Already feeling the effects of VeriSign's Sitefinder: My browser (and yours) remembers URLs you've typed in to your address bar, so that if it looks like you're about to type them in again, the browser gives you the option of auto-completing what you're typing. Thing is, it only remembers the addresses that work, that is, bring up a valid page, so if you mistype a domain name or a filename and you get the appropriate error message, it won't remember those. Thanks to Sitefinder, all unregistered domain names (including any and all possible filenames underneath those domains) now resolve without error, so any typo in the domain will cause the URL to be remembered by your browser. (IIRC, this would be even more annoying in Internet Explorer, because you practically have to swat the auto-complete off with a stick when the completion is not what you want. And don't give me any of that "you can turn that off" stuff, it's annoying. When I press Enter, I mean Enter, dammit.)
Also notice that it's not just that invalid domain names resolve, but they serve valid (as in status 200) pages for all paths beneath the names. They could have thrown us a bone and served their portal pages with status 404, "file not found," but that would inspire Internet Explorer to swap in its friendly error message. Can't anyone follow a standard?
For fun, I tried emailing test@argargargar.to and test@argargargar.com. The former caused my mail client to stop me in my tracks to tell me the address was invalid, and it even left the composer window open so I could fix it and immediately re-send. In the latter case, because the invalid domain resolved, my mailer sent the mail to my outgoing mail server, and I didn't know anything was wrong until I received the bounce message from VeriSign's server-- thankfully sent as an error message to the outgoing mail server, so at least it could do the right thing. I think this also means that VeriSign does not receive the full text (including return address) of email sent to invalid domains. Without testing I would have wondered if VeriSign is OK with serving ads for invalid web requests, what'd stop them from collecting email addresses from mail sent to invalid email addresses? I'll have to re-read my mailer books (or get around to testing it manually) to remind myself how this works. (They simply aren't accepting connections on other ports, which they easily could have done for mail connections, but the bounce message is polite because otherwise outgoing mail servers would repeatedly retry to send the mail over several days before giving up.)
Meanwhile, VeriSign refuses to turn off Sitefinder despite ICANN's request.