Beware Domain-Name Cyber-Slamming

Published in the Richmond Times-Dispatch
December 23, 2002

Watch out for a relatively new Internet deception – switching domain name registration, or “cyber-slamming” in Web-speak.

Many people are complaining about efforts to trick them into changing the registration of their Web domain names. Even savvy consumers are being fooled.

To understand cyber-slamming, a little background on the domain name system is necessary.

You don’t buy domain names, you rent them, usually for two or three years. If you fail to renew your registration, it eventually returns to the common pot for potential registration by someone else.

For each top-level domain, such as .com or .net, one company operates as the registry for that domain. It administers the leasing of domain names from the common pot, maintains an online directory of the registered owners of domain names (called a “whois” database) and grants licenses to other companies to lease domain names from the common pot.

The companies that lease domain names to users are registrars. In some cases, a registry also functions as a registrar. For example, VeriSign operates the registry for .com and .net and leases such domain names to end-users.

Usually, more than one company serves as a registrar for a type of domain name. Presently 116 companies compete to lease .com and .net registrations from the same common pot. Each registrar pays a wholesale price to VeriSign for the lease of the domain name and then marks up the price when reselling to the public. Some registrars compete on price while others compete on service and extras.

Here domain-name registration resembles telephone service. In both instances, one company largely controls the technical infrastructure, but that company must allow other companies to buy services and resell them in competition with the infrastructure owner. In both cases, you can switch service providers without having to switch hardware; you just move your account from Company A to Company B.

How the switch works

Or sometimes Company B deceives you into switching your account. Everyone’s heard of telephone “slamming,” where a deceptive long-distance provider dupes someone into switching services.

The same practice has arisen with domain names. Domain name registrars have been accused of pilfering customers of other registrars by misleading these customers into thinking they are just renewing their domain name registrations when, in fact, they are moving their registrations.

Specifically, several domain name registrars, including major players such as VeriSign and Register.com, have been criticized for sending “Domain Name Expiration Notices” to other registrars’ customers. Such a notice, designed to look like a bill, warns that your registration is about to expire and that you need to pay that company immediately to renew the registration.   You can view copies of such notices at DomainScams.com.

Only in the fine print do such notices disclose that you will be transferring your domain name registration. Also, you usually have several months before your domain name registration will expire.

It’s possible that a cyber-slammer’s rates might be lower than the rates charged by premium registrars. Yet, cyber-slamming can hurt a domain name holder. In addition to the possibility of higher fees, one could lose related services that sometimes come with a domain name, such as DNS hosting (telling the Internet where to find your e-mail server and/or Web site), Web site hosting and e-mail forwarding.

Protecting yourself

Fortunately, both the FTC and the United States Postal Inspection Service have begun taking steps to stop this practice, such as opening investigations of VeriSign’s marketing practices. Consumers who have been subject to any Internet-related scams can file complaints online with the FTC (at ftc.gov) and with the Postal Service (usps.com).

Several registrars have sued VeriSign, and most of these suits have settled. Bulkregister.com, one of the plaintiffs, offers its former customers who were lured away reimbursement of the registration/transfer fee plus one extra year with Bulkregister.com for free. VeriSign also is being sued over this practice in at least one class action suit.

Fortunately, this practice is easy to thwart. Most folks fall for it because they don’t know how domain name registration works. You should be able to spot cyber-slamming attempts by carefully reading “renewal” notices. Look for an indication that your domain name registration will be transferred.

For those seeking greater security, services such as Afternic.com monitor domain name registration details and alert subscribers to any changes. Also, some registrars offer a lock service, which prevents a domain name from being transferred without the manual “unlocking” by the domain name holder.

Transferring your domain name registration sometimes makes sense – better prices, better free add-ons or better service. But such transfers should be willing choices. Read the fine print, and you should be fine.

By John B. Farmer

© 2002 Leading-Edge Law Group, PLC. All rights reserved.