The Innocent Victims of DNS Abuse Complaints – Domain Name Wire
It’s easy to argue for quick withdrawals, but it can harm legitimate businesses.
On February 20, 2020, Domain Name Wire was down.
Anyone who runs a website knows that awful feeling of finding out your site is down and not being able to figure out what’s going on.
My day got worse as it progressed. It was found that all of my websites were down. The same was true for my wife’s sites, including the site we use to host her podcast RSS feed.
All my businesses were closed, all at the same time.
It took time to find the culprit. Turns out someone filed a spam complaint with Vultr, the cloud service that hosted our sites. I was using them through a cloud management platform and didn’t have a direct connection to them, so I had to work with the management platform support. Worse, they did not inform me of the suspension; I had to contact them to find out what was going on.
Of course, I’m not a spammer. You’ll be surprised to learn all it took to get my site taken down: Someone emailed someone that included a copy of the HTML code for my home page, which included links to Domain Name Wire. That’s all it took for Vultr to destroy all my businesses.
I also couldn’t move the content to another host, as our backups were at Vultr. (There’s a lesson here – always back up somewhere that isn’t your host. Backing up to your host is like backing up your laptop to your laptop.)
I thought about writing about this traumatic experience for a while. I think it’s relevant to talk about it now because of my stories about DNS abuse and the many parties who want hosts and registrars to take down malicious sites quickly.
Yes, we should do something about DNS abuse. But a false positive (like in my case) can be detrimental to a business.
I remembered this while reading the CNX Software story today. Jean-Luc Aufranc, owner of the company, said his domain had been unavailable for days. It looks like there were some malicious downlinks, thanks to an affiliate redirect system he used. But it was difficult for him to know exactly why his domain was suspended, and that is a problem.
I understand that registrars and hosts don’t want to give people too many details when they suspend a site because they don’t want to teach the bad guys how to get around the system. But often a site is used for phishing due to malware or malicious redirects that the site owner is unaware of. The only way for the site owner to fix this problem is to find out what the problem is.
Aufranc says he learned a lot from his experience. First, he hired a reseller to register his domain. Round-trip communication between the reseller and the reseller registrar caused delays:
I need to contact the reseller, who then contacts the registrar, who then responds, and the reseller sends back the registrar’s response. It could take 36-48 hours to get a response from the companies involved in this particular case.
Without throwing all the reseller registrars under the bus, I can’t think of a single reason to register a domain through a reseller rather than an ICANN accredited registrar.
Second, his contact information with the reseller was an email address on his domain, which was now suspended. He was therefore unable to receive any email updates from the reseller. It’s always a good idea to use a contact email address on a different domain than the one you’re hosting.
But taking a step back, it’s important for registrars and hosts to work with their customers in the event of abuse claims. It takes strong systems to work with people who might be victims, not perpetrators. Suspending a domain or deleting a website is a big deal for a legitimate business. It is not acceptable to entrap operators of legitimate websites in the name of the rapid removal of certain abusive websites. Customers should have 24/7 access to an anti-abuse team who will work with them to restore their business in the event of a hack or false positive complaint.