before we deployed root-delegation-only here, i was also annoyed that my
e-mail tool could not tell me about misspelled domain names at "send"
and i had to wait for the wildcard mail servers to bounce the traffic.
In other words, Verisign is actually increasing the amount of misspelled
domain name traffic by sabotaging the spell-checking feature of your
email program. Under normal circumstances you would have noticed your
error and corrected it before sending the email.
This implies that Verisign could be collecting a much larger number
of valid email addresses by logging these seemingly misspelled domain
names and then "correcting" the misspelling by closest match against
the .COM database. This would be an immensely valuable list for spammers
to acquire, whether they do it by paying Verisign or by infiltrating the
company to steal it.
And don't pay any attention to Matt Larson's comments regarding logging.
If he is unable to shut off the wildcard redirection then he has no say
over what data is collected and what is done with it. Verisign could
reassign him with a promotion and then turn on the logging and collection
of email addresses. We already know that this company is unscrupulous and
not to be trusted.
In future we need to ensure that the registry operating the .COM domain
works under some sort of contract that controls how they function. This is
a public resource that we ourselves have created and not a commercial
to be milked for profit.