[DNS-Abuse-Measurements] abuse suspension of infrastructure domain names

Andrey Nesterenko andrey at mirhosting.com
Tue May 5 17:36:52 UTC 2020 

Hello,

Thank you all for comments and suggestions. From my side, I agree that 
we should see if we can find "a better registrar" in a way of 
relationship. At least for own critical domains.
However, I still think that it might be a good idea to get a way to 
protect certain domain names at more solid way, instead of relying on 
good relationships and abuse best practices.

Its not my level of discussion and decisions of course, its 
registrar/register or probably icann. My level is network and hardware 
infrastructure and its scaring me that any single silly mistake or 
harmless abuse activity by someone can lead to major down for many 
resources and projects. I would expect to see it as a "must have" thing 
at register level. I realize, it raises a lot of question, how they 
should be qualified for and who and how have to do that. Still something 
what can help to have a better Internet I believe.

Andrey Nesterenko
MIRhosting

------ Original Message ------
From: "James Galvin" <jgalvin at afilias.info>
To: "Andrey Nesterenko" <andrey at mirhosting.com>
Cc: dns-abuse-measurements at icann.org
Sent: 05.05.2020 18:56:00
Subject: Re: [DNS-Abuse-Measurements] abuse suspension of infrastructure 
domain names

>Others have hinted at this so I’ll just say it directly.
>
>The best advice for you is to move your domain portfolio to a “better” 
>registrar. In this case, “better” is defined as one with which you have 
>an excellent working relationship and, specifically, they are in it to 
>protect your domain name just as you are. You should expect to have to 
>pay an above average fee for this service. However, I suspect that fee 
>is far below the fee for becoming your own registrar.
>
>Many registrars have good practices, just as many registries do. 
>However, the system allows for judgement calls, properly so, and it’s 
>entirely possible you can caught up in the noise sometimes. You never 
>know what’s really in progress from a security point of view.
>
>“White Glove” service for your critical domains is what the market 
>provides and there are a number of registrars who provide varying 
>levels of such services. Choose one that offers what you need. Note 
>that registrars with such services typically have excellent 
>relationships with many of the registries, so you actually get two 
>benefits. Ask about this if it’s a concern for you.
>
>Jim
>
>
>
>On 27 Apr 2020, at 12:57, Andrey Nesterenko via DNS-Abuse-Measurements 
>wrote:
>
>>Dear community,
>>
>>I am a representative of a hosting service company. Today one of our 
>>domain names has been suspended by domain registrar because of spam 
>>abuse. The domain name is in fact infrastructure domain name which we 
>>used since 2005 for some dns servers and in server names.  Here is 
>>what happened - spam was sent from a hacked script on one the cPanel 
>>shared hosting servers.  And this server has this naming convention - 
>>sharedserver.$suspendeddomain.com
>>
>>Of course, this domain name has nothing to do with that spam, but this 
>>suspension resulted in a major outage (fortunately not that long) for 
>>many services and customers in our global infrastructure.
>>
>>I don't think it is a good idea to post here the domain name in 
>>question and corresponding registrar because my concern here is not 
>>how their abuse team handled that, but about some feedback from 
>>community and ICANN.
>>
>>Would it be a good idea to protect such kind of domain names use in 
>>infrastructure of certain businesses from being suspended immediately 
>>for such low priority cases? There are a lot of companies like us who 
>>have just a few domain names important for DNS and resolving routing 
>>infrastructure tasks and they have to be protected somehow.
>>
>>This is the second time it has happened to us so far.  The first time 
>>it was with .host registry a few years ago when they suspend another 
>>domain name used in our PaaS cloud infra: each environment had a 
>>domain name set up in such a way - env-123456.mircloud.host - exactly 
>>the same way as other cloud providers. Of course, it is possible that 
>>one of the customers can host phishing tools or viruses on such 
>>subdomains, but it should never mean to block the whole domain name 
>>entirely. That time it was blocked directly by Radix btw.
>>
>>Any ideas and feedback here to help us deal with such situations other 
>>than becoming a registrar ourselves?
>>
>>Andrey Nesterenko
>>MIRhosting
>>_______________________________________________
>>DNS-Abuse-Measurements mailing list
>>DNS-Abuse-Measurements at icann.org
>>https://mm.icann.org/mailman/listinfo/dns-abuse-measurements
>>
>>_______________________________________________
>>By submitting your personal data, you consent to the processing of 
>>your personal data for purposes of subscribing to this mailing list 
>>accordance with the ICANN Privacy Policy 
>>(https://www.icann.org/privacy/policy) and the website Terms of 
>>Service (https://www.icann.org/privacy/tos). You can visit the Mailman 
>>link above to change your membership status or configuration, 
>>including unsubscribing, setting digest-style delivery or disabling 
>>delivery altogether (e.g., for a vacation), and so on.
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/dns-abuse-measurements/attachments/20200505/684424ff/attachment.html>

More information about the DNS-Abuse-Measurements mailing list