the special sauce writes
"A few months back, our customers (we run a regional ISP) started receiving deceptive domain renewal notices from Verisign and Verisign partners such as Interland. A couple of our customers temporarily lost their domains in the process as the registrant, contact information and hosting company was all changed. Yesterday, I received an e-mail from a customer. He was forwarding a "reminder" e-mail he had received. It was an SSL certificate "renewal" notice from a UK company, Comodo. It instructed him to "upgrade" his current certificate (issued by Equifax) before it expired." More information on this charming practice follows...
the special sauce Continues: "For those who don't know, Equifax was just bought out by GeoTrust, who offers a QuickSSL product. Comodo's e-mail was advertising an "InstantSSL" product, which I myself mistook for the GeoTrust product on first reading the e-mail. When I realized my mistake, I contacted Comodo and inquired as to their relationships with Equifax and GeoTrust and how they came by my customer's information. The response: "We have no relationship with Equifax or GeoTrust. The information on a certificate is public information which we have used to inform this company that they have an option when they come to buy their certificate." My interpretation: Comodo is harvesting contact information from certificates in bad faith, to market a competing product. Furthermore, I think they have targeted Equifax customers because the company was just bought out. In any buyout, confusion exists as to the "new" company's identity. I think they are offering a product whose name is confusing similar to a GeoTrust's product. The language in their e-mail does everything possible to obfuscate the fact that they are not affiliated with Equifax, encouraging customers to "renew" and "upgrade" their certificates. In reality, if my customer had clicked the links in the e-mail, he would have been purchasing a new certificate from a company with which he had no previous relationship.
So I ask, is this not cert slamming? I don't expect this to be as big a problem as Verisign's domain slamming: we simply host less certificates than domains so it is easier to warn all of our customers with secured web sites. Nevertheless, I've reported the practice to the FTC."
Slamming? (Score:3, Informative)
Don't customers have to have their service provider actually changed (w/o authorization) for the practice to be considered slamming?
I mean, what's described here is disgusting, but I don't know that the terminology fits.
- DDT
Re:So, wait... (Score:3, Informative)
This. [slashdot.org] I'll refrain from snide comments.
-Rob
Not related to Verisign at all (Score:3, Informative)
While I don't condone the spam advertising methods here, this is NOT comparable to Versign's shady practices. Verisign was sending out notices that tried to make people believe they were renewing their domains, but were actually switching providers.
There is no deception here. It's a simple advertisement asking you to switch.
Nothing to see here.
This is nothing new! (Score:4, Informative)
It's been thoroughly discussed in other location such as WebHostingTalk.com which I suggest anyone interested in pursuing a Comodo service look at first. These guys actually responded in the forum with a nice show that they don't actually care who they spam provided it makes a buck.
Sincerely,
-Matt
Office of fair trading (Score:5, Informative)
If this company is UK based i would advise you to report them to the Office of fair trading [oft.gov.uk] and the UK Trading Standards [tradingstandards.gov.uk] , these kinds of practices are despicable and the OFT and TS do not take kindly to this sort of behaviour
See Also: Australia and New Zealand (Score:4, Informative)
Internet Name Group (no URL any more that I can find) and Internet Registry have both been trying it on in Ausralia and New Zealand. The ACCC (commerce department in Aus) and the Commerce Commission in NZ are both keeping an eye on the matter.
Stories on the subject here:
http://www.idg.net.nz/webhome.nsf/nl/D6AC0
and here:
http://www.idg.net.nz/webhome.nsf/nl/A8539751DE
apologies for the evil links... goddam Notes.
Re:renewal and upgrade (Score:3, Informative)
Don't you think that calling their offering a RENEWAL is deceptive?
Let's review the wording:
"Did you know that your current SSL Certificate protecting [customer domain] will expire in only 60 days? "Before you renew please read the following important information from Comodo. "We offer SSL certificates that provide;"
Note the "BEFORE you renew". Note the "We offer". Note that a list of services follows this, along with pricing. Please explain how this can be interpreted as a renewal notice coming from your certificate authority.
As for the "upgrade", I certainly would consider it an upgrade of service to pay only $49 rather than the rip-off $1000 that Verisign charges.
Re:What about the pre-trusted root cert? (Score:3, Informative)
Z.
Re:"Harvesting" isn't the best term to call this.. (Score:3, Informative)
To take or appropriate something unfairly or illegally.
I can't think of a better way of describing this type of information THEFT, for the gain of the THIEF.
Equifax Bought Out? NOT (Score:2, Informative)
Agree. Spam, but not "slamming" or a big deal. (Score:3, Informative)
IANAL. Now, of course you have to consider that it's up to a court to determine whether a servicemark or trademark is being infringed upon, but "confusingly similar" certainly meets the standard for infringement. However, the special sauce got a different reading than I did - no doubt coloured by the fact that Comodo [brings visions of flushing to mind] spammed his customers for competing (and probably lame) products. I'd be pissed too.
However, my reading of the spam was that it's pretty straightforward. There's obsfucation, but it's arguable that they consider their product an "upgrade" in much the same way Microsoft salesdrones consider W2K Server an "upgrade" to your favorite Unix/Linux distro. Companies often offer "renewals" or "competitive upgrades" to entice users to switch from Brand X.
IMHO, what Verisign has done in its spam "renewal" campaign is fraudulent. In a related anecdote, I've found it next to impossible to move my domains to another registrar; hell, I've had problems just moving them between hosting services.
But, back to the topic, Comodo [flush] ain't slamming, I've experienced that joy on two occasions. BellSouth got a new Access app that had a *required* a selection from a lookup table of long distance providers. The default at the time was AT&T. I went from *no long distance* (I *PAID* a monthly fee for disabling long distance. Not that it mattered, because BellSouth was perfectly happy to sign me up with AT&T for my non-existent long-distance service at a $15 a month fee. I still haven't found out how much they got for it, but after repeated phone calls and legal threats I enjoyed 8 months of free local phone service to settle the matter. Of course, that was after about 8 weeks of haranguing dozens of people - your mileage may vary.
Second was when I ordered DirecTV DSL for one of my company's East Texas offices. As in most places, the local Bell does the actual activation - molasses slow for competitors' customers, blazing quick (in comparison) for Bell customers. But I signed up for DirecTV DSL and SouthWestern Bell *canceled* that work order, telling DirecTV DSL that we'd already signed up with SouthWestern Bell; a blatant lie. Still dealing with that one.
"Tortious interference" (Score:3, Informative)
My attorney told me that if a contract exists, and I become aware that a competitor is trying to win my customer's business *prior* to the expiration of the contract between me & my customer, then the competitor can be sued for damages due to "tortious interference"...
Most of the time, the competitor would back off until the contract was within 3 months or so of expiring. There were a couple of times, though, that we went to court - & got money both times for damages (customer for breach of contract, competitor for "TI").
So how is this situation different from VeriSign, et al, slamming domain registrations? Why aren't the lawyers having a field day with this? Or are they, & I just missed the cloobus?
Leave Interland (Score:1, Informative)
Check this out, for even worse: We were with them for years until earlier this year, after they merged with Micron. Our Miva merchant store (which our business is based on) started acting up and they, with no warning, shut our site down and referred it to their abuse department, over what turned out to be a server misconfiguration on their part. I found this out through user complaints that the site was unavailable. When I called Interland (after the requisite 45 minute hold time), I was told that the abuse department, the only one that could reinstate our site, had no phone. Yes, read that part again. So, we immediately moved to another host. The abuse department responded to my 25 emails 6 weeks later. Thanks, guys! Sorry I had to AC this, but my handle's my real name and, surprise, we're going to sue the crap out of them.
Re:Domain Registry of Europe are slammers too (Score:3, Informative)
Including our CEO.
Who, not understanding what it was, and also not realizing that I'd only just renewed the domain name for five years and we weren't in any danger of losing our domain name until 2007, passed it on to the secretary with instructions to pay the bill.
Now, in fairness, the letter is cunningly worded, and probably can't be technically construed as slamming; it gives you the option. But, hoo boy, is it slimey!
The first I knew about it was when I started getting automated e-mails from our original registrar asking me to go through certain steps to authorize the name transfer. I tracked down what was happening, and got on the phone to Dom. Reg. of ***.
Forget the long, boring, tedious arguments. And the appalling insolence and downright rudeness of their people. Just a few points...
* They're used to complaints. Despite their protestation that I was only the second person who'd ever complained about this, as soon as you mention the word slamming they've got a rehearsed speech about the wording of paragraph five which they quote to prove it's not slamming. Uh-huh. Try doing a Google search on them and see if it's that rare a complaint.
* They're unhelpful buggers. No matter when I called, I was always told that nobody who was there could help me with my complaint, and I'd have to call back.
In the end, it works out okay. All you have to do is not authorize the transfer and they can't do anything about it, and they have to refund your money. Except for a processing fee. Trust me -- I argued and bitched and generally made a nuisance of myself by pointing out there was nothing in any of the correspondence we'd received or on their website about a processing fee, and we got the money back.
But believe me; there is one company who is now boycotted for life in my books.