Network Solutions Tries To Auto-Enroll Users Into Its $1,850/Year Domain 'Protection Plan'

from the network-solutions-execs-decide-to-take-company-down-from-the-inside dept

Tue, Jan 28th 2014 9:04am — Tim Cushing

Any service that is going to require additional time, money or labor from a user should be opt in, period. Making something opt out is for cowards and scammers. If you think the new whatever might be unpopular but you want to make it happen anyway, you make it opt out and delay the outrage until after the implementation. That's how cowards run the shop. If you're just trying to generate some income without actually earning it, you make the new paid service (or pricier service) opt out, and hope that the additional funds outweigh the cost of lost business.

Here's what hosting company Network Solutions (a.k.a. Web.com) recently tried to hit software developer Brent Simmons with, in the form of an "opt out" service. (via Techdirt reader Andrew F)

I got an email from Network Solutions — where I still have two domains, originally registered in the ’90s — that informed me I have been enrolled in their WebLock Program.

To help recapture the costs of maintaining this extra level of security for your account, your credit card will be billed $1,850 for the first year of service on the date your program goes live. After that you will be billed $1,350 on every subsequent year from that date. If you wish to opt out of this program you may do so by calling us at 1-888-642-0265.

That's must be some pretty hefty security, especially considering Web.com hosting usually runs about $40 a year. Simmons first thought was that it was a scam (which it kind of is…) being run by someone not related to Network Solutions. He contacted the company and was somewhat surprised to hear that it was indeed planning to jack his plan up from $40/year to $1,850/year on the anniversary date. Needless to say, Simmons informed Network Solutions that he would find somewhere else to host his domains.

Kevin Poulsen at Wired followed up with Network Solutions to see if it could explain why it was planning on increasing Simmons' rates by 2,300% and, as if that wasn't bad enough, doing it as an opt out program. Web.com's COO, Jason Teichman, offered this explanation:

“I will admit that email is not worded properly, and not worded in any way what represents what we’re going to do,” says Teichman. “No customer will be enrolled in this program without their consent, period. No customer will have to opt out, period.”

Teichman declined to elaborate on how the email came to be phrased as it did. He says the email went to only 50 customers, and that only 30,000 customers — about one percent of Network Solution’s base — will even be offered the program. “Our intent is to focus on customers who have a lot of traffic and who have highly visible brands,” he says. “When these domains are hijacked the cost is insane.”

"Not worded properly." Simmon's has a screenshot of the entire email at his website, and to say the email wasn't "worded properly" is to call into question much of the language surrounding the astronomical leap in price.

The first few paragraphs rationalize the price jump, citing stats about the increase in domain hijackings. It's when the email finally starts talking money that phrasing becomes important. There's nothing in here that indicates a word or two was simply out of place.

Starting 9:00 AM EST on 2/4/2014 all of your domains will be protected via our WebLock Program.

This doesn't look ambiguous. Whether Simmons wants or needs "WebLock," he's getting it, starting on Feb. 4th.

To help recapture the costs of maintaining this extra level of security for your account, your credit card will be billed $1,850 for the first year of service on the date your program goes live. After that you will be billed $1,350 on every subsequent year from that date. If you wish to opt out of this program you may do so by calling us at 1-888-642-0265.

Nothing here seems unclear, either. Maybe the email was supposed to say "opt in" instead of "opt out" in this paragraph, but the wording earlier in the letter seems to indicate the choice has already been made for Simmons by Network Solutions. That definitely makes it "opt out" in the context.

Now, Web.com's apology and non-explanation is accurate about one thing: this won't be happening to all of its users. It's targeted at the more popular sites it hosts. Larry Seltzer at ZDNet tracked down exactly who Web.com is (well, was) attempting to force to "take advantage" of its auto-enroll, opt out, extremely expensive service.

Web.com's criteria for selecting sites for WebLock were:

1. Domains registered to a Fortune 1000 or a Global 5000 company

2. High Traffic: Domains that fell within Google Page Rank >6 and an Alexa rank of 1-250,000.

(Sidebar: always great to see a forward-thinking internet hosting company is relying on Alexa for traffic rank data… [insert eyeroll emoji before going to press])

If Network Solutions had been able to auto-bill 50 users for $1,850, then it grosses almost $200k for a service that's about as useful as an extended warranty. Sure, if you do get hijacked, it's worth it, but the odds are low that it will happen and any hosting company should be doing its best to prevent this from happening anyway, even without stealthily lifting nearly two grand from your credit card balance (almost) unannounced. And there's no way this service should cost this much. Seltzer points out that "any honest registrar" already offers Weblock-style protection… for free.

First, a little background: Back in the middle of the last decade there was a major problem with domain name theft. Through a variety of fraudulent techniques, bad actors could trick a domain name registrar into transferring your domain name to them. Good luck getting it back when that happened.

It took a long time, but to address the situation a new feature was added which is standard with domain names: the REGISTRAR-LOCK option. When you turn this option on, then modification of the domain name or contact details, as well as deleting or transferring the domain, are all prevented. You have to unlock it first, and the procedures for that are intentionally cumbersome. And REGISTRAR-LOCK is free from any honest registrar.

Seltzer also notes that he spoke to another rep from Network Solutions, CTO Jane Landon, who explained the email to Simmons was a mistake (because his domains weren't ranked high enough to qualify for the extra protection) and that making it opt out was a completely legit way to do business. Obviously, things changed in the few hours between ZDNet's conversation and Wired's conversation.

But Landon's wrong there as well. Chances are the big name customers wouldn't even give the email a second glance if it landed in their inboxes. This is the subject line Network Solutions chose to use:

Your domain is being enrolled in the WebLock Security Program

To anyone scanning their inbox, it looks like nothing more than a commonplace announcement from a company they do business with. It would possibly prompt a "well, that's nice" from the recipient and not much else. Nothing indicates there's an $1850 charge hiding in the wings. Nothing about it demands additional attention -- and that seems to be the point.

Network Solutions meant to target big names and popular sites, ones whose inboxes are stuffed full every day and who would very likely not notice a large expenditure being billed to the corporate card. While the service does indeed have some value, it relies on trusting your hosting company to have your back when your site is compromised. But sneaking a rate hike in under the cover of "A boring, routine announcement about your site" eliminates that trust and results in a growing number of former customers.

Maybe Network Solutions felt it could mitigate the losses in its customer base by collecting $1850 a piece from a percentage of the 30,000 customers it chose to opt in to its program. If so, that's an even worse way to run a business. Service providers should not be actively undermining their customers' expectations and trust in this fashion, and even with all the post-exposure explanations and hand-waving, there's no indication that the company thought handling it this way was a bad idea until it was caught.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: auto-enroll, domain protection, opt-in, scams
Companies: network solutions, web.com

35 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

BentFranklin (profile), 28 Jan 2014 @ 9:02am

Maybe those big customers will force Network Solutions to dissolve.
[ link to this | view in chronology ]
John Fenderson (profile), 28 Jan 2014 @ 9:16am

Insane pricing
My registrar offers the same service (opt-in), which I subscribe to. It costs me an extra $40/yr -- a price that I thought was pretty steep until I heard about this! Who knew I was getting such a great deal?
[ link to this | view in chronology ]
Anonymous Coward, 28 Jan 2014 @ 9:17am

Google
are not the services that Google provides an "opt-out" service and not opt-in, after all Google takes my time with its adds, and I cannot opt out of that, SCAMMERS...
[ link to this | view in chronology ]
- Ninja (profile), 28 Jan 2014 @ 9:47am
  
  Re: Google
  And many other online ad companies do the same. If you use Google services you are exchange your "time" instead of money with Google which is not that bad. And you can use tools to avoid some of the ads and tracking (or all if you don't mind losing some functionality).
  [ link to this | view in chronology ]
- Anonymous Coward, 28 Jan 2014 @ 9:51am
  
  Re: Google
  Adblock?
  
  If you don't use it you are looking at the internet through a very distorted web browser!
  [ link to this | view in chronology ]
madasahatter (profile), 28 Jan 2014 @ 9:18am

Who Was the Idiot?
If you are announcing new paid features they should by always be opt-in. Not for any legal reason, I am sure opt-out notices are legal in the US but for customer relations. Angry customers complain and leave for competitors and you get articles such as this. If someone asked me about Network Solutions I would not recommend them based on this.
[ link to this | view in chronology ]
techflaws (profile), 28 Jan 2014 @ 9:27am

Back in the middle of the last decade there was a major problem with domain name theft. Through a variety of fraudulent techniques, bad actors could trick a domain name registrar into transferring your domain name to them.

Which sounds like the registrar being the problem. So why would the customer have to pay for their stupidity?
[ link to this | view in chronology ]
sehlat (profile), 28 Jan 2014 @ 9:30am

As I commented recently to similar idiocy...
in an email to Customer Service. The email included a PDF of my order acknowledgement from Amazon for the same merchandise I'd tried to purchase and been abused by [redacted]'s website for the attempt:

If you read the attached PDF, you'll note I saved a dollar on your price for each of the two units, and got free shipping as well.

Please remind your supervisors that every customer in the world can always vote with his mouse.
[ link to this | view in chronology ]
kenichi tanaka (profile), 28 Jan 2014 @ 9:38am

I have to say that I have never had a problem with someone stealing my domain name. While I had a problem with getting a previous webhost provider unlocking my domain so I could transfer it, I was able to convince the registrar of my domain name to unlock it so I could transfer my domain name.

Most webhost companies provide domain name "lock" to prevent anyone from hijacking your domain name. In the event that such a thing did happen, my registrar would be able to regain control of my domain name and transfer it back to me.

Domain name hijacks usually occur when someone hasn't 'locked' their domain name from such actions.
[ link to this | view in chronology ]
- Anonymous Coward, 28 Jan 2014 @ 10:38am
  
  Re:
  Actually stealing a domain name is actually pretty difficult to do. Most of the time what happens is they hack the account, change the name servers to point to one with a zone that points the domain to a different host that they've setup and then they change the password so that the actual owner can't login and fix it easily. To get it changed back then requires calling the registrar, getting them to verify your identity, and correct the settings on your account to change it back and reset your password for you. Sure it's a pain in the ass and because of the DNS propagation it doesn't fix it immediately until all the cached DNS records expire, but you still didn't lose the domain at all. It just got pointed somewhere else. Actually losing the domain requires you transferring it to a completely different registrar with new account information that is different than yours so that they don't have any record of who you are. That process is by design a slow, cumbersome process that if not done exactly properly fails and requires you to attempt again at from the beginning to get it transferred specifically to prevent this sort of abuse. It's also the reason that once a domain is transferred ICANN prohibits it from being transferred again for 60 days so that someone cannot transfer it multiple times in quick succession to hide the ownership trail and cover up fraud. It is also why ICANN only allows you to transfer active names and not expired ones and once your domain expires the registrar has to allow only you to renew it for a good period of time before they make it available for someone new to register it for themselves. Someone actually losing their domain is really quite rare for these reasons and requires someone usually requires an owner who is quite oblivious for a very long time to be successful.
  [ link to this | view in chronology ]
Anonymous Coward, 28 Jan 2014 @ 9:39am

Evil
If you'd like me to not rob your ass blind please call!

1-888-642-0265.
[ link to this | view in chronology ]
Violynne (profile), 28 Jan 2014 @ 9:41am

"Making something opt out is for cowards and scammers."
So, would TD be a coward or a scammer for several if its opt-out features?
;)

Though, I completely agree. I can't stand the new Google mentality of doing something just because they can do it.
[ link to this | view in chronology ]
- Ninja (profile), 28 Jan 2014 @ 9:44am
  
  Re:
  Hah, I see what you did there. And I kind of agree. However what we are presented here with opt-out setups does not cost additional money.
  [ link to this | view in chronology ]
mdpopescu (profile), 28 Jan 2014 @ 9:51am

Charge-backs
If they get hit with a couple thousand charge-backs, won't that be really bad even for a company as big as NS?
[ link to this | view in chronology ]
JWW (profile), 28 Jan 2014 @ 9:58am

Shakedown
Ya know, it'd be a shame if something were to � happen to your domain.

Hows about you pay us eighteen hundred fifty bucks..
[ link to this | view in chronology ]
Skeptical Cynic (profile), 28 Jan 2014 @ 10:02am

Netsol has live is a bygone era.
They refuse to see the changing Internet landscape. I used to host over 200 domains and websites for clients with Netsol in years long past because they were the place to host domain names and websites. But for too many years than I can remember they are not even close to market rates. SO they lost over 120 domains and hosting accounts.

This is just their deathknell. They are looking to milk the last of the revenues the can from the those that were to stupid to leave them 5 years ago.
[ link to this | view in chronology ]
- Anonymous Coward, 28 Jan 2014 @ 10:09am
  
  Re: Netsol has live is a bygone era.
  They have refused to accept that they are no longer the only game in town for a very long time. They still act like it's 1996 when they were the only registrar available. Their customer service is one of the worst I've ever had to deal with.
  [ link to this | view in chronology ]
  - John Fenderson (profile), 28 Jan 2014 @ 10:32am
    
    Re: Re: Netsol has live is a bygone era.
    Yeah, Network Solutions has a number of highly questionable practices. The one I notice the most is that a few months before my domains are set to expire, I get these letters from them that look an awful lot like bills to renew them.
    
    Except that I don't use Network Solutions as my registrar, and my domains are automatically renewed by my actual registrar. What NS is doing is a skeevy attempt to trick people into switching to them when what they think they're doing is a simple renewal.
    [ link to this | view in chronology ]
Anonymous Coward, 28 Jan 2014 @ 10:17am

Ok I'm confused here...
Although they are often done through the same company, a hosting provider and a domain registrar are completely different things and do not have to be from the same company at all. It sounds like it's the registrar side, but the hosting side has absolutely nothing to do with it when it comes to the type of domain hijacking that this protection is designed to prevent. Of course, hacking the DNS service (which can even be at either the host or the registrar or somewhere else completely different) to change the zone for the domain is another way to hijack an domain but would have nothing to do with the registrar. Also if the host and the registrar are different how the hell would the registrar have any idea about how much traffic the domain gets?
[ link to this | view in chronology ]
- John Fenderson (profile), 28 Jan 2014 @ 10:35am
  
  Re: Ok I'm confused here...
  The kind of hijacking that they're talking about is where someone submits an order to change registrars & registered owners without the original owner agreeing to the change.
  
  This sort of thing is pretty easy to guard against, and there's no way it should cost so much. With my registrar, if a change is ordered, they simply contact me directly to confirm it before doing the change. Problem solved.
  [ link to this | view in chronology ]
  - Anonymous Coward, 28 Jan 2014 @ 10:48am
    
    Re: Re: Ok I'm confused here...
    As I explained above, stealing a domain by transferring it to a new registrar is usually pretty hard to do. It usually has to be unlocked first, then the request has to be sent through the new registrar that passes the request on to the old registrar that then sends a confirmation email to the owner that has to be returned within a period of time back to the old registrar and before it can be released once they check that it is even eligible for transfer and then any transfer fees charged by the new registrar have to be paid within a certain period of time before it will actually go through and this whole process can take around 6 weeks to complete and if any part of it fails they will often not tell you that it failed or why but you still will have to start all over again with a new request from the beginning. It's a pain in the ass by design simply to prevent this sort of thing from happening easily.
    [ link to this | view in chronology ]
artp (profile), 28 Jan 2014 @ 10:20am

Looks like fraud to me, nothing else
So where is the attorney general?

And since when do you expect people committing fraud to start telling the truth about it?
[ link to this | view in chronology ]
Rich Kulawiec, 28 Jan 2014 @ 10:45am

You will never find...
...a more wretched hive of scum and villainry.

Lauren Weinstein has covered this story as well, on his "nnsquad" mailing list (which I highly recommend): http://www.nnsquad.org/archives/nnsquad/msg08522.html has the initial report, http://www.nnsquad.org/archives/nnsquad/msg08524.html has the confirmation, http://www.nnsquad.org/archives/nnsquad/msg08525.html has the reversal, and http://www.nnsquad.org/archives/nnsquad/msg08526.html has more backing away and posturing.

Also worth noting from nnsquad -- and just a week earlier: http://www.nnsquad.org/archives/nnsquad/msg08508.html which explains how they sent an illiterate email message that really did look like a badly-written phish.

It's difficult to imagine why anyone would remain with Network Solutions at this point. I highly recommend Nearly Free Speech, who not only have serious technical clue, plus excellent support, plus a track record of defending their users and the 'net, plus competitive prices: https://www.nearlyfreespeech.net/ (Disclosure: I'm a customer. And a pretty darn happy one so far. I don't expect that to change.)

On a more general topic: Tim's comments on opt-in vs. opt-out echo something I've been saying for decades: opt-out is ALWAYS abusive. It's used by cowards, liars, scammers, spammers, and similar people who know, up front, that few if any people actually want what they're peddling -- which is why they're signed up for it involuntarily. Compounding this problem is the unpleasant reality that opt-out is invariably made obscure, onerous, and time-consuming -- and sometimes, silently reversed at a later date. (Or never honored at all.)
[ link to this | view in chronology ]
Anonymous Coward, 28 Jan 2014 @ 11:08am

Also...
Network Solutions isn't exactly "aka Web.com". Network Solutions is OWNED by Web.com which purchased them in 2011, just like they purchased Register.com in 2010. Network Solutions offers registrar services and hosting services that are directly in competition with each other, in much the same way that various radio stations all owned by Clear Channel compete directly with each other even though they are owned by the same parent company.
[ link to this | view in chronology ]
Anonymous Coward, 28 Jan 2014 @ 11:47am

Starting 9:00 AM EST on 2/4/2014 all of your domains will be protected via our WebLock Program.

This doesn't look ambiguous. Whether Simmons wants or needs "WebLock," he's getting it, starting on Feb. 4th.
It is ambiguous�they could have been referring to April 2nd.
[ link to this | view in chronology ]
- blue skies (profile), 29 Jan 2014 @ 12:12am
  
  Re:
  I made that same mistake at first. Fortunately in the article the month gets mentioned in alphanumeric too.
  [ link to this | view in chronology ]
vastrightwing, 28 Jan 2014 @ 12:41pm

Network UnSolutions is still relevant?
I dumped them decades ago when they were charging $30/domain (today $39) while others were offering domains for $8.00. Their interface was old, clunky and outdated. Their "service" was expensive and I couldn't see the value then. I have since gone through 4 alternative registrars, due to continued price hikes, as each registrar takes me for granted.

Why do people stay with NS when you get much better value with any number of alternatives?
[ link to this | view in chronology ]
Tim, 28 Jan 2014 @ 6:55pm

$55,500,000
At $1,850 each, $55,500,000 is what they stood to earn of each of the 30,000 customers turned out to be as stupid as they hoped they'd be.
[ link to this | view in chronology ]
Spointman (profile), 29 Jan 2014 @ 3:05am

I have to wonder ... how would this have worked with companies that have multiple domain names? E.g., example.com, example.org, example.net, exxample.com, exampel.net, etc. With dozens of possible misspellings, and $1850 per domain ... that could have been brutal.
[ link to this | view in chronology ]
Nicolas (profile), 29 Jan 2014 @ 4:26am

Domain registration sleaze
Why is it that domain registration seems to attract companies whose integrity, on average, would make the pawn industry wince?
[ link to this | view in chronology ]
TJG0524, 30 Jan 2014 @ 4:35am

Network Solutions Bait & Switch
NS pulled a major bait and switch on me last fall. There was an ad on a Yahoo! page: "Register a new domain - $10 for first year!".
Well, I clicked the link, logged in with my existing account, filled out the screens and got to the final Click-Here-To-Submit-Your-Order screen.
7.5 microseconds before I clicked Submit I saw the total was $54.95. Too late. Yep, totally my fault.
Got on the phone with NS, they got all kinds of apologetic but said that the Yahoo! ad had expired, should not have been there, and yes, it really should have said that this was for new customers only but the ad should not have been there anyway.
Bottom line was that they brought down the price to $24.95, which I grudgingly paid rather than risk losing the domain name.
As soon as I could I transferred all domains to another registrar, after going through multiple unnecessary steps and call to move them. But that is another story.
[ link to this | view in chronology ]
Anonymous Coward, 6 Feb 2014 @ 7:29am

If anyone remembers when they tried front-running in 2008, this should come as no surprise. What's not well-understood by Network Solutions' customers is that locking the name at not just the registrar level, but the registry level, is available to them. The cost for this additional feature to the registrar is nominal, and is the way this service ought to be provided.
[ link to this | view in chronology ]
ChrisR (profile), 24 Feb 2014 @ 1:23pm

$4000
I just got a call from them and they offered me the "deal" (I do have some great names) and it was $4000 per year! (That was for the 8 names remaining at NSI). I told them I was a small company (true) and that was just too much, but they didn't seem interested in coming down.

Google offers two-factor identification for free. Too bad NSI wants to make a quick buck vs providing a reasonable priced service. Nice job Web.com.
[ link to this | view in chronology ]
Anonymous Coward, 28 Jan 2015 @ 1:06am

Not saying any of this isn't ridiculous, but for a registrar, a high-value domain is a relatively bad proposition; it makes them much more of a target for attackers than the unused vanity domain of your neighbour's nephew, for the same price.
[ link to this | view in chronology ]
hans atrott, 11 Dec 2015 @ 7:50am

Networksolutions' scams
Networksolutions.com has become incredibly fraudulent. It offers many programs against misuses and frauds. However, the first necessity is to save the customers from networksolutions.com. I started being a client with networksolutions.com in the 1990ties. Each time when I sent my newsletter of about 3000 recipients, networksolutions.com - without any notice in advance or afterward - blocked my email address for days if not weeks but industriously tried me to persuade staying with this provider. Finally, I made up my mind to change the host. Then, I had no problems to send my newsletter. Networksolutions.com tried everything to foil this move to the "new" provider. a) One gets emails from notworksolutions.com addresses defying the migration, to which one cannot reply. b) Before changing, one should call to Networksolution.com (even from other continents!). This is a self-fabricated condition of cancellation services that is illegal. The information of the client that one wants to change is to comply and nothing else. In the same way, they could stipulate that one first has to kiss the shoes of the boss of this fraudulent company, before going away to another host...
Finally, I succeeded to change my email provider. However, this was not the end of my experience with networksolutions.com. About one and a half year later - when already having forgotten this fraudulent company - I received an email from networksolutions.com: "Order confirmed - Your credit card charged with 219,80 US$ for ns-mail." Of course, again it was an email with a no-reply address of this company. I was flabbergasted! I do not know what ns-mail is. I never used it. In addition, networksolutions.com charged me about a service I did not know, never used and never will do so, two months in advance before the sham of "service" expired. The cost of this "ns mail", in addition, exceed the ones of my now email address, many times. This means that networksolutions.com works with scams of sham services and if people change to another provider, they, nevertheless, become charged without a service in return by networksolutions.com. Already offering a "service" which the customers do not notice to lack if severing from networksolutions.com means that the company fleeces its customers with wholly superfluous or even faked "services." If you are customer with this company, do the following things:

1.) Never authorize this company for "auto renewals" and
2.) never give your credit card data to the company.

Serious and honorable companies inform you that in two months a payment of this or that amount is due. Networksolutions.com without any notice charges you for sham services two months in advance so that you cannot contradict the fraud, in advance. Networksolutions.com once was a good company. However, today, it is the reverse of that what it was in the 1990ties.
[ link to this | view in chronology ]