Earthling

One reason this may create some controversy is that at first glance it looks identical to the behavior of many so-called browser hijacks, defined at http://en.wikipedia.org/wiki/Browser_hijacker as any program that changes the browser's error page or search page to go to a destination controlled by the hijacker. Many of these look a lot like the landing page we are using on this now. Hijackers do this to get revenue from the user clicking on suggested links or searching from the destination page. So this is going to be considered a hijack by some, and that has a bad connotation. We'll have to see how it goes. (disclaimer- I work for EarthLink but these opinions are my own)

(blogger's note: John sent me some edits to his comment, and I changed his comment to reflect them)

John - Obviously EarthLink has a different view on the functionality, and there's certainly a lot of debate to be had about it. But the bottom line is that the intent here is to improve the user experience around dead domains while at the same time generating some additional revenue for EarthLink.

If, however, the system ends up negatively impacting users through unintended consequences, that wouldn't be good for EarthLink or our users. In that event, we can simply turn the functionality off.

I should note that I'm the EarthLink product manager for this initiative on the customer-facing end (the results page users see).

John's comments are right on target. I saw this the other day and immediately assumed it was a browser hijack. Stopped what I was doing, ran an EarthLink Protection Control Center scan, ran an Ad-Aware scan, ran a Spybot scan. Nada. Well crud, I muttered to myself. Meant to followup on it, but later on the "problem" went away, so I didn't think any more about it. But the point is this "feature" robbed me of a few minutes of productivity the other day.

As far as it's usefulness, it sort of seems rather newbie-oriented, where we have to dumb down everything so a total idiot can still function in this world. AOL, anyone? I for one have never found the default messages in various browsers confusing ... but I'm not normal either. But I, for one, would prefer to let the browser maker dictate what I see when I fat-finger a web address because at least that makes my user experience more consistent.

But if it's a "feature" to be retained, it's certainly nice to know that based on the screen shot from your example, if I mistype www.lsusprts.net in my browser, I may, courtesy of my friends at EarthLink and Yahoo, be served an advertising link where I can go buy a sports bra or some snowshoes. Now that *IS* indeed a useful enhancement to my web browsing experience.

"The system is specifically configured to handle only NXDOMAIN HTTP traffic as it is being returned to the user’s browser and to not impact email and other non-web-browsing traffic."

I don't think this means what you think it means. There is no such thing as NXDOMAIN HTTP traffic. When a DNS request is made, the protocol that will be accessing it is not known. This DOES impact all services, not just web browsing. This IS a major abuse of how DNS works. And unless Earthlink offers alternate DNS servers for those of us who refuse to use this, it WILL cost you customers.

I give it 2 days, and then I'm switching. If I can't trust my ISP to not abuse DNS, then what good are they?

Michael: I appreciate your concerns. I have a good basic understanding, but I'll be the first to admit that the inner workings of this system fall outside of my area of expertise. I'll work with our network experts to make any necessary clarifications or corrections on my descriptions of how it works.

That said, we do believe that it will bring benefit to the vast majority of users on our system and won't result in unintended negative effects.

We are and will be watching the system, and if we determine that it is negatively impacting users, then we'll tweak it or turn it off.

The biggest and most obvious issue is spam filtering.

Much spam comes from non-existant domains. The lookup to see if those domains will no longer fail, it will pass, and spam will go through.

If there was a way to make it either:
1) HTTP only
2) opt-in
or worst case
3) opt-out
it could be acceptable. As the system currently runs, you'll lose at the very least 1 customer. I suspect more.

Google for "earthlink dns error page" and you'll find lots of upset customers.

What you're doing is fundamentally wrong. However, how about you making a small concession that will please both sides of this issue. Provide DNS servers that will NOT use this "new feature" for those "ISP geeks" who know what you're doing is wrong. I second what others have said. Change this practice, provide alternate DNS for your customers to use that don't have this service, or lose me as a customer -- I've been a customer for over 7 years. Get a clue!

I use my address bar for searches. It is setup to automatically bring back google searches. Fat fingering a certain server is not the case here. I have reset web settings for the last time here. If you do not provide a way for those of us that don't won't this feature of hijacking or redirecting our address bar I for one and everyone that I do pc services for will be swithing ISP's. This so reminds me of the AOL days and we had no other choice of providers. This is not the case today. There are many ISP's available. Your testing is already done in my books. Fix it or lose customers.

PS: I'm a 4 year subscriber to EL but that can soon change

Sincerely,
Dave

It also breaks lookups when using a DNS search path. If your search path is 4 domains, and the host you want is in #3, you can't reach it anymore. You have to type the full domain name.

I just spent 15 minutes resetting the SSHd on my server until I figured out what was going on.

Thanks Earthlink!

- Mindspringer since pre-merger, who is trying to figure out if I'm more angry or sad about this.

This would be possibly OK if you were NetZero of the old days and gave away the Internet connection, but I pay for my Internet and I do not want broken protocols because someone in Accounting thinks it's ok to *abuse* paying customers in the false guise of helping them. Please get rid of people that think like that. This is purely a making Earthlink money venture regardless of how much Internet functionality is broken. Anyone can read the Sales Pitch at http://www.barefruit.co.uk

I find it to be closer to Malware from Earthlink since the company you are dealing with outright lies about this function being able to be turned off by the end user. That is 100% a lie in the implementation currently running.

http://www.barefruit.co.uk/?page=Q+%26+A

How easily can a single user switch your service off? What is the process and how long does it take?

For users to by-pass the Barefruit service, they would need to go through a proxy that does not have the Barefruit plug-in or not use a proxy at all. This can normally be done at user level by changing settings in the browser.

No, that is 100% FALSE. This is 100% forced OPT-IN with no way to OPT-OUT. Earthlink should have learned this lesson already. You don't force users to subscribe to anything, you let them decide and then if they are interested then they can voluntarily OPT-IN if they want to. This is purely a DNS Hi-Jack and it is Malware of the worst kind. An ISP should always be above this. This walks over the paying customers back without permission.

It breaks Ping and Tracert (Trace Routes) plus *anything* that requires DNS resolution. It is not a Browser only issue (not HTTP only) as some appear to think.

Try and ping a fake name. It should return "Unknown host" but in the mess Earthlink has added to my paid for service (I sure don't get it for free) I would get this response now.

PING www.fakedhost.com (209.86.66.94): 56 data bytes
64 bytes from 209.86.66.94: icmp_seq=0 ttl=56 time=26.488 ms
64 bytes from 209.86.66.94: icmp_seq=1 ttl=56 time=23.524 ms
64 bytes from 209.86.66.94: icmp_seq=2 ttl=56 time=27.332 ms

The the ONLY reason EL has implemented this Internet Protocols breaking change. $$$$ MONEY off the backs of Paying Customers $$$$

What will the Barefruit service be worth to us over three years?

A trial will provide evidence from a significant sample thus enabling reasonably accurate financial projections. However as an indication, a simple financial model which is based on a mixture of research, empirical evidence and industry estimates indicates that implementing Barefruit would have a positive effect in excess of £5m on the ISP bottom line over three years for every 1m users. This is ‘per capita scalable’ – hence over £500k per 100k users and so on.

Perhaps a history lesson is needed?

http://www.icann.org/topics/wildcard-history.html

This is causing no end of grief when I VPN in to my work network...if Earthlink responds more quickly than my VPN connection, I get the Earthlink error page rather than the one from my VPN. Earthlink support wasn't helpful with the problem since it is with "my" VPN software, so I'm tracking it down with my company. But now I've got to waste time not doing my real job. Grrrr.

Well, at least it is an incentive to seriously investigate other options (I think FIOS is due here soon).

I've been a customer for over l2 years starting in the dialup days and currently am paying over $1000 a year for HSI access in several locations plus commercial web hosting going on 8 years now. I've put up with incompetence at every level of the company but managed to work around it each time.

This asinine DNS redirect is the last straw. I stuck with you out of some odd loyalty to independent ISPs but can no longer afford that luxury if Earthlink sees me merely as a revenue stream to milk dry at the expense of properly functional basic ISP services like DNS.

I believe I can speak for many here who mourn the death of what was a premier ISP. Rest in peace. I won't be around for the funeral.

I also see these redirects as more of an annoyance than a feature. Not specifically the http ads but the other interferences as mentioned in previous comments.

Maybe this can be enabled only for those that install the EarthLink Total Access software? With the option in TA settings somewhere to disable it.

Or if you'd like to take it a step further it can be enabled by default in the EarthLink TA install but users are still given the option during the install to uncheck a box to disable the feature.

Mr. Coustan, IMO this was a very bad business decision by Earthlink. Though it may have looked good in theory, i.e. make money from users' typos, in reality you're breaking DNS lookups. You wrote in your reply to Michael, "...I'll be the first to admit that the inner workings of this system fall outside of my area of expertise." Funny how you're the one that Earthlink has chosen to announce this *cough* feature to their members, via this offical Earthlink blog... Someone who can't technically address our concerns. Btw, I've been with Earthlink for nine years. NINE YEARS. I can get my ADSL (768/128) connection cheaper and faster with Verizon, but I've stayed with Earthlink out of loyalty. Perhaps it's time to switch. Oh, and to Mr. Womack, please be honest. The only reason Earthlink has implemented this is to generate additional revenue. That's it. Period. End of story.

I should have mentioned as well that if you do go with the idea mentioned above, you should be able to push this out to existing TA users with a TA update possibly.

This is bad! Spam filtering, DNS domain search etc. and a number of other applications are broken. If a domain is non-existing it is meant not to be found.

Make it opt-in. Fine. But do not force it on the people. I prefer the actual error screen from my browser or my applications to work correctly.

Please give up this ill advised experiment or make it right with opt-in. I am a Earthlink customer but if these sort of things continue it might change.

I am sure Earthlink can add this sort of functionality simply by providing a browser toolbar functionality for those that might find this useful.

Ken , I'm extremely unhappy with this change.

First off this is forced via to DSL customers via IPCP which is just wrong. Why not have an optional service, like OpenDNS where the DNS servers will block phishing sites and the tradeoff would be users would have to put up with the failed DNS redirect page full of ads. Furthermore it could be bundled like with TA, like garayr suggested.

Under no circumstances should you force this to users.

It's also causing problems with my router since the firewall logs are getting filled up with this entry:

"Unrecognized access from 69.3.194.174:4338 to TCP port 445"

So why should I stay with EL? Please someone tell me ;-)

I'm also an EarthLink employee so in regards to my comments above, they are strictly my opinion and do not represent the opinion or position of EarthLink.

It might be helpful to earthlink mgmt if we could provide URLs or at least names of programs that get broken by not getting NXDOMAIN for domains that do not exist.

Since Earthlink will conceivably be generating additional revenue from paying customers by using this Barefruit malware, can we expect our rates to go down?

Please allow us to opt out of this service. From a user standpoint it's exactly the same as browser hijacking and it's unpleasant.

I need to know in a 'pure' way what's being returned by whatever URL I type in to a browser, including incorrect ones. And I don't need to see any more ads than I do already.

If you want to charge me, say USD$20 less per month and have me endure this unpleasant redirection, that might be a fair tradde. Otherwise, turn it off, please.

Now.

Update: I spent over an hour on the phone with the tecnical dept. of Earthlink.

I started out with a person that could barely speak clear enough english for me to understand.

After trying to convince her to connect me with someone that had technical knowledge about what was going on. Instead she kept trying to read from a computer screen with predescribed solutions (to which I already knew would not work).

Short of verbally abusing her (which I tried not to do) I was finally connected to a supervisor. Once I described the situation to this person and assured to him that this was not a spyware/adware situation I then was connected to his supervisor.

After spending countless minutes explaining things over and over to him. His reply was (which I'll have to admit was was very professional manner) was that he was unaware of any such redirects and that he would do further research himself.

He then gave me the number to the corporate office (404-815-0770) which he told me is where he answered to.

By the time I went through all of this of course the corporate office was closed.

Conclusion:
Either Earthlink is not even letting their technicians know of the failed DNS querying to a earthlink-help.net error page or they have given them instructions to play dumb.

Soon to be an "X" Earthlink Subscriber if they don't fix this issue

I have been a subscriber for many years. I always appreciated Mindspring's focus on the end user. I felt like they were in the business to make money, but the customer still came first. Even through the Earthlink merger... I still thought Earthlink had a customer commitment.

Well, I guess that's a thing of the past so I would like to be clear... The change is NOT appreciated.

I used to keep AOL around for a couple of their features quite a while back (w/ MS/EL as my ISP). That was until I couldn't stand them shoving unsolicited content in my face any longer.

So is that was Earthlink is trying to accomplish? Or just idiot-enhance their product to gain AOL users? Or has the dollar just flat replaced customer commitment?

Well I just cancelled my Earthlink account and went back to Road Runner because of this non-sense. It is affecting people that do work from home like VPNing into the office and such.

Later

Other people have said just about all, but I would like to add that I am a long time Earthlink customer and am very angry over this abuse of the DNS system just to make a few bucks. I really resent getting an unexpected response when I make a typo, and especially having advertising shoved in my face instead! I strongly disagree that this is a customer service, this is just self-serving revenue generation on your part. I don't know anyone who has trouble figuring out that his browser is telling him a domain does not exist, and needs a page with "helpful" links to guide him.

It was wrong when Verisign tried it and it is also wrong for Earthlink to do it.

If you provide alternate DNS servers or some other way to opt out I might consider staying. Otherwise drop this scam or lose a customer!

I have a slightly different issue with barefruit.com, but will say first that I strongly agree with those who disdain this new "service" and who advise making it opt-in. (At the very least, Earthlink or Barefruit should provide a link on the redirected page explaining how to opt-out!!)

I've been using Earthlink for years, and have brought in at least two new customers to Earthlink, who depend on my recommendation of ISP's. If this new policy is not changed, I will start looking for another ISP, and when I find one, recommend it to my contacts as an alternative to Earthlink.

My concern with barefruit.com began in late August 2006, when my firewal began blocking requests to elydm.03.am.barefruit.com at address 209.86.66.92. Not understanding why any process on my computer should be contacting this server, I started investigating. I ran (fruitless) checks for a possible virus using AVG Free, and for spam using Ad-Aware SE and Spyware Doctor. The firewall identified the offending program as "system" (no path, no exe file name) which surprised me. Why would a system process on my PC be trying to contact the barefruit server? Since I couldn't find the offending program to eliminate it, I set the firewall to block access to 209.86.66.92, but specified that it should pop-up a warning every time it blocked an attempt. I forgot about it for 15 minutes, until the pop-up occurred. Then I waited, and again in exactly 15 minutes, another attempt was blocked. These warnings occurred for hours on end at precise 15 minute internals, and then just stopped.

The next day, same thing, only this time, the firewall began warning me of a request by elydm.06.am.barefruit.com at 209.86.66.95 for outgoing communications. This new address I put in the firewall, similar to the one described above, and again, the attempts to contact barefruit.com went on for hours at 15 minute intervals. Again, they suddenly stopped for some reason. But I noted that upon rebooting, there was a rapid series of requests every few seconds to try to contact barefruit.com. That stopped, too, after a short while.

Until the next day, when a new request showed up, a request to contact barefruit at elydm.01.am.barefruit.com at 209.86.66.90. This, too, I blocked in the firewall filter setup, and for a couple of days now, I have had zero barefruit activity.

I emailed Earthlink about this problem, but received a reply advising me to run spyware and antivirus scans - which I had already done, and which I had noted in my email to Earthlink. No help there, the person replying was clueless, in my opinon.

I've also notified Ad-Aware SE and Spyware Doctor of this problem, in the hopes that they will find a way within their respective products to eliminate this behavior. But, I have received no reply from either acknowledging the problem.

I'm not sure if this spyware-like behavior has been caused by Earthlink, but am very suspicious. The only thing I can find on the web about barefruit.com is the forum referenced in one of the posts, above, that discusses this new change of policy by Earthlink. (The forum is Broadband Reports - see http://www.dslreports.com/forum/remark,16763566~fmode=flat~days=9999~start=40)

I would like to see Earthlink issue a flat-out denial that these "phone home" occurences have anything to do with their new redirect service. But if they have been somehow programming my computer to contact the barefruit web site, well, I hope some bright lawyer brings a class action suit against them, similar to the one brought against Sony for the 'rootkit' fiasco a while back!

Earthlink wrote
"For more than a year we have been offering DNS error functionality for EarthLink Toolbar users through our Yahoo relationship, and Barefruit provides the technology that allows us to extend this functionality to EarthLink’s entire access customer base."

I didn't ask for a proxy. If I wanted a proxy to enhance my user experience, I would build my own squid-based gizmo. It would be in my house and I would adjust the solution, or simply unplug the solution if it bothered me.

Earthlink's Barefruit solution bothers me.

I don't use the Earthlink Tool Kit for personal reasons. I do not welcome this extension of functionality to my personal DSL connection.

I subscribed to an ISP, not a nanny service.

I strongly, strongly, adamantly prefer to manage my own "user" experience.

I would prefer the ability to configure my account to opt-out of any technology that tries to enhance my user experience without my consent.

I would prefer to adjust my Earthlink network participation in a manner that excludes my connection from the Barefruit egress proxy. I do not care if it's restricted to HTTP or not.

Please empower the more independent customers in the community to opt out as some of us "opt out" of The Earthlink Tool Kit.

-jon

Thanks to all of you who have commented here and via e-mail. There are some specific individual issues that I'd like more information on and will e-mail you directly to help address (or e-mail me at earthling at corp dot earthlink dot net ), and if there are any new issues surfacing, please feel free to add them to this thread or e-mail them to me. Specifically on Al S.'s concern -- what you're describing shouldn't have anything to do with our system. (edit: to be clear, it's not an intentional part of the system, and I'm emailing Al directly to see why it might be happening. I'll share the details when I know what's up)

Though it's tough to read at times, I'm glad you've all shared your thoughts and concerns. I understand your passion for your internet experience and for keeping things the way you're used to, and know that any change can be jarring, especially one that takes place on the level of DNS. Smart people can disagree on the philosophical side of this discussion, but on the practical side I want to emphasize that we wouldn't enact a change like this if we didn't believe it to truly be a benefit to the vast majority of our users. Many of our members would prefer a helpful error page to one that leaves them where they started.

That said, most of those who have spoke up here and in e-mails to me have said in strong terms that they'd rather not have this functionality in place on their system. We're reading and listening and discussing, and I want to thank those who have suggested some solutions that might allow us to better serve users who would prefer to opt out of the service. We take all of these considerations seriously, and if any alternatives become available, I'll let you know.

Called corporate office today and spent over 30 minutes on the phone listening to glorified elevator music.

Then was redirected to tech services in San Antonio, TX. Once there most of the techs were still unaware of what was happening.

After finally being transfered from supervisor o supervisor finally found talked with someon that knew what was going on.

He told me that this was implemented to protect 95% of our customers and that I should use Google's main web page to do my searches instead of using the address bar.

HORSE CRAP!!! (trying to stay within post guidelines) and thinking worse. This is merely a smoke screen for EL to generate income off of unwilling participants.

What are they going to do next? Start blocking certain websites? If you love having stuff shoved a you w/o your consent why not go back to AOL?

For those of you that are on cable and you came here looking for a work around here's what I done and have tested for the past 24 hours and have gotten rid of the redirects.

First of all you will need to set a static ip address for your pc. Don't know how to do that go here http://www.portforward.com/networking/staticip.htm

for dns servers use 4.2.2.1 and 4.2.2.2

If for some reason this doesn't work you may also want to modify your HOSTS file in c:/windows/system32/drivers/etc

open with note pad and add this at the bottom:

127.0.0.1 elydm.01.am.barefruit.com
127.0.0.2 elydm.02.am.barefruit.com
127.0.0.3 elydm.03.am.barefruit.com
127.0.0.4 elydm.04.am.barefruit.com
127.0.0.5 elydm.05.am.barefruit.com
127.0.0.6 elydm.06.am.barefruit.com
255.255.255.255 www.earthlinkhelp.com
127.0.0.7 http://earthlink-help.net

click on file.... click save

Reboot PC and problems should go away.

Don't know if this post will stay up or not. I personally don't care. If EL insists on continuing this path I will switch to Road Runner or another ISP provided by Time Warner in my area. Not only that but every customer that brings their pc in I'll be sure to steer them clear of any services provided by EL.

PEACE OUT

(Blogger's note: This is not a suggestion or solution coming from EarthLink and not something we can confirm, deny, endorse, or support. - Dave C.)

Thanks Dave. All too often customer frustrations like this disappear into corporate voids, and it's good to know EarthLink gets the other half of blogging: it's not just marketing or talking TO users, but listening to them as well.

I look forward to hearing more from you about how EarthLink will address our concerns.

Why didn't Earthlink use a service like OpenDNS?

It's opt-in and provides lots of actual real benefits like faster Internet and blocking phishing sites. I've been using it for the last couple weeks and I like it.

They make money the same way as Barefruit does but users are free to turn it on or off.

Dave C. wrote:

Smart people can disagree on the philosophical side of this discussion...

I couldn't disagree more. It is not a matter of keeping things the "way we
are used to", its keeping them the way they are specified to work. Some
very smart people went hammer & tong on this issue when Verisign tried this
scam, and Verisign lost decisively. See the Wikipedia entry on SiteFinder
if you need education on this issue.

The only difference is that Verisign is a monopoly and Earthlink customers
have a choice and *will* leave. Many people left AOL and joined Earthlink
because they resented AOL's interference in their Internet experience. Look
where AOL is now -- is this where you want Earthlink to go? This is a huge
step in the wrong direction.

There are a huge number of web hits at stake here and therefore a large dollar
amount for the redirect royalties. That makes me very suspicious of your
statement that you are doing it as a customer benefit.

BTW: Lately I've noticed intermittent problems resolving domains that I use
constantly. Is this service affecting the reliability of your DNS for domains
that do exist?

This thing is stepping on my intranet. A couple of the wireless machines in my office are constantly getting redirected to the earthlink-help.net page when they try to connect to my intranet. This is completely unacceptable and will result in cancellation of my account if it's not fixed by next week.

This 'feature', as I hesitate to call it, breaks standard and expected functionality. You say it should only affect web traffic, but as of this momment I VPN into my work network and none of my work network name resolutions work becaue of this DNS snafu. I am changing my home network DNS service to a NON-EL service and I will keep it there until EL removes this 'feature'.

I want to note that this feature is 1. NOT WANTED and 2. BREAKS STANDARD FUNCTIONALITY. This decision, if left the way it is, will be the final straw for me and I will be changing providers to another cable ISP who does not implement these rediculous changes. There is a good reason no other ISP has followed through on a permanent change like this.

-a very dissatisfied for-now-EL subscriber

I won't put up with this for very long, I will switch, in fact switching will actually save me money for the next 6 months.

At least from my IP address Earthlink now seems to be returning NXDOMAIN errors for non-existent domains again. So maybe (I hope) the problem is fixed.

However, this raises serious questions about Earthlink's technical competence. Earthlink technical staff should be well aware that the HTTP is only one of tens of thousands of applications that depend on DNS, that even with HTTP not all uses of HTTP are by web browsers, and that applications quite reasonably treat NXDOMAIN errors differently than "not found" web pages or "connection refused" errors. They should have been able to anticipate the problems associated with returning false information about a domain. (And yes, returning bogus A records, even in the non-authoriative answers section, is deliberately returning false information). Whether they simply failed to understand this, or didn't think it mattered - either way it does not speak well for Earthlink.

What Earthlink needs to do now is admit that it made a mistake and that it should have known better.

Can you please give me (and the many other unhappy customers) a way to return their DNS to normal.

Ironic, the very thing that led me to choose earthlink as my provider is now causeing me to switch. I pay for broadband...Thats what I expect RAW CONNECTIVITY! If I want your help in searching, I will ask for it. Thus far, the address bar on my browser kept me happy.

SCORE:
Road Runner 1
earthlink 0

Let me add one more dissatisfied vote for this new "feature".

Other than Earthlink themsemselves, I'm still waiting to read a single post from somebody who likes this.

I have Earthlink SOHO DSL at work and I hope I won't have to change providers.

I have wasted hours tracking down the browser hijacking that Earthlink initiated without my knowledge or consent -- going so far as to avoid mentioning any of this in its newsletter and keeping all references to its 'hijack' domain, earthlink-help.net, off its website -- so I'll be preparing to cancel our Earthlink cable account and switch to RoadRunner.

Hi buddy,

I am an Earthlink customer. I found this page trying to figure out why I was getting your stupid, unexpected "earthlink-help.net" page in my browser.
If you want to provide a "friendly" experience to your users, give them a web proxy and a bunch of settings they can CHOOSE and configure - like content filtering, privacy, filtering, whatever you want.
I DID NOT CHOOSE this behavior from your network, it is extremelly intrusive.
This is not how the web is designed to work. Have you heard of the word STANDARD? My browser should decide what to do when the DNS query fails. I bought an internet connection from your company, I expected nothing else.
And why mess up with other protocols? (telnet to a dummy host.afhbasfbfdsa.com results in "telnet: connect to address 209.86.66.94: Connection refused").

Have a happy life, learn some manners, and get a decent job.

George

I have to admit, spending 45 minutes on the phone with a tech telling me this is exactly what is NOT happening was rather frustrating. Listening to you tell me that it is "improving the EarthLink user experience" is a load of marketspeak; if I wanted the "EarthLink user experience", I would have installed the Earthlink software - from the fact that I didn't, it is safe to infer that I'm not interested. As others have pointed out, there are other braodband option available; I've kept Earthlink out of inertia, but if it's going to start affecting the way I work, it's time to move on.

we believe we are improving the EarthLink user experience with a system that will not interfere with other network processes.

saying this is almost as bad as breaking DNS to begin with

a non existant domain is not going to exist no matter how many ads you show the user.. the majority of users that type anything in to begin with can figure out real quick when a domain doesnt exist from the standard error message

lying about only affecting http doesnt help either

..Dale

As an addendum, before you worry overly, I don't really intent to test the DOS idea. Though you might feel the slashdot effect from earthlink customers.

What did you do to my traceroute? What did you do to my spam filters? Why did you break the whole MX system? Why on earth would you ever do anything to break the DNS protocol so completely? This is outrageous. I've been with Mindspring for years and always recommended it. That's got to change. I have my elderly parents calling me up because their browsers have been hijacked. My god this is a disaster.

This is completely unacceptable to me. It completely mucks with expected and correct behavior, and rather than getting the very useful and appropriate page I have configured my browser to give me on a dns error it gives me your useless and annoying one. If this persists I'm going to have to look for a different ISP.

I use to be able to simply type google into the address bar and it would take me there. This functionality has been taken away from me. I find this a negative. As a customer, I am letting you know that I prefer the way that it worked before. One strike against Earthlink.

Because of this DNS 'feature', I am canceling my service as well, and will make sure that I let all my friends and co-workers know about this. As others have said, the only thing different with EL doing this rather than Verisign doing it, is we can opt out by getting another ISP. So I'm opting out.

I intend to keep my box free of malware, even if it means switching my provider after over 5 years.

I run a development server on my home network. When a DNS error occurs, I need to see the error. I consider this way of handling DNS errors malware, and I'll also be boycotting Yahoo! Until this is cleaned up.

Your commercials are stupid, even if you are trying to express your inner troll.

I've ignored you up until this point. I'll recommend to everyone to avoid you like the plague.

You are a bottomfeeder, worse than AOL. I hope your stock goes into the crapper as well.

I intend to keep my box free of malware, even if it means switching my provider after over 5 years.

I run a development server on my home network. When a DNS error occurs, I need to see the error. I consider this way of handling DNS errors malware, and I'll also be boycotting Yahoo! Until this is cleaned up.

This is nonsense. I'm used to typing in the name of an address without '.com' and having Safari automatically resolve it to the .com address. Now, thanks to this obnoxious new feature, I cannot do what I've been successfully doing for years.

I am seriously considering dropping my high-speed earthlink account because of this. (I've been a used of earthlink since 1989.)

The problem with this is that you are replacing a simple and straightforward, standardized error message, with an annoying, distracting link to a less than desirable search engine, ad-supported and ad-distorted search results, and a smattering of annoying banner ads.

One might expect this sort of junk from a spammer or some sleazebag website, but not from a major ISP that one is PAYING for internet access.

People don't want yet another source of unwanted advertising - especially when it's coming from their for-pay ISP.

but then again, the only reason I heard about this was because it's all over Slashdot. Naturally, I dumped Earthlink a LONG time ago.

Earthlink:

* your redirection amounts to typosquatting;
* you breached the trust with your clients by using technical architecture for marketing purposes;
* the redirection breaks various RFCs and disrupts existing Internet services;
* your redirection is contrary to the proper operation of the DNS, ICANN policy, and the Internet architecture in general.

I invite people to contact Earthlink and let them know that this situation cannot stand. Call them, send emails, send faxes...

This is a money grab plain and simple. I prefer to get a 404 response when I fat finger a URL. I find it irritating when there are domain squatters all around a domain, but that is the way it goes and people need to take some responsibility on their part to realize that they hit the wrong site. However, if I should receive a 404 because there is no squatter, I don't want to ever be redirected to a commercial search engine not of my choice. For one, is the search engine going to remain agnostic and return a naked list without censorship or insertion of their own interest? Or is it going to push a preferred list of commercial site owners that paid a premium to have their site show up on a list for people that fat finger? The other money grab here is that now competitors have a way to advertise themselves and this is very powerful for what would normally be an anonymous site to the person typing in the address. Obviously, the user received a message somewhere for the site they are trying to reach and most likely the site that got the message out had to pay for this advertising, whether it be direct or indirect through word of mouth or viral or other nonstandard means. But now a competitor can pay earthlink to be affiliated just because of a fat finger mistake. That seems like opportunism. For instance, if I type in McDonards and the search engine interprets that I want to look up fast food or hanburgers, I now affiliate with McDonalds other hanmburger restaurants and fast food. It is quite possible these competitors did not invest in marketting like McDonalds to create the impulse for a user to visit their website. However, with Earthlink's redirect to their search engine, a competitor can pay a small fee, nothing probably compared to what McDonalds pays, and they are instantly associated. If the person did not directly go to a search engine to look up McDonalds, where it would be normal for other hits to come up, then this is a hijacking to make money.

Do you really expect Earthlink to be honest about its motives? When does the customer ever come first? This service costs money and customers aren't paying more, so this is business development that will probably net Earthlink more money at the expense of spamming their customers with paid ads.

Please stop doing this redirect. It intereferes with the way my browser works and leads me to a page I did not want. I can handle 404 errors or page not found, not this advertising.

I am noting the advertising that is being generated and am sending complaints to the advertisers as well. Not only are you getting me angry at Earthlink, but I am angry at every company listed on the pages that this redirect creates.

In addition to, and in agreement with, all of the negative comments you've received above, I'll add mine to the pot.

There are two fundamental reasons why this is an absurd money-making scheme:

- it breaks the net for users who've configured address-bar searching. This isn't an issue of me being "resistant to change". It's an issue of you breaking something that I specifically set up, in order to create another revenue stream. I pay you for internet access, not "user-enhancement". I'll enhance my own user experience. Your job is to provide the gateway.
- more importantly, your new trick violates the DNS specification. This breaks the net for VPN users, who depend on failed net queries to fold back into their own intranet.

Like the rest of the users here, I'll be happy to switch ISPs soon (and urge others to do so as well) unless you either remove this absurd Verisign-like malware or provide me a simple opt-out.

By the way - your malware is a lead story on Slashdot now, where you're roundly being assaulted. Congratulations - you're just made Earthlink that much better known. There's no such thing as bad press, right?

Fools.

"we do believe that it will bring benefit to the vast majority of users on our system and won't result in unintended negative effects."

Everyone here knows this isn't true, by the way, so by typing things like this, you just come off like a corporate shill.
Of COURSE you know it won't benefit users. It's not supposed to. It's supposed to bring in ad revenue. Of COURSE it will result in negative effects. That's because it's broken by design. You just hope that most users won't notice or know how to complain.

Stop pretending this is for the users. It just comes off as insincere.

DNS is one of the very foundations of an Internet connection. This change in DNS behavior is a direct violation of DNS standards. As such, you are simply no longer providing the product that your customers have bought and are paying for.

If I were an Earthlink customer I would consider this a breach of contract, or at the very least a cancellation of the current contract. Your change in product functionality is significant enough that it is no longer the same product, and as such you should cancel your existing contracts within their predefined cancellation periods. It's perfectly acceptable to offer your customers a new contract, but you can't avoid having to cancel their existing contracts.

This is all fine and good, until I start getting this page whenever I go to Apple.com. Again, this looks like a browser hijack, which is all the more confusing since I'm on a Mac. If the system truly works like you say it does, then I should get a "server not found" instead of your page, since Apple's servers were apparently offline for five minutes. To the best of my knowledge, the domain name still existed.

I'm a long time Earthlink customer on Time Warner Cable's Road Runner service.

You should note that my primary reason for using Earthlink vs. RR on the same cable transport service is simple -- you had better DHCP and better DNS servies.

Point: Yes, I fully realize that by using the term DHCP and DNS I do not represent the "vast majority" of your user base.

However, you just dropped 50% of your value proposition on the floor and rubbed it out of existence.

I also took the time to register a complaint with your feedback system here:

http://www.flickr.com/photos/jcuthrell/232825143/in/photostream/

Also, I also find it fascinating that the feedback loop does not specifically allow for the selection of a "Feedback Categories" for the complaint within the form that would clearly indicate it is tihs new DNS hijacking service from Barefruit that Earthlink has foisted upon all subscribers.

Perhaps the people driving this project really don't care about getting an accurate feedback categorization of incoming complaints.

I welcome and will respond to any feedback -- note: I'm using my gmail address as my Earthlink address is subject to going away very soon.

I'm very disappointed with this new function. I find it really intrusive and can't find any added value. If there is no way I can turn this off or use another DNS server that does not do this I will be soon changing to another provider.

I just want to say that think that this is something that will only upset "geek" users and will be "useful" to non-geek users is a risk bet, since "geek" users usually act as prescriptors for their friends and family.

Please, make it opt-out.

This is utterly, completely, and absolutely unacceptable. I'm going to be canceling my Time Warner/Earthlink account as soon as I can arrange a replacement.

I don't care that much about hijacking web page requests -- but the Internet is more than just the web!

As an example: My intranet has a series of domains: customername.vpn.customers.mycompany.com; customername.external.customers.mycompany.com; etc. To find the correct name to contact a customer's server on (depending on whether their connection to the VPN is working), we iterate through the search domains until we find one that resolves. (Obviously, only services with their own encryption and authentication layers are available with the VPN down). Except, with a wildcard in our DNS upstream, they all will resolve (from outside our company network, at least) -- breaking our ability to automatically failover when trying to do a lookup from a VPNed-in home system with the company DNS server as only one source (and an Earthlink pseudo-DNS server ["pseudo-DNS" because of its failure to follow the standard specification] as another).

This is unacceptable. Completely, totally, entirely unacceptable. 'Yall are breaking protocol specifications which your customers may have reasonably relied on in designing infrastructure in the past, and for what? Extra marketing revenue. The 95%-idiots excuse (read: that 19 out of 20 of 'yall's customers don't know how to interpret a DNS lookup error as presented by their browser) could justify offering the feature to those who install the Earthlink software bundle (they're the folks who want the "Earthlink experience" to modify how their computers work, after all) -- but changing behavior for those of us who haven't taken that affirmative step is beyond asinine.

It's a long weekend, so I'm going to wait 'till this coming week to change out my account. I'm long past the 6-month promotional pricing period which convinced me to purchase 'yall's service, and have been staying with Earthlink by inertia; this is more than enough reason to leave.

Earthlink personnel wishing to discuss technical aspects of my objections are more than welcome to do so directly. My email address is cduffy at spamcop dot net; my voice number will be provided on (emailed) request.

What a pile of garbage.

Goodbye Earthlink, you just lost a customer that has been with you for over 6 years because of this horsecrap.

Not only is it interferring with my web browsing activity, it is interferring with a couple of IE toolbars that i use in addition to sites that i visit on a daily basis.. Apparently sites that no longer exist (LMAO)

Ah well, i hope the added revenues you will generate from this will be worth all the customers you are going be losing over this.

http://www.iab.org/documents/docs/2003-09-20-dns-wildcards.html

I know this has already been mentioned, but the Earthlink people don't seem to get it: It isn't just mis-typed URLs or dead domains that are being redirected.

Now, if you leave off the "www." and the ".com", you are considered in need of "help," and get redirected. For example, I just typed in "yahoo" and wound up at the help page, where it asked "You entered "yahoo ". Did you mean www.yahoo.com?"

It doesn't happen every time, and this leads me to believe that it's a glitch, and not what was actually intended. If Earthlink can't make this thing work in an unobtrusive way, they should just drop it ASAP.

Craig - I can do one better - working at my company in network administration, I get asked quite often to comment on service providers (we have over 10K employees). Given this "functionality" and how much other true *functionality* it breaks, I will be STRONGLY recommending that a) everyone with an account cancels it and b) it be placed on our "not supported" list of ISPs.

I just canceled my home account with earthlink. SiteFinder caused huge havok at my workplace due to it destorying our spam filtering software and one of the software packages we sell. We voted with our wallet then(transfered away from Verisign), I'm voting with my wallet now(I'm at work right now searching for a different provider). I'm sure this was a business decision, since the page has advertisements on it. Hopefully more will demonstrate that by not playing nice, no one will want to play with you.

I saw a post way up there stating that this will help most earthlink users ... well then most of your users are dumbasses and most likely just come by earthlink after getting off the aol band wagon. (insert more bad statements here about earthlink and aol users. )

This issue made it to Slashdot today, and this comment is the best explanation I have seen yet of how Earthlink's intentionally warped DNS can break Internet applications: (link to comment)

A 404 is NOT a DNS error, its a page not found error that is returned to the browser from a web server you've SUCCESSFULLY connected to. an NXDOMAIN error is a DNS error returned by the DNS server for a domain name that doesn't exist. Thank you.

This problem hit us Friday on our business T1 line from earthlink. When I called into customer service, I was told that they had no idea about this change.

As a business customer I would like the option to opt OUT of this. Sure we could install our own DNS servers and indeed we have them for VPN related lookups but not informing your customers BEFORE doing this and not providing an opt out option is just plain rude.

Why is it SO difficult to get straight IP connectivity to the internet anymore?

The only reason for breaking basic internet functionality like this is to gain a few advertising dollars. If that's a tradeoff that earthlink is willing to make, then they are not an isp that I would consider or recommend.

While I can respect someone actually coming back here and reading the responses, it's obvious to me that either nobody considered the technical implications of this change, or that they were considered, and nobody cared.

This change breaks the ability to detect spam sent from non-existent domains. It will redirect traffic (web, email... any traffic) that would otherwise be unroutable to Earthlink servers; something a lot of people (myself included) might consider a security risk. It breaks multiple kinds of browser functionality.

I have to wonder if anyone at Earthlink has been doing this sort of work for more than a year. This was a bad idea when Verisign tried it, and it's a bad idea now. That anyone would think it's worth trying, after the huge uproar it caused last time someone tried it, is incomprehensible to me.

You can be sure I will never again recommend Earthlink to anyone. This move was ignorant and misguided at best; greedy and mailcious at worst.

Wow, a reason never to use earthlink...I'll be sure to tell all my friends.

My God, how could you break ping? It has to be the simplest feature of an IP network, yet with EarthLink's so-called "feature," you've managed to break it (as explained in Dr. Olds' post).

The wife's been pushing to swtich to AT&T DSL from our Time Warner/Earthlink connection. It's a lot cheaper. I can have domestic harmony, unbroken DNS, and a few extra dollars in my pocket.

Bye, Earthlink.

wow, i am glad that i no longer live in an area monopolized by sprint / earthlink.

i stopped considering sprint / earthlink as an option years ago, but this certainly would have broken the camel's back for me if i had not.

How is this any different from other typo-squatters? If anything it is worse. Earthlink has taken a working service, DNS, and broken it. End user applications can no longer work properly so this can hardly be considered a service. At least the typo-squatters only effect a limited number domains. Earthlink has gone after the entire universe.

If Earthlink needs to increase revenue, it should do it the old fashioned way - increase its customers by offering a better service at a competitive price. If Earthlink is chasing after a dime from such bottom feeding tactics, I would guess they have lost the ability to devise a real plan for growth and is a signal that ELNK is about to end up in the can.

From the comments, it looks like the most willing to leave Earthlink are those that have had the service for a long time and considered themselves loyal customers. This means Earthlink is also losing its best salesteam and gaining a very strong anti-salesteam ("Yeah, earthlink, I used them for a long time. Used to be great, but then they started mucking around with internet protocols. I could not even use my office's VPN. Stay away from earthlink.")

Let's be honest, the only bottom line is the bottom line. Everything else is rationalization. If Earthlink truly wanted to improve service why not increase mailbox size. Perhaps add business services like managed hosting and remote backup service. Maybe be bold and ask customers what they would like.

Sidenote: Check your example a. Google does own the domain gooogle.com, but not goooogle.com

Silly Earthlink. Silly, stupid Earthlink. :)

This is a bad decision, and one likely to drive me away from Earthlink. DNS is supposed to function the way it functioned, and not the way marketing droids believe it should. You can jettison the proxy or jettison your best users - your choice.

Yesterday, your proxy started redirecting me to your spam page when I was trying to reach news.google.com. Are you trying to tell me that the google.com domain had vanished? That's what your comments above indicate.

THis is not something "smart people can disagree on," this is a matter of network standards that Earthlink is violating. Stop it, or you'll also be losing me as a customer - and as the network manager of one of the largest public hospitals in the US, don't kid yourself that I don't make a lot of ISP recommendations to users.

Yes, I also worry about the privacy concerns. For example, if you connect to a mail server from an earthlink account that isn't an earthlink mail server. And the server happens to be down, your information will be sent to earthlink. Same goes for other protocols as well. I've seen many sites have a slight stutter in uptime.

Wow, didn't you guys learn *anything* from VeriSign? If a domain name doesn't exist, DNS resolution should fail; it's as simple as that. Anything more complicated should be done in the browser, not the DNS server. I'm just glad I don't have Earthlink. AT&T may not be the best, but even they don't try crap like this.

I don't have Earthlink service and I am glad I don't. If my current ISP did something like this, I would be filing a complaint with the FTC. It is a hijack attempt. If someone mistypes a url, it should not direct them to their ISP's search page. It should be up to the user if they want this functionality. Earthlink apparently doesn't give a choice and instead cares more about money then the customer. Do you forget, it's the customer that makes you money. Also, the fact that this breaks so many things and leaves them completely useless just makes it worse (ping, etc.) This is just wrong.

What a horrible idea, guys. There should be no need to re-hash this. The concept was overwhelmingly rejected when Verisign tried it, and with good reason. If you're going to do this, allow your customers to opt in. Don't force broken DNS on people.

We've got 20+ Earthlink dialup accounts for our road warriors. This might be enough to nudge us towards other options. We've been discussing it anyway.

I work in a retail computer store and will now stop recommending Earhtlink to my customers. There are many other independent ISPs out there that don't mess around with basic protocols like this. What's that mean to you? A loss of about 10-20 referrals a week.

Dave C: A little knowledge is a dangerous thing, and you certainly have little knowledge in this area. You later comments on "Thanks for the feedback" are a slap in the face. IF Earthlink were really interested in these comments they would immediately disable the service and find a way to have people opt-in to it.
Can you do us a favor Dave? Post for us a few supportive comments about the redirects? Have any of the 95% of the intended audience thanked you for it yet?

This is really helpful, especially all those banners that help you earn revenue.

Goodbye Earthlink, I'm leaving and i'm taking everyone who'll listen with me.

Your shoddy service and underhanded crap like this is the final straw.

DNS requires a specific response if a record is not found; this violates that. It breaks *so* many systems it's not funny, as is well known from the Verisign debacle.

The Internet is built on standards. Don't try to set up your own and still claim to be an ISP.

Thanks for breaking my anti-spam tools. Please fix this immediately, or like others I will jump ship and switch to Road Runner.

Wow, you guys are stupid. Did you not see how badly this failed for Verisign? Do you not understand the standards of DNS? When will this stupid idea of making money off falsely replacing NXDOMAIN responses with advertisements die? I hope your advertisements pay for all of the customers you're going to lose.

People pay you for IP connectivity. You should give them IP connectivity, and not find ways to sneak advertisements into their traffic. Your reputation will go down the drain with this move and you will eventually wish you hadn't done this because it's not going to turn out profitable in the end.

Congrats, you're the newest dying ISP, you and AOL should share a good-bye toast.

Dumb dumb dumb. I want to second some of the points mentioned above:

(1) this breaks many forms of spam filtering
(2) it is a VIOLATION of the standard-defined behavior of the DNS system
(3) An identical system proposed by VeriSign was roundly criticized and rightly withdrawn not too long ago

(4) and if Earthlink persists in shoving this standards-non-compliant and defective "service" upon paying customers -- I won't be a paying customer much longer.

I'm no expert but looks like EL just lost a lot of subscriber revenue with this.

I am not an EL customer nor do I play one on TV. :) I am, however, an Enterprise Engineer for a fortune 500 company and I can assure you that EL will be dropped from our list of supported ISP's if you don't fix your broken DNS. We have home VPN users in some 600+ cities across the US and we create our supported ISP's list specifically based on standards-compliant ISP behavior. We simply cannot afford to deal with the consequences of ISP's altering basic open protocol behavior for whatever reason (profit, help the end user, etc). Really. We mean it. Hopefullly cooler heads will prevail at EL and see the need to roll back this "service". May I also suggest that, in the future, if you plan to roll out a service or feature with this level of EU impact, you at least float the idea to your general user base first? Pardon my ignorance if you did just that but from the general discourse here it does not appear to be the case. I appreciate your time. Thank you.

This isn't a service, and you need to stop referring to it as one. I first noticed this last night, and it took me a little while to figure out that Earthlink is pulling a Verisign here. Dave, I've been an Earthlink customer for almost 13 years, and this just adds to the mounting stupidity that I've witnessed. Tech support has become people abroad reading from a script, sales tried to tell me I couldn't order DSL without Earthlink's bogus VOIP service, and now this silliness. You are making a mistake, this isn't a feature that anyone wants, fix it.

I *love* the auto-search functionality my browser (Epiphany) provides. You've now broken it for single-word queries, which is _really_ annoying! I am one of your customers and shall be sure to file a more formal complaint with Earthlink management!

After working both for a Corporate IT department and with a University IT department, I have to point out to EarthLink that this will cause problems in a number of areas:
- Existing spam filtering systems that award points and remove points for "good" and "bad" features in a message will give messages points instead of removing them if the message comes from a NXDOMAIN.
- Searching from the address bar in Internet software breaks.
- Personal intranet features using the "search domains" or "append DNS suffixes" will break. It will not attempt to append those suffixes in many cases. This also can break certain personal/home networks.
- This causes several problems with certain types of VPNs (for a variety of technical reasons). Once connected to a VPN, DNS lookups on the VPN network may fail.

All in all, it seems like a foolish decision for a service provider to make (from the technical stand point).

Both departments have now pulled support for Earthlink customers that are experiencing these redirects (easy check is type a long fake name in IE) - telling them to call their ISP support line, as the problem isn't on our end. I know that the corporate one is considering advising employees to find an alternate ISP to ensure that they can remotely access our corporate network.

Please Earthlink - fix this. I'm not sure what kind of revenue you make off of this, but you will lose customers.

I join the others in expressing my outrage at the idea of an ISP executing this underhanded maneuver. I will likely be in the market for an ISP in a few months; Earthlink will be stripped from the list of candidates preëmptively unless they drop this plan and issue a public apology for deliberately tampering with their own service for profit.

Why not make all of the second level revenue generating and behind the scenes information gathering technology optional?

What so so wrong with letting a paying customer get Internet access without all of the sneaky spying, ad insertions, fake DNS error pages designed to "help", etc.,

And if these things generate revenue and offset costs, then maybe allow a user to opt in and get some little bitty discount (and you still get to keep most of the profits from this activity).

If you keep abusing your customer base and treat them as a captive audience so you can subject them to more revenue generating opportunities - I sure hope (even thought they might still saty with you) they all leave and punish (financially) you and your brethern for your greedy behavior.

So there should be a LOT of googable history on the verisign fiasco and the issues with ICANN and how this style of change can fundementally break/modify the RFCs that define how DNS works (mail, spam filters, vpns, even yahoos domain signature service) are all based on long ago ironed out and agreed upon standards.

What suprises me more is that anyone at Earthlink that bothers to go to the NANOG meetings (you know who they are, the BGP backbone people) would allow this to happen without raising a huge ruckus within the company. This exact same "help" has happened before and resulted in lawsuits, letters to revoke DNS authority, etc. And yet even with all this background and evidence of all the various services it breaks, the problem it generates for email alone, etc. a large company with relatively smart senior engineers who I've MET at NANOG (so I know there are some there) would allow something like this to happen.

It will take a couple of weeks as more "main stream" companies start to realize all their internal help desk issues for corporate VPNs and the like to start putting some more "senior" pressure on Earthlink. Until someone with a major corporate account decides to cancel a block of their employees to move them elsewhere, I doubt anyone at Earthlink outside of engineering will care or understand until there is an actual noticable $ loss or someone files a class action lawsuit. Either way, just looking at history on these type of "good ideas" from some brilliant marketing person, it takes time before the pressure on the company overrides whatever money they invested in building the "service" to begin with. Ultimately whoever came up with the brilliant idea will have to figure out how to sweep the costs/embarassment/etc under the rug so that they don't in turn loose their job over the issue.

So, be patient for this to run its course (I predict personally it will be "gone" in less than 3 months, but not less than a month. Maybe I'm wrong :-) ) and fight through all the problems it causes (costing time/money/headaches, etc for the customers, especially corporate customers) or just say screw it and change (another time/cost/painful process)

This looks like a money grab to me. Gone are the days when I could type something into the Firefox url field and get there. Savvy users may decide to modify their hosts file or set up their own bind servers, or even migrate to using different DN servers (Hint: opendns.org). Unfortunately, Earthlink will probably get away with this, because the remaining 95% of users are completely clueless.

I am an earthlink customer, please remove this capability - it is not a feature. Activities such as this would cause me to cancel my earthlink account.

I am also an Earthlink customer via my local phone companies' DSL connection. This doesn't appear to be in effect here yet, but if it does we will be looking for a new provider. This is clearly motivated by greed rather than benefiting customers. I don't need your "help."

Looks like it is gone... within the last few hours, the system, here (NYC/TWC) seems to have been fixed back to working condition. If so, Earthlink may be listening to its customers.

Wow, if my ISP pulled something like this I'd be off to sign up for another one faster than you can say "scam", luckily I live in Sweden where ISP means "Internet Service Provider" and nothing else, well.... in Swedish ;)

I've been having trouble connecting to my company's Exchange server using Outlook 2003's RPC over HTTP recently and reading this post finally makes me realize why. The end user behavior I've been seeing is that Outlook starts up, prompts you for your credentials, and then hangs. It eventually says the Exchange server is unavailable.

The reason for this is that when Outlook tries to connect, it first tries the Exchange server's internal network name assuming that you might be connected to the company's internal network. If the DNS lookup of that fails, it then switches over to the Exchange server's Internet-facing domain name so that it can use RPC over HTTP over the Internet. This change is interfering with that sequence so that the internal name of the Exchange server results in Barefruit's IP address being returned, so Outlook tries to make a connection to an Exchange server running at that address. Obviously, Barefruit doesn't have an Exchange server sitting there waiting for connections. :-)

When first investigating this, I saw the SYN_SENT connection attempts to the barefruit.com domain, which I thought was extremely suspicious - so much so that I ran a full virus scan and AdAware scan of my system to see if a virus or trojan had somehow made it onto my computer. No malware was found and I'm glad to have that conclusion confirmed by this post.

Contacting EarthLink customer support about this issue was not easy. The telephone support had no idea what I was talking about and suggested I use the online chat support instead. The online chat support didn't seem familiar with this issue, or they had inaccurate information about what this change was and how it would affect Internet applications. I was able to correct their understanding by supplying a netstat trace showing Outlook trying to make a connection to Barefruit's server, but not moving past the SYN_SENT stage.

I agree with the other comments in response to this post - this is a breaking change to the behavior of the DNS infrastructure, with ripples that affect Internet applications which rightly assume the DNS infrastructure will behave as it was designed to. Adding this as an option to the EarthLink software you provide to customers is fine, but forcing this change without a way to opt out isn't. I'm now seriously considering canceling my EarthLink subscription, which is very unfortunate. I'm waiting for the resolution of this issue before making the final decision.

Jon Postel's ghost will haunt you for this crime!

I use Earthlink in NYC. I got Earthlink because the other choice for a cable modem is RoadRunner, and I'd rather not pay for a vertically-integrated monopoly. All I ask of my ISP is to serve up my webpages, and send and receive my mail. In other words, you are a pipe, and anything you do beyond that is an intrusion.

In one more user's opinion this is not a service to me, but to your advertisers. If you want to convince me it's a service

a) Remove advertising completely.

b) Fix the things that are wrong with it. Specifically here's what keeps happening to me. If I leave off the "www." and the ".com" then it used to always just add them and find the site for me. Now it does not. Typing 'nytimes' works, but typing 'wikipedia' does not. Now, wikipedia's main address is wikipedia.org, but if you put in .com, you get automatically redirected. No more. Instead I get sent to a page that suggests maybe I'd like to go to 'wikipedia.' Thanks, I knew that. I just tried it at 3:30 pm on Sunday, and this happened. This happens on Firefox and Safari.

I'll give you a little while to fix this I actually use some earthlink.net email addresses, and for a few days of this nonsense, the hassle of changing ISPs would be worse than the hassle of changing email addresses. After a week, I'll switch ISP's. You have 118 hours, starting...now.

It's not gone. It's been bothering me for days, and when it wouldn't let me access a site I know existed, it forced me to spend an hour trying to figure out what was going on. I'm not technical super-user by any means, but this annoys me to no end. It's a potential dealbreaker, to be sure.

Disclaimer: I am a former -Mindspring- Employee. Pre-Merger. These words are my own, yadda, yadda, etc...

This smacks of the typical brain dead nature of the current adminstration behind Earthlink. Gone are the days of where customer service meant customer SERVICE. Anything that can be done to squeeze a few extra bucks of profit instead of providing an actual quality of service that can be commended... Seems to be their top priority now. What good is what you do when you can't retain customers (which ultimately makes more money in the end: No problems, no phone calls, no cancelled accounts) with what you provide... or in this case, by how much you could break DNS and how much you annoy those who had been loyal after all this time?

Short of cleaning up their act, by doing much more than doing away with this whole browser hijack bullcrap, Earthlink is just going to be another sorry footnote in the history of dialup ISPs.

Unfortunately this is an unrequested and very poor hijack to generate marketing/advertising revenue. I a world of phishing and rampant scams, this creates a sense of dis-ease by replacing the proper default behavior of Internet routers and servers by something that feels as though one is being watched and recorded.

A **VERY** bad precedent.

It'd be very wise for Earthlink to remove this and to spin it as a rapid response to their customers' wishes.

At this early phase of the game they can recover face. Later on their face will have scars....

i still have 4 earthlink dialup accounts that i hold onto for my business traveling users to fall back on for modem access. stop this crap, or i'll cancel them. i can get plain dialup a lot cheaper somewhere else anyway. this may be the thing that makes me finally go and do it.

Xenu told them to do it. They want to remove the operating thetans.

Hopefully Earthlink is going "holy crap" right now if they see this blog and all us smart customers that know the real reason behind thier actions, GREED. This is totally stupid of them. Anyone with any technical expertise should understand what "server not found" means. It's not very complicated. Customers that want this feature should have it as an option that is a browser add on. This should not be forced on ALL Earthlink users. Either that, or provide alternate DNS servers, but stop this now.

Update.

I'm on the phone with earthlink business T1 support right now talking to the same guy I spoke with on Friday and he's still not aware of the DNS changes!

I'm trying to get an alternate set of DNS servers to use until I can get redesign our setup around this issue. By redesign I mean configure our DNS servers to do direct lookups instead of forwarding and now allowing that traffic through our firewall. All in all this is creating MORE work for me.

Jim at EL business tech support just came back on the line and is still not aware of the issue but provided the following alternate DNS servers.

207.217.126.81
207.217.77.82

He said he wasn't sure if these servers would eventually have the same problem or not.

I've been a customer for a long time. Please reconsider this ill-advised decision. It will cost you vastly more than it earns.

FYI the above DNS servers I posted are now doing the same thing after two failed DNS lookups.

I'm talking with my boss now about the terms of our contract and we're planning on switching to Speakeasy.

There's not much I can add, except to say that Earthlink should implement the standard, period.

What Earthlink is doing is completely unacceptable.

The objections are exactly the same as when Verisign did it.

Corporations that benefit from the Internet have a positive responsibility to preserve the Internet by following Internet standards.

I know of only one way earthlink could make this have less negative impact without providing opt-out, or only providing this service to customers with earthlink's software installed.

Make it only provide NXDOMAIN replys for www.* when the lookup fails. NEVER provide NXDOMAIN replys for any domain not beginning in www.

As far as customers opting out, the same procedure as used to opt-out of verisign's wildcard should work here, specifically making your os / router treat nxdomain as a negative reply.

I'm sad to say I know several bright folks at earthlink, had they been informed that this was going to be pushed to consumers, they would have found ways to make it not happen. This breaks so many things its retarded to even put it out there.

I spoke too soon -- it turns out that of the three DNS server that Earthlink gives out for TWC/NYC cable customers, two are still poisoned and one works. They are giving out 207.69.188.185 207.69.188.186 207.69.188.187 -- only the last one (in bold) follows the RFCs and provides valid responses to DNS queries.

I'm now happy to know that I do not have a router issue or spyware/malware on my system.

I work from home most days and just VPN into work. Starting Thursday of last week, my laptop (work machine) started getting DNS errors for my work's intranet programs. Yes I stated PROGRAMS. Telenet, Instant Messenger, Lotus Notes, business programs (too many to list, but you get the idea) all started failing. I would wait 10/15 minutes and try it again. I've spent hours trying to resolve the issue. Thanks to /. (slashdot.org) I come to find out that its EL and not me. Thanks EL for screwing up.

One thing I did notice, the laptop uses DHCP from my router which gives it the DNS of 207.69.188.187/.186 (Atlanta area). Since the only issue I've had so far is with the laptop I tried it on my personal machine which I placed the static DNS of 207.69.188.185/.186. The 185 address does not seem to have this "feature" turned on yet. So for those in Atlanta area that haven't switched ISP yet, try that address and hope it works.

I've for one have been looking at a new ISP. Faster service (3mbs compared to 1.5mbs), and cheaper (5 - 10 bucks a month). This sounds like a great time to go ahead and switch.

Once again, thanks EL for screwing up. From a 12+ year subscriber.

Sheesh -- now it's on all of their servers, but they all timeout occassionally when querying nonexistant domains (which points to a problem with the technology they are using to break DNS). I have to go bury my grandmother... if this is still a problem when I get back next week, I am switching to RoadRunner or NYConnect. I'll keep my e-mail (that I've had for almost 10 years), but as an ISP, Earthlink will have to go. The same will happen for my parents. This is an incredible inconvenience.

A very poor show, Earhtlink. :(

This is a poorly though out 'profit center' hack, not a properly proofed, standards compliant service you are now offering.

I was a customer of one of the regional ISPs you bought out (aa.net) since the early '90s, and have been an Earthlink broadband (via Comcast) customer for a number of years.

I'd rather not, but I can call Comcast and have their service, instead of Earthlink's, within minutes.

You have a very limited time to correct the problem with the DNS hijacks you have imposed on unsuspecting and unwilling customers.

At the very least provide us with the addresses of legit DNS servers that do not have this "feature" that breaks so many simple, standards-compliant services.

FIX THIS VERY QUICKLY OR LOOSE MORE CUSTOMERS AND REFERRALS.

Thank you for your time and attention,
Tomas

I think you people are just mean! I *HEART* this new service because without it I wouldn't have found this great site where I got a pre-approved loan AND \/1@g|Pa for my boyfriend! Who cares what geeks think, anyway? Geeks! Ew!

EVERYONE: some people suspected the Verisign debacle was really just a test bubble, like when politicians want an idea of how strong opposition would be to an unpopular policy or program. EL will -have- to cancel this quickly, now that they know how much they stand to lose. What's frightening is that they are doing it at all. It says that they are either desperate for money and we haven't known, or that there is a real bozo in charge somewhere.

EARTHLINK: UNWISE! You insult us by pushing a scheme that probably would have only made you pocket change, but now, allready, has permanently destroyed most of the respect your customers had for you. Roadrunner is only $1 more expensive, and i'm moving in a month. Do the right thing, or go bust.

I will be switching from Earthlink to another provider as soon as possible. My frustration started with the ad-supported webmail: This is not a free service, I don't want to see ads when I'm paying for something.

The next issue I had was when I learned that we had been over-charged $5 a month for who-knows-how-long for our DSL. Unfortunately, I neglected to participate in the discussions with earthlink, which resulted in the person who was taking care of it also renewing our contract - one of the stupidest things that I've ever done... if I could go back and do the discussions myself, I would.

Next, I learned that not only are the for-pay services ad-supoorted, but that Earthlink is advertising through adware and spyware vendors. This is essentially when I decided that I had no interest in ever dealing with earthlink again.

Thanks for adding malware type functionality to your DNS servers too. I am now using OpenDNS as a means to escape one part of Earthlink's utter stupidity.

I use Earthlink for my broadband but after a move like this, I am not sure I can continue to do so. I have choices and Earthlink is failing to provide the best service for me.

Unless this is changed and changed very soon, I will be switching. It is simply not acceptable to change how DNS works. Verisign tried this and the outcry was enormous. How can Earthlink possible think that it is acceptable if Earthlink does it?

Once I start to see this I will start shopping for another ISP. And I'll let earthlink know this is why I left them.

If you want to do it right, have TotalAccess modify IE's default error pages so they redirect to an EarthLink page (TotalAccess hooks into IE anyway, one of countless reasons why I don't use it).

I've been an Earthlink customer for over 10 years now. I've never had a reason to complain until now. C'mon guys, don't break the internet, don't become just another annoying ISP that treats their customers like dummies. I've stayed with you so long because you've treated your customers like intelligent human beings. I don't want or need "dummy help". I just want a plain, simple, unfiltered, connection to the 'net that follows the written standards, so I know what i'm getting. I don't need "helpful" software or "helpful" redirections. I suppose I'll have to resort to OpenDNS until this is resolved (if ever).

Dear EL,

This is just not right and I can gurantee you your own DNS admins will tell you the same thing could they speak openly about it. Changing something so fundamental like DNS without going through the proper channels seems quite irresponsible. I can only hope more customers (Like myself) will cancel should this not change.

Respectfully
Petter

I will be moving my corporate accounts to another service if this is not resolved in 1 week's time.

Use someone else's DNS. You can do that and Earthlink won't even be able to foist this crap on you. I like microsoft's DNS best but your mileage may vary.

I hate this dead domain "feature" as it prevents Safari's very good auto-complete from working. Please make this opt-in!

Wow. Just wow.

But the bottom line is that the intent here is to improve the user experience around dead domains while at the same time generating some additional revenue for EarthLink.

You seriously believe that? Come on! The bottom line is the bottom line. Profit. Period. And the corporate bean counters care not one whit that it breaks the DNS protocol if it yields a few more beans to count.

I'm not an Earthlnk customer, but had been considering switching to Sprint DSL, which would have made Earthlink my ISP. Thanks for showing me your true colors, Earthlink. This is one prospective customer who won't be looking your way again unless this thing is corrected, and public apology is made for your attempt to subvert the DNS protocol for the sake of a lousy buck.

Shame on you, EL. Shame. :(

I strongly dislike this NEW feature. It frustrated me so much that I couldn't browse bbc.co.uk, the-sun.co.uk and other major websites without the annoying the "ad-filled" page! If I cannot get rid of this dead domain "feature" within 2 weeks, I'll decide to switch my service to Road Runner or other ISPs.

Just amended Earthlinks wikipedia entry with information about this blatant disregard of the DNS protocol...

Much the same response as others have stipulated here. On my normal, somewhat antiquated system, what was reasonably good connectivity 1-1/2 weeks ago -- I must have been among the several, unadvised, "guinea pig" test groups -- has now gradually approached ZERO, solely as a result of this unwarranted, unannounced, enormously problematic change. (I'm now *forced* to use another computer in the middle of the night just to access this blog!) MOST of my browser access requests of late have spawned this utterly BOGUS Earthlink-help re-direct, and I am NOT happy. (I too spent hours attempting to "fix" a totally non-existent problem cited by a lady at EL's call center, just because NO ONE bothered to tell the Reps about this change. They apparently *think* it's a "spyware" intercept because the EL Support Page "Verify" function was ALSO undermined by this switch. It brings up a web page -- THIS web page -- displaying "Web Site Not Found", which is *supposed* to indicate a *fraudulent* Earthlink URL.)

The sites I'm now being almost constantly denied access to by way of this "[dys-]functionality" feature are among the most COMMON on the web! They most certainly DO exist!!! But by short-circuiting normal error response with this abysmal, inherently flawed, "catch-all" redirect, EL has even made it *impossible* for me to simply REFRESH a page which may just have been *momentarily* busy or unavailable. This evening it was absolute DNS HELL, with redirect after redirect to this "error" page for some outrageously standard sites!

As others have said, this has to go, or I will! I too have had Earthlink for YEARS -- ever since the Mindspring acquisition. But I'm already researching dial-up ISP alternatives such as mFire. And I won't wait long to make a switch under these horrendous conditions. This thing is NOT a fix; it may well be the "Mother of All PROBLEMS"!

but on the practical side I want to emphasize that we wouldn't enact a change like this if we didn't believe it to truly be a benefit to the vast majority of our users.

I'm sorry, but that's bull. The people who make these decisions are not technologically competent. And my many years of experience says they aren't listening to those that *are*. Face facts, EL is going to do whatever makes EL money. And this is only going to cost them money.

It's obvious you guys aren't aware of, or have completely forgotten, Verisign doing something very similar a few years ago (there's a link in the first few comments.) They got their ass chewed off for that stunt. While it makes some extra green for EL and makes web browsers pop up a different error page, it breaks everything else. Browsers aren't the only things that do DNS lookups; get your head out of your ass... "the web" is not "the internet". The DNS system works the way it works. On purpose. You cannot simply and arbitrarily decide to make it do something completely different. As others have stated, non-existant domains are supposed to be, duh, non-existant. If you want a brower do something specific for NXDOMAIN, then you do something to the BROWSER. You don't f**k up DNS for everything else in the process.

(There's a reason I run my own DNS servers. This is very annoying when I'm not sitting within my own network(s).)

PS: the dns servers aren't even being consistent... sometimes they return NXDOMAIN and other times they return the BS error page proxies.

Please stop screwing with things that you are supposed to understand.

Shame on you.

What a seriously stupid thing to do, EarthLink.
Didn't you learn anything from the VeriSign disaster?

I have no idea how this can be, as I'm a Time-Warner customer -- but when I go to http://www.salon.com today I see your hijack.

Yesterday, it was http://science.slashdot.org

I know that TW's DNS is lame -- somehow it's not resolving and then you cr, er, folks are hijacking.

Let me tell you that the surge of annoyance that happens when I see your hijack can't possibly be worth it to you.

Thanks for "fixing" something for us that wasn't broken.

Let me decide how to use my Internet access, please.

This is F'ing ridiculous. Half the sites that I used to visit just by typing in their names, minus the "www" and ".com/org/net" all pop up with this useless site finder crap that does nothing for me. I'm glad you enjoy selling advertising space. But what the hell, spam is bad enough. typo squatting is bad enough, does my ISP need to do this crap to me too?

I think its time for Comcast.

Aside from all the many complaints already posted, it now appears that this fiasco may have also totally messed up finding EXISTING sites.

For 4 days now, we have been unable to access www.lunarpages.com (a major hosting company), or ANY of the websites hosted by them. It appears that Earthlink has major errors in the DNS info.

We have 4 sites, including the vast majority of our email, hosted by Lunarpages. At first I was getting that stupid "dead domain" thing, which sent me to some phony site called lunarpagess.com (note the extra s), instead of telling me that the site could not be found. Since Add2net (lunarpages parent) hosts over 100,000 sites, and Earthlink (after FOUR DAYS!) still cannot resolve the IP address, I am also going to give this mess about 2 more days and then will be finding another ISP.

This site

www.indiepressrevolution.com

DOES exist and has existed for quite a while, this site has had no major changes anytime recently.

It is getting markes as non-existant by Earthlink's SiteFinder service but I can see the site just fine via thru various proxies and anonymizer, other people in my area on non-earthlink connections have no problem getting to the site. Earthlink is blocking my access to the site.

Below is a traceroute from network-tools.com

TraceRoute to 216.193.211.230 [indiepressrevolution.com]
Hop (ms) (ms) (ms) IP Address Host name
1 0 0 0 66.98.244.1 gphou-66-98-244-1.ev1.net
2 0 0 0 66.98.241.16 gphou-66-98-241-16.ev1.net
3 0 0 0 66.98.240.11 gphou-66-98-240-11.ev1.net
4 1 1 1 38.112.25.157 f0-4.na21.b015619-0.iah01.atlas.cogentco.com
5 1 1 1 38.112.36.49 g4-0-0.core01.iah01.atlas.cogentco.com
6 50 52 76 66.28.4.238 p10-0.core01.sjc01.atlas.cogentco.com
7 47 47 47 66.28.4.93 p4-0.core01.sfo01.atlas.cogentco.com
8 50 48 48 154.54.1.202 p4-0.core02.sjc04.atlas.cogentco.com
9 50 54 54 198.32.176.38 paix.pao01.mzima.net
10 60 53 54 216.193.255.74 eos1-23.cr01.lax02.mzima.net
11 59 53 54 72.37.172.26 ge2-lunarpages.cust.lax02.mzima.net
12 53 53 53 216.193.211.230 phoenix.lunarpages.com

Trace complete

Same issue. Two separate conversations with Earthlink support personnel (yesterday and today) who INSISTED that this wasn't a DNS issue, although I couldn't see my Lunarpages-hosted corporate site or access my Lunarpages-hosted email server. This is NOT good behavior, and you'll lose a 5+ year customer tomorrow if this continues.

I just spent 1-1/2 hours on tech support chat with two very nice and polite and concerned guys, and each one gave me a "sure fix" involving new entries in TCP/IP DNS Server fields. Both fixes resulted in internet connection being shut down.

At least I wasn't being redirected any more. I guess one more week and I'll need to be out of here also.

This is truly a terrible "feature", that does indeed interfere with my personal browsing habits. If this were an opt-in service, perhaps a feature of the totalaccess software (which I don't happen to use) then it would be absolutely acceptable. As is, typing the name of my personal domain by itself, without prefix or TLD no longer does what it used to do, what it should do, but instead brings up a page that suggests two other similar names. If I were running a business site, and this happened, and the other suggested sites were competitors... no need to explain further, I'm sure that Earthlink was fully aware of that type of scenario, weighed their profits and losses, and decided to go ahead with this setup anyway. I'm not optimistic, and I expect to be switching from earthlink to my cable provider in the near future (and enjoying a six-month discount, on top of kosher DNS behavior).

First the crappy Usenet servers... and now this "404 hijacking". Uhhh.. NO... Turn it off, or I will turn Earthlink off...

I am writing this as a test, since I believe that you have turned off the comments on this post.

Not surprising, but disappointing all the same.

It's very unfortunate that Earthlink has stooped this low. Remember when Network Solutions tried this on ALL .com and .net domains and frustrated everyone? That didn't last, and neither should this. If Earthlink believes it can pull a fast one on paying customers to milk more money out of them, think again. I'm leaving Earthlink if a disable option is not implemented in the next few days.

I've tried calling support, I've tried chatting with support, and there's been no resolution. One idiot tried to tell me that it was a problem with my DSL modem and he kept insisting that I reset it.

Today i had a very miserable time trying to VPN to my work. Why EarthLink doesn't want to listen to its customers. Please remove this feature. I hate to retype the URLs, your redirection feature is bad bad bad!

Ben (a 6-year, EL customer)

(same Matt as above)

It's getting even worse now. Now not only can I not leverage the more powerful and more configurable search features of my browser, I'll type in a valid domain and get redirected to the extremely annoying page in question. It's annoying beyond belief to type in a url I use every day and have it go to your domain search page several times in a row, and then randomly start working again. In this case the domain that your poor DNS configuration hosed, techreport.com, had equivalent addresses at www.techreport.com and www.tech-report.com which still worked, but the breakage is still deeply troubling.

There's just not the benefit here. If you want to roll out this sort of "service", do it in the form of user-installed software or as an opt-in (or at the very least opt-out) service. I know I can switch to using different DNS servers (i.e. opendns), but if you can't provide me with functioning DNS servers, I can't justify giving you my business.

I've filed my complaint to Better Business Bureau regarding this dead domain feature.

http://www.bbb.org/

Hello?

Is there any news here? Earthlink has had several days to figure out that they've broken the Internet and severely angered a small but quite influential portion of their userbase.

It's getting a little late in the game to save face with a quick turnaround, guys. Get on the ball.

I'll be canceling very soon if I don't get a fix, or at LEAST an explanation and a timetable.

Well, either Mitch screwed up twice, or the email address was purged from his comments twice.

I just called technical support. The kind lady denied that this is an "earthlink service", and I should do lots of things (clear cache, etc), to prevent it.

Reading all these comments - I wonder if this is what's been messing up my VPN connectivity for the past week or so? Unfortunately, I'm sure I can't get EL to help me! Since they don't acknowledge it as an EL service.

Add me to the list-- thinking that the redirect was a result of a hijack, (which I couldn't locate) I upgraded to IE7, in the hopes of restoring my "search from the address bar" functionality. Two days of normal behavior, and now, "hijacked" again, I try to google the problem and discover it's an "improvement." I will change providers, after 7 years of loyal use, if this "functionality" is not removed.

Get back from vacation and, ugh, what has happened to my internet connection?!? I'm one more longtime customer (Mindspring pre-merger) who will change to a new ISP if this "service" is not revoked or changed to opt-in.

This is causing problems. I have a loopback on my OS X box for a development environment using the recommended NetInfo Manager to define virtualhost loopbacks. I haven't had time to research its relationship to /etc/hosts, but instead of the domain resolving back to 127.0.0.1, I'm getting the Earthlink service -- obviously a problem.

If this stays, I'm in a position to change service.

Write to any of the advertisers and be sure and give them a big "F__k You" for having anything to do with this Earthlink scam.

Maybe a few thousand of those might do the trick?

this is total crap. i'm leaving earthlink if you don't stop this immediately...

Well, it's official - posts are being deleted. It's a shame that Earthlink doesn't want to hear from their clients.

(blogger's note: Jay, I do delete comments when I feel they don't adhere to the ground rules - ( http://blogs.earthlink.net/the_ground_rules.php ) - DC)

For the record, this is also causing me all kinds of grief with my work VPN. I'd personally vote against it even if it weren't, but with that particular problem, I'm going to have to look at alternate ISPs if I can't remove the behaviour.

I'm relieved and angered. Relieved to find an explanation for the bizarre hijackings I've been experiencing; angered that when I called E-link their representative swore up and down that E-link had nothing to do with it. Thanks for enlightening me, and I too will be looking for a new ISP if this isn't changed.

Unannounced, poorly tested, badly implemented, standards-breaking, not communicated to tech support, in breach of services defined by contract. Another day in corporate America.

Well, at least since EarthLink is no longer offering Internet service (as defined by the RFCs) it should be trivial to break the contract and find an actual Internet Service Provider.

Unbelievable. Earthlink tech support (misnomer) blames other internet sites for their name server problems. Total b.s.

This is Earthlink's official disclosure to their subscribers?
Browser hijacking to improve one's internet experience?
No option offered to reject this intrusion?
Not properly informing your tech help of the "new order" and have them offer a solution after 40 minutes on the phone of "resetting your homepage" goes beyond cruel!

Obviously some MBA Wizard has weighed the consequences of a mass exodus loss vs. a potential revenue gain.

Hopefully others will not just dismiss this after securing new service/public dns servers and will continue to challenge the legality of this type of tampering to dissuade others and insure it never happening again.

My Fortune 500 company offers its employees the flexibility to work at home -- which I do on a regular basis. Of late, this Earthlink redirect has cost me hours of lost productivity, as I was unable to access my company's intranet and many other internal servers. On one occasion, I contacted Earthlink support, and was informed that 1) the earthlink-help.net site is not owned by Earthlink; and 2) the issue must be due to Spyware on my end. After Ad-Aware turned up nothing, I finally discovered the real cause of all my headaches -- Earthlink. After a few more calls to the help desk, Earthlink finally gave me a workaround of hard-coding the DNS servers -- but this is truly unacceptable.

Not only will I switch to a different ISP, I'll certainly ensure that others at my company are aware of the incompatibility of using Earthlink along with our company's VPN.

I want to know why Earthlink added this feature. I'm not sure I see any benefit to Earthlink. The ability to handle DNS failures is already built into many browsers and search bars so I don't see any benefit to the user. It is going to cost Earthlink money to implement this. The only possible benefit I can see is if Earthlink redirects the traffic to a page with ads so that Earthlink can make money. I don't see any other benefit.

Earthlink isn't the first one to do this, and anyone who has done it so far got a cry of outrage against them. It breaks the user's built-in browser search. It violates various internet protocols and specifications. Did Earthlink not do their homework and realize that users would be angry?

Rather than a defense of the position, I want to know the underlying thinking that got you this far.

- Billy Beezer

Since Earthlink has made this change, I have been unable to connect to my employer's VPN. I also know that I am not the only IBM employee to have this problem. Please roll back this DNS change or I will be forced to change my ISP to one that is more friendly to work-at-home practices

As a valued subscriber for five years, I am very unhappy with this and intend to cancel service within 7 days unless this is corrected.

Beezer, you want to know the "underlying thinking"?

How about GREED? Does that work for you?

are you kidding me? turn this OFF. This is unbelievable. I have used your service for 10+ years and I have never seen something more invasive and annoying. shame on you.

What is this, some form of punishment for my years as a paying customer? Lose this feature!

If you need any more motivation, let me add that the error page gives Earthlink the same air of credibility usually associated with domain squatters and their phony "search" sites.

If you want to help the user's experience, add a plugin for Firefox or IE. You are preventing my web browser from doing its job. Now people have to ban your servers in order to get the errors reported correctly. I am very upset with your disregard for the Internet and open standards.

"earthlink-help-net" is making Roadrunner is looking better every day. I hope whoever thought this one up gets fired soon!!!!!!

- Another dissatisfied long time earthlink customer.

I can no longer work from home because every time I try to hit a page inside the IBM Intranet, I get this redirect. That means I can't authenticate into applications I need in order to do my job. There are tons of us affected by this problem; is there a workaround?

An update page has been posted at http://blogs.earthlink.net/2006/09/update_on_dead_domain_handling_1.php. You will probably want to address your comments there now.

I'm an Earthlink customer and this is rediculous. I am no longer using Earthlink DNS servers since your DNS servers are no longer functioning within web standards. All you guys are doing is confusing people who type in the wrong domain. When grandma gets a browser error saying web page not found its pretty easy to understand. Now she gets a terribly designed web page that looks like a hijack and serves ADS!!! This is making me think about how much I like Earthlink as a company. Dont you guys read news? Havent you heard of other hosts doing this and the bad press they get? Idiots.

I must add my voice to those who object to this 'enhanced user experience.' I have been paying for your service, and have liked it the way it is, for several years. I have not had any hesitation in referring others to your services. However I do not want what I type into the address bar to change. That is why we select "do not search from the Address bar" in Advanced Internet Options. I do not need my hand held when I do searches. I do not want the behavior of tracert and other tools to change. If this is to remain your policy you will soon lose me as a customer.

Thank you for the ads. It is my pleasure to pay you every month for the pleasure of viewing those terrific ads. I was just thinking to myself the other day, self...i sure would like some more ads to look at, and better yet...ads i'm paying to look at. Gee-golly this is great! Thank you so very much. Idiots. I might as well use AOL. Idiots.

Now that your name servers are "helping the user" by responding to names that you do not have authority over, you have broken the VPN access to my name driven internal services. Since you do not seem to understand this Internet thing (I know, it is new and complicated) I will explain it to you.

I connect to my institution (fictitious youarestupid.com) via VPN.
I start a service which requires connection to myserver.youarestupid.com
Your DNS responds:

Server: ns1.mindspring.com
Address: 207.69.188.185

Non-authoritative answer:
Name: myserver.youarestupid.com
Addresses: 209.86.66.91, 209.86.66.92, 209.86.66.93, 209.86.66.94
209.86.66.95, 209.86.66.90

The computer fails while trying to connect to your name server.

You simple minded decision to make this move tells me a lot about your technical ability. Or maybe it tells me that your management has not been listening to the engineers on board. Either way this is a really bad move.

I will not make any claims without knowing the actual facts but....It seems to me that your name servers are now spoofing my servers. Is that not illegal?

I hope that you know that I forgive you. Humans make mistakes. Now fix it!

Wellington

We're starting to see support issues driven by the broken DNS service. See:

http://www.experts-exchange.com/Operating_Systems/WinXP/Q_21973104.html

For an example.

Why on Earth choose the DNS protocol for this marketing campaign? If you want to monkey with browsers, infect them with a plugin... Don't break the name service. I'm not sure who to blame more, Earthlink for not knowing how bad this is or barefruit for even selling it.

Earthlink:

It's the geeks to whom the "vast majority" turn when they want to know where to get internet service. Even if you think this new misfeature will enhance the experience of non-geeks, the geeks will steadily turn the majority away from your broken service.

Note that DNS hijacking makes Earthlink unsuitable for business-class internet services; some applications depend on NXDOMAIN to function properly.

Thank goodness I don't use Earthlink!

This is outrageous, i have spent half a day trying to figure out why my remote desktop connections have been failing for the last few weeks on my internal network that i use at home. Who knows what else is screwed up. It is absolutely absurd that EL has broken this standard functionality of resolving network addresses that is built into everything. Remvoe this crap EL!

Lame move Earthlink...

I truly detest this new, supposedly user friendly feature. It's the type of thing that will make me switch to another ISP as soon as I can. Unfortunately, I'm fairly new to Earthlink, so I'm stuck for a while.

I thought Earthlink was Mac friendly. This hijacking approach negates such a repuation in my mind--by interferring with Safari's and Firefox's auto-complete. Please listen to suggestions posted here for opt-outs.

I just spent three days hacking my registry to fix this "issue" before I found this article. First, some kind of notice would have prevented a lot of annoyance--not to mention the potential hazards of being all over my PC changing settings, re-installing IE, smacking the registry around...
Second, I consider this to be EXACTLY like a hijacking, since it has changed the functionality of my browser without my permission. (Yes, I know that it's on your end, but the result is the same.)
Third, and perhaps most importantly, this statement: "or the auto-search functionality of Internet Explorer, neither of which are especially helpful to the user" is patently untrue. I almost exclusively search from the address bar in IE instead of waiting an eternity for a search page to load.
I don't even know what else to say here because I'm in shock to find that I just wasted all of this time and energy on nothing. I am appalled that EarthLink, a company I have all but bragged about, would do such a thing to its customers without even giving us a heads up.
I can say this: Do not in any way alter my PC's behavior (even through your own servers) without my specific consent in the future and restore my address bar search functionality immediately or you will lose my business. A paltry price to pay, I know, but you reap what you sow and this WILL be seen as nothing but a sinking to the depths of commercialism that I was proud to know my ISP was above. For the sake of a few advertising dollars. EarthLink's fight against spammers and the like was what made me a LOYAL customer, no matter what other services were available to me, believe it or not. I would rather pay more (yes, I said it) for my service and know that my ISP is trustworthy and above this kind of abuse of trust. I'm ashamed for the person or people who believed that this MISTAKE would be anything but a slap in the face to your customers.
Sad. Just so sad.

This is technically unacceptable, and a slimy revenue grab. Cancelling my Earthlink service right now and reverting to Time-Warner cable.

I was a subscriber for eight years, by the way. To say I am a little pissed is an understatement.

You have made browsing the web miserable...my browser history and prompting no longer work properly. Several of my forensic tools now fail. If you don't provide a workaround soon I will be moving our home internet service to another provider.

I am paying $45 per month, not getting free adware! This totally breaks my DNS search path. When I'm on and off corporate VPN, all names resolved while I was off are stuck and I have to run "ipconfig /flushdns." And, you are hijacking my auto-search.

You've just lost another customer. The address bar is my exclusive 'search bar', and now I have to change my searching habbits for EL? No thankyou, I hope everybody else takes their business elsewhere too.

I have been a loyal Earthlink subscriber for 9 years. I can put up with terrible Tech Support... which has gotten significantly worse in the last few years. Note: the only time I have to use it is when earthlink DSL is down... but trying to convince them it is their problem not mine is a story for another blog...
This is the LAST STRAW. The reason I was attracted to Earthlink in the first place, was that it was a "pure" Internet ISP, with none of the garbage. This new "feature" is NOT RFC compliant. I use a VPN to access my work network. If I happen to type my corporate home page before connecting the VPN, then I get the wrong address stored in my DNS cache. When I connect my VPN, I keep getting connected to the earthlink phony page. Of course I can flush my dns queue on my PC, but why should I do this all the time? EARTHLINK, PLEASE REMOVE THIS NOW before you lose more customers.

THANK YOU

In case anyone is coming in to this discussion at the bottom or haven't seen it, I published an update on Saturday including information on a couple of DNS server addresses we've placed outside of our standard system, for those who are experiencing issues or choose to opt out of the dead domain handling system:

http://blogs.earthlink.net/2006/09/more_info_on_dead_domain_handl.php

Wow. I just got Earthlink service last week, and I'll be cancelling it this week.

Idiots.

I have spent over an hour with E-link tech support before finding someone who admitted that this practice exists. It is not helpful to the user. It makes money off of user frustration, without offering an opt-out choice.

This reminds me of the way William S. Burroughs described the narcotics trade: "Don't improve the product. Degrade the buyer."

I searched and searched for what VIRUS I must have picked up. I couldnt find anything because it was just too new - until now.

I hate that earthlink fooled with my browser. I had always used the address bar for internet searches - customizing my IE6 so searches were perfomed as I wanted.

This is a SCAM as far as I am concerned - an affront to any earthlink subscriber that knows how to use a computer.

I HATE IT !!!

And I will now look to switch from a ISP that essentially HIJACKED MY SEARCH BAR.

Well static port forwarding described previously here worked for me...my google is back and searching fine. Try it - if you found this page - you can do it too.

Please turn this off. It looks like spam. It clearly doesn't just work for permanent failures (i.e. site names that DNS cannot resolve) because it just came up for a site I know exists (http://www.theaustralian.news.com.au/story/0,20867,20443539-2722,00.html) and later was found OK.

This was perhaps well-intended, and would have been more likely accepted as such if the "paid links" weren't included, but it is a mistake.

Earthlink has broken the way I used to search. I used to be able to type in a keyword in the URL box, DNS would return "domain not found" and Firefox would search Google and take me to the correct web site most of the time e.g. keyword "earthlink" typed on the URL line would take me to www.earthlink.net - it was a quick way of going to a site without having to remember the whole URL. Now I would have to search for the site then click on a link - 2 steps instead of a single step. I absolutely hate this new feature from earthlink.

I've been a satisfied Earthlink customer for almost a year. That satisfaction is in jeopardy. I do not like the new service. It is abuse of the end user's browsing experience and an affront to Earthlink's customers. Plain and simple: please discontinue it or I'll discontinue my subscription.

How many years? 1997 at least with still a mindspring address. But this is too much. You gotta turn it off.

After reviewing this blog and after experiencing serious problems using VPN to work from home the last 3-4 weeks specifically due to Earthlink's new DNS "feature", I am cancelling Earthlink today and will be going to one of their competitors. One of my work colleagues has already done so for the exact same reason.

Clearly Earthlink did not care if they disrupted service for their customers, and this is totally unacceptable. How many lost customers is Earthlink willing to accept?

I'm a loyal customer that's been with Earthlink since 2000. Turn this awful "feature" off in a few weeks or you've lost me. Perhaps the shed of a few customers that care will be made up by the increase in revenue you may be projecting. Perhaps not. I am surprised that a company like Earthlink would stoop to a solution like this without allowing users to opt out easily and intuitively. The whole thing stinks like deception at the most basic level.

Change it or goodbye from this loyal customer.

Brian

I changed my DNS server to the one specified for my location here: http://blogs.earthlink.net/2006/09/more_info_on_dead_domain_handl.php
and it took care of it. I still have an Earthlink icon in the upper right hand corner of my Firefox browswer that I don't know how to remove (it says it will take me to Firefox's home page when I hover over it, but when I click on it, it takes me to Earthlink's), which is annoying, because I dislike the fact that they can change my browser like that, but I can now type in "amazon" or whatever and go straight to the site instead of getting Yahoo's annoying help page. There should be a link posted close to the beginning of this thread, I think, as probably a ton of you are posting complaints without realizing there is a fix posted, further down. It is a lot of posts to wade through to get to the fix. I'm a bit wary of Earthlink, now, however, I'll admit. I spent most of my day trying to figure this out and many previous days annoyed at my browswer and I'm really not pleased that they did this in the first place.

I never expected this kind of unprofessionalism with Earthlink. I'm very disappointed.

Holly, I'm sorry for the initial frustration and glad that the alternate DNS solution worked for you. I'm not sure what you mean by the Firefox icon in your browser that goes to EarthLink --it's not something that's part of this system that I can tell. Feel free to e-mail me with more details (and a screenshot) and that way I can see what's going on.

I'm going to close comments on this entry to make sure that those who arrive at this one first see the most recent update:

here.

I am still aghast that ELN is doing this. Working from home this weekend, it tripped up my VPN a few times and I remembered this hijacking thing they were doing and ended up here.

As an ELN subscriber since 1998, I have been mostly satisfied, but this "feature" has been annoying me more and more - partly from actual issues I am having with it, but also on principle alone.

I'd like to cancel ELN and go elsewhere, but I haven't had the time to dedicate to going through the nightmare of transferring DSL services.
I will note that I moved three members of my family off of ELN in 2006.

Ideal solution? You provide us with an account level OPT-OUT feature so we don't have to set up each computer on its own.
*or*
Lower my monthly payments since you are now making a few dollars on your search-page feature at our expense.