Company will not charge customers for added security service unless they accept it.
Web.com, parent company of Network Solutions and Register.com, came under fire yesterday after informing some customers they would automatically be opted-in to a security program that costs $1,850.
An email sent to 49 customers informed them that their accounts would have added security under a new service called WebLock. The email also indicated that customers would be charged $1,850 for the first year of the service unless they called to opt-out of the program.
In an interview with Domain Name Wire today, Web.com COO Jason Teichman said the program will actually be opt-in, and no one will be charged for the service unless they agree to add it.
“Candidly, we did not do a good job in wording that [email],” Teichman said. “Every one of those customers is getting a call. It’s not our intention to enroll anyone in a program they don’t want.”
Web.com plans to offer the service to its top 1% of customers according to domain traffic, value of brands, etc. That’s about 30,000 customers in all. It started by notify just 49 customers “so we can crawl our way into it,” Teichman said. Given the response from the initial email, that was probably a good idea.
WebLock itself is actually quite useful and seems to be priced competitively with the market. The $1,850 charge for the first year ($1,350 thereafter) covers an entire account regardless of the number of domains. It is designed to prevent a domain’s nameservers from being hijacked or the domain name stolen. It has three components:
1. Web.com will store the domains’ nameserver information in a specialized, highly secure, separate system.
2. The domains will use registry lock services such as Verisign’s Registry Lock when possible. Web.com will have its own sort of lock for some other TLDs.
3. There are a series of authentication levels for making a change to the nameserver or email address on the account. Only pre-registered persons can request a change. They will be contacted at their pre-registered phone number and must give a nine digit pin (that was sent offline) in order to make the change. Once this authentication is cleared, everyone registered on the account will receive a notification about the change.
This is exactly the type of service all major site owners should consider so they don’t end up like the New York Times.
In a nutshell: the program is good as long as it’s opt-in. Which, thankfully, it will be.
It is shame that as of today, NAME.COM still does not offer a registry lock service. Time to switch back to NetSol (Web.com)?
You only want to use registry lock for high value domains, as it can be a pain to make changes or transfer them otherwise. Verisign charges the registrar $10/month, plus whatever markup the registrar adds, so it’s not feasible across an entire domain portfolio.
My key security tool is two factor authentication, which I know Name.com offers.
It is about to have such option, Andrew. Nobody is forced to order it, but NAME.COM does not offer it. Or do you believe that just junk domains are registered with NAME.COM registrar? Sure not…
I’m not saying it wouldn’t be nice to have. I think few retail registrars offer it to their customers, though.
You’re not essentially saying that registrars have to offer that option, are you? Otherwise, that’s essentially “demanding” registrars to offer something that’ll likely cost them — and maybe pass those costs to customers in other ways. Not worthwhile for them.
Nicely done Andrew.
Note that “Once established, the unique 9-digit PINs for each certified user will be mailed to you within 45-days” according to the original email. So definitely don’t sign up any domains that you might possibly want to transfer in the next 1.5 months!
if your domain is locked and you need to change your nameservers because of another issue (netblocks hijacked, DNS servers p*wnd, etc), is there a way to do that in hours rather than weeks?
Web has a 24×7 NOC you can call into. Not sure Verisign’s hours, but all Verisign needs is a secondary security code from the registrar, so it’s a fast process.