The last vestige of ye olde UK ISP Demon Internet, in the form of the demon.co.uk subdomain, was given its marching orders this year – after internet services outfit Namesco told customers to change their email address by 29 May.
Vodafone extended the licence to September to give Namesco’s customers a little more time to get their affairs in order, but all good things must come to an end… even email addresses that have loyally served users for decades. Except it didn’t quite manage that.
In a final twist of fate, the decommissioning of the sub-domain was swatted by the dread hand of bork.
“As a result of human error,” the company explained in an email to customers, “an incorrect dummy domain name was used to manage the decommissioning process, and this domain was subsequently registered by a third party.”
The result was that between the end of July and first week of August, sending an email to the now-defunct demon address would see both sender and recipient potentially logged by the mystery third-party server. Namesco was at pains to point out that “no email content was ever delivered to the third party, as the server rejected this content.”
Oops. Once the mistake was spotted, Namesco swiftly changed the dummy domain name. And the third party in question submitted an undertaking promising that no shenanigans were intended.
Namesco email ‘scripting error’ has last bastion of Demon Internet holdouts scratching their heads
Namesco reported the incident to the UK’s Information Commissioner’s Office (ICO), and just over a month after the cock-up occurred, affected Register readers received the company’s apology email. Exactly how a human managed to do the deed and what will stop something similar happening in the future remains unclear.
An ICO spokesperson told The Register: “People have the right to expect that organisations will handle their personal information securely and responsibly.
“When a data incident occurs, we would expect an organisation to consider whether it is appropriate to contact the people affected, and to consider whether there are steps that can be taken to protect them from any potential adverse effects.
“Names.co.uk has reported an incident to us and we will be making enquiries.”
A spokesperson for Namesco told us the company had “undertaken a full investigation” into the matter, “and have obtained a signed legally binding undertaking from the operator of the third-party server confirming that no personal data, including in the form of email content, was accessed, forwarded, viewed or stored.”
“Additionally,” it said, “we have confirmed through our technical investigations that the logs were never accessed and have been permanently deleted.”
The spokesperson also confirmed that most of the former Demon customers whose sub-domains were decommissioned this year were affected.
Still, those who have followed the fate of those elderly Demon email addresses (some of which were nearing the 30-year mark) will hopefully be pleased that they shuffled into the long night not quietly, or with head bowed, but with one final, human-induced TITSUP*. ®
* Transfer Into Temporary Sub-domain Utter Pants