance (almost) unannounced. And there's no way this service should cost this much. Seltzer points out that "any honest registrar" already offers Weblock-style protection… for free.
First, a little background: Back in the middle of the last decade there was a major problem with domain name theft. Through a variety of fraudulent techniques, bad actors could trick a domain name registrar into transferring your domain name to them. Good luck getting it back when that happened.

It took a long time, but to address the situation a new feature was added which is standard with domain names: the REGISTRAR-LOCK option. When you turn this option on, then modification of the domain name or contact details, as well as deleting or transferring the domain, are all prevented. You have to unlock it first, and the procedures for that are intentionally cumbersome. And REGISTRAR-LOCK is free from any honest registrar.
Seltzer also notes that he spoke to another rep from Network Solutions, CTO Jane Landon, who explained the email to Simmons was a mistake (because his domains weren't ranked high enough to qualify for the extra protection) and that making it opt out was a completely legit way to do business. Obviously, things changed in the few hours between ZDNet's conversation and Wired's conversation.

But Landon's wrong there as well. Chances are the big name customers wouldn't even give the email a second glance if it landed in their inboxes. This is the subject line Network Solutions chose to use:
Your domain is being enrolled in the WebLock Security Program
To anyone scanning their inbox, it looks like nothing more than a commonplace announcement from a company they do business with. It would possibly prompt a "well, that's nice" from the recipient and not much else. Nothing indicates there's an $1850 charge hiding in the wings. Nothing about it demands additional attention -- and that seems to be the point.

Network Solutions meant to target big names and popular sites, ones whose inboxes are stuffed full every day and who would very likely not notice a large expenditure being billed to the corporate card. While the service does indeed have some value, it relies on trusting your hosting company to have your back when your site is compromised. But sneaking a rate hike in under the cover of "A boring, routine announcement about your site" eliminates that trust and results in a growing number of former customers.

Maybe Network Solutions felt it could mitigate the losses in its customer base by collecting $1850 a piece from a percentage of the 30,000 customers it chose to opt in to its program. If so, that's an even worse way to run a business. Service providers should not be actively undermining their customers' expectations and trust in this fashion, and even with all the post-exposure explanations and hand-waving, there's no indication that the company thought handling it this way was a bad idea until it was caught.

Filed Under: auto-enroll, domain protection, opt-in, scams
Companies: network solutions,

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 28 Jan 2014 @ 10:38am


    Actually stealing a domain name is actually pretty difficult to do. Most of the time what happens is they hack the account, change the name servers to point to one with a zone that points the domain to a different host that they've setup and then they change the password so that the actual owner can't login and fix it easily. To get it changed back then requires calling the registrar, getting them to verify your identity, and correct the settings on your account to change it back and reset your password for you. Sure it's a pain in the ass and because of the DNS propagation it doesn't fix it immediately until all the cached DNS records expire, but you still didn't lose the domain at all. It just got pointed somewhere else. Actually losing the domain requires you transferring it to a completely different registrar with new account information that is different than yours so that they don't have any record of who you are. That process is by design a slow, cumbersome process that if not done exactly properly fails and requires you to attempt again at from the beginning to get it transferred specifically to prevent this sort of abuse. It's also the reason that once a domain is transferred ICANN prohibits it from being transferred again for 60 days so that someone cannot transfer it multiple times in quick succession to hide the ownership trail and cover up fraud. It is also why ICANN only allows you to transfer active names and not expired ones and once your domain expires the registrar has to allow only you to renew it for a good period of time before they make it available for someone new to register it for themselves. Someone actually losing their domain is really quite rare for these reasons and requires someone usually requires an owner who is quite oblivious for a very long time to be successful.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.