It’s easy to advocate for fast takedowns, but that can hurt legitimate businesses.
On February 20, 2020, Domain Name Wire was down.
Anyone who operates a website knows that horrible feeling of finding out your site is down and not being able to understand what’s happening.
My day got worse as it progressed. It turned out that all of my websites were down. So were my wife’s sites, including the site we use to host her podcast RSS feed.
All of my businesses were shuttered—all at the same time.
It took a while to find the culprit. It turns out that someone made a spam complaint to Vultr, the cloud service that hosted our sites. I used them through a cloud management platform and didn’t have a direct connection to them, so I had to work through the support of the management platform. Worse, they didn’t notify me of the suspension; I had to reach out to them to find out what was going on.
Obviously, I’m not a spammer. You’ll be surprised to learn all it took to get my site taken down: someone sent an email to someone that included a copy of the HTML of my home page, which included links to Domain Name Wire. This is all it took for Vultr to take down all of my businesses.
I couldn’t move the content to another host, either, because our backups were at Vultr. (There’s a lesson here — always back up someplace that isn’t your host. Backing up at your host is like backing up your laptop on your laptop.)
I thought about writing about this traumatic experience for a while. I think it’s relevant to bring it up now because of my stories about DNS Abuse and the many parties wanting hosts and registrars to take down malicious sites quickly.
Yes, we should do something about DNS Abuse. But a false positive (as in my case) can be detrimental to a business.
I was reminded of this when reading the story of CNX Software today. Jean-Luc Aufranc, who owns the business, said his domain was down for days. It appears that there were some malicious links downstream, thanks to an affiliate redirect system he used. But it was difficult for him to find out exactly why his domain was suspended, and that’s a problem.
I understand that registrars and hosts don’t want to give too many details to people when they suspend a site because they don’t want to teach the bad guys how to circumvent the system. But many times, a site is used for phishing because of malware or malicious redirects that the site owner isn’t aware of. The only way the site owner can fix this is if they know what the issue is.
Aufranc said he learned a lot from his experience. First, he used a reseller to register his domain. The back and forth communication between the reseller and the reseller registrar caused delays:
I have to contact the reseller, which then contacts the registrar, which then replies, and the reseller feedbacks the answer from the registrar. This could take 36 to 48 hours to get a reply from the companies involved in this particular case.
Without throwing all reseller registrars under the bus, I can’t think of a single reason to register a domain through a reseller rather than an ICANN-accredited registrar.
Second, his contact info with the reseller was an email address on his domain, which was now suspended. So he couldn’t get any email updates from the reseller. It’s always smart to use a contact email address on a different domain than the domain you’re hosting.
But stepping back further, it’s important for registrars and hosts to work with their clients when there’s an abuse claim. There need to be robust systems to work with people who might be victims, not perpetrators. Suspending a domain or taking down a website is a big deal to a legitimate business. It’s not OK to snare legitimate website operators in the name of quickly taking down some abusive websites. Customers should have 24×7 access to an abuse team that will work with them to restore their business in the case of a hack or false positive complaint.