Nameservers Changed Issues on Sav.com

[xmarthost]

My nameservers for all domains have been changed to ns1.all-harmless.domains and ns2.all-harmless.domains, and I am unable to change the DNS again. What could be the issue?

Also, a friend of mine is facing the same problem with over 600 domains. What's going on with sav.com?

 

[Nick R]

I'm not talking about policies here. It's about execution.

You're a relatively small registrar, and yet you still score insanely bad on keeping the Internet safe, objectively measured by the organizations that matter and in which CleanDNS also takes place.

The proof will be in the pudding. Let's table this for a few months and see what the results show.

 

[Future Sensors]

In the meantime, go clean up the reviews on your claimed Trustpilot profile.

 

[bmugford]

Let's table this for a few months and see what the results show.

Well, that's not gonna happen.

A few months of registrant's domains expiring and Sav.com keeping the profits is not acceptable.

You have already locked the nameservers. Allow the registrants to transfer the domains.

It is not your property to seize without due process and profit from.

https://twitter.com/x/status/1821224524656111977

 

[Future Sensors]

@Nick R @Sav.com

It is remarkable that other registrars continue to engage in active and pleasant discussions with members on this forum, and listen to relevant points of substantive criticism that come with it. Always done with the aim of wanting to improve the services of the registrar or marketplace. If this forum could only consist of compliments, no one would come here anymore and it would have no added value whatsoever.

Immediately threatening to leave when there's even a little bit of criticism, that really says a lot about the state of Sav.com at the moment, and the willingness to really want to listen to power users and change the direction of the company.

If you do it right, this forum can benefit you enormously. If you don't want that, feel free to continue on the path you've already taken.

 

[bmugford]

It is remarkable that other registrars continue to engage in active and pleasant discussions with members on this forum, and listen to relevant points of substantive criticism that come with it. Always done with the aim of wanting to improve the services of the registrar or marketplace. If this forum could only consist of compliments, no one would come here anymore and it would have no added value whatsoever.

Immediately threatening to leave when there's even a little bit of criticism, that really says a lot about the state of Sav.com at the moment, and the willingness to really want to listen to power users and change the direction of the company.

If you do it right, this forum can benefit you enormously. If you don't want that, feel free to continue on the path you've already taken.

Everything else aside, the bug bounty report alone was worth much more to Sav.com than any engagement effort they spent on this thread. It likely saved them a lot of money down the road, related to the potential abuse of this very serious security flaw.

Having to answer some tough questions comes with the territory. If you are going to take drastic actions, you better be willing to defend them.

Brad

 

[Future Sensors]

Everything else aside, the bug bounty report alone was worth much more to Sav.com than any engagement effort they spent on this thread. It likely saved them a lot of money down the road, related to the potential abuse of this very serious security flaw.

True. But it's a shame that earlier reports about this same issue were never picked up by Sav. It was only when it received a lot of attention in this thread and valued member @Gabriele started testing further, that the problem was quickly fixed to show how on top of security Sav is. Meanwhile, there have been security problems all this time and CleanDNS had its broad actions partly based on Sav's incorrect registrant administration.

 

[bmugford]

True. But it's a shame that earlier reports about this same problem were never picked up by Sav. It was only when it received a lot of attention in this thread and valued member @Gabriele started testing further, that the problem was quickly fixed to show how on top of security Sav is. Meanwhile, there have been security problems all this time and CleanDNS had its broad actions partly based on Sav's incorrect registrant administration.

Yeah, it seems like Sav.com was (or should have been) aware of these issues.

Maybe it was just shining light on it that caused the action.

They still need to remove orphaned listings. That is an issue in itself.

Brad

 

[Nick R]

Yeah, it seems like Sav.com was (or should have been) aware of these issues.

Maybe it was just shining light on it that caused the action.

They still need to remove orphaned listings. That is an issue in itself.

Brad

That is in progress as we speak. It may take a few days.

 

[zotix]

@Nick R ; Could you kindly sign off on your Messages?

You started (as said), to respond when the real thing with the orphaned listings was discovered.
All the time before, it was just not doing anything.

Our Future Participation in NamePros
We are happy to participate in threads that have a clear focus on a Sav-related issue and stay on topic. However, should they be disrespectful, speculative or go wildly off track (like into a company's job postings), will pause our participation and refer people to our very-capable 24/7 support team. That was the case in the past but we are happy to try again. We are not always able to keep up with a forum thread that has 30 posts a day so should we have missed anything specific, and I’m sure we did, please DM me or @CleanDNS directly.

Your Job Postings are openly accessible to everyone; other companies use them (by the way, for your information) to track whether a company is growing or not—even for competitor analysis. I think the Screenshots of the Answers on X showed that your internal communication flow is lacking or not aligned properly.
Advice: Better invest in one Ressource that coordinates the communication flows and brings it to the Mgmt.
Is being disrespectful also something that you—or SAV—see that probably is an answer from people who feel mistreated by SAV? Maybe?
And "speculative" = Let's be honest. If you reply two times in this Thread, don't officially announce and get 6k Domains out of the way, and have no communication if there is an opt-in to give CleanDNS more Data than needed, then—of course—there will be discussions about that in a forum. Speculations are part of that since we don't sit in your Headquarters.

will pause our participation and refer people to our very-capable 24/7 support team.

Well, Let's give an example: I have an 18-year-old brother currently searching for an Internship for his studies - most likely somewhere in Investment Banking. I have talked to him and explained to him how to deal with criticism, being professional and respectful. Why? because he was always hiding and quiet and got afraid when someone gave him fault or anything against him was openly talked about.
The ultimate goal was to explain to him that in the "real business world," there is always something that happens which is not your fault. but you need to learn during your Internship already that there will be mistakes you probably make, bad Feedback, work hard, and long hours because your boss wants you to do so. He just said: But why should I care? If I can go out of the way, there is no conflict.
My answer: Yes, you can do that - you should avoid conflicts, but later on if you are taking responsibility, budget responsibility - represent a company or are a decision taker, you can not just hide.

Long story short: Im not sure, if he will improve, but I hope you go my message.

Kind regards,
Mustafa

 

[Grilled]

It is not your property to seize without due process and profit from.

https://twitter.com/x/status/1821224524656111977

In fairness, do we know the policies of other registrars? Does GoDaddy auction off locked domains?

If all registrar's profit from auctioning off locked domains, isn't that more of an ICA thing than a Sav thing?

Issue #1: How domains are determined to be locked down.

Issue #2: Should registrar's allow expired locked domains to be auctioned at their registrar?

Issue #2 Options:

(A) Registrar removes locked domains from their expired auctions, and then Drop catching platforms like Sav/DropCatch then could potentially profit from the auction.

(B) Registrar auctions the domain, then the malicious domain is still at the same registrar except assuming with a different user. Which begs the question, Is the domain itself the problem or was the registrant the problem?

(C) Registrar donates the proceeds of all locked domains auctioned off to organizations dedicated to protecting the Internet.

I'm thinking option (A) might be the most ethical option, as locking/not auctioning the domain shows Sav wants nothing to do with that domain.

...

Some questions:

When Sav auctions a locked domain, does that mean the domain then regains access to DNS and other services under somebody else's account?

-- If so, does that negate safeguarding the Internet?

-- Or, does that allow for Sav to lockdown/monitor the domain again without having to pay Verisign a renewal fee?

---

I bulk checked the nameservers of the first 5,000 domains closing today at sav auctions. Some results came up null so the list may be incomplete, however here are the domains that came up with the "harmless" nameservers...

clique30hrs.net
clique30hrs.us
clique30hrs.com
skatdk-help.info
aktivatdop.org
awwesomebaankeer.site
beestcourse.online
biigtrrusst.site
bonusresgata.us
chswisscwebs.net
chngeupdate.com
chswisscweb.net
eassysttuddy.online
edopomoga-7300.live
edopomoga-7300.pro
effecttiveinnvestoor.online
eliitebaankeer.online
finviplati51ua.cloud
fiinestwoorlld.online
fokusatdop.com
gennius.online
greattestpllatforrm.site
grreatgrrouup.site
huuggewoorlld.online
iddealcorporation.online
iddeealcorporation.site
insspiringwoorlld.online
justfashionmow.com
limiitedsttarrttup.site
maainpllatforrm.site
nnewpllatforrm.online
onneccorrp.online
powwerfulgllobaal.site
presstigeveenturre.site
produuctivewaalll.site
smaartprrograam.site
skkilfultrrusst.online
toopgllobaal.site
unbellievableveenturre.site
uniqquebrrokeer.online
ussefulfooundaation.site
usdermtologypartners.com
thebloomfilter.cloud
santander-areaclientes.com
site-e-s.com
jewelxpress.com
lmagin-areaclientes.com
mx-e-s.com
imagin-areaclientes.com
elegantdangles.com
finejewelrycraft.com
earglitz.com
earringgem.com
earglowing.com
canevolveacquisitions.net
kifolrktu.best
hgoieoy.best
lowumfive.com
joyumfarm.com
cutcxfive.com
smslivelo.info
aktivatdop.biz
aktivatdop.bio
aktivatdop.work
aktivatdop.live
finwiplati61ua.pro
huugewoorlld.site
luxxurycoorporatioon.online
moonmagic.vip
moonmagicworld.vip
myedopomoga-7300.live
perffectdeefensse.site
younglaworld.vip
simius.cloud
support-login.pro

Notably the above locked expiring auction domains have been flagged elsewhere, because when I tried to email the list, the email was flagged and blocked by Gmail.

 

[bmugford]

In fairness, do we know the policies of other registrars? Does GoDaddy auction off locked domains?

The problem is Sav.com is using alleged abuse reports to lock entire accounts including ALL domains in them.

If there were reports of other registrars seizing thousands of domains, many of which are unrelated to the abuse reports, I would be just as concerned.

CleanDNS clearly has a bad 3+ year track record with Sav.com, based on their abuse numbers.

So, right out of the gate I am not sure how much they can be trusted when it comes to this drastic action.
They and/or Sav.com have done a terrible job when it came to abuse in the past.

I am not willing to just "trust us".

The fact that Sav.com also has a financial interest in locking down entire portfolios, to auction the domains later, is just icing on the cake.

Brad

 

[Nick R]

The problem is Sav.com is using alleged abuse reports to lock entire accounts including ALL domains in them.

If there were reports of other registrars seizing thousands of domains, many of which are unrelated to the abuse reports, I would be just as concerned.

CleanDNS clearly has a bad 3+ year track record with Sav.com, based on their abuse numbers.

So, right out of the gate I am not sure how much they can be trusted when it comes to this drastic action.
They and/or Sav.com have done a terrible job when it came to abuse in the past.

I am not willing to just "trust us".

The fact that Sav.com also has a financial interest in locking down entire portfolios, to auction the domains later, is just icing on the cake.

Brad

We do manually verify each abuse report to ensure that it is valid. There are a lot of abuse reports that can not be verified and have no impact on a domain.

 

[bmugford]

Issue #1: How domains are determined to be locked down.

This really is issue number one.

The registrar and CleanDNS are the judge and jury with no real recourse.

Issue #2: Should registrar's allow expired locked domains to be auctioned at their registrar?

I don't think a registrar should profit from any domain that is locked because of abuse. That just seems ridiculous.

It is more of an issue if they use that abuse to justify locking domains that were unrelated to the abuse, then also profiting from those.

The conflict of interest there is crystal clear and it could seriously be abused.

If there was no potential financial gain for the registrar, it would make their actions a little more defensible.

Brad

 

[bmugford]

We do manually verify each abuse report to ensure that it is valid. There are a lot of abuse reports that can not be verified and have no impact on a domain.

Again, let's say you have a legit complaint on ABC123.com.

That doesn't justify locking 800 other domains that have nothing to do with that report.

You already control the nameservers. You therefore can mitigate any damage.

You can choose who you do business with. The issue is when you are seizing their property, AKA every other unrelated domain, without due process. It's simply not your property to do with as you please.

Brad

 

[Nick R]

This really is issue number one.

The registrar and CleanDNS are the judge and jury with no real recourse.


I don't think a registrar should profit from any domain that is locked because of abuse. That just seems ridiculous.

It is more of an issue if they use that abuse to justify locking domains that were unrelated to the abuse, then also profiting from those.

The conflict of interest there is crystal clear and it could seriously be abused.

If there was no potential financial gain for the registrar, it would make their actions a little more defensible.

Brad

We completely understand your viewpoint and hope we can rebuild your trust in Sav over time. We are trying to be as open as possible to make our policies clear to everyone. If anyone has concerns about their domains that were disabled for abuse, please DM me or @CleanDNS directly and we can talk about them.

 

[Nick R]

Again, let's say you have a legit complaint on ABC123.com.

That doesn't justify locking 800 other domains that have nothing to do with that report.

You already control the nameservers. You therefore can mitigate any damage.

You can choose who you do business with. The issue is when you are seizing their property, AKA every other unrelated domain, without due process. It's simply not your property to do with as you please.

Brad

Please see our previous comments on this. One verified complaint on ABC123.com will not cause an entire account to be disabled.

 

[Future Sensors]

I don't hear anything about those accounts that, on second thought, should not have been locked by Sav, and yet they were unlocked again, despite it being said earlier that the decision was 'final'.

 

[Future Sensors]

to make our policies clear to everyone

Again, it's not about policies alone. It's about your actions, and trust in your company.

 

[bmugford]

We completely understand your viewpoint and hope we can rebuild your trust in Sav over time. We are trying to be as open as possible to make our policies clear to everyone. If anyone has concerns about their domains that were disabled for abuse, please DM me or @CleanDNS directly and we can talk about them.

Start by unlocking accounts, and allowing people to retrieve AUTH codes to transfer their domains out.

This especially includes every domain unrelated to a direct abuse report.

You already control the nameservers. No damage can be done.

Brad

 

[Nick R]

I don't hear anything about those accounts that, on second thought, should not have been locked by Sav, and yet they were unlocked again, despite it being said earlier that the decision was 'final'.

Start by unlocking accounts, and allowing people to retrieve AUTH codes to transfer their domains out.

This especially includes every domain unrelated to a direct abuse report.

You already control the nameservers. No damage can be done.

Brad

We do not want abusive registrants to just move their domains to another registrar and restart the abuse there. I think we can all agree that this is bad for the Internet.