Network Solutions spills .ORG email addresses

January 25th, 2003
By David McGuire

Internet domain registrar Network Solutions Inc. said it will apologize to tens of thousands of customers whose e-mail addresses the company inadvertently released yesterday. "A few thousand" Network Solutions customers received e-mail messages that contained more than 85,000 e-mail addresses of other Network Solutions customers, said spokesman Patrick Burns of VeriSign Inc., the parent company of Network Solutions.

"WE MADE A MISTAKE, and we'll apologize to our customers," Burns said. Some customers whose names were included in the mailing said they feared a deluge of unsolicited commercial e-mail as a result of the gaffe. "An apology is one thing, but that doesn't stop the spam from coming. I expect to be inundated with spam because of it," said Steve Smith, who works for a defense contractor in the Washington area and who found his name on the list.

The list was sent to Network Solutions customers who purchased ".org" addresses through the company; it included customers whose addresses begin with the letters R through Z. Network Solutions had intended to send the recipients a message about how a recent transition in .org management would affect their accounts. Internet addresses that end in .org are usually assigned to nonprofit organizations, unlike the more popular ".com" addresses, which go to profit-seeking businesses. Not all the people whose addresses were included in the e-mail received the message, which was prepared by Network Solutions staffers, Burns said.

SPAMMER'S DELIGHT'

Stephen Keating, executive director of the Denver-based Privacy Foundation, was on the list but did not receive the message. "These are akin to environmental spills on the Internet," Keating said, adding that it was not the first time e-mail addresses have been accidentally released. "It's a spammer's delight to get that list." But Keating downplayed the impact of the e-mail, saying the addresses are public to begin with. Keating said he receives about 120 spam messages a day at his e-mail address, which he includes in the contact information for the domain names he manages. All domain-name contact information is available through the "Whois" databases maintained by the Internet's various address sellers. Internet users can enter a domain name at one of the Web sites that feature the databases and find the contact information for the owner of the address.

Most Whois databases require people to look up names one at a time, but spammers still regularly search them for targets, said John Mozena, co-founder of the Coalition Against Unsolicited Commercial Email. SpamCop founder Julian Haight said spammers probably will snatch up the list that Network Solutions sent since it's a record of thousands of potential advertising targets. But Haight said domain-name owners sign on for spam the moment they give their contact information. "Any e-mail address you give to Network Solutions is going to get spam, and that part of things really isn't their fault," he said.