[DNS-Abuse-Measurements] abuse suspension of infrastructure domain names
Andrey Nesterenko
andrey at mirhosting.com
Mon Apr 27 16:57:07 UTC 2020
Dear community,
I am a representative of a hosting service company. Today one of our
domain names has been suspended by domain registrar because of spam
abuse. The domain name is in fact infrastructure domain name which we
used since 2005 for some dns servers and in server names. Here is what
happened - spam was sent from a hacked script on one the cPanel shared
hosting servers. And this server has this naming convention -
sharedserver.$suspendeddomain.com
Of course, this domain name has nothing to do with that spam, but this
suspension resulted in a major outage (fortunately not that long) for
many services and customers in our global infrastructure.
I don't think it is a good idea to post here the domain name in question
and corresponding registrar because my concern here is not how their
abuse team handled that, but about some feedback from community and
ICANN.
Would it be a good idea to protect such kind of domain names use in
infrastructure of certain businesses from being suspended immediately
for such low priority cases? There are a lot of companies like us who
have just a few domain names important for DNS and resolving routing
infrastructure tasks and they have to be protected somehow.
This is the second time it has happened to us so far. The first time it
was with .host registry a few years ago when they suspend another domain
name used in our PaaS cloud infra: each environment had a domain name
set up in such a way - env-123456.mircloud.host - exactly the same way
as other cloud providers. Of course, it is possible that one of the
customers can host phishing tools or viruses on such subdomains, but it
should never mean to block the whole domain name entirely. That time it
was blocked directly by Radix btw.
Any ideas and feedback here to help us deal with such situations other
than becoming a registrar ourselves?
Andrey Nesterenko
MIRhosting
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/dns-abuse-measurements/attachments/20200427/0f43044c/attachment.html>
More information about the DNS-Abuse-Measurements
mailing list