Nameservers Changed Issues on Sav.com

[xmarthost]

My nameservers for all domains have been changed to ns1.all-harmless.domains and ns2.all-harmless.domains, and I am unable to change the DNS again. What could be the issue?

Also, a friend of mine is facing the same problem with over 600 domains. What's going on with sav.com?

 

[zotix]

I will review and share the specific evidence, outreach attempts, and any other records we have.

Please share it with the respective account holders with proper evidence.
That's at least what not me but ICANN (s. guidelines) expect from you.
Your auto-detection system is somehow lacking, I would advise you to do a review on that ; if you need help, reach out to me.
If it's part of the SAVs strategy, you are responsible for the damage your "so-called fraud system" has caused.

Are you able to at least give a few examples (not real ones) that are similar to those on your 60k list?

Mustafa

 

[zotix]

The problem is even if you get some valid abuse report, say for spam on a domain, it is unreasonable to block an entire account with hundreds of unrelated domains. These domains could be worth hundreds of thousands of dollars or more.

You have put yourself in the position of judge, jury, and executioner like I said earlier.

You can reject business. You can't just seize assets without due process.

Also, explain to me what would happen to these domains. The registrant can't access the account to renew or transfer any domains.

Would these then go through the Sav.com expired auction platform? If so, I am sure you can see the massive financial conflict of interest there.

Brad

Thank you, not only for being part of this thread but also for supporting people with your knowledge.
I appreciate that so much!

Mustafa

 

[Grilled]

It seems like a lazy customer support response, kind of like their response to my post on Twitter.

Right!

But unlike the Twitter response, i wonder if Sav's copy/pasted trustpilot responses could be opening Sav up to slander/libel if one of those commenters didn't in fact engage in abuse and/or if there isn't actually verifiable evidence?

Spoiler: Gemini Answer

Many domain owners are having their entire domain portfolio suspended by their registrar SAV.com due to abuse complaints. Specifically, SAV.com recently hired a new abuse team that backfilled a bunch of abuse compliance.

A customer reported a Trustpilot review detailing the suspension of 400 domain names without prior notification or evidence provided. SAV.com responded by stating they take abuse reports seriously and had verifiable evidence of abuse. However, the issue appears to be the blanket suspension of entire portfolios and the subsequent reactivation of some accounts, raising questions about the accuracy of the abuse claims.
Potential Legal Issues for SAV.com:

• Slander/Libel: If SAV.com falsely claims verifiable evidence of abuse, they could be liable for damaging the customer's reputation.
• Breach of Contract: Suspending entire portfolios without following the Domain Name Registration Agreement's procedures could be considered a breach of contract.

What Can the Customer Do?

• Review the Domain Name Registration Agreement: Understand the agreement's terms regarding abuse complaints and domain suspension procedures.
• Contact SAV.com: Request specific details about the alleged abuse and the evidence supporting the suspension.
• Dispute the Suspension: Follow SAV.com's dispute process to challenge the suspension.
• File an ICANN Complaint: If the dispute with SAV.com is not resolved, the customer can file a complaint with the Internet Corporation for Assigned Names and Numbers (ICANN). ICANN provides a dispute resolution process for domain-related issues.
• Seek Legal Advice: If other avenues fail, consult with a lawyer specializing in internet law.

Recommendations for SAV.com:

• Targeted Suspension: Suspend only the domains involved in the abuse complaint.
• Improved Communication: Clearly communicate the reason for suspension and provide evidence before taking action.
• Appeals Process: Establish a clear appeals process for customers who believe their domains were wrongly suspended.

While SAV.com has a responsibility to address abuse, their current approach is aggressive and could lead to legal issues. A more measured approach with better communication and evidence transparency would benefit both SAV.com and their customers.

 

[Ahsan0844]

I have registered 706 domains with @SavRegistrar. Suddenly, they changed all the nameservers to (ns1.all-harmless.domains, ns2.all-harmless.domains) without my authorization. When I contacted their live support, they redirected me to the abuse team via email. After 2 days, I got a vague response claiming my domains were restricted due to "abuse or malware" without any proof.

These domains are worth over $10,000, and my sites have been inactive for over a week, causing significant financial losses. This unprofessional behavior is unacceptable. Now, their support team is unhelpful and often unavailable. Is this how you treat your customers?

If my domains are not restored immediately, I will take legal action and file a complaint with ICANN. As an SEO expert, I will also publish detailed accounts of this scam across all platforms. This is your final warning. #SavRegistrar #CustomerServiceFail #ScamAlert

 

[Future Sensors]

 

[End User King]

I've had multiple domains lost on Sav due to abuse of their non working systems. Names magically vanish from my account and later sold for $xx,xxx. I'm glad you're finally getting called out. I'm here for the smoke. And have receipts

 

[bmugford]

Show attachment 260298

You know, looking at their Trustpilot ratings this level of support might just be par for the course.

They should really work on that.

 

[alcy]

I've had multiple domains lost on Sav due to abuse of their non working systems. Names magically vanish from my account and later sold for $xx,xxx. I'm glad you're finally getting called out. I'm here for the smoke. And have receipts

which names vanished and sold? sold how? on expired? I had names vanish too from bugs..but luckily I noticed and restored them and they never got to expired auctions.

 

[ryan87]

Historically, we were reviewing on a domain-by-domain basis on behalf of Sav for years. This was ineffective as the registrant would just create new domains that would repeat abuses and we would act against the domain again. We since jointly developed tools and methods that allowed us to look at the whole account to assess what happened. The tools simply gave us a bigger picture than what we were previously dealing with. Reinstated accounts have verified abuse reports to support the actions initially taken. When we began receiving appeals, we received additional information from account holders allowed us to reasonably believe that the abuse was mitigated.

That sounds awful for consumers. I understand the futility of playing domain-by-domain whack-a-mole, but I don’t understand why you can’t reserve drastic action like this for accounts that have actually engaged in creating new domains to repeat abuses.

It’s so frustrating that registrants complaining to ICANN have to demonstrate very specific, actual violations of contracted parties like registrars and registries, but regularly get subjected to broad, speculative, subjective enforcement actions by those same parties.

We can’t quantify the reliability of your “tools and methods”, so how are we supposed to assess the risk of false positives? The fact that you’ve reinstated accounts is a clear demonstration that your tools don’t work well enough to be relied on for such drastic, broad action, so the logical thing to do, at least in my opinion, is to avoid registrars that use your service.

You need to consider this from the perspective of a registrant that’s acting in good faith and gets matched to some undefined pattern of behavior that you consider malicious. Personally, I’d expect an opportunity to defend or explain myself before having a domain suspended. I’d be extremely upset if I didn’t get contacted before an account ban. I don’t like piling on, but it seems like you’ve built a system that’s better for you and are ignoring the negative consequences that could be suffered by registrants.

 

[Future Sensors]

We can’t quantify the reliability of your “tools and methods”, so how are we supposed to assess the risk of false positives? The fact that you’ve reinstated accounts is a clear demonstration that your tools don’t work well enough to be relied on for such drastic, broad action, so the logical thing to do, at least in my opinion, is to avoid registrars that use your service.

Well said.

Many good arguments given here are not seriously addressed. Fortunately, I have not been affected by this incident in any way, and have not a single domain registered with Sav.

Your advice to avoid registrars that work with the fully managed abuse handling solutions of CleanDNS, Inc. sounds very reasonable after this major incident, because CleanDNS seriously drops the ball here. CleanDNS extensively documents all their commercial "successes" via press releases on their website, so it will be easy to track which registrars to avoid in the future.

And let me be very clear, as I've said earlier in this thread as well: when it really comes to DNS abuse, malware, ransomware, ddos and phishing, those domains affected should be carefully put on Hold. The innovative, AI-like interventions we're now seeing at Sav/CleanDNS are way too broad, and are causing serious damage to the domain ecosystem as a whole. Something you were just wishing to avoid.

To Sav and CleanDNS I'd say, it's never too late to apologize, write a sincere post-mortem, and learn from this major incident. Maybe that would even help Sav score better as a domain registrar, because its reputation is still way below average. Not only as seen by their customers, but also as seen by professionals active in the field of cyber security.

CleanDNS appears to have been responsible for this for about 3 years now.

For Sav, it may be a good idea to start interacting again with your valued customers in the Sav Official thread on this forum, like you used to do in the past. Learn from your mistakes, and improve. Starting today.

Good luck @Sav.com (Sav.com)
Good luck @Nick R (CTO, Sav.com)
Good luck @CleanDNS (CleanDNS.com)

Future Sensors

 

[Future Sensors]

Convenient of Sav to delegate it to a new, unaccredited account on this NamePros forum. Sure, just give all your personal information to that account and let the Sav abuse handling take place via DMs on this web forum with CleanDNS. I find it very unwise.

In addition to what has been mentioned, I would like to add that this external party, with whom you have no official relationship, will also have insight into which NamePros account belongs to which Sav account, and your complete posting history on NamePros will be visible to them.

 

[pb]

Historically, we were reviewing on a domain-by-domain basis on behalf of Sav for years. This was ineffective as the registrant would just create new domains that would repeat abuses and we would act against the domain again.

You know it's possible to program a function that disables the ability of a given account to register new domains without affecting anything else, right?

 

[zotix]

Well said.

Many good arguments given here are not seriously addressed. Fortunately, I have not been affected by this incident in any way, and have not a single domain registered with Sav.

Your advice to avoid registrars that work with the fully managed abuse handling solutions of CleanDNS, Inc. sounds very reasonable after this major incident, because CleanDNS seriously drops the ball here. CleanDNS extensively documents all their commercial "successes" via press releases on their website, so it will be easy to track which registrars to avoid in the future.

And let me be very clear, as I've said earlier in this thread as well: when it really comes to DNS abuse, malware, ransomware, ddos and phishing, those domains affected should be carefully put on Hold. The innovative, AI-like interventions we're now seeing at Sav/CleanDNS are way too broad, and are causing serious damage to the domain ecosystem as a whole. Something you were just wishing to avoid.

To Sav and CleanDNS I'd say, it's never too late to apologize, write a sincere post-mortem, and learn from this major incident. Maybe that would even help Sav score better as a domain registrar, because its reputation is still way below average. Not only as seen by their customers, but also as seen by professionals active in the field of cyber security.

CleanDNS appears to have been responsible for this for about 3 years now.

For Sav, it may be a good idea to start interacting again with your valued customers in the Sav Official thread on this forum, like you used to do in the past. Learn from your mistakes, and improve. Starting today.

Good luck @Sav.com (Sav.com)
Good luck @Nick R (CTO, Sav.com)
Good luck @CleanDNS (CleanDNS.com)

Future Sensors

Pin this msg pls. I cannot agree more.

As I said, an extensive restructuring will come, mark my words.
Not only operational but also in the leadership team. Sa(w/v) it too many times, the first signal to publicity is always an exchange in the leadership team. Ultimately, they are the decision taker.

Balance sheet, etc., and financial (at least from what I researched) are not accessible for SAV; but having 2mio DUM seems to be good - but if the cost structure is way too high + things like this case now, this might (In this case will) bring you back to reality.
CEO is such an intelligent guy; that's all I can say about the leadership team.

The CTO needs communication training; The COO knows how to strategically integrate a third party and test the systems by heart (but what I'm talking about here are so talented devs).
Im not surprised; it's not the first case, unfortunately.
Im just sorry for the people who are affected.

Mustafa

 

[gabri3l]

You have full account access of Sav customers?

CleanDNS as Processor

In the provision of our services, CleanDNS is ordinarily considered a processor for our clients. In
such instances the relevant client will continue to be the Controller and we will process data under
the terms of our agreements with those clients (Controller Instructions).

Such data ordinarily includes the following :
• Screenshots of a publicly resolving domain or URL reported for abuse which may or may not
contain personal information.
• Non-Public Whois data (limited to only those clients who specifically provide such data to us in
the provision of our Services to them)

• Name​

• Address​

• Phone Number​

• Email​

• Fax Number​

https://cleandns.com/privacy-policy/

 

[Kali42]

[email protected]​	4:34 AM (7 hours ago)
to me

Sav.com, LLC
2229 South Michigan Ave, Suite 303, Chicago, IL 60616
+1 (888) 580-8790 (Law Enforcement Only) | sav.com | [email protected]

Dear Registrant,

Thank you for choosing Sav.com for your domain name needs.

Following a thorough review of your domain portfolio and the associated abuse reports, we have assessed that your account poses a high risk. Consequently, we have disabled your domains and locked your account. Please note that this decision is final and will not be reversed.

Thank you for your understanding.

Sincerely,
The Sav.com Safety Team

* betwisdom[.]com
* welcome[.]agency
* 247beverages[.]com
* genesis[.]ventures
* trendyour[.]com
* feedingtruth[.]com
* findingadventures[.]com
* domainname[.]forsale
* zonic[.]io
* visitgalaxy[.]com
* devilserver[.]com
* blogexpert[.]net
* ocean[.]ventures
* freedomandhappiness[.]com
* enjoyandlearn[.]com
* nomadthings[.]com
* collegeofhiphop[.]com
* apexknife[.]com
* independentdragon[.]com
* cloaker[.]co
* redhorizon[.]io
* portableseats[.]com
* cloudemail[.]co
* xca[.]io
* kxz[.]io
* techtron[.]io
* advi[.]io
* blognft[.]com
* littlemoon[.]co
* sleeptonight[.]com
* bestsellers[.]co
* balinese[.]net
* cancelmyflight[.]com
* sms[.]team
* book[.]company
* omelette[.]io
* word[.]farm
* outcasts[.]co
* authors[.]io
* happymoon[.]co
* moongroup[.]co
* clickr[.]co
* cobra[.]company
* rhino[.]group
* hold[.]company
* taco[.]world
* haze[.]group
* piya[.]net
* timelessmoon[.]com
* travelmoon[.]co
* moonsource[.]com
* stevz[.]com
* spacemoon[.]io
* voo[.]me
* chill[.]media
* healthworldwide[.]org
* glamgirlscosmetics[.]com
* last[.]group
* yoghurt[.]io
* fresh[.]blue
* expresso[.]bar
* well[.]bio
* superhero[.]world
* company[.]bio
* fab[.]company
* exit[.]media
* cape[.]media
* influencemakeup[.]com
* makeupresearchprogram[.]com
* 801[.]org

## EXPLANATION OF ABUSE AND EVIDENCE

These domains appear to have been recently registered for the purpose of abuse.


[REF# 66a184b18ef2916adf04c861]

Clicking on links contained in this email may lead to malicious code (including but not limited to viruses, trojans, key loggers, and worms) that could infect and/or damage your computer and/or network. Please exercise extreme caution when clicking on such links. If you have any doubts about any such links or attachments, please contact your system administrator or network supervisor before clicking on any of those links. Sav.com, LLC assumes no responsibility for any damage that occurs arising out of such actions.


About 4 of these domains are not even mine, and seem added to my sav account.

Most if not all are listed on Atom for sale.

Just looked into espressso.bar its not even on SAV LOLLL

 

[bmugford]

Such data ordinarily includes the following :
• Screenshots of a publicly resolving domain or URL reported for abuse which may or may not
contain personal information.
• Non-Public Whois data (limited to only those clients who specifically provide such data to us in
the provision of our Services to them)

• Name​

• Address​

• Phone Number​

• Email​

• Fax Number​

https://cleandns.com/privacy-policy/

Interesting.

Is Sav.com sharing this non-public whois data with CleanDNS?

If so, it could lead to potential issues with GDPR and other privacy laws and regulations.

Brad

 

[Dhomer]

Hello, I use Siteground and have had the same issue with one of my domains. However mine is registered through tucows. Virtually no support and we are in the dark as to why they have locked the name servers and Siteground says they have no info and that we have to contact tucows

 

[Future Sensors]

CleanDNS as Processor

In the provision of our services, CleanDNS is ordinarily considered a processor for our clients. In
such instances the relevant client will continue to be the Controller and we will process data under
the terms of our agreements with those clients (Controller Instructions).

Such data ordinarily includes the following :
• Screenshots of a publicly resolving domain or URL reported for abuse which may or may not
contain personal information.
• Non-Public Whois data (limited to only those clients who specifically provide such data to us in
the provision of our Services to them)

• Name​

• Address​

• Phone Number​

• Email​

• Fax Number​

https://cleandns.com/privacy-policy/

Thank you for bringing this additional information, which is available on the CleanDNS website, to my attention.

In the course of this thread it indeed became clear that CleanDNS has been handling registrar abuse cases for Sav.com for about 3 years. CleanDNS indirectly praises itself highly for their own work in their recent press release.

Despite CleanDNS's services, Sav.com remains a magnet for all sorts of misery on the Internet.

Sure, there is nothing wrong with outsourcing registrar abuse handling to an external party, provided that sufficient safeguards are built in. Now that it has become apparent that CleanDNS makes these kinds of mistakes as discussed in this thread, it also becomes clear that these safeguards appear to be insufficient.

Earlier in this thread I wondered to what extent Sav's own privacy statement says anything about an external party such as CleanDNS that is handling sensitive abuse cases with Sav customers via an external web forum such as NamePros in DM, without there being a direct CleanDNS-customer agreement or relationship. That relationship only exists between Sav.com and CleanDNS -- as others have rightly pointed out.

Incidentally, DMs on NamePros are called DM and not PM for a reason. These are not private messages. The moderation teams can read and intervene, and all information remains stored on the NamePros systems forever 'in the cloud'. What exactly does Sav say about this in its own terms and conditions? What does CleanDNS say about this in its terms and conditions? Does it comply with privacy legislation in all jurisdictions? Also in EU member states? Shall we ask authorities how they think about this?

Whose idea was it to start doing Sav abuse handling through this unaccredited CleanDNS account on the external NamePros web forum, Sav's or CleanDNS's idea?

In any case, at this moment it is well known how cybersec professionals think about these developments. This behavior is absolutely not appropriate for a company active in the cybersecurity industry. Moreover, it's a shame that CleanDNS apparently lacks the antenna to sense these nuances and correct itself.

 

[dirk]

Interesting.

Is Sav.com sharing this non-public whois data with CleanDNS?

If so, it could lead to potential issues with GDPR and other privacy laws and regulations.

Brad

Thanks for pointing that out ... Investigating.

 

[zotix]

Interesting.

Is Sav.com sharing this non-public whois data with CleanDNS?

If so, it could lead to potential issues with GDPR and other privacy laws and regulations.

Brad

Brad, that's exactly what im concerned about!
It is not clearly defined, not in SAV's Terms (well, they write, at least, that they share with a third party), but the same is mentioned in CleanDNS ("Clean"). It would be funny in this context if there weren't so many people affected—I could potentially laugh.

I would appreciate if someone with a bit of law understanding in this context of domains could throw a look at these 12 PDF pages;

https://cleandns.com/wp-content/uploads/2024/07/CleanDNS-Privacy-Policy-July-2024-1.pdf

So potentially, if I get treated "not well" by them, I can reach out to them to get a full package of my stored data and could potentially ask for deletion.
They seem to "sell" the data, which is also anonymous.

How to contact the appropriate authority?Although CleanDNS is a US based organization, should you wish to report a complaint or ifyou feel that CleanDNS, Inc has not addressed your concern in a satisfactory manner, youmay contact the Irish Data Protection Commissioner, as our expected Lead EuropeanData Protection Commission,21 Fitzwilliam Square South,Dublin 2,D02 RD28,Irelandhttp://www.dataprotection.ie

make the internet "sav"er . well done

Mustafa