If your domains are within the top 1% of traffic at Web.com, the company is going to opt you into a new program that costs $1,850 the first year.
UPDATE 1/22/14 3PM CT: The company says the program will actually be opt-in, not opt-out. Read more here.
Domain name registrar Network Solutions, part of Web.com, is taking some heat today for notifying a customer that it is auto enrolling him into a program that will cost $1,850 per year.
Brent Simmons, who says he has a couple domain names with the registrar, received an email today from the company. The notice informs him that, because he has high traffic websites, the company is going to enroll him in its WebLock program.
WebLock is an added security system that requires confirmation before making changes to the domain name. It sounds a lot like Verisign’s Registry Lock.
Although the first five paragraphs of the email sound like the company is doing Simmons a favor, the sixth paragraph drops a bomb: his credit card will be charged $1,850 for the first year of the service and $1,350 every year after that. He’ll be automatically enrolled into WebLock within a couple weeks unless he calls the company to opt-out.
Well, that’s one way to increase your conversion rates on cross selling customers.
I’ve reached out to Web.com for comment and will update this story when I hear back. Web.com has responded to my inquiry. I asked the company what size sites have to be in order to be targeted for WebLock, and also if this service is VeriSign’s Registry Lock. Here’s what the company said:
Web.com is rolling out enhanced security features for its high traffic, high visibility website customers (approximately 1 percent of Web.com’s customers). The company began communicating this service today to these customers. WebLock employs a multi-level authentication process which is designed to significantly decrease malicious domain hijacking. The security of our customers is a top priority and the reason we developed and are deploying this provisional program for these select customers. Again, WebLock is intended for the top 1 percent of Web.com’s customers who own some of the world’s most highly-visible and valuable web properties. In today’s increasingly sophisticated and dangerous cyber environment, Web.com is taking proactive steps to get ahead of game and protect its customers’ security as thoroughly, as possible.
Verisign’s RegistryLock is a component of the WebLock Security Program.
That Web.com is offering this solution to customers is great news. That it is automatically opting them in is what has rightfully upset people.
The service should prevent things like the Baidu hijacking of a few years ago (assuming the registrar manages it correctly).
I suspect the uproar will be louder when people notice an $1,850 charge on their credit card bill next month.
Here’s the full text of the email Simmons received:
Dear Brent Simmons,
Cybercriminals continue to strengthen and evolve the techniques and tools they use to assault our customers’ websites and domain names. According to the Symantec Internet Security Annual report the pace and frequency of hacking, phishing and social engineering has increased over 42% in 2013.
Compromised domain names can lead to substantial brand, reputational and financial damage. Once a domain name is compromised cybercriminals have total control of the content that appears on “your” website. In many cases objectionable content is posted or phishing sites are established whereby your customers’ private information can be exploited.
At Network Solutions we take your security very seriously. We deploy some of the most advanced security monitoring and defense mechanisms in the industry to ensure only authorized users can access your company’s domain name and name servers. Given the level of traffic to your website, we are taking another significant step to protect your domain name security.
Starting 9:00 AM EST on 2/4/2014 all of your domains will be protected via our WebLock Program. Here is how the program works:
*In order to make changes to your Domain Name’s configuration settings you must be pre-registered as a Certified User.
*All requests for Domain Name configuration changes must be confirmed by an outbound call we make to a pre-registered authorized phone number you establish. A unique 9 digit PIN will be required when we call.
*A message alert will be sent to all Certified Users notifying the team which Certified User has made the request.
* In addition WebLock enrolled customers will have access to a 24/7 NOC and rapid response team in the event of any security issues.To establish Certified Users and pre-register authorized phone numbers and email addresses please call 1-888-642-0265 Monday to Friday between 8:00AM and 5:00PM EST. Please make sure to establish Certified Users with authorized phone numbers and email addresses before launch date. Once established, the unique 9-digit PINs for each certified user will be mailed to you within 45-days.
To help recapture the costs of maintaining this extra level of security for your account, your credit card will be billed $1,850 for the first year of service on the date your program goes live. After that you will be billed $1,350 on every subsequent year from that date. If you wish to opt out of this program you may do so by calling us at 1-888-642-0265.
We strongly encourage you to take advantage of this security program and register Certified Users before the program launch date. Thank you for helping us protect you better.
Regards
Geof Birchall
Chief Security Officer
Network Solutions
Just 2 weeks ago I mentioned on another domain blog how Netsol has the nerve to auto renew services on names that are no longer even with them.
It’s baffling…no wait I think it’s called something else, oh yes white collar crime.
Do any domainers use Network Solutions?
Netsol is horrible. I tried to move my names out of there and I got a message stating I will receive the auth.code in 3 days via email and I got a email 2 days later with no codes but stating I have to call a transfer specialist for assistance. So I called the 800 number, stayed on the phone for 25 mins and finally someone asked how they can help me and I told I need the transfer codes and his reply, can anyone guess? Yup he said I will be getting it in email in 3 days and longstory short the domain expired and I have to pay $35 and a $24.99 reinstatement fee. It’s very frustrating and I felt helpless. Horrible experience. The good part is I only have 5 domains there;)
It’s called negative optioning, and is not legal in many jurisdictions.
Certainly not an outfit you would want to deal with!
@ Andrew Alleman, Good find!
NetSol has been the creepiest service to deal with for a long time, maybe with the exception of godaddy. At one time it was a somewhat reputable, reliable service, but their overpriced offerings are full of opt-ins and hoops to jump through to do anything with a domain name. The first thing I do with any customer on NetSol these days is transfer them off.
Sounds like the Federal Trade Commission (FTC) and relevant state Attorney General(s) should be immediately apprised of this situation. Offering the service is one thing, charging a credit card of a customer or billing a customer who has not authorized this service affirmatively, is something else.
One more reason to NEVER use Network Solutions for anything.
Their shameful practice of holding your authorization code hostage for three days (or until you call and FORCE them to release it) should be investigated.
If anyone remembers when they tried front-running in 2008, this should come as no surprise. What’s not well-understood by Network Solutions’ customers is that locking the name at not just the registrar level, but the registry level, is available to them. The cost for this additional feature to the registrar is nominal, and is the way this service ought to be provided.
Network Solutions is a Mickey Mouse Operation. Network Solutions rips off their customers just like Bernie Madoff ripped off his investors.