Forgot your password?
typodupeerror

GoDaddy Holds Domains Hostage 389

Posted by CowboyNeal
from the pay-us dept.
saikou writes "There were previous reports of GoDaddy, one of the biggest domain name registrars, attacking Bittorrent sites with frivolous interpretation of their own Terms of Service (that story was resolved), and now similar events unfold with clients of one of Russian domain registrars Majordomo.ru -- GoDaddy has informed them that all 1399 client domains are now blocked (story in Russian) due to 'many of your domain names were listed in the Spamhaus.org blacklist or were resolving to a name server or IP address listed in the Spamhaus.org blacklist' with a demand of a neat '$199 non-refundable administration fee to the credit card on file for your account for each domain name you wish to reactivate' or $50 for each domain to be transferred out into another registrar. I am all for fighting spam, but given how unreliable spam black-lists are such actions simply damage the internet. Instead of affecting people that use spam lists to control the inflow of mail to some degree, all users are effectively forced to be black-list clients. Now all one needs to shut down a site is a few reports of spamming, and the domain (or even better, all domains of a given small registrar) will be suspended."
This discussion has been archived. No new comments can be posted.

GoDaddy Holds Domains Hostage

Comments Filter:
  • by Anon E. Muss (808473) on Saturday June 17, 2006 @10:43AM (#15554705)
    Once we allow domain registrars to become the Spam Police, very soon there will be political pressure for them to become the Content Police. It starts with spam and kiddie pron -- content that 99.999% of the world agrees is wrong. I guarantee it won't stop there.
  • Extortion (Score:5, Insightful)

    by aussie_a (778472) on Saturday June 17, 2006 @10:46AM (#15554711) Journal
    How is this little more then extortion? They have a thinly veiled reason, but let's say the spammers pay up. Their domain is re-activated. What then? How does that stop them from being spammers? This is just GoDaddy grabbing people willy nilly and forcing them to pay for fees they've already paid for.
  • by Halo1 (136547) <jonas.maebeNO@SPAMelis.ugent.be> on Saturday June 17, 2006 @10:50AM (#15554725) Homepage
    Actually, you need some level of self-policing to curb the problem if you want to demonstrate that laws are not necessary. Why should a domain name registrar be less responsible for spammers than hosting ISPs? Especially, since spammers nowadays often host their sites on hacked Windows boxes, with the DNS switching from one machine to another all the time (thus making the domain name their most important asset).
  • by SirFozzie (442268) on Saturday June 17, 2006 @10:51AM (#15554730)
    But good for GoDaddy. Spam is one of the scourges of the net and anyone who spams doesn't deserve to be on it.

    Besides, check out Spamhaus, it takes a lot more then a "few reports of spamming" to end up on their list. It takes solid evidence that you're a large-scale spammer or provide spam support services (such as bulletproof hosting)
  • by jiggerdot (976328) on Saturday June 17, 2006 @10:52AM (#15554733) Homepage
    The most fucked-up thing about this story is not the blocking of 1399(!) domains, but the fact that fact they CAN be reactivated, if only you pay 199$(!!) for "administration fees". This is not about policing the internet, it's about squeezing more money out of their customers. If this guy pays up, what prevents them from doing the same shit all over again 2 years from now? Hell, I'd like to know what their legal justification is now. Correct me if I'm wrong, but unless they are are hosting the stuff, they have no liabliity here, do they? Huh. I wonder if this can be used as an admissin on their end of being liable for content and actions of domains registered under them? Talk about watching an avalanche begin....
  • by eneville (745111) on Saturday June 17, 2006 @11:01AM (#15554758) Homepage
    If GoDaddy wants to make a stand they should alter their TOS to that effect BEFORE blocking domains. If they block the domains there should not be an extortionate fee to release it. The domain is neutral in this, the abuser should, although they are wrong, not have to pay GoDaddy in this way.
  • by Toe, The (545098) on Saturday June 17, 2006 @11:05AM (#15554773)
    Registrars are private entities... InterNIC is from last millennium.

    If you want to enforce that registrars cannot impose restrictions on their clients, then what kind of slippery slope are you encouraging?

    Are you saying that the worst murderous mobsters can operate massive criminal enterprises on a website hosted in an anarchistic country and their registrar should be prevented from denying them service?
  • by ergo98 (9391) on Saturday June 17, 2006 @11:07AM (#15554783) Homepage Journal
    a company selling $2 domain names is shady!!!

    Whats next, are you going to tell me that used car dealers can be less than fully honest? SAY IT AINT SO!


    Why? How complex do you think hosting a name <-> IP table is, especially when the basic, long-proven infrastructure costs are spread across tens of millions of domains.

    Network Solutions, the other end of the cost scale, has hardly been a model of good registrar behaviour. In fact most people consider them the scummiest, shadiest of the group.
  • Re:Uh... what? (Score:2, Insightful)

    by Anonymous Coward on Saturday June 17, 2006 @11:31AM (#15554862)
    The fact that they're saying "Just give us a little money and these complaints will disappear" makes the whole thing even shadier.
  • Re:Wrong. (Score:5, Insightful)

    by therblig (543426) on Saturday June 17, 2006 @11:43AM (#15554901)
    We were bitten by Spamhaus not for our actions, but for the action of an individual with an open relay occupying an adjacent IP address range. Spamhaus blocked the entire thing. I emailed them our domain whois and the snobby little bastards at Spamhaus brazenly told me that we were indeed the spammer and that we need to "clean up [our] act" before they would do anything. They went on to talk about "spam payloads"... WTF?!


    I don't know about the yacht in international waters, but I agree that Spamhaus wreaks havoc on organizations that have done nothing wrong. Our organization has been black listed before too, and it was in error. It finally got cleared up, but it is still damaging.
    We stopped using RBL's a long time ago, and have swtiched to something called Securence http://www.securence.com/ [securence.com]. It has been much more reliable than RBL's, and keeps the junk from ever getting to our server in the first place. I haven't had a complaint about a false positive since we switched, and it blocks over 100,000 spam/viruses/phishing attempts a day.
  • by mgkimsal2 (200677) on Saturday June 17, 2006 @11:45AM (#15554910) Homepage
    That's a shame. I've got a lot of domains with godaddy.com but am testing out other registrars and will be migrating more away. It's not just these sorts of reports, but also their switch to Microsoft IIS for parked domains that bothers me some.

    The sad thing is that this sort of thing on their part really won't hurt all that much. How much money would they have made on each of your domains for the next *10* years? $30? I'm basing this on $3 profit ($9 - $6 wholesale cost - maybe it's different for them?) By forcing you to leave they've almost doubled that, and they don't have any work to do to service you for the next 10 years either!

    If they could simply extract $50 from every single domain-name-only customer to transfer away they would be *far* more profitable than they are now because there'd be less overhead and work to do.
  • by Vancorps (746090) on Saturday June 17, 2006 @11:47AM (#15554915)
    Yes it will, that's why we invented reverse-DNS and more importantly SPF. This issue was resolved years ago.
  • by sauge (930823) on Saturday June 17, 2006 @12:13PM (#15555021)
    I hate all these idiot blackhole lists.

    One list complained my machine was using the wrong version of sendmail for their taste. Not one bit of spam came from the machine - but they listed it simply because I had an old version of sendmail.

    Since then I have considered all these lists to be unregulated vigilantes.

    Speaking with other people - they also found themselves listed on various BHLs over trite and stupid shit.

    With all the zombie computers out these days, BHLs are weapons of the last war anyhow.
  • by SD_92104 (714225) on Saturday June 17, 2006 @12:55PM (#15555149)
    As it should -- Gmail isn't passing on the X-Orig mailer field, which is why they got spamlisted.
    Cool - now non-standard headers (the X- prefixed ones) are all of a sudden required? Interesting interpretation of standards...
  • by McDutchie (151611) on Saturday June 17, 2006 @01:18PM (#15555218) Homepage
    PERM_FAILURE: SMTP Error (state 9): 554 Sorry, your mail server (py-out-1112.google.com[64.233.166.178]) is rejected using sbl-xbl.spamhaus.org. See http://postmaster.frontiernet.net/error.html#sbl-x [frontiernet.net] bl [frontiernet.net]

    This "evidence" appears to be fabricated. The IP address 64.233.166.178 is in fact not listed on Spamhaus at all:

    $ host 178.166.233.64.sbl-xbl.spamhaus.org
    Host 178.166.233.64.sbl-xbl.spamhaus.org not found: 3(NXDOMAIN)
    $

    or see the web lookup query [spamhaus.org] at spamhaus.org.

  • by VGPowerlord (621254) on Saturday June 17, 2006 @01:29PM (#15555257)
    Here, try this neat ICANN Registrar Complaint form [internic.net]. I can't say whether it's useful or not, but it couldn't hurt to fill it out.
  • by Anonymous Coward on Saturday June 17, 2006 @02:03PM (#15555396)
    I remember doing whois lookups and digs, and with the domains resolving back to GoDaddy as the register from time to time, I would complain to them for allowing registration of what were obviously domain names for spamming or mlm purposes which always turn out to be spam related as well. So I'd be putting pressure on GoDaddy for allowing the registrations, for not having software to look for obvious spam names within the domain names they currently register, and for other actions that enable or provide refuge to spammers.

    That being said, I'm also on the other end currently. One of the domains I'm hosting has the word "ebay" within the domain name. I never even realized this. The domain name is also a legal, currently registered and operating corporation within the US. It's been in business more than two years. Its line of business has nothing to do with spam, it deals with supplying certain metal goods to large distributors and large end users within the US and elsewhere. It's the type of business where you confirm the customer is a large end user or distributor, and upon doing this, you don't have a problem sending them several thousand dollars in samples, hoping they'll place blanket orders for years into the future. Without having the knowledge on running a mail server, and currently without the resources for a secondary dns on another ip block, it was decided that GoDaddy would be the host for the mail server for the domain.

    A few test emails from the business domain, with an email address that is obviously business related (sales@legitdomain, a few others), everything went through without a problem, great. Add email address to invoices, statements, shipping documents, product packaging, start using to communicate with new customers, suddenly a problem. Turns out if the email contains a couple of email addresses within the body, or if the email contains a couple of urls with certain keywords (keywords normally related to some of the customers' business lines), more than two urls, a combination of an email address and a url, and the emails would be rejected. GoDaddy's smtp server wouldn't accept the email for sending. Not that it would bounce, it would outright reject the email.

    Trying to get GoDaddy's tech department just to understand what was going on was difficult. Forward the bounce message. There is no bounce message, the smtp server is outright refusing to accept the email as it is being sent. Send the error message of your email client. Email client is KMail. Here's the instructions for Outlook. Email client is KMail. Here's the instructions for Mozilla mail. Email client is KMail. Here's a screenshot of the popup error message you requested. You're using a non-standard email client. Here's the instructions for outlook. Please send me responses in plain text instead of html. Sorry, our email is sent in html. Please don't send me instructions in .doc format, send in .txt or .pdf. Sorry, .doc format is all we have, here's a link to our internal documentation. Great, how do I get passed your firewall to view a GoDaddy internal documentation link?

    That's just the first few attempts to get the email working. Next, we received every excuse known to man for why mail was being blocked. Your domain is blacklisted by the RBLs. No its not. Your domain is blacklisted by Spamhaus. No, its not. Your ip is listed in Spamhaus. No its not. Your ip block is listed in Spamhaus. No, its not. The email domain you are sending your email to is listed in Spamhaus. Are you serious?

    Actual email trouble ticket response:

    Thank you for contacting customer support. The error message received is related to our anti-phishing software, which blocks known spammer links from being sent through our system. It primarily blocks links from sites listed on http://www.spamhaus.org/ [spamhaus.org] (also blocks our own "spammer" database).

  • by asuffield (111848) <asuffield@suffields.me.uk> on Saturday June 17, 2006 @02:23PM (#15555469)
    Actually, you need some level of self-policing to curb the problem if you want to demonstrate that laws are not necessary.

    That's a disingenuous myth. It's far, far better to have laws than self-policing.

    Why?

    Because laws come with other laws guaranteeing you due process. 'Self-policing' means a corporate does whatever they feel like to you. This GoDaddy nonsense is a classic example: $200, pay-or-be-damned, no evidence, no appeals, no way to argue your case.

    The best thing of all is neither laws nor self-policing, but rather a common carrier. That's an entity which moves data for everybody and every purpose without limits, and in exchance is not responsible for any of the data they move. Sure the terrorists can use it, but that's better than government or corporate intervention. Whenever this is reasonably practical, it's better than all the alternatives. It may not be practical for the sale of firearms, but it's definitely practical for the sale of DNS names.
  • by NormalVisual (565491) on Saturday June 17, 2006 @03:29PM (#15555670)
    I would say that you've never had the pleasure of having to deal with being blacklisted by an unreasonable asshole.

    I host my own mail and that of a friend. My friend was getting messages back from a couple of servers indicating that delivery of his mail was being denied because his (i.e. my) server was on the Abusive Hosts Blocking List (AHBL). Now, given that I have a very locked-down and tested qmail install and I'm providing valid SPF records from my DNS, I was a little perplexed. I got in touch with AHBL and was told that my entire IP range was on their blacklist simply because they had a beef with a particular spammer that operated from Time-Warner's network. I pointed out that this was a problem that concerned a completely different geographical area in TW's IP range, and that my IP was a static address within TW's business-class ranges. They basically said they didn't care, as my IP address belonged to TW, not to me, and because of that they absolutely were not going to unblock my IP address. It seems to me they consider their little infantile vigilante crusade against TW to be more important than anything else, even when it's pointed out to them that they are recommending the blocking of legitimate servers.

    Spam is certainly an annoyance to me (close to 1K every day), but I can't afford the possibility of losing valid e-mail because some idiot spam list admin has some kind of ideological problem with an ISP, so I don't use blacklists. I can't say that Spamhaus is any better or worse, but as far as I'm concerned, the staff at the AHBL (and Andrew Kirch in particular) can go fuck themselves with a large, jagged, rough-surfaced object.
  • Re:Spam is legal (Score:3, Insightful)

    by SillyNickName4me (760022) <dotslash@bartsplace.net> on Saturday June 17, 2006 @06:36PM (#15556263) Homepage
    Honestly, I'm all for the use of online marketing that allows you to, and respects your right to, opt-out.

    I have no problem with online marketing, but I have a problem whenever it is not opt-in (with a decent check on if you indeed tried to opt-in)

    There is no reason why people should fill my mailbox and use the bandwidth I pay for to tell me something I don't want to hear to begin with. Now, if they were paying for it themselves exclusively this might change, but for now I pay for the bandwidth usage of my mail server.
  • by Anonymous Coward on Saturday June 17, 2006 @07:56PM (#15556498)
    which begs the question---How tough is it to set up a registrar that ICANN will recognize?

    My experiences with godaddy suggest it's one of the more evil registrars. If you let your domain lapse, they'll usurp it and auction it off to the highest bidder. (And just because your TOS has a clause allowing you to do so doesn't make you not-evil..)
    -os
  • in other words (Score:4, Insightful)

    by alizard (107678) <alizard AT ecis DOT com> on Saturday June 17, 2006 @08:29PM (#15556598) Homepage
    You support Godaddy shutting down domains that are inadvertently associated with spam due to actions unconnected to people who bought domains in good faith from them or a downstream provider unless they're yours.

    This isn't the equivalent of a property owner evicting a tenant for drug violations, this is the equivalent of a property owner evicting every tenant in one of his buildings because one tenant is dealing drugs.

  • by Kisofdth (983328) on Saturday June 17, 2006 @10:28PM (#15556916)
    AUP Enforcement is the RIGHT way to eliminate spammers. I have also worked at a large ISP, and this is one of the best ways to fight spammers. Keep making it costly and more trouble for them than it is worth. Spamhaus is far and above the most reliable RBL in the world today and does more to help in the fight against spam than any other organization I know of. They are VERY reliable in only listing sites and domains with proper justification, and even more important deal with proper cleanup and removal of listings that have been remediated in a timely fashion. The reason you hear all the complaints about RBL's is because they are so effective. Yes, there is the occasional person that gets burnt because of their space being adjacent to spammers, but this also helps ISP's keep pressure on their clients to stay clean to prevent such over blockage. I'm personally familiar with one client of a large ISP that had a hard time kicking a known spammer off of their network due to a long pre-existing contractual obligation, that was able to finally disco them due to Go-Daddy's listing and blocking of dozens of their domains last year. Great job Go-Daddy! Keep it up, us regular users love to see you support your AUP!
  • It's not interesting at all, only perfectly as it should be. RFC 2821 explicitly says to leave all headers be, exactly as they are. From section 3.7:
    As discussed in section 2.4.1, a relay SMTP has no need to inspect or
    act upon the headers or body of the message data and MUST NOT do so
    except to add its own "Received:" header (section 4.4) and,
    optionally, to attempt to detect looping in the mail system (see
    section 6.2).
    In other words, an SMTP server shouldn't even look at the headers, even less modify then, be they X-* or not. (The funny thing is that section 2.4.1 doesn't seem to exist, though...)
  • by honkycat (249849) on Saturday June 17, 2006 @11:27PM (#15557080) Homepage Journal
    I don't dispute that they can do this, nor that their TOS permit it and perhaps give sufficient warning that it may happen. However, I still don't believe that "permitted under the TOS" is sufficient to make a behavior reasonable or responsible.

    It's great to try to reduce spam on the internet, I'm not against that. Based on anecdotes elsewhere in the thread, though, it sounds like GoDaddy is quite happy to cast a wide net and refuse to provide reasonable review of their decisions. Financially, it's obvious why, and that undermines the legitimacy of their efforts, IMO.
  • by Cramer (69040) on Monday June 19, 2006 @02:48AM (#15560331) Homepage
    This is exactly why I explicitly ignore the SORBS SpamTrap RBL. All it takes is ONE "spam" message EVER to be listed FOREVER. It doesn't even have to be spam; any message to one of their fly traps is all it takes. (they are such asses about it, too.) And they LIE about the process to get delisted -- "oh, nobody pays that 'donation' anymore..."

    Basically, SORBS is pissed at gmail because they don't do any outbound anti-spam inspection. (distributed sender database thing. I'd have to dig through my email to find exactly what they insist everyone run.)

My idea of roughing it turning the air conditioner too low.

Working...