Services

VeriSign's 404 redirects break non-Web apps

It's important to differentiate between providing that functionality at an application level (what AOL and Microsoft do) and at an infrastructure level (what VeriSign has done).

In response to the Sept. 22 article by Declan McCullagh, "VeriSign stands firm on domain redirect":

VeriSign is not alone in seeking to replace 404 errors. Microsoft has also directed users of its Internet Explorer Web browser to a Microsoft search page when typing unassigned domain names into the browser's URL bar.

I think it's important to differentiate between providing that functionality at an application level (which is what AOL and Microsoft do) and at an infrastructure level (which is what VeriSign has done). If the 404 error is intercepted and replaced at the application level, then users have the ability to turn it off (either by reconfiguring the application involved or by using a completely different application entirely).

For example, Internet Explorer users who don't want to use Microsoft's redirection service can use a radio-button in an IE configuration dialog box to say they don't want it enabled. They can also choose to use Netscape, Mozilla, Opera or some other application that provides the same functionality as IE does but without intercepting the 404s. If the 404 error is intercepted and replaced at the infrastructure level (which is what VeriSign has done), then users have no option and cannot turn it off. It becomes a part of the Internet, take it or leave it.

Another difference between "application" and "infrastructure" is that Microsoft's redirection service doesn't get presented to AOL users and vice versa. There's a strong anticompetitive aspect to what VeriSign has done, because they have a monopoly over provision of .com and .net addresses, and they've used that monopoly against competing service providers.

Finally, implementing redirection at the application layer means that it only affects that one application. So, when Microsoft redirects Web users with IE (if they haven't turned it off), that doesn't interfere with Outlook's use of e-mail protocols--or any other application's use of any other protocol.

What VeriSign has done by implementing wildcard A records at the infrastructure level has broken every non-Web application that needs to know whether a .com or .net domain exists. That is why some antispam software doesn't work anymore: VeriSign's attempt to hijack the Web has been done without thought to the non-Web services that it will destroy.

Verisign wants to create the impression that what it's doing is no different than what Microsoft and AOL have done with their 404 redirectors in their Web browsers. Nothing could be further from the truth.

Mark Newton
Adelaide, Australia