NameSilo

Nameservers Changed Issues on Sav.com

Spaceship Spaceship
Watch

xmarthost

XMart HostEstablished Member
Impact
22
My nameservers for all domains have been changed to ns1.all-harmless.domains and ns2.all-harmless.domains, and I am unable to change the DNS again. What could be the issue?

Also, a friend of mine is facing the same problem with over 600 domains. What's going on with sav.com?
 
3
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
I can reach out to them to get a full package of my stored data and could potentially ask for deletion.

Yes. If you're an EU citizen, you have that right.

Edit: this date should also show who they share your data with and to what extend/purpose.
 
Last edited:
1
•••
1
•••
sav.com registrar cybercrime.png
 
4
•••
"SAV.com, with 4,230 phishing domains in our 2022 study, experienced a 720% increase in 2023"

--Phishing Landscape 2023, Interisle Consulting Group, LLC



Jeffrey Bedser, CEO of CleanDNS, remarked, “I cannot recall a time when a registrar worked as hard to uphold the security and stability of the Internet in my 15 years with the ICANN community. This proactive approach is setting a new standard in the industry and demonstrates a strong commitment to maintaining a safe and secure internet environment.”

Anthos Chrysanthou further stated, “Sav has been a longtime partner of CleanDNS and is proud to work together in the effort to mitigate abuse. Both CleanDNS and Sav are dedicated to continuing our fight against abuse and maintaining our longstanding partnership.”
 
Last edited:
4
•••
@CleanDNS @Sav.com

If there was a trophy for the worst register and abuse policing, you clowns won the gold medal.

Starting a company comes with big dreams until reality starts to hit.

You should be compensating for the transfers, lost nameservers, and time but no no your brag is still at it, wiping out complete portfolios.

huge thanks to @Future Sensors

While you are at it please give this domain name back to its original owner as I have no clue how that ended up in my account, I'm still on the fence about just wiping your business out, just honestly all it takes is to admit wrongdoing and a future map of dealing with this the legal and proper way.

2023f11a62f246e58ad61181ac5ac6cc.png


WOWEEEWEE why on earth lmao.

It's been Days, and I would love to see @CleanDNS take/remove their brag on making the internet safer, so, consider removing several of my domain names on Atom as a good publishment.

Show some respect and decency, most members here have given you plenty of chances YET you take all that for granted and fire back in the worst possible way.

understaffed, no legal team, this topic will live on and be widely spread amongst the domain community, if you analyze the profit on SAV just like Dan there isn't much left after just one client takes you to court.

But please don't paddle back now, for sure keep the brag up! Nobody should have their complete portfolio removed due to a few rotten apples, I can only imagine the search results on SAV in the coming months.

Honestly, it's been days and days there is no excuse anymore, reputation = everything and you lost it all.
 
Last edited:
8
•••
What I find even more concerning is your GEO targeting.

100% racial, you do know people from all around the World are in the domain business, look at the CEO of Google being from India (Sundar Pichai)


Bit odd how you did a complete 360 and enabled my account.



Possibly found out I am Dutch holding several corps, putting me in a position to take you to court knowing very well others won't be able to.


Using this as publicity makes it even worse @CleanDNS

My statement still 100% stands for anyone reading this, avoid SAV and any provider that has connections with @CleanDNS.

If you feel like gambling hit a casino, what a kid show.

Now getting people to get your reviews up eh?
sav-idiots.png


Secure? top of their game?

The more you push this instead of just coming forward, the more clients you are going to lose.

How about a Hackathon or: https://www.hackerone.com/knowledge-center/white-hat-hacker

Your system will be breached in seconds putting all your clients at risk, also transfers in should be replaced with transfers out.

"I'm glad to see Sav taking action. on unsavoury accounts involved in serious abuse"

just WOW.
 
Last edited:
3
•••
@CleanDNS @Sav.com

If there was a trophy for the worst register and abuse policing, you clowns won the gold medal.
Indeed. Especially if you also realize the number of Domains Under Management that Sav.com has.

Sav is a relatively small registrar compared to e.g. GoDaddy, but scores extremely bad for years on keeping our Internet clean from these malicious issues, despite (or, thanks to?) the fully managed abuse handling by CleanDNS.

https://domainnamewire.com/2024/01/03/the-biggest-20-domain-name-registrars-across-all-icann-tlds/
 
Last edited:
1
•••
My statement still 100% stands for anyone reading this, avoid SAV and any provider that has connections with @CleanDNS.
Sound advice.
 
2
•••
Indeed. Especially if you also realize the number of Domains Under Management that Sav has.

Sav is a relatively small registrar compared to e.g. GoDaddy, but scores extremely bad for years on keeping our Internet clean from these issues, despite (or thanks to?) the fully managed abuse handling by CleanDNS.

https://domainnamewire.com/2024/01/03/the-biggest-20-domain-name-registrars-across-all-icann-tlds/

They allowed it until it became a problem for THEM, taking profits over abuse concerns, until shit hits the fan.

100% Sav had no intention of cleaning up until they got contacted, and concerns came up.

Leaving fake reviews now, handling this whole situation as absolute clowns. There is no coming back from this.
 
2
•••
While you are at it please give this domain name back to its original owner as I have no clue how that ended up in my account
What does Sav.com say about this, did you ask them about it? In the Official Sav thread on NamePros there appear to be more of these cases, including Sav customers that are still able to change DNS from their Sav control panel for domains they're no longer the registrant of.
 
Last edited:
2
•••
What does Sav.com say about this, did you ask them about it? In the Official Sav thread on NamePros there are more of these cases.

I posted this before but will post it again.

b3acf01bab3de41d1ab693652c5a5b7b.png


So there is verified evidence, none of which has been forwarded to me, my account is fine... moved most of my value domains out.

Somewhat doubt that's a response from SAV ever since they mentioned outsourcing abuse to @CleanDNS without letting their clients know.

I am not hiding my identity either so forward me what abuse has taken place, and we will handle it but like I said before, Sav expected nobody to fight back but yet here we are.

Take a moment to even read "over the weekend" lmao.
 
Last edited:
2
•••
Last edited:
1
•••
What I find even more concerning is your GEO targeting.

100% racial, you do know people from all around the World are in the domain business, look at the CEO of Google being from India (Sundar Pichai)


Bit odd how you did a complete 360 and enabled my account.



Possibly found out I am Dutch holding several corps, putting me in a position to take you to court knowing very well others won't be able to.


Using this as publicity makes it even worse @CleanDNS

My statement still 100% stands for anyone reading this, avoid SAV and any provider that has connections with @CleanDNS.

If you feel like gambling hit a casino, what a kid show.

Now getting people to get your reviews up eh?Show attachment 260436

Secure? top of their game?

The more you push this instead of just coming forward, the more clients you are going to lose.

How about a Hackathon or: https://www.hackerone.com/knowledge-center/white-hat-hacker

Your system will be breached in seconds putting all your clients at risk, also transfers in should be replaced with transfers out.

"I'm glad to see Sav taking action. on unsavoury accounts involved in serious abuse"

just WOW.
I dont want to say that Sav is doing it, but buying reviews - and yes, even verified acts with a considerable history, is nothing special.
For this specific review, All the people affected by it never did anything wrong. It's a punch in the face for those people reading this. Trustpilot means nothing to me personally. I voluntarily served on the advisory board of our homeowner's association (nothing special), and once, a very young company pitched to prepare our garage electric vehicle. So take care, end-to-end. I did a bit of due diligence and saw that this company had 150 (5 Star) reviews, saying that this company was so lovely and implemented everything [for some apartment blocks, houses - and cross-selling of wallboxes]. After checking his Balance sheet, P&L, and forecasting, I realized that the person who founded the company couldn't even use a calculator. Even with the smallest margin on just wall boxes multiplied by the amount of "verified" reviews, it was impossible to achieve this.
I confronted him with the print-outs during a live presentation in front of our apartment owners.
Suddenly, he said I could come to their office to discuss financials, but he no longer had much time.

Why do I tell this story? To act like a hero? Do I want to promote myself to someone who can use a calculator? No, but everyone could do this research in under 2 hours.
I want to convey that Tripadvisor, Google Reviews & many more are often unreliable.
Either you see a pattern (wording, account types, etc.), or it's contrary to what others say. If I look at reviews, I start with 1 star first because the likelihood that the owner has commented on it is much higher.

So don't get distracted by random users, in this case, someone with 1 Review - giving a Ranking on a platform that is one of the easiest ones to fake.

You better rely on facts, the fact is:

  • Communication on X that it is being fixed (issue?)
  • The CTO in this Thread wrote something, probably twice, from his phone and claimed this was a fast response.
  • Unclear handling of the Business relationship between SAV and CleanDNS (They can somehow opt-in to give more Data, so SAV to CleanDNS)
  • Lacking of Communication afterward
  • Celebrating themselves for "busting" 600k
"This effort is part of a proactive strategy to improve internet safety by swiftly disabling domains intending to cause harm. Once confirmed, Sav and CleanDNS took action on an unprecedented scale.
Source: https://cleandns.com/sav-com-and-cleandns-tackle-domain-name-abuse-at-an-unprecedented-scale/
  • Still no official comment from SAV

If they can celebrate their success with this article so fast, where is the statement (Not the Outlook Macro for sending out the same template email to all people who ask) from SAV? Eventually, from the CEO himself - if those are truly 600k accounts they have found, it should be a success story.
And they were now feeding their Systems (CleanDNS) with those patterns, to make this whole thing better. If you need the link (it's in their Privacy PDF), they train their systems with "fraudulent abuse Domains".


Btw.
Partners of CleanDNS I could find:
TopDNS - Germany, Cologne

And 2 More, we need to validate this before posting.

Sad sad sad
zotix
 
Last edited:
3
•••
In the following presentation, CleanDNS, Inc. explains how the company is using Machine Learning (ML) and Artificial Intelligence (AI) for mitigating DNS Abuse. They use it not only for detection, but also for automated response.

https://internet-conference.vn/sites/default/files/2024-06/5.CleanDNS.pdf

Yes, using these techniques may be fine for detection. However, the way CleanDNS is currently doing Automated Response is particularly worrying, because it has gone so horribly wrong here. In the presentation, CleanDNS discusses the disadvantages of using ML and AI. In particular re False Positives and Ethical Considerations.

In addition, it appears that Sav's system security is not in order and there are indications that Sav users can manage domains from their control panel of which they are no longer the registrant. CleanDNS, which has been handling abuse for Sav for three years with mediocre results (documented earlier in this thread), bases their decisions partly on this incorrect account (registrant) information from Sav.com.

The NamePros account @CleanDNS on this forum is managed by Chad Los Schumacher, Chief Operating Officer (COO) of CleanDNS, Inc. In an attempt to repair the damage, this fresh and unaccredited NamePros account is now trying to handle sensitive Sav.com abuse cases with members on this forum, without there being a direct client relation. These messages are stored on this external forum, are visible to members of NamePros moderation teams, and will be archived 'somewhere' in the cloud forever.

Neither Sav.com nor CleanDNS have written anything on their website about the privacy and security considerations of these practices of their COO, which violate legislation in many jurisdictions.

This is particularly worrying for a company like CleanDNS, Inc., as this company operates in this very spectrum and clearly does not understand that you should not do this. The concerns that have been repeatedly expressed on this forum and on X have not been responded to.
 

Attachments

  • CleanDNS Inc. Presentation on DNS Abuse.pdf
    517.4 KB · Views: 10
Last edited:
4
•••
I notice that some news sites in the domain industry have merely copied the joint press release from Sav and CleanDNS, without digging deeper into what exactly is happening here, and what consequences this has for the rights and position of registrants, whose entire accounts are simply blocked and, upon further investigation, are unblocked again because the CleanDNS AI automated response solution turns out not to be flawless after all.

CleanDNS plans to offer abuse management services "as a service" to an increasing number of Domain Registrars and Domain Registries in the future.
 
Last edited:
6
•••
8
•••
In the following presentation, CleanDNS, Inc. explains how the company is using Machine Learning (ML) and Artificial Intelligence (AI) for mitigating DNS Abuse. They use it not only for detection, but also for automated response.

https://internet-conference.vn/sites/default/files/2024-06/5.CleanDNS.pdf

Yes, using these techniques may be fine for detection. However, the way CleanDNS is currently doing Automated Response is particularly worrying, because it has gone so horribly wrong here. In the presentation, CleanDNS discusses the disadvantages of using ML and AI. In particular re False Positives and Ethical Considerations.

The account @CleanDNS on this forum is managed by Chad Los Schumacher, Chief Operating Officer (COO) of CleanDNS, Inc. In an attempt to repair the damage, this unaccredited NamePros account is now trying to handle sensitive Sav.com abuse issues with members on this forum, without there being a direct client relation. These messages are stored on this external forum, are visible to the moderation teams, and will be archived somewhere in the cloud forever.

Neither Sav.com nor CleanDNS have written anything on their website about the privacy and security considerations of these practices of their COO, which violate legislation in many jurisdictions.

This is particularly worrying for a company like CleanDNS, Inc., as this company operates in this very spectrum and clearly does not understand that you should not do this. The concerns that have been repeatedly expressed on this forum have not been responded to.

Thank you very much for sharing this!
I don't say anything about the PowerPoint's structure and optics; all I say is that everyone I know would kick me out if I presented something to C-level or even published it.
FYI: A management summary comes first. There is no structure, nothing.
And the content: Talking about AI & ML but not even using it to create the presentation (that would still be not good, but at least better than this Word document).

All I wish right now is that SAV brings more transparency to this!
It was not through any so-called success thing by CleanDNS, which was unsuccessful because you banned unaffected people.
I would like to know your pattern for this.
I asked for examples to determine nothing.


First stage:
Response from Sav:

The official Sav Help X account responded to my X post linking to this thread with:

"Our team is aware of the issue and is currently working on it. The domains should be active again in a few hours."


2. First-time CTO replies:
Hello All. We just wanted to jump in and comment on this thread real quick. Sav does not tolerate domain abuse and takes abuse reports very seriously. We recently disabled a number of customer account’s and their domains after receiving verifiable evidence of one or more domains engaged per our Domain Name Registration Agreement. A few accounts were re-enabled after the customer agreed to make changes but this was not the majority. While we will be improving the notifications sent out to customers with domains engaged in abuse we will take action on any accounts and domains involved in abuse to do our part to help continue to make the Internet a safer place each and every day.




3. Observation, what are the implications of this?
Show attachment 260152
Show attachment 260149

Show attachment 260150

Show attachment 260151

in 2 Days, 30k regs- looks like the accounts that have been reactivated? I dont remember something special last Monday / Tuesday.

Thats a massive spike. Implications?

Kind regards,
zotix


3. CTO gives full responsibility to CleanDNS
Hello Again. We want to introduce everyone to a new NamePros user and partner of ours, @CleanDNS. For the last 3 years, Sav has worked with the team at @CleanDNS to review and process all domain abuse reports, work with registrants regarding abuse and to prevent abuse by disabling domains as accounts as needed. You can read more about recent actions taken here: https://cleandns.com/sav-com-and-cleandns-tackle-domain-name-abuse-at-an-unprecedented-scale/

If you want to know the exact details on why an account or domain was disabled and, you are the holder of the account, you can now DM CleanDNS directly from within NamePros and they can share that information.

Just a reminder that while we are actively working on one, Sav does not have a reseller program and each user is directly responsible for abuse on any of their domains.
Dear Nick, Yes, you are. There is no business relationship between people who have Domains with you; there is automatically a contract with your third party—even though you outsourced it.
What exactly did you allow them? Opt-In for Personal Data, like more than WHOIS?


CleanDNS appears.
Hi - Chad from CleanDNS here. Happy to take a look into any account and review the data. Please DM me the email address on the account and I will investigate.

We are the entity that manages Sav's abuse. Feel free to message [email protected] and mention this thread and I'll review that way. Whatever you are comfortable with.
As far as I understood in 2 roles.



Example how investigation works:
Sav.com fully understands how frustrating this is for DataCube's @bmugford, who is not even affected personally.

Show attachment 260242

I hope @Bravo Mod Team @Echo Mod Team @Alfa Mod Team @Paul

Check the Account of this new User @CleanDNS, who was clearly introduced by @Nick R
And verify them, pls, after clarification from SAV, what is going on.

Im speechless

Mustafa
 
0
•••
Tagging @ICA once again.

Don't hold your breath, @batman is just as likely to respond.

1722812773033.png


@Zak Muscovitch hasn't logged in since 2020. Not sure who's running the @ICA account...

Check the Account of this new User @CleanDNS, who was clearly introduced by @Nick R
And verify them, pls, after clarification from SAV, what is going on.

Do you mean verify them as a CleanDNS representative and give them a CleanDNS staff badge?

https://www.namepros.com/members/?key=representatives
 
Last edited:
3
•••
Do you mean verify them as a CleanDNS representative and give them a CleanDNS staff badge?

https://www.namepros.com/members/?key=representatives
Exactly, at least verify properly - And if there were no SAV repress. For a long time here, no clear official statement has come from the CEO - at least for the members, a signal if Mods also check this. I mean, no doubt that this is someone from Clean DNS; he said:

Hi - Chad from CleanDNS here. Happy to take a look into any account and review the data. Please DM me the email address on the account and I will investigate.

It should be clear, if the other accounts are also investigated.

Mustafa
 
0
•••
Their domain is registered with sav... Draw your own conclusions...
Regardless* of whether Sav is the best choice for a cybersec company to register your critical domains there, it is to be hoped that the automated AI solutions of CleanDNS will not block their own account at Sav.

*unwise
 
Last edited:
5
•••
I hope @Bravo Mod Team @Echo Mod Team @Alfa Mod Team @Paul

Check the Account of this new User @CleanDNS, who was clearly introduced by @Nick R
And verify them, pls, after clarification from SAV, what is going on.
Nick is a verified representative of Sav.com and has vouched for @CleanDNS:

@CleanDNS is also now a verified representative of CleanDNS.com.

We hope that helps.
 
7
•••
@CleanDNS is also now a verified representative of CleanDNS.com.
That's only a small fraction of the concerns, but it helps. This is what you can reasonably do from your side.

Thanks, Bravo.

Further measures are beyond the reach of NamePros moderators, and are really up to Sav and CleanDNS.
 
Last edited:
4
•••
@CleanDNS is also now a verified representative of CleanDNS.com.
We hope that helps.
That was not my point, to be honest - so to keep it short: It does not help me. I never doubt that he is a representative, and copying and pasting the same message in two different Threads shows that the CTO of SAV does not really take the concerns of paying customers seriously.

1.
Hello All. We just wanted to jump in and comment on this thread real quick. Sav does not tolerate domain abuse and takes abuse reports very seriously. We recently disabled a number of customer account’s and their domains after receiving verifiable evidence of one or more domains engaged per our Domain Name Registration Agreement. A few accounts were re-enabled after the customer agreed to make changes but this was not the majority. While we will be improving the notifications sent out to customers with domains engaged in abuse we will take action on any accounts and domains involved in abuse to do our part to help continue to make the Internet a safer place each and every day.

2.
Hello All. We just wanted to jump in and comment on this thread real quick. Sav does not tolerate domain abuse and takes abuse reports very seriously. We recently disabled a number of customer account’s and their domains after receiving verifiable evidence of one or more domains engaged per our Domain Name Registration Agreement. A few accounts were re-enabled after the customer agreed to make changes but this was not the majority. While we will be improving the notifications sent out to customers with domains engaged in abuse we will take action on any accounts and domains involved in abuse to do our part to help continue to make the Internet a safer place each and every day.
https://www.namepros.com/threads/sav-com-security-issues-warning.1287251/post-9218748

But dear Bravo & others, we don't have to always share the same opinion - otherwise, life would be boring :)

Have a great day & thanks for responding.

Kind regards, Mustafa
 
0
•••
@CleanDNS

Are you owned by/part of constellix?
Mr Jeffrey Bedser is both the founder of iThreat, and co-founder of CleanDNS.

https://ithreat.com/ithreat-announces-executive-appointments/

The current COO of CleanDNS, Inc., Mr Chad Los Schumacher, was Team Lead at iThreat Cyber Group.

https://www.caseiq.com/resources/investigating-using-the-dark-web/

CLEANDNS and CYBERTOOLBELT are trademarks of iThreat Cyber Group, Inc.

https://trademarks.justia.com/888/86/cleandns-88886900.html
https://trademarks.justia.com/863/67/cybertoolbelt-86367635.html

https://opencorporates.com/companies/us_nj/0100799970

iThreat Headquarters:

6 Montgomery Village Ave, Ste. 610
Gaithersburg, MD 20879
USA
 
Last edited:
8
•••
You have to understand that iThreat and CleanDNS are already deeply rooted in the operations of our critical infrastructure. This demands great care and responsibility. Like, the same diligence we expect from ICANN SSAC and PTI.

The things that CleanDNS does may be essentially good, but they must remain aware of their great influence and responsibility, while continuing to take the position of individual domain registrants —large and small— into account.

Particularly if you start using broad AI for abuse handling automation for major registrars and registries and it goes wrong.

Also, remember that iThreat is a large Internet intelligence company, and that they want to further expand their intelligence footprint in the future. Founded in 1997, iThreat has assisted hundreds of clients with thousands of Internet monitoring ops and investigations, including multiple successful multinational law enforcement operations.

The more 'fully managed' abuse handling contracts they can enter into with the CleanDNS product, the more information, signals, patterns and metadata they will be able to obtain about individuals, companies and [governmental] organizations worldwide. This may involve highly sensitive information, that will be combined with other intel sources for profiling and machine learning. Essential core functions of domain registrars and registries are completely being outsourced to this commercial, US based, third party, which will become increasingly influential by combining all the data it collects from everywhere.

A comparison with the recent global outage incident caused by CrowdStrike is not entirely valid, but there are certainly some similarities. I do want to make people aware of what can happen when companies in the cyber security industry become too influential. And that our society as a whole will become too dependent on these few influential companies, now armed with highly experimental AI mechanisms. A development that cannot easily be reversed, mainly because the CleanDNS product is marketed as a major cost saver for registrars and registries. But also because the technical knowledge on this subject will no longer be natively available at registrar/registry customers.

Given the way in which the COO of CleanDNS plans to handle Sav abuse tickets via DM here on this external forum, and that they do not even want to substantively address the essential points and concerns raised by this community that is also deeply rooted in the same Domain and DNS ecosystem, this doesn't bode well for the antenna that is needed to carefully and compliantly meet the high standards expected of this company. Especially when it comes to handling our sensitive data securely and responsibly.

Time for @ICA to step in. Let's start with ICA and then scale up from there.
 
Last edited:
9
•••
  • The sidebar remains visible by scrolling at a speed relative to the page’s height.
Back