dcsimg
RealTime IT News

NSI Mass E-mailing Raises Security Fears

A mass e-mail solicitation sent Wednesday night by Network Solutions Inc. has generated a stormy reaction from some customers.

Bearing the subject line "Important information about your domain name account," NSI's e-mail reminds customers that the company will switch Saturday to a new payment policy, previously reported by InternetNews.com, replacing the current invoice system for new domain names and requiring advance payment by credit card.

What rattled some recipients most, however, was a separate offer in the message to set up a free, Web-based e-mail account hosted by NSI. Included were both a user name and password which recipients were instructed to use to set up an account under the dotcomnow.com domain.

"The big screw-up here is they made no attempt to make it secure," said Ralph Brandi, Webmaster for a large telecommunications firm, in an interview with InternetNews Radio. "The passwords are incredibly easy to guess, because they all follow the same pattern, which is the login name plus the letters `NSI' afterwards."

According to Brandi, who received three copies of the NSI solicitation, proper security practices call for generating random, less guessable passwords, and then requiring recipients to change them as soon as they sign up for the service.

"I don't want to overstate the security threat, but the fact that they've created this account in your name and made it so easy for others to break into it, the threat is that people could possible masquerade as you and do damage to your reputation by sending out things under your name without you even being aware of it," Brandi said.

Network Solutions spokesperson Cheryl Regan Thursday confirmed the company sent the offer to a "broad percentage" of its customers, but she disputed customers' security had been threatened.

"The free Web mail isn't connected to your own personalized e-mail or to your domain name, so there's no security breech here," Regan said. She also pointed out that all Web-based email services allow individuals to sign up names other than their own.

Regan said NSI has been offering the free web mail service off its home page since last January. In response to the outcry, Network Solutions has begun requiring those who respond to the offer to change their password at sign-up.

Adding to the confusion of some recipients were the solicitation's message headers and instructions for being removed from future mailings -- all pointed to an address at the domain integram.org. According to Regan, NSI outsourced the dotcomnow mail promotion to Integram Inc., a direct e-mail firm based in Fairfax, Va. As for the company's use of a .org address -- registrations which were originally reserved for non-profits -- Regan said, "They're definitely not a non-profit, but there is no clear definition ... anyone can register in all three top-level domains."

Network Solutions (NSOL)has no further plans to send additional mailings touting the dotcomnow.com service, according to Regan. But Integram president Arpad Kovacsy said his firm, which specializes in "expedited communications," expects to handle other programs for the domain registrar and considers the latest a success.

"It's a huge volume, and for the number of communications we sent out, we've had remarkably little response in terms of direct communications with us, either by email or phone calls, asking for removal."



×
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.