<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Vorformatiert Zchn";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.HTMLVorformatiertZchn
{mso-style-name:"HTML Vorformatiert Zchn";
mso-style-priority:99;
mso-style-link:"HTML Vorformatiert";
font-family:Consolas;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.E-MailFormatvorlage20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.E-MailFormatvorlage21
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="DE" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><font size="2" face="Calibri"><span lang="EN-US" style="font-size:11.0pt;mso-fareast-language:EN-US">Hello,<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span lang="EN-US" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span lang="EN-US" style="font-size:11.0pt;mso-fareast-language:EN-US">I think time (and so, money) is the most critical resource on all sides. From a RO perspective: Before taking down a domain name one *<b><span style="font-weight:bold">should</span></b>*
do some research to make sure that the abuse report is 1) evident, 2) the reason for taking down a domain name sufficient and 3) to communicate with the registrar for clarification to make sure that such things don’t happen.
<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span lang="EN-US" style="font-size:11.0pt;mso-fareast-language:EN-US">Of course..this would be the ideal..<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span lang="EN-US" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span lang="EN-US" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span lang="EN-US" style="font-size:11.0pt">> Any ideas and feedback here to help us deal with such situations other than becoming a registrar ourselves?</span></font><span lang="EN-US" style="mso-fareast-language:EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span lang="EN-US" style="font-size:11.0pt;mso-fareast-language:EN-US">First I suggest to talk to the registrar and try to establish better communication and processing regarding abusive domains in your portfolio.<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span lang="EN-US" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span lang="EN-US" style="font-size:11.0pt;mso-fareast-language:EN-US">Best, Matthias<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span lang="EN-US" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span lang="EN-US" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span lang="EN-US" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span lang="EN-US" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Calibri"><span lang="EN-US" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></font></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt">
<div>
<p class="MsoNormal"><font size="2" face="Calibri"><span lang="EN-US" style="font-size:11.0pt">On 27-4-2020 18:57, Andrey Nesterenko via DNS-Abuse-Measurements wrote:<o:p></o:p></span></font></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><font size="2" face="Calibri"><span lang="EN-US" style="font-size:11.0pt">Dear community,<br>
<br>
I am a representative of a hosting service company. Today one of our domain names has been suspended by domain registrar because of spam abuse. The domain name is in fact infrastructure domain name which we used since 2005 for some dns servers and in server
names. Here is what happened - spam was sent from a hacked script on one the cPanel shared hosting servers. And this server has this naming convention - sharedserver.$suspendeddomain.com<br>
<br>
Of course, this domain name has nothing to do with that spam, but this suspension resulted in a major outage (fortunately not that long) for many services and customers in our global infrastructure.<br>
<br>
I don't think it is a good idea to post here the domain name in question and corresponding registrar because my concern here is not how their abuse team handled that, but about some feedback from community and ICANN.<br>
<br>
Would it be a good idea to protect such kind of domain names use in infrastructure of certain businesses from being suspended immediately for such low priority cases? There are a lot of companies like us who have just a few domain names important for DNS and
resolving routing infrastructure tasks and they have to be protected somehow.<br>
<br>
This is the second time it has happened to us so far. The first time it was with .host registry a few years ago when they suspend another domain name used in our PaaS cloud infra: each environment had a domain name set up in such a way - env-123456.mircloud.host
- exactly the same way as other cloud providers. Of course, it is possible that one of the customers can host phishing tools or viruses on such subdomains, but it should never mean to block the whole domain name entirely. That time it was blocked directly
by Radix btw.<br>
<br>
Any ideas and feedback here to help us deal with such situations other than becoming a registrar ourselves?<br>
<br>
Andrey Nesterenko <o:p></o:p></span></font></p>
<div>
<p class="MsoNormal"><font size="2" face="Calibri"><span lang="EN-US" style="font-size:11.0pt">MIRhosting<o:p></o:p></span></font></p>
</div>
<p class="MsoNormal"><font size="2" face="Calibri"><span lang="EN-US" style="font-size:11.0pt"><br>
<br>
<o:p></o:p></span></font></p>
<pre><font size="2" face="Courier New"><span lang="EN-US" style="font-size:10.0pt">_______________________________________________<o:p></o:p></span></font></pre>
<pre><font size="2" face="Courier New"><span lang="EN-US" style="font-size:10.0pt">DNS-Abuse-Measurements mailing list<o:p></o:p></span></font></pre>
<pre><font size="2" face="Courier New"><span style="font-size:10.0pt"><a href="mailto:DNS-Abuse-Measurements@icann.org"><span lang="EN-US">DNS-Abuse-Measurements@icann.org</span></a></span></font><span lang="EN-US"><o:p></o:p></span></pre>
<pre><font size="2" face="Courier New"><span style="font-size:10.0pt"><a href="https://mm.icann.org/mailman/listinfo/dns-abuse-measurements"><span lang="EN-US">https://mm.icann.org/mailman/listinfo/dns-abuse-measurements</span></a></span></font><span lang="EN-US"><o:p></o:p></span></pre>
<pre><font size="2" face="Courier New"><span lang="EN-US" style="font-size:10.0pt"><o:p> </o:p></span></font></pre>
<pre><font size="2" face="Courier New"><span lang="EN-US" style="font-size:10.0pt">_______________________________________________<o:p></o:p></span></font></pre>
<pre><font size="2" face="Courier New"><span lang="EN-US" style="font-size:10.0pt">By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (</span><a href="https://www.icann.org/privacy/policy"><span lang="EN-US">https://www.icann.org/privacy/policy</span></a></font><span lang="EN-US">) and the website Terms of Service (</span><a href="https://www.icann.org/privacy/tos"><span lang="EN-US">https://www.icann.org/privacy/tos</span></a><span lang="EN-US">). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.<o:p></o:p></span></pre>
</blockquote>
</div>
</div>
</body>
</html>