Dynadot

High risk of .XYZ suspension

Spaceship Spaceship
Watch
smarti

smarti

carpe diemEstablished Member
Impact
76
couple of days ago I found one of my premium XYZ domain not resolving, after debugging it turned out, the @XYZregistry has put it into "serverHold" status and took out from their zone, I wasn't notified about this status suspension, neither by registry nor by my registrar.

TL;DR; => go to end

Very suspicious is the fact that suspension happened within same timeframe when a lead rejected my counter offer on DAN.COM

evid-1-offer-decline.png

was declined a 18:05 UTC and the domain was updated at 17:50 UTC

evid-2-registry-update-status.png


what a coincidence! :unsure:


The registry pointed me to their domain-reactivation-form where I can check for a status, a reason of suspension and submit a reactivation request - ( btw I wanted to learn about their "anti-abuse-pocies" linked on the page to http://nic.xyz/xyzLaunchPolicies_v1.03.pdf but that document even does not exist )

According to the status, the registry suspended the domain due to abuse-report...while was parked at DAN (no bodis)....hmm, digging further...

xyz-unsuspend-request.png


Ok, the registry explains they use blacklists to suspend listed domains, such as: Spamhaus, VirusTotal, Google Safebrowsing,SURBL,URIBL,Quttera - and they state to reactivate the domain once it has been delisted everywhere and the evidence of such has been provided to them.

My domain is only listed on VirusTotal, having one vendor pretending my domain being malicious - huh?

spamlist-2-virustotal.png


the vendor is "Bfore.AI", moving on to the platform
- a company profile seems to me like a backyard start-up company rather than a solid security firm - their product is "Malicious Domain Prediction", okay so they can flag any domain they want as "malicious", I see some sort of value in their product. Now I want to know facts about my domain...nothing, no lookup possibility, but at least there's a a support form, so giving it a try, with no response yet.


TL;DR;

The XYZ registry took down the domain without manual reviewal, based on no fact of domain abusing but based on a prediction of a more or less trustworthy vendor of a just a more or less trustworthy blacklist provider.

The registry might use those 6 blacklist providers, maybe even more. Anyone can submit your domain to those blacklists, VirusTotal currently has around 90+ vendors, where each of them can put a red flag on your domain and what will happen is, the registry will just switch off the light of your domain without even reviewing the case manually. Such a system can be highly abused for a domain blacklisting attack.

Do I want to run a digital business on .xyz domain after all, backed by a registry which can just pull out the plug based on no-facts but because anyone can submit a request to blacklist my domain? Surely not. I think the xyz registry will need to reconsider their current implementation of anti-spam enforcement.

Your thoughts?
 
Click to expand...
Reply
11
5 Thanks
1 Agree
0 Like
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Sort by date Sort by points
smarti said:
couple of days ago I found one of my premium XYZ domain not resolving, after debugging it turned out, the @XYZregistry has put it into "serverHold" status and took out from their zone, I wasn't notified about this status suspension, neither by registry nor by my registrar.

TL;DR; => go to end

Very suspicious is the fact that suspension happened within same timeframe when a lead rejected my counter offer on DAN.COM

Show attachment 205989
was declined a 18:05 UTC and the domain was updated at 17:50 UTC

Show attachment 205990

what a coincidence! :unsure:


The registry pointed me to their domain-reactivation-form where I can check for a status, a reason of suspension and submit a reactivation request - ( btw I wanted to learn about their "anti-abuse-pocies" linked on the page to http://nic.xyz/xyzLaunchPolicies_v1.03.pdf but that document even does not exist )

According to the status, the registry suspended the domain due to abuse-report...while was parked at DAN (no bodis)....hmm, digging further...

Show attachment 205992

Ok, the registry explains they use blacklists to suspend listed domains, such as: Spamhaus, VirusTotal, Google Safebrowsing,SURBL,URIBL,Quttera - and they state to reactivate the domain once it has been delisted everywhere and the evidence of such has been provided to them.

My domain is only listed on VirusTotal, having one vendor pretending my domain being malicious - huh?

Show attachment 205995

the vendor is "Bfore.AI", moving on to the platform
- a company profile seems to me like a backyard start-up company rather than a solid security firm - their product is "Malicious Domain Prediction", okay so they can flag any domain they want as "malicious", I see some sort of value in their product. Now I want to know facts about my domain...nothing, no lookup possibility, but at least there's a a support form, so giving it a try, with no response yet.


TL;DR;

The XYZ registry took down the domain without manual reviewal, based on no fact of domain abusing but based on a prediction of a more or less trustworthy vendor of a just a more or less trustworthy blacklist provider.

The registry might use those 6 blacklist providers, maybe even more. Anyone can submit your domain to those blacklists, VirusTotal currently has around 90+ vendors, where each of them can put a red flag on your domain and what will happen is, the registry will just switch off the light of your domain without even reviewing the case manually. Such a system can be highly abused for a domain blacklisting attack.

Do I want to run a digital business on .xyz domain after all, backed by a registry which can just pull out the plug based on no-facts but because anyone can submit a request to blacklist my domain? Surely not. I think the xyz registry will need to reconsider their current implementation of anti-spam enforcement.

Your thoughts?
Click to expand...
The fact that they basically temporally suspended your domain without any notice, made me seriously rethink before developing ANY kind of service on .XYZ. I wonder if anyone can that easily report and eventually take down giants like shop.xyz or block.xyz.
 
Click to expand...
Reply
2
1 Thanks
1 Agree
0 Like
•••
There are multiple factors involved in suspending a .xyz domain.

How many domains would they manually monitor? There are around 3M domains.
Did we know the previous domain history? Old owner might have done some kind of spam.
Some domain owners are taking advantage of 1 usd regs and trying to spoof or spam.

Why dont we give it a try reporting abuse about abc.xyz or Block.xyz? I dont think they would block all the domains. I have around 20 domains in serverhold out of 19K. That doesn't mean they are involved in spam. Some buyers who might wanted to get it cheaper would raise an abuse complaint.
Their unblock policy is also pretty simple.
 
Click to expand...
Reply
6
5 Thanks
1 Like
•••
DNGear said:
Some buyers who might wanted to get it cheaper would raise an abuse complaint.
Click to expand...

that's exactly my point. I don't mind if they have a simple unblock policy ( that remains to be seen - my domain is still down though ), what I don't like about it that they steal my time and open gates to those fraudulent "buyers".

I'm pretty sure they maintain a positive list for domains, like abc.xyz or block.xyz, which cannot be blocked without multi-level manual approval - but all those new ones and without content or traffic are pontentially untrusted so quite an easy target for fraudulent reports.
 
Click to expand...
Reply
3
3 Thanks
0 Like
•••
DNGear said:
Some domain owners are taking advantage of 1 usd regs and trying to spoof or spam.
Click to expand...

I think this is probably the issue. Throwaway 99 cent domains (on any extension) have been used for years by spammers and cybercriminals, for obvious reasons, and so responsible registries have to take a far more zero tolerance approach than registries that charge more and attract fewer bad actors.

It's actually a good thing that they take action, because some registries probably don't care. If the process to undo it is easy and taken into consideration in future, so the name can't be suspended so easily again, that seems reasonable.

DNGear said:
I have around 20 domains in serverhold out of 19K.
Click to expand...

Is the reason XYZ has so many 'reserved' names because they're suspended/serverhold names they didn't release when they expired? I noticed when I did the second XYZ list the other day 0002-0009 was reserved (IIRC), and 0010 was server hold and pending delete, which I suspect means they'll be reserving that too.

smarti said:
I'm pretty sure they maintain a positive list for domains, like abc.xyz or block.xyz, which cannot be blocked without multi-level manual approval - but all those new ones and without content or traffic are pontentially untrusted so quite an easy target for fraudulent reports.
Click to expand...

Different rules probably apply for Google, but it's probably also assumed that a spammer isn't going to register a $xxx+ name to spam with, so different rules may (and should) apply for 'premium' names.
 
Click to expand...
Reply
1
1 Thanks
0 Like
•••
.xyz is certainly easily a target of scams and riskier. I worked for a couple of different Fortune 500 companies. They all block access to any website with .xyz extension
 
Click to expand...
Reply
2
1 Like
0 Thanks
•••
Update:

the one vendor, Bfore.AI, replied to me today (Sunday!) and unflagged my domain - this was quite fast reaction! Somehow their support mentioned they removed the malicious flag from VirusTotal, even though I haven't said anything about VT in my request..
Anyway, now waiting for the registry to reactivate the domain.
 
Click to expand...
Reply
2
2 Like
0 Thanks
•••
Update: Domain Reactivated

Reply from registry:

"Thank you for your message. This domain has been unsuspended and is now active. The domain was flagged by one of our cybersecurity partners, while we cannot disclose any of our partners, we can say it was not Bfore.Ai PreCrime. The Anti-Abuse team does notify the registrar of the abuse and it is then up to the registrar to inform their client." - even more weird not to know who caused your domain to black out, and SAV did their job not well here by not notifying me about suspension... sigh. anyway, my domain is active again. I am happy. Time lost, though.
 
Click to expand...
Reply
5
2 Like
1 Thanks
•••
there is ranking of tlds most used by scammers ..google it..xyz is on top or near.
 
Click to expand...
Reply
0
1 Thanks
1 Disagree
0 Like
•••
alcy said:
there is ranking of tlds most used by scammers ..google it..xyz is on top or near.
Click to expand...

According to Spamhaus.org, the "badness" score of .xyz is only .33, with 3.6% of sites being spam.

While .com's badness score is .68, with 5.5% being spam.

.co's badness score is .34, with 4.2% of sites spam.

So .xyz is a solid and legit extension according to this index.
 
Click to expand...
Reply
4
1 Thanks
1 Agree
0 Like
•••
Log in or sign up to reply here.

Similar threads

Acroplex
  • Article
information Top Topics: Epik login disabled; GoDaddy appraisal tool changes; XYZ domains demystified; 5% deposit for .AI auction bids; Afternic glitch or greed?
4 comments
3K views
Mr. Deleted
Mr. Deleted
D
question .xyz vs .app
7 replies
596 views
HotKey
HotKey
jberryhill
registries More crazy .in domain regulations in the pipeline
1 reply
498 views
anantj
anantj
STIJL
discuss .spa gTLD
0 replies
282 views
STIJL
STIJL
tld4me
  • Question
Namecheap - Expiring Auctions, domains from other registrars
1 reply
549 views
tld4me
tld4me

We're social

Escrow.com

New posts

Auction activity

Domain Recover

What non .com extensions have you sold in 2024?

Polls of interest

Popular this week

Community favorite

Popular this month

Blog favorites

  • The sidebar remains visible by scrolling at a speed relative to the page’s height.
Back