GoDaddy Holds Domains Hostage

saikou writes "There were previous reports of GoDaddy, one of the biggest domain name registrars, attacking Bittorrent sites with frivolous interpretation of their own Terms of Service (that story was resolved), and now similar events unfold with clients of one of Russian domain registrars Majordomo.ru -- GoDaddy has informed them that all 1399 client domains are now blocked (story in Russian) due to 'many of your domain names were listed in the Spamhaus.org blacklist or were resolving to a name server or IP address listed in the Spamhaus.org blacklist' with a demand of a neat '$199 non-refundable administration fee to the credit card on file for your account for each domain name you wish to reactivate' or $50 for each domain to be transferred out into another registrar. I am all for fighting spam, but given how unreliable spam black-lists are such actions simply damage the internet. Instead of affecting people that use spam lists to control the inflow of mail to some degree, all users are effectively forced to be black-list clients. Now all one needs to shut down a site is a few reports of spamming, and the domain (or even better, all domains of a given small registrar) will be suspended."

a company selling $2 domain names is shady!!!

[a_greer2005]

Whats next, are you going to tell me that used car dealers can be less than fully honest? SAY IT AINT SO!

Re:a company selling $2 domain names is shady!!!

[ergo98]

a company selling $2 domain names is shady!!!

Whats next, are you going to tell me that used car dealers can be less than fully honest? SAY IT AINT SO!

Why? How complex do you think hosting a name <-> IP table is, especially when the basic, long-proven infrastructure costs are spread across tens of millions of domains.

Network Solutions, the other end of the cost scale, has hardly been a model of good registrar behaviour. In fact most people consider them the scummiest, shadiest of the group.

Re:a company selling $2 domain names is shady!!!

[ceejayoz]

Why? How complex do you think hosting a name IP table is, especially when the basic, long-proven infrastructure costs are spread across tens of millions of domains.

There's a base price registrars need to pay for domains, isn't there? Something like $6 or $7 per domain?

Tremendously low margin, high competition markets encourage abuses to eek out a profit.

Re:a company selling $2 domain names is shady!!!

[rs79]

"Something like $6 or $7 per domain?"

$6 last time I checked.

Re:a company selling $2 domain names is shady!!!

[sp3d2orbit]

I varies for each type of top level domain. A .COM/.NET/.ORG is around $6.25 per year per domain + a .25 ICANN Fee. For other domains like .tv it can be as high as $50. Different bodies control different TLD's and they control the pricing for each.

Re:a company selling $2 domain names is shady!!!

What uninformed people. Registrars have to pay $6/domain. Selling domains for $2 is selling them at a *loss* of $4 each. No way to stay in business doing that unless you're making it up somewhere else.

This little episode reveals one of the ways they're making up the loss.

Re:a company selling $2 domain names is shady!!!

[ceejayoz]

That's just the ICANN fee. There's more that has to be paid to Network Solutions for .com names.

Re:a company selling $2 domain names is shady!!!

which begs the question---How tough is it to set up a registrar that ICANN will recognize?

My experiences with godaddy suggest it's one of the more evil registrars. If you let your domain lapse, they'll usurp it and auction it off to the highest bidder. (And just because your TOS has a clause allowing you to do so doesn't make you not-evil..)
-os

Re:a company selling $2 domain names is shady!!!

[tarpy]

"(And just because your TOS has a clause allowing you to do so doesn't make you not-evil..)"

Um, why? Seems to me they're telling you what they'll do, and then they go and do it. One assumes you agreed to the TOS and service contract, so, how, exactly is it evil? Bad business practice, yes, evil, no.

Re:a company selling $2 domain names is shady!!!

[ergo98]

What uninformed people. Registrars have to pay $6/domain. Selling domains for $2 is selling them at a *loss* of $4 each. No way to stay in business doing that unless you're making it up somewhere else.

Don't queue off other people's ignorance without checking it out. The base fee for registrars is $0.25 (yes, 25 cents).

This little episode reveals one of the ways they're making up the loss.

Don't be a moron. Network Solutions decided to replace domain lookup failures with an IP to their own ad page -- you see businesses don't just "make up" theoretical losses -- they maximize profits regardless.

Re:a company selling $2 domain names is shady!!!

[ergo98]

If you let your domain lapse, they'll usurp it and auction it off to the highest bidder.

GoDaddy sends quite a few warning letters before a domain lapses, and then have (like all registrars) a period where only the original registrar can have it. Traditionally what happens then -- what ALWAYS happens next -- is that adpage sites buy the domain when it becomes available, so why the big difference when GoDaddy "usurps" it? Someone in that situation would have lost it anyways.

The lesson seems pretty obvious -- don't let your domains expire.

Re:a company selling $2 domain names is shady!!!

Don't queue off other people's ignorance without checking it out. The base fee for registrars is $0.25 (yes, 25 cents).

Base price to a registrar for a .com is $.25 to ICANN and $6.00 to Verisign.

Re:a company selling $2 domain names is shady!!!

[ergo98]

You're of course right for .COM domains, however the only GoDaddy TLDs I've seen for sub-$3 prices are the non-.COM ones, where the Verisign-tax doesn't get charged. I don't think I've ever seen GD sell .com for less than $8.95, so I presumed that the OP was talking about the alternate TLD.

this is ....

[scenestar]

Just a big of a threat to net neutrality as that QoS crap

Re:this is ....

[lga]

"Just a big of a threat to net neutrality as that QoS crap"

QoS is useful. I want to be able to use my VoIP phone without having to stop bittorent first. I would quite like interactive stuff to be given priority over less urgently needed stuff. I just don't want my internet provider to be able to charge the content providers for better access or to drop packets from people they don't like.

Re:this is ....

[AuMatar]

THe problem comes when you have multiple customers. Its fine for you to say your VOIP is more important than your torrent. Its not ok for your VOIP to be given priority over my gaming- we're paying the same amount, you have no right to higher priority. Not to mention that it would be pointless to try- people would just start wrapping other traffic over whatever the highest protocol is.

Re:this is ....

[ImaLamer]

I've always understood that bittorrent was not allowed on GoDaddy's servers, not domain names. To interfere with domain registrations based on content, other than when responding to a subpoena, is just plain wrong. It isn't GoDaddy's responsibility to police the domains it registered, if it was, it would be a scary place to live. Then everyone would be doing it.

Let the content servers handle content and service inspection. It should be in their contract, not the registrars. Only if people are using GoDaddy's hosting services should this be an issue, and then just their hosting services should be denied.

Silly.

Re:this is ....

[geminidomino]

That's not a problem with QOS, that's a problem with the providers' policies. QOS is not done only at the ISP level.

Re:this is ....

[KDR_11k]

Yes but net neutrality is about QOS done at ISP level. Also it's partially a reaction to ISPs talking about a "tiered internet" where you'd have to pay them a fee to increase the priority of your packets* even if they aren't your ISP if your traffic happens to be routed through their network.

*= Users expect that ISPs may add downthrottling of non-paid connections should companies like Google refuse to pay. There's also the option of completely blocking any traffic to a certain site that goes through their network, said site can be a competitor to one of the ISP's services.

Re:this is ....

[geminidomino]

Yes but net neutrality is about QOS done at ISP level. Also it's partially a reaction to ISPs talking about a "tiered internet" where you'd have to pay them a fee to increase the priority of your packets* even if they aren't your ISP if your traffic happens to be routed through their network.


I'm familiar with Net neutrality and what it's about. What I don't see is the connection, or is this just your sounding board?

*= Users expect that ISPs may add downthrottling of non-paid connections should companies like Google refuse to pay. There's also the option of completely blocking any traffic to a certain site that goes through their network, said site can be a competitor to one of the ISP's services.

Hell, they don't even have to implement QOS for that. That's just one filtering rule.

Uh... what?

Maybe something was lost in the translation, but how can registrary GoDaddy block registrar Majordomo.ru's domains? Or is Majordomo just a GoDaddy reseller? This summary is very confusing.

Re:Uh... what?

[__aaclcg7560]

The summary is quite clear. This is Russia and confusion/extortion is business as usual. It's just that American audiences are shocked - shocked! - to see international companies having lower business ethics than a typical American company like Enron.

Re:Uh... what?

No, the summary is not clear. How can one registrar technically block another registrar's domains? There's nothing in the system that allows that.

Re:Uh... what?

[Cyberax]

The summary is really unclear (I'm a native Russian speaker, BTW).

Majordomo uses GoDaddy for international domain registrations for some of their clients. GoDaddy has blocked 1399 accounts of Majordomo clients because of spam suspicions.

Majordomo has nothing to do with this extortion scam.

Re:Uh... what?

[Cyberax]

Majordomo has nothing to do with this extortion scam. [b]GoDaddy[/b] blocked accounts of Majordomo's clients.

Re:Uh... what?

[daniil]

I'm not a native Russian speaker, but this is what I gathered (FTA):

1) Majordomo.ru is a GoDaddy reseller.
2) The problem seems to be that GoDaddy claim to have acted upon complaints filed by Spamhouse.org. Neither of the two complaints they cited were, however, about Majordomo.ru's customers.

Re:Uh... what?

The fact that they're saying "Just give us a little money and these complaints will disappear" makes the whole thing even shadier.

Re:Uh... what?

[geminidomino]

Sure there is. The registrar keeps track of the authoritative DNS for a domain. Change that DNS record to point at your spammer.godaddy.com DNS server which directs any queries to it at a web server with a page that says "This domain has been disabled for spamming."

Re:Uh... what?

Let's say GoDaddy.com wants to block spamsite.com which is registered through Joker.com (or whoever). This won't work. GoDaddy isn't part of the chain between me and spamsite.com. Joker.com is, GoDaddy.com isn't.

However, other people have understood what I was asking, and apparently, Majordomo.ru is simply RESELLING GoDaddy.com domains, and isn't a true registrar itself.

Re:Uh... what?

hate to break it to you, but americas just as bad.

just not as publicized.

Re:Uh... what?

[geminidomino]

Ah, mea culpa. I didn't get that you missed that part.

Re:Uh... what?

[Dark_Gravity]

2) The problem seems to be that GoDaddy claim to have acted upon complaints filed by Spamhouse.org.

It's Spamhaus.org

Re:Uh... what?

[daniil]

Whatever.

Re:Uh... what?

[Dark_Gravity]

Bite me, spammer.

+1 Flamebait
+2 Funny

Shows what you know

[AlphaSys]

SpamHaus is one of the most conscientious, well-organized, ethical and reliable lists around. Their SBL-XBL list is nothing short of essential in weighting ham and spam. I don't rely upon RBL information alone when weighting ham and spam, but if I did, I'd use spamhaus and nothing else. I'd agree with poster that RBLs are not all that great a single measure and YMMV, but don't spread FUD about spamhaus. They're great.

Re:Shows what you know

[Billosaur]

SpamHaus is indeed one of the best outfits around, though I can see the poster's point if you're using one of the more unreliable services. The whole blacklist/whitelist idea is good, except where people abuse it as part of some personal vendetta or one company doesn't like another company. SpamHaus uses much better information to rot out just who is and isn't a spammer -- I'd be willing to bet their false positive rate is pretty low.

Re:Shows what you know

Pretty low can still result in millions of dollars of damages to companies, domains going off air and so on.

Just because your a spamhaus fanboy doesnt mean they are perfect.

Re:Shows what you know

[sauge]

I hate all these idiot blackhole lists.

One list complained my machine was using the wrong version of sendmail for their taste. Not one bit of spam came from the machine - but they listed it simply because I had an old version of sendmail.

Since then I have considered all these lists to be unregulated vigilantes.

Speaking with other people - they also found themselves listed on various BHLs over trite and stupid shit.

With all the zombie computers out these days, BHLs are weapons of the last war anyhow.

Re:Shows what you know

No one said they're perfect, anti-fanboy. They said the false positive rate is pretty low, and for some people's tastes, well within acceptable limits.

I know some of you precious snowflakes don't like the idea of busting some eggs to make an omelette, but too bad. It's how the world works.

Re:Shows what you know

You see that "nerds" in the logo? Now FUCK OFF, troll. Back under your bridge!

Re:Shows what you know

[Gorshkov]

YOu miss a very important point, though. The problem isn't with BHLs.

The same stupid idiot who has discovered that his machine has been part of a botnet for the last year and a half is also going to be stupid enough to MISCONFIGURE his lists to reject people for trivial reasons.

And iven the number and frequency of security holes found in sendmail, maybe some people have just made an executive decision to not accept mail coming from sendmail sites. Guess what? I'm one of them

Anybody who's silly enough to run sendmail in this day and age, given the alternatives, is either on crack, or so self-centered that they don't give a shit about anybody else. In my opinion, that in and of itself is enough of an indication of incompetence that I just won't bother with them.

Call me an ass if you want ..... that's fair.

But as for being a vigalante, nobody is forcing anybody else to subscribe to any BHL at all. If you have a complaint, your complaint shouldn't be directed to the BHL itself - it should be directed to the 100,000 or so sysadmins who have decided to use it. And far from being vigalanties, they're protecting their OWN equipment and servers - which they have every right to do.

Re:Shows what you know

[rs79]

"I'd be willing to bet their false positive rate is pretty low."

Your guess, which could be wild-assed or educated, notwithstanding, when it happens to you it's truly evil.

BTDT.

Re:Shows what you know

[SillyNickName4me]

And iven the number and frequency of security holes found in sendmail, maybe some people have just made an executive decision to not accept mail coming from sendmail sites. Guess what? I'm one of them

Anybody who's silly enough to run sendmail in this day and age, given the alternatives, is either on crack, or so self-centered that they don't give a shit about anybody else. In my opinion, that in and of itself is enough of an indication of incompetence that I just won't bother with them.

1996 called, they want their sendmail complaints back.

Re:Shows what you know

[dougmc]

maybe some people have just made an executive decision to not accept mail coming from sendmail sites. Guess what? I'm one of them

Considering that sendmail still has at least 20% of the market share out there, with probably only Exchange having more, that seems like a pretty good way of isolating yourself from the rest of the world.

But hey, your site, your rules, right?

Re:Shows what you know

[fm6]

SpamHaus is one of the most conscientious, well-organized, ethical and reliable lists around.

And yet they still give a lot of false positive and false negatives.

It just doesn't matter whether a blacklist is run by people who are smart and ethical or stupid and corrupt. The idea itself doesn't work. Spammers circumvent blacklists, while innocent people are hurt by them. That's not FUD, that's objective fact. It's time to admit that blacklists don't work and try something else.

Re:Shows what you know

[tm2b]

Spamhaus is well known to block legitimate sites - my hosting ISP (very small, very special purpose - very spam intolerant) has a block of addresses that's between a couple of well known spammer-friendly ISPs' blocks.

Blacklists are much more of a bane than a boon.

Re:Shows what you know

[lucifuge31337]

Spamhaus is well known to block legitimate sites - my hosting ISP (very small, very special purpose - very spam intolerant) has a block of addresses that's between a couple of well known spammer-friendly ISPs' blocks.

So I'm going to guess they got the IP delegation from WorldCom.

Re:Shows what you know

[Achromatic1978]

A false-positive is fine until it's /YOU/ who has to pay the $200 to get your legitimate domain back on the air.

That's when "some people's tastes" start to change, vastly.

Will GoDaddy reimburse the fee that you shouldn't have had to pay, should it be shown that your domain was not being used nefariously? I somehow doubt it. "You must have done /something/ wrong to end up on that RBL, and even if you didn't, well, this is a nonrefundable charge to cover our administration expenses."

Re:Shows what you know

[Chandon+Seldon]

Blacklists largely do work. It's true that they have both false positives and false negitives, but the rates are reasonably low.

The fact of the matter is that email itself is broken, and as long as we keep using the current recipient-pays-before-recieving model it will stay broken - and we'll be stuck with marginal systems like RBLs.

Re:Shows what you know

[tm2b]

You would be wrong.

Re:Shows what you know

[Man+Eating+Duck]

Anybody who's silly enough to run sendmail in this day and age, given the alternatives

I'm in the process of setting up my own mail server right now, which MTA would you recommend for a low volume mailserver?
Ease of administration is most important.
I'm considering postfix and exim, but am open to suggestions.

Re:Shows what you know

[Nurgled]

I use Postfix. It's simple to set up in a simple configuration where it relays outgoing mail to a smarthost and delivers incoming mail locally. If you are doing something more complex than that then I have no idea, since that's all I use it for, alongside Dovecot for IMAP access to the local mailboxes.

Having said that, I'm sure Exim is just as easy for a simple config like that. I really just use Postfix because I've always used Postfix. :)

Re:Shows what you know

[UnrepentantHarlequin]

Will GoDaddy reimburse the fee that you shouldn't have had to pay, should it be shown that your domain was not being used nefariously? I somehow doubt it.

I wouldn't doubt it in the least.

As it happens, I'm a GoDaddy customer. I've also dealt with Network Solutions and MelbourneIT. GoDaddy stands head and shoulders above both of those big-name, big-rep registrars in terms of service, value for the money, and especially ethics. It wasn't GoDaddy who refused to give Panix their domain name back when it got jacked due to Melbourne's own sloppiness. GoDaddy doesn't send out fake "rewnewal" notices for domains owned by other registrars. And it certainly wasn't GoDaddy who tried to convince us SiteFinder was for our benefit. I'm not saying GoDaddy is a bunch of saints -- they're not, they're a bunch of businessmen -- but they're head and shoulders above the competition, ethics-wise.

They're also the only registrar I know of, and one of the damn few businesses of any type, where you can go yell at the big cheese personally. Bob Parsons and I have exchanged words a time or two via his blog. I suspect if I called up GoDaddy and wanted to talk to him, they'd put me through.

Oh, as to how they can sell domain names below cost: The actual offer is a domain for $1.99 when you buy a non-domain product, such as a hosting contract. They make money on that in exactly the way the Friendly's down the street from me is making money off a free ice cream sundae when you buy a chicken platter. Nothing shady about that, just a "buy a big thing, get a little thing cheap/free" deal like millions of other businesses offer every day. They make their money off of regular priced domain names (not much each, but their volume is incredible) and all of their other products and services, from software to hosting.

No, I don't work for GoDaddy, I'm just one of their customers. All the money flows from me to them, not the other way around. But I just got sick of all the speculation, insinuations, baseless assumptions, and general-purpose bashing from uninformed people who know nothing more about GoDaddy and its business practices than what they read in Slashdot comments.

I don't read Slashdot much anymore, and this kind of thing is one of the reasons why. Come on, guys, we're better than this. Or at least we used to be.

Re:Shows what you know

[dubiousmike]

Per your grammar nazi request....

"I'm in the process of setting up my own mail server right now, which MTA would you recommend for a low volume mailserver?"

These are two complete thoughts and thus should be two complete sentences. The fact that one part is a statememnt and the other is a question means that they should be separated by punctuation that ends a sentence. Thus, it could say, "I'm in the process of setting up my own mail server right now. Which MTA would you recommend for a low volume mailserver?"

Anyway, you asked. :)

Re:Shows what you know

[Man+Eating+Duck]

Anyway, you asked. :)

Yes, thanks!
There are lots of subtle differences like that between my native language (Norwegian) and English. Every bit of advice helps :)

Re:Shows what you know

[Achromatic1978]

Okay, I /personally/ own 12 domains through GoDaddy. I own two through Melbourne IT. I know technical staff at Melbourne IT, too, and know more about the Panix calamity than most people here do.

But what amuses me about this is that you have the idea to berate people for attacking GoDaddy for this, on the grounds that "they're not as bad as other registrars", and that you defend the ethics of a company arbitrarily deciding that your domain is being used for nefarious purposes, /on the basis of/ one of their resellers having sold other domains which were used for nefarious purposes, and charging a $200 fee to allow you use of your own domain, regardless of whether or not you actually did something wrong. That's not even remotely ethical, and is not any more defendable because you could personally yell at Bob Parsons, or because it wasn't GoDaddy who decided to push unresolving domains to their service.

Re:Shows what you know

[fm6]

Blacklists largely do work. It's true that they have both false positives and false negitives, but the rates are reasonably low.

You have a low threshhold of reasonable.

For false positives, "reasonable" has to be very close to zero. If you depend on email so much that you can't simply change your address to get away from spam, than you're counting on all serious email getting through. And blacklists, by their very nature, have lots of false positives, because they don't distinguish between spammers and other folks who innocently sign up with a provider that the blacklister claims is "spam friendly". And that alone is reason not to use them.

As for false negatives, "reasonable" means that a blacklist subscriber can count on not having more than, say, 10% of his email being spam. Maybe there's a blacklist that can guarantee that. You tell me.

The fact of the matter is that email itself is broken, and as long as we keep using the current recipient-pays-before-recieving model it will stay broken...

Absolutely correct. So why waste effort trying to "fix" a system that's clearly broken? Especially when the fix is itself obviously broken.

Re:Shows what you know

[Kadmos]

I hate all these idiot blackhole lists.

If I had mod points I would mod you down as flamebait. Apart from that your argument that because you were listed on one list they therefore must all be "unregulated vigilantes" does not make sense, you fail to recognise that currently using the better of these lists is one of the best ways of reducing spam/virus/phish emails and that the alternative is far far worse.

Imagine if you will dozens of lists which all have their own selection and delisting criteria. Some of the list known spammers, some list open relays/proxies/etc, some list dynamic hosts etc etc. Some of them are administered well while others aren't. This is basically the situation we find ourselves in today. And while it is true that some innocent hosts get blocked, for the most part many people find the lists useful.

The alternative is even less organised. It is basically mail admins everywhere blocking individual hosts, ip blocks and whole networks. They don't usually have listing criteria, they don't automatically expire old listings, many of them don't speak your language and they don't usally reply or fix your listing. Your internet account costs more because they have to spend more time updating their individual listings. Now imagine that your host gets infected by a bot and spews crap everywhere. Whould you prefer to do the work to get yourtself unlisted by one or two dozen lists or would you prefer to try and contact the potentially thousands of private lists which you only find out you are on when they reject your mail?

Re:Shows what you know

[Schraegstrichpunkt]

It's time to admit that blacklists don't work and try something else.

Some of us have. I've switched to a combination of SPF, procmail, and TMDA; SPF filtering is done at the SMTP server, then procmail filters out messages from mailing lists and people I know, then TMDA handles the rest. It's quite effective. With DNSSEC, it'll get a lot stronger.

Of course, this isn't something every AOL user could understand yet, although I'm sure AOL's developers could cook up a nice GUI for the system.

Re:Shows what you know

[chickenandporn]

Spamhaus blocked me for no reason, only that my provider had one bad domain of a bazillion -- the entire 20-bit netmask was blocked, and other IP blocks owned by the same provider. Of course the only way to undo that was to get proof-of-life from a backbone provider. Yeah, right. They've got more important things to do. "Hi, you don't know me, but without any way to pay you, I need you to send an email to some self-righteous little blacklist who suffers from insufficient attention-to-detail".

Suffer from their "justice", and you may have a different opinion.

At least Spamcop automatically "cools" an IP after it shows no spam, uses actual evidence, and seems to be much more precise than Spamhaus.

Re:Shows what you know

[xenobyte]

Actually SpamHaus does make mistakes, especially with listings that come from the people around the most mismanaged DNSBL of them all: SPEWS.

I worked for a company that got its IP-space listed on SPEWS due to the fact that we hosted a subsidiary of a company with another subsidirary that actively spammed. Soon after the SPEWS listing a SpamHaus listing appeared, clearly based on the SPEWS listing. No spam was ever sent from our network, nor was a single spamvertised website hosted there, but the listing was there regardless.

That issue was quickly resolved (back in 2002) and SpamHaus soon delisted the network as the 'offender' was clearly gone. SPEWS refused, demanding full disclosure of contractual and financial information before even considering a re-evaluation of the listing, which we either don't have or cannot release for obvious reasons. So the listing remains.

The good thing was that SpamHaus delisted quickly but I don't like the fact that they based a listing on a downright incorrect SPEWS listing.

Compared to SPEWS SpamHaus is reliable and fairly decent. Of course, anything is that, compared to the extreme vigilate overkill practised by SPEWS, making their 'service' completely useless as it lists about 1/10th of the entire IPv4 space, of which less than 0.001% are actively involved in spamming on any level.

Re:Shows what you know

[the_xaqster]

[quote] Blacklists largely do work. It's true that they have both false positives and false negitives, but the rates are reasonably low.
The fact of the matter is that email itself is broken, and as long as we keep using the current recipient-pays-before-recieving model it will stay broken - and we'll be stuck with marginal systems like RBLs. [/qoute]

[sigquote] The act of censorship is always worse than whatever is being censored. Always. [/sigquote]

So are Blacklists a form of censorship?

Re:Shows what you know

> I hate all these idiot blackhole lists.

> One list complained

There you have it, they're all evil.

And by the way, there are dnsbl's that list dynamic IP's. That's all they do, say that the IP is dynamic. Oh, how evil.

Re:Shows what you know

[nuzak]

> The idea itself doesn't work

The perfect is the enemy of the good. If you want zero false positives, don't block any spam. Spamhaus itself does not recommend using an SBL verdict as your sole blocking criterion. Your facts are about as objective as Fox News.

> It's time to admit that blacklists don't work and try something else.

We await your perfect solution with baited breath.

Re:Shows what you know

[fm6]

The perfect is the enemy of the good.

And cliches are the enemy of logic.

You obviously haven't seen Dr. Strangelove. When called to task for a command and control system that allowed a low-level Air Force commander to launch a nuclear strike on Russia without authorization, the Secretary of Defense says, "You can't condemn a system for one little flaw."

If a system has unacceptable flaws that cannot be fixed, the system itself is unacceptable. Your imaginary quest for the perfect system is a straw man.

Re:Shows what you know

[Chandon+Seldon]

So are Blacklists a form of censorship?

No (at least not in the context of my sig). Censorship is content-dependant and made manditory by someone in power.

It would be possible for the spam blacklist mechanisms to be used for censorship, but the current spam blacklists meet neither criteria. Spam mail sources are blacklisted entirely based on the form and volume of the mail they send, not the content itself. Additionally, none of the blacklists are mandatory, nor are the email providers who use them.

Re:Shows what you know

[Chandon+Seldon]

So why waste effort trying to "fix" a system that's clearly broken? Especially when the fix is itself obviously broken.

It would be reasonble to argue that Email + Blacklists is somewhat less functionally broken than Email alone. I use a dynamic IP range blacklist on my mail server simply because it tends to work and people should know better than to expect me not to be blocking email from dynamic address ranges.

As for a properly designed email replacement... go ahead and build it. I've taken a look at the problem myself and it's no simple task. Most of the easy answers, like sender pays, will never be adopted in the real world. Even once you build the perfect system, no-one will use it because email is so entrenched.

Re:Shows what you know

[nuzak]

You bring up cobalt-thorium G Doomsday weapons and then accuse me of knocking down strawmen? Fascinating.

Fine, don't use blacklists. You're entitled to your wholly unobjective opinion.

Re:Shows what you know

University of Arizona has lots of GoDaddy shills!

Re:Shows what you know

[fm6]

Where's the straw man? Nuking a city may be worse than blocking somebody's email. But that's not the point. The point is that I'm not rejecting blacklists because they're "imperfect" (never said they had to be), I know every system has its imperfections. The question is, are the imperfections acceptable? Blocking thousand of non-spam email is not acceptable.

Re:Shows what you know

[fm6]

I use a dynamic IP range blacklist on my mail server simply because it tends to work and people should know better than to expect me not to be blocking email from dynamic address ranges.

Which people are those? The non-tech-savvy user who's made the innocent mistake of having served by a provider your blacklist has decided to punish?

Re:Shows what you know

[nuzak]

Fallacy of proportion, I think it's called. It's related to the strawman in that one uses a constructed argument (in this case an analogy) in order to knock it down and by association, the argument it is puportedly analogous to.

If you trust a blacklist as the sole source of your spam verdict, then it is not the blacklist at fault, but yourself. Anyone who uses spews or even spamhaus as their verdict engine is either a moron or just doesn't care. If an individual does it for their mail service, that's their choice. If an ISP does it, their negligence causes some degree of harm to the sender. But factual errors by dnsbl's and poor judgement by ISP's does not add up to a malicious conspiracy of incompetence in any objective sense.

I'm not here to defend Spamhaus -- they're riddled with errors and poor documentation of listings -- but they do provide a decent starting point. However, my approach actually involves MORE work once I get a positive from SBL, and that is to verify that the SBL listing and the mailing actually jibe with the same entity. Still, once I get confirmation, termination (or at least blocking ) follows with extreme prejudice. It's a manual process, with automation steps at the back end, not the front.

My point is, DNSBL's provide data, not judgement. I even used to use SPEWS some years ago for the simple expedient of adding a header with a link to the SPEWS evidence file. That file contained all kinds of useful raw data, with historical WHOIS evidence, abuse reports, and so on. Those evidence files are so atrociously out of date now that I've finally dropped SPEWS. Spamhaus by comparison does a very poor job in maintaining the evidence in the first place, but I've found they tend to be relatively more diligent about maintaining the actual listings (now if only they'd add a decent browsing and search interface to ROKSO -- if anything called for a wiki, this is it).

Anti-spam is my job, and I take it damn seriously. DNSBL's are a flawed tool, but unless you expect miracles from them, the flaws are hardly fatal. Most DNSBL's are even worse than spamhaus (and I thus don't use them), but that's simply because they're much harder to maintain than most people think; this shortcoming is still does not indict the half-dozen really good ones out there (though the way they're dropping off, there's hardly any good ones left).

PS: One thing I like about sigs is that I tend to remember people by their sig more easily than their actual username ... I not only like your sig, I respect it and most of the arguments you make, so sorry if I've been coming off, well, asshattish. It's a hard siren call to resist on slashdot, where it comes so easy. I nuked my old account because I did it too much, and there I go again...

Re:Shows what you know

[fm6]

Fallacy of proportion...

Your arguments would be more compelling (and probably more logical) if you skipped the jargon and cliches.

Re:Shows what you know

[nuzak]

I give up. I guess I should just turn sigs off. Let's divine the logical connection for that.

Re:Shows what you know

[PigleT]

Obligatory data-point: in the past week, spamhaus rather idiotically blocked a /23 (yes, they can't count to 24) netblock around one of my colo-servers, claiming it was related to a Russian spam-outfit. I suppose, being yanks, they don't know the difference between Russia and the UK until someone sues them.

Re:Shows what you know

[cmize]

It's interesting that you would blame Spamhaus instead of your spam-tolerant upstream provider.

Re:Shows what you know

[Chandon+Seldon]

Which people are those? The non-tech-savvy user who's made the innocent mistake of having served by a provider your blacklist has decided to punish?

No, the admins responsible for the mail servers. Mail servers shouldn't be in IP space marked as dynamically assigned - and if there was some sort of blacklist maintenence error there are channels to go through.

Re:Shows what you know

Wow, you admit to knowing the staff at Melbourne "all spammers, all the time" IT? The home for forge-spammed yahoo redirectors for kiddie porn? Please ask them to do the right, moral thing and shut them down.
Melbourne IT is incompetence multiplied by greed. They will host ANYONE, ANYTIME. The lowest of the low..
(Why this attitude? Over 4 thousand Melbourne-IT registered spammer sites in a three month period being advertised using forged addresses at my domain. Those Melbourne IT fuckheads let the sites stay alive by doing NOTHING WHATSOEVER, then collect another registration fee when yahoo eventually shuts the site down a couple of weeks later.)
Bastards.

Very dangerous precedent

[Anon+E.+Muss]

Once we allow domain registrars to become the Spam Police, very soon there will be political pressure for them to become the Content Police. It starts with spam and kiddie pron -- content that 99.999% of the world agrees is wrong. I guarantee it won't stop there.

Re:Very dangerous precedent

[Halo1]

Actually, you need some level of self-policing to curb the problem if you want to demonstrate that laws are not necessary. Why should a domain name registrar be less responsible for spammers than hosting ISPs? Especially, since spammers nowadays often host their sites on hacked Windows boxes, with the DNS switching from one machine to another all the time (thus making the domain name their most important asset).

Re:Very dangerous precedent

[eneville]

If GoDaddy wants to make a stand they should alter their TOS to that effect BEFORE blocking domains. If they block the domains there should not be an extortionate fee to release it. The domain is neutral in this, the abuser should, although they are wrong, not have to pay GoDaddy in this way.

Re:Very dangerous precedent

[Toe,+The]

Registrars are private entities... InterNIC is from last millennium.

If you want to enforce that registrars cannot impose restrictions on their clients, then what kind of slippery slope are you encouraging?

Are you saying that the worst murderous mobsters can operate massive criminal enterprises on a website hosted in an anarchistic country and their registrar should be prevented from denying them service?

Re:Very dangerous precedent

[Anon+E.+Muss]

Are you saying that the worst murderous mobsters can operate massive criminal enterprises on a website hosted in an anarchistic country and their registrar should be prevented from denying them service?

Yes.

Re:Very dangerous precedent

What precident? Asshat's like SPEWS.org and ABHL.com has been making snap judgements about blocking Class-C IP ranges for years. ...and if an innocent party dares to question them, they are moved further up on their blacklists. I don't see the community standing up against those fucktards.

Re:Very dangerous precedent

[Halo1]

I agree they should only be able to handle according to their TOS, but their TOS does specify that domains for spamming can be suspended or terminated. Of course, by blocking all domains of an entire reseller, they also hit innocent bystanders.

I was mainly reacting to the sentiment that self-policing is a bad thing because it would supposedly encourage laws to this end though. Imo, it's exactly the other way around.

Re:Very dangerous precedent

[PRC+Banker]

My answer would be that you don't know the domains spam originates from.

Spam comes from an email server. A server can fake domain/origination names/addresses in emails, an email server is not a domain server, just a machine which may or may not be from that 'domain'. Simple. Domains that are linked in the spam could be traced, but are often taken down quickly and I could easily see some increase in deliberate noise/signal in spams using legitimate domains in amongst illigetimate ones in order to 'sell' products/services (i.e. using legitimate domains in URLs pertaining to spams, which are useless to sell the spammer's products, but may increase pressure in crackdowns against domains linked to by spammers).

Re:Very dangerous precedent

[Billosaur]

And unfortunately, with DNS vulnerabilities being what they are, it's easy enough to spoof or move a domain from one IP to send out the spam then switch the domain somewhere else. A mail server isn't going to know that a domain has been spoofed or moved, just like the postman doesn't know you've moved unless you tell them.

Re:Very dangerous precedent

[Anon+E.+Muss]

Why should a domain name registrar be less responsible for spammers than hosting ISPs?

I see fundamental difference between the provision of naming and hosting/IP services. I believe naming should be provided on a "common carrier" basis, without regard to content. Spam is a problem, but some solutions are worse. The precedent set today with spam will be applied to other disfavored content tomorrow.

Re:Very dangerous precedent

[Toe,+The]

You seem to have forgotten to indicate any reason why you would see this as acceptable. Why would you force registrars to act according to your will?

Re:Very dangerous precedent

[Halo1]

Spamhaus collects domains used by major league spammers to host their sites, not domains appearing in the from-field of sent spam messages.

Re:Very dangerous precedent

[X0563511]

Yes. The registrar has no business doing anything but the following:
OK, your bills are payed. Now when people type A, A is resolved to IP B instead of C (a parking page)

It's the responsibility of law enforcement to enforce law. But, in your own argument, the site is hosted in an anarchistic country. We (and whatever country the registrar is based in) have NO BUSINESS imposing law or right/wrong on another sovergn country OR IT'S CITIZENS OR BUSINESSES. We can yell/scream/make noise/threaten as much as we want, but we cannot enforce our views on them.

Re:Very dangerous precedent

[Halo1]

I see fundamental difference between the provision of naming and hosting/IP services. I believe naming should be provided on a "common carrier" basis, without regard to content.

If someone is abusing a service for illegal purposes, I don't see why that service shouldn't be taken away from him/her.

The precedent set today with spam will be applied to other disfavored content tomorrow.

As mentioned in another post, GoDaddy reserves the right in its TOS to do this if you spam or phish (and does not mention any other "disfavoured content" at first sight). That said, spam is not only disfavoured, but also illegal in at least the US and the EU.

If you, or that Russian spam services provider, don't like those terms, you/they are free to go somewhere else (again, like in that other post, noting the fact that in this case a bunch of innocent bystanders are hit as well, but that's not your point as I understand it).

Re:Very dangerous precedent

Suspended or terminated yes.

Presented with ransom demands is another matter altogether.

Re:Very dangerous precedent

[Anon+E.+Muss]

I have no problem with RBL services, even ones run by assholes with an axe to grind. People are free to use an RBL to filter their incoming mail. I choose not to, but that's my choice, and I don't have a problem with you making a different choice for your inbox. I believe this is totally different than a registrar holding domain names hostage because of content associated with those names. In the current case, GoDaddy is making a value judgement for everybody else on the Internet, including ME, and I never gave them that authority.

Re:Very dangerous precedent

[Halo1]

That's also in their TOS:

Go Daddy will require a non-refundable reactivation fee to be paid before the site, email boxes and/or services are reactivated.

Re:Very dangerous precedent

GoDaddy.com is beholden to its investors and the rule of law. The fucking cowards at AHBL and SPEWS hide from the rest of the world and are only beholded to the voices in their head. They give you no way to get off their list unless you leave your domain host, which is bullshit.

Re:Very dangerous precedent

[Vancorps]

Yes it will, that's why we invented reverse-DNS and more importantly SPF. This issue was resolved years ago.

Re:Very dangerous precedent

[Anon+E.+Muss]

You seem to have forgotten to indicate any reason why you would see this as acceptable.

I didn't forget -- I just thought it was obvious. For the benefit of the slow learners in the class, I'll repeat myself: Domain name registrars should not get into the content policing business. Today it's spam, which everybody agrees is terrible and should be stopped. Tomorrow it will be with some other type of disfavored content.

Why would you force registrars to act according to your will?

I see it the other way around -- the registrar is trying to force their will on me. GoDaddy is making a value judgement based on the content associated with the domain name. By disabling the name, they are removing my ability to access that content (yeah, sure, I could do it by IP address, but we have DNS for a reason).

Re:Very dangerous precedent

What I don't get is how can they basically fine these people. They need to just let them move to another registrar if they so choose. It makes no sense to charge them in the process. They can find another 5-10 registrar and both give each other the bird and then move on with their lives. GoDaddy is just being a little bitch in this case.

Re:Very dangerous precedent

[NickFortune]

If you want to enforce that registrars cannot impose restrictions on their clients...

I rather read that as GoDaddy imposing restrictions on the clients of another registrar. That hardly seems like behaviour we would wish to encourage.

...then what kind of slippery slope are you encouraging?

Speaking of slipperly slopes, GoDaddy stand to make almost 300k from this stick up. I mean, it isn't as if this is going to solve anything, and it isn't as if GoDaddy are blocking them unconditionally. They're just saying "we want a slice of you're ill gotten gains or we drop all your packets.

The thing is, if we let this pass, that gives lots of registrars an incentive to start eforcing the law as they see it, and for material gain. That's going to encourage them to define ill-doing on the net loosely, since they get tp shake down more nets

Are you saying that the worst murderous mobsters can operate massive criminal enterprises on a website hosted in an anarchistic country and their registrar should be prevented from denying them service?

You're either trolling, or else you're taking way too much for granted here.

For example it's far from clear that murderous mobsters are involved, let along the worst sort (unless you define unsoilicited junk email as being identical to the unlawful taking of human life, that is). The criminality is open to question too since spamming is not (sadly) universally illegal.

And that's just the domains registered to MajorDomo.ru. GoDaddy are demanding money with manaces from all those domains. Unless Majordomo have some weird negative vetting process for thier clients, then the chances are that not all of them are crooks.

I can't see how GoDaddy have any ethical justification for their actions here, and I can't think of a single pargmatic reason why we should condone their behaviour

Re:Very dangerous precedent

And godaddy used that information to shut down an entire registrar. RTFA. They went overboard.

Re:Very dangerous precedent

Young whippersnappers who think websites need a domain name to exist ;)

Taking away their domain names makes them even more obscure to those fighting against them. You don't want that. Bad sites should have their *servers* shut down, not have the domain registrar attempting to be the internet content moderator.

Re:Very dangerous precedent

[Halo1]

That was even already in the summary. But RTFThread, this discussion was not about whether or not the measures were proportionate, but about whether or not Spamhaus/GoDaddy can determine which domains are used by spammers.

I guess I should repeat the disclaimers in this and this message in every post to avoid people like you replying to things which I'm not saying.

Re:Very dangerous precedent

[Halo1]

Spammers have been using plain ip addresses in their spams for quite a while and still do it sometimes nowadays, but less because those same whippersnappers are much less likely to trust a website whose address consists of some strange numbers and which doesn't even start with www (omg!). Apart from that, they also need the domain names because they get kicked from ISP's and zombie machines all the time.

I don't know how the spamhaus people manage to get all their information, but you can bet they use a lot more than what whois can tell them. I also doubt whether Spamhaus&co would agree with you, although they are "those fighting against them".

And IMO, domain name registrars have just as much rights and responsibilities regarding what they allow their services to be used for as hosting providers.

Re:Very dangerous precedent

[honkycat]

Sure, certain spam is illegal in certain jurisdictions, but they have a pretty weak claim to be enforcing the law here. They're basing their accusation on a spam blacklist (or their own investigations), not any finding by any proper, unbiased adjudicator. Given that they can rake in $50-$200 per domain they "find guilty" of spamming, they are in a very poor position to make a fair decision about who is misusing their domain. This is vigilanteism, at best, and perhaps fraud in those cases where they've cast too wide a net.

As someone else pointed out, if they are really doing this for legitimate reasons, why is their reinstatement fee orders of magnitude greater than the initial registration fee? Why is there no initial warning followed by a probationary period? I could imagine a hefty fine for repeat offenders, ultimately resulting in permanent removal of the domain registration, but a sudden $200 fee does not strike me as motivated by seeking justice. Especially when the judge and jury are a spam blacklist...

Finally, to those who've defended spamhaus as one of the better spam blacklists, that's still not a good reason to use their judgement to impose such a large penalty. It does not take much of a configuration error to open your relay and end up on a blacklist. I made such an error just before going on a business trip and it took about a week before I noticed that my server was being used for spam. I fixed it within hours of the discovery, but had already had my domain listed on more than one blacklist. If I'd been hit with a $200 fine from my registrar as well, that would have hardly seemed fair.

Re:Very dangerous precedent

Yanno, it strikes me as funny that the same people who abhore the idea of government intervention, policing, big brother, etc. also abhore the idea of us policing ourselves in a way that may go to extremes, but yet sends a clear message to others that the Internet isn't entirely "free" to plunder for certain nefarious activities.

If we don't police ourselves, then a government will most likely try to do it and then we'll see backlash as, "they want to control what you do." Yes, that is indeed the case. If we don't start growing the hell up, we're going to get taken care of in a way that we're going to like even less.

I think GoDaddy is doing a decent job in saying, "Hey, this isn't right and it's against our ToS. Follow the rules or go to a 3rd world country like Nigeria where they WILL allow this sort of thing."

Get a clue people - it's US doing it or THEM doing it. I'd prefer it to be US.

Re:Very dangerous precedent

[Halo1]

As someone else pointed out, if they are really doing this for legitimate reasons, why is their reinstatement fee orders of magnitude greater than the initial registration fee?

Because they reserve the right to do that in their TOS, probably to discourage spammers from setting up shop with them.

Why is there no initial warning followed by a probationary period?

It would surprise me if that Russian reseller did not get an initial warning, although me nor you can know that for sure of course. That said, from the earlier mentioned TOS:

If Go Daddy determines that the services in question are being used in association with spam, Go Daddy will re-direct, suspend, or cancel any web site hosting, domain registration, email boxes or other applicable services for a period of no less than 2 days. The registrant or customer will be required to respond by email to Go Daddy stating that they will cease to send spam and/or have spam sent on their behalf. Go Daddy will require a non-refundable reactivation fee to be paid before the site, email boxes and/or services are reactivated.

I could imagine a hefty fine for repeat offenders, ultimately resulting in permanent removal of the domain registration, but a sudden $200 fee does not strike me as motivated by seeking justice. Especially when the judge and jury are a spam blacklist...

From the TOS it's clear that repeat offenders can be terminated (it doesn't say anything about fines for those), and that GoDaddy is the one which determines whether or not "the services in question are being used in association with spam".

Finally, to those who've defended spamhaus as one of the better spam blacklists, that's still not a good reason to use their judgement to impose such a large penalty. It does not take much of a configuration error to open your relay and end up on a blacklist.

Spamhaus does not list open relays. It lists websites used by major spammers to peddle their porn, pills and whatnot, as well as the hosting and dns providers for those sites.

Re:Very dangerous precedent

[ScentCone]

we cannot enforce our views on them

Although... they did choose to do registration business with a US company, and somehow I'm betting these aren't all .RU domains, right? They want the .COM-iness (heh!) of a US-sounding address, but not US thoughts on the matter.

Re:Very dangerous precedent

[RexRhino]

Are you saying that the worst murderous mobsters can operate massive criminal enterprises on a website hosted in an anarchistic country and their registrar should be prevented from denying them service?

Are you saying that doctors should provide medical service to people they suspect of being murderous mobsters? Are you saying landlords should not evict anyone they suspect of being murderous mobsters? Are you saying the phone company shouldn't cut the service of anyone they suspect to be murderous mobsters?

Sorry, but if buisnesses are expected to enforce the law on people, without trial or do process - and to do it in a way where they have an incentive to do it to make money - they what is the point of having a judiciary where people are innocent until proven guilty - they will already be pariah before any trail happens.

Re:Very dangerous precedent

[aminorex]

Then, clearly, anyone doing business with GoDaddy is a fool. They reserve the right to screw you over for no reason.

Re:Very dangerous precedent

[Kasar]

With this registrar, if a domain passes it's renewal date, they hold it for a few months.

To renew during this period, last I knew it was an additional $80.

That's like a 1000% late fee.

Re:Very dangerous precedent

[asuffield]

Actually, you need some level of self-policing to curb the problem if you want to demonstrate that laws are not necessary.

That's a disingenuous myth. It's far, far better to have laws than self-policing.

Why?

Because laws come with other laws guaranteeing you due process. 'Self-policing' means a corporate does whatever they feel like to you. This GoDaddy nonsense is a classic example: $200, pay-or-be-damned, no evidence, no appeals, no way to argue your case.

The best thing of all is neither laws nor self-policing, but rather a common carrier. That's an entity which moves data for everybody and every purpose without limits, and in exchance is not responsible for any of the data they move. Sure the terrorists can use it, but that's better than government or corporate intervention. Whenever this is reasonably practical, it's better than all the alternatives. It may not be practical for the sale of firearms, but it's definitely practical for the sale of DNS names.

Re:Very dangerous precedent

[dubl-u]

We [...] have NO BUSINESS imposing law or right/wrong on another sovergn country OR IT'S CITIZENS OR BUSINESSES. e can yell/scream/make noise/threaten as much as we want, but we cannot enforce our views on them.

When the spammers stop forcing their views on me (93% of my mail traffic this week), I'll be more sympathetic to the notion that they should be able to carry on without interference from us. Sovereignty is the right to do what you think best, not the right to piss on other people from across your border.

Re:Very dangerous precedent

[Kamineko]

You, sir, win a prize. :)

Re:Very dangerous precedent

[SillyNickName4me]

GO away with your clearly Anti American (tm) and anti Anarcho-libertarian fud.

Re:Very dangerous precedent

[Halo1]

That's a disingenuous myth. It's far, far better to have laws than self-policing.

You are creating a straw man argument, as I did not say that self-policing is (always) better than a law. I merely said that if there is a problem and you don't want involvement of the law, that you need some degree of self-policing to deal with the problems. And in this case it's simply a contract between a customer and a provider, which is common practice for all kinds of services.

Re:Very dangerous precedent

[mdfst13]

"the content policing business"

I could live with registrars in the content policing business, but has anyone else noticed that this is actually the content *TAXING* business? It's all right to be a spammer...if you pay an extra $199?!?

Re:Very dangerous precedent

[pembo13]

Yes. That is exactly what I think.

Re:Very dangerous precedent

Hopefully I can provide a little insight into how GoDaddy "thinks" since I worked there for a couple of years. The entire company is micromanaged by the CEO Bob Parsons. You could replace "GoDaddy" in the article with "Bob Parsons" and be entirely correct. If GoDaddy does something, it's because Bob made it so.

If you've seen Bob on TV he comes off as likable and personable character. In person, he's a lot different. He's a pretty angry guy who rules by fear. I left GoDaddy for a better opportunity, but I did see a ton of people get let go for arbitrary reasons. We had something like a 300% turnover while I was there (not including the call center). I know that he has pissed enough people off that they take physical security very-very seriously for a relatively small outfit. I'm not talking about securing the servers, I mean a dozen guards (for two entrances), metal detectors, random bag and car inspections and a card entry system that makes it a challenge to just get to a bathroom.

Bob's a hard-core ultra-conservative Republican. Pro-Bush all the way. Do you remember the NBC(?) footage of the unarmed, incapcitated enemy combatants being shot at that mosque in Iraq a while back? Bob came right out and publicly praised the marines in his blog. He later toned down his language, but it is something to keep in mind when thinking about how GoDaddy justifies charging $199 to get back a $6.99 domain.

This all being said, I still purchase all my domains from GoDaddy. They are cheap and customer service is good -- but there is no way in hell that I would post this non A/C.

Re:Very dangerous precedent

[Crayon+Kid]

You probably can't do it via IP alone. If the site is hosted on a shared server and you don't own the IP, which is the case with a lot of them, the server needs the host name in order to serve the right website. Accessing a shared server by IP will most likely get you some kind of generic page or a redirect to the registrar/hoster's site.

Which makes DNS even more powerful.

Re:Very dangerous precedent

[NickFortune]

When the spammers stop forcing their views on me ... I'll be more sympathetic to the notion that they should be able to carry on without interference from us.

No argument from me on that point. However, the GP was talking about legitimate law enforcement efforts.

The point to keep sight of is that GoDaddy hasn't been duly appointed as a law enforcement agency by anyone. And even if they should be so appointed, I't still be a bonehead idea.

There's a good reason why the policeman that keeps order in the marketplace doesn't get to run a stall in that same market.

Re:Very dangerous precedent

[Prof.Phreak]

Technically, that doesn't mention _domain_; I'd imagine it to refer to hosting services.

In other words, you OWN the domain, not -they-. If they terminate your account, you should be able to take your business elsewhere. They have no claim on the NAME of your site.

Re:Very dangerous precedent

[maxume]

It all depends on where the registrar is offering services. It seems fair enough to base that decision on the tld in question. The registrar should be following the laws of whatever country it is operating in, and if a customer is doing business from outside of that country, the registrar should attempt to respect the laws of both countries and any agreements between those countries.

A business can force whatever views it wants on it's customers(within the law anyway), the customers can fight back by not being customers anymore. It might not be a good decision for the business, but that doesn't mean it can't or shouldn't be able to express its views however it chooses, except retroactively.

Re:Very dangerous precedent

[Achromatic1978]

Are you saying that the worst murderous mobsters can operate massive criminal enterprises on a website hosted in an anarchistic country and their registrar should be prevented from denying them service?

Yes. Shockingly enough, I'd rather criminal activities were acted upon by the properly legislated law enforcement authority, rather than a PtyLtd out to make a buck.

Re:Very dangerous precedent

[honkycat]

I don't dispute that they can do this, nor that their TOS permit it and perhaps give sufficient warning that it may happen. However, I still don't believe that "permitted under the TOS" is sufficient to make a behavior reasonable or responsible.

It's great to try to reduce spam on the internet, I'm not against that. Based on anecdotes elsewhere in the thread, though, it sounds like GoDaddy is quite happy to cast a wide net and refuse to provide reasonable review of their decisions. Financially, it's obvious why, and that undermines the legitimacy of their efforts, IMO.

Re:Very dangerous precedent

[fyoder]

We (and whatever country the registrar is based in) have NO BUSINESS imposing law or right/wrong on another sovergn country OR IT'S CITIZENS OR BUSINESSES. We can yell/scream/make noise/threaten as much as we want, but we cannot enforce our views on them.

I wish you were president.

Re:Very dangerous precedent

[dubl-u]

The point to keep sight of is that GoDaddy hasn't been duly appointed as a law enforcement agency by anyone. And even if they should be so appointed, I't still be a bonehead idea.

My point here is about doing the right thing rather than the legal thing. Regardless of the law, those of us who run internet infrastructure have an interest in, and in my opinion, a duty to keep the network running well. Whether or not what spammers or DDOS attackers or virus writers do is legal in some particular locale is beside the point.

Re:Very dangerous precedent

[NickFortune]

Whether or not what spammers or DDOS attackers or virus writers do is legal in some particular locale is beside the point.

And my point is that you don't treat your back yard for an infestation of snails by dropping a cobalt bomb on it. For one thing, it tends to have unfortunate consequences for the whole area, and for another it is probably less precise than you intended. The fact that it would be an illegal act, while worthy of consideration, is not the primary concern for any sane individual.

Similarly here, GoDaddy are being woefully imprecise, shaking down all the clients of a registrar simply because some of them have been listed by spamhaus. Similarly again, GoDaddy's actions will surely have negative consequences for the net as whole. Nore registrars will see the possibility of making extra chash by blackmailing other registrar's ciustomers. We can expect them to be fairly agressive in their policing, since it is, after all, so very profitable. I would also expect to see retaliatory blockages, leading to general disruption all round. I cannot see this as a good thing.

Of course the cobalt bomb analogy breaks down in one crucial area. We could safely expect a nuke to at least kill the moluscs at ground zero. GoDaddy aren't proposing a lasting blockade here - they're jsut demanding a piece of the action. Of course, the spammers will be making enough to pay this, and will carry on operations unhindered. It's the ordinary customers of Majordomo.ru that will be put to trouble.

So, much detest spammers, we have to consider the degree to which GoDaddy's actions are appropriate, effective and precise. As far as I can see, they fall lamentably short fo the mark in all three categories.

Sadly, I fear that this particular "cure" may turn out to be far worse than the disease.

Re:Very dangerous precedent

[X0563511]

I don't. Partly because I don't want the trouble, partly because i don't want the responsibility, and partly because that specific kind of power doesn't really appeal to me (i would rather be behind the scenes)

Thank you though.

Re:Very dangerous precedent

[mkw87]

content that 99.999% of the world agrees is wrong

I'm quite sure more than 0.001% of the world's population is priests, and I conclude that your estimate is off a bit.

Re:Very dangerous precedent

[jaypifer]

Because laws come with other laws guaranteeing you due process. 'Self-policing' means a corporate does whatever they feel like to you. This GoDaddy nonsense is a classic example: $200, pay-or-be-damned, no evidence, no appeals, no way to argue your case.

I think you are confused. When it is a corporate ruling you can appeal to laws to correct it, when it is a law you cannot do anything but fight an apathetic, nontechnical government. At least with a corporation you can shop around and cut into their profits. With a government...well...ever try not paying your taxes?

The best thing of all is neither laws nor self-policing, but rather a common carrier. That's an entity which moves data for everybody and every purpose without limits, and in exchance is not responsible for any of the data they move. Sure the terrorists can use it, but that's better than government or corporate intervention. Whenever this is reasonably practical, it's better than all the alternatives. It may not be practical for the sale of firearms, but it's definitely practical for the sale of DNS names.

And here I thought communism was dying with Castro. What century do you live in? Surely you didn't just write that terrorists are better than governments or corporations and follow up with a smooth segue into firearms?? Who is moderating today?

Re:Very dangerous precedent

[Tweekster]

It isnt the registars job function to stop crime like that.

Re:Very dangerous precedent

You're either trolling, or else you're taking way too much for granted here.

When talking about precedents, it is appropriate to speak in extremes. This is not trolling, it is testing the boundaries.

Re:Very dangerous precedent

[NickFortune]

When talking about precedents, it is appropriate to speak in extremes.

That's a little too broad for my liking. Certainly, it is appropriate to consider the eventual results of setting a precedent, and in that context we can suggest the extremes to which a policy may take us. However, that doesn't mean that the discussion of precedent justifies the introduction of arbitrary extremities without regard for context.

If the GP (not yourself I assume) had said "Curbing GoDaddy in this action will inevitably lead to the very worst murderous mobsters operating massive criminal enterprises from websites hosted in an anarchistic countries. " then that would be fair enough. I would still take issue with the prognostication, but I'd have to accept the validity of the argument.

On the other hand, by presenting these extremes in the present tense, our GP strongly implies (at least to my reading) that the "the worst murderous mobsters are right this moment operating massive criminal enterprises from websites hosted in an anarchistic country and unilateral boycotts from third party registrars can possibly stop them!"

And that's a very different kettle of fish. In fact, along with the factual error that followed on (GoDaddy is not the registrar of the sites being blocked) it leads me to wonder if the intent behind the post was not deliberate deception.

This is not trolling, it is testing the boundaries.

And which boundaries are these that are being tested - apart perhaps from the gullibility of slashdotters?

Personally, I feel trolling is the kinder conclusion to draw.

Not surprised...

[__aaclcg7560]

Seriously, an outfit named "GoDaddy" was bound to say, "Who's your daddy?!"

Re:Not surprised...

[Jah-Wren+Ryel]

And then they followed up with, "Gimme some sugar, baby!"

Re:Not surprised...

More like "Who's your daddy, and what does he do?"

Kindergarten cop all over their asses.

Extortion

[aussie_a]

How is this little more then extortion? They have a thinly veiled reason, but let's say the spammers pay up. Their domain is re-activated. What then? How does that stop them from being spammers? This is just GoDaddy grabbing people willy nilly and forcing them to pay for fees they've already paid for.

Re:Extortion

[saskboy]

I guess Go Daddy is aiming to spend Father's Day in jail.

"Hi kids, thanks for visiting me here in prison. I tried to make spammers give me some of their drug money, but ended up asking innocent people for drug money too. Oops. Maybe next year we can go have that picnic in the park."

Re:Extortion

[neoform]

Exactly, I had one of my domain names held hostage by them about 5 months ago. They told me they had received a complaint about spam for my domain and so I was required to pay $199USD. I told them to fuck off and wanted to transfer the domain to netsol, but godaddy REFUSED to allow me to transfer without first paying them the $200. I took me more than a month of yelling at their 'managers' on the phone who didn't give a shit about ICANN regulations before they allowed the transfer.

Godaddy's policies are terrible, they will do anything to make extra money.

Re:Extortion

[galaad2]

so..thats $199 times 1399 = 278 THOUSAND 401 dollars.

i'm not from the US, nor a lawyer, but i remember reading somewhere that if the sum being extorted is greater than a certain amount then the thing escalates on fbi's priorities list and can be prosecuted more harshly... or i'm confused and mixing situations here ?

Not to mention that this is a matter of interstate commerce extortion, which makes it a federal offence already, no matter the amount of $$ involved.

Re:Extortion

[kandresen]

That's how I see it too, and it seems even more serious than another mail I received from them myself stating that my domain is to expire and if I don't pay in time, the domain will be put on hold for a 30 days redemption period whereas I would need to pay $80 to get the site online again in that period.

I am definitively going to leave GoDaddy now, great that my domain is to expire - gandi.net, here I come! Great to know there are still registrars that clearly state my domain belongs to me and makes no extortion attempts.

Re:Extortion

aussie_a wrote:
>
> How is this little more then extortion? They have a thinly veiled reason, but let's say the spammers pay up.
> Their domain is re-activated. What then? How does that stop them from being spammers? This is just GoDaddy
> grabbing people willy nilly and forcing them to pay for fees they've already paid for.

The effect is that only the rich will be able to afford to spam.

Re:Extortion

[DMNT]

This is about a private company acting as a police and a court: you have no chance to defend yourself and you have been fined by the company for their benefit. If your contract included such a phrase that would allow them to fine (= to bill) you as they wish - shame on you for signing the contract. If it didn't they're on thin ice.

What I'd ahve done was to pay the fee and on the instant I get my domain free I'd threaten to sue them if they didn't pay me back or let me defend my position. The hard part on the ISP / DNS-operator is to show that a spam complaint is genuine and it is indeed intended to advertise the site in question and it is not a joe job.

I operate 4 web sites of which 2 are registered to me personally. I agree that something must be done to the spam problem, but this isn't a solution.

Re:Extortion

Sue Sue Sue

Everybody needs to just keep suing the snot out of them and bankrupt them. $200 + court costs + punitive damages.

You have to hit them where it hurts, the wallet.

Re:Extortion

That's it, they are going to lose 140 domain names we have registered with them. We don't need some competitor or disgruntled employee setting off their Arizona college kid investigators into fining us on all of our domain names in a kangaroo court.

Damn it!

When is someone going to start running summaries through a spelling and grammar checker or even rewriting them because reading things without commas and necessary punctuation along with incredibly long sentences is extremely hard you know and this particular summary is even more confusing now because we can't tell what the submitter even meant but hey CowboyNeal just always does some copy&paste stuff without caring about the audience right and it isn't important at all if TFA is in Russian and the letter unreadably formatted.

Re:Damn it!

[Zantetsuken]

because if they souped up the form for people to submit stuff to have a spell and grammar checker, people would complain it takes anywhere from a half second on their dsl or cable modem to 2 seconds longer on dialup - and if it wasnt that, they'd complain about whatever script for it not working in Safari, Opera, etc, for that matter, it'd probably be an IE only compatible script, and not at all standards compliant...

Re:Damn it!

[WilliamSChips]

I think he means server-side. My guess is that it would make /. slow as hell.

Spam policing is good, but not for registers.

[Dr.+Zowie]

If registers start policing spam on their sites, they will have stepped onto a steep, slippery slope that leads to policing content.

Spam is a problem, but handing even more power over to the registrars is not the answer to that problem.

Registrars, ISPs, politicians, and diapers need to be changed frequently -- for approximately the same reasons(*).
If I had any accounts with GoDaddy I'd be switching to Dotster or one of thousands of other registrars right now.

(*)apologies to Heinlein

Re:Spam policing is good, but not for registers.

[1u3hr]

If registers start policing spam on their sites, they will have stepped onto a steep, slippery slope that leads to policing content.

I think it's quite legitimate for a registrar to have terms of service and to reject hosting domains that violate these. If a registrar doesn't like porn, or multi-level marketing, or viagra sales, that's fine, as long as the customers are made aware of it beforehand. There are thousands of registrars, if you have a legitimate site you will ahve no problem finding hosting. But holding sites to ransom for any reason is another thing entirely, as it effectively censors a site. For spammers we can all shrug, but as noted elsewhere, it's easy to imagine abuse and false accusations.

Re:Spam policing is good, but not for registers.

[ScrewMaster]

If registers start policing spam on their sites, they will have stepped onto a steep, slippery slope that leads to policing content.

I think it's more of a cliff than a slope.

So Sad

[PingXao]

I just renewed a domain for 2 yrs with them and I sort of regret it. GoDaddy used to be a top-notch outfit. Low prices and no nonsense. These days it's low prices and lots of nonsense. Between the GoDaddy spam, other spammers they support via special arrangements, and their incredibly convoluted ordering and pricing schemes it's no wonder they're starting to plumb the depths of sleaze.

The thing is their prices are so great it's really hard to justify going someplace else. You can pay up to $35 a year at some of the boutique registrars.

Re:So Sad

You can pay up to $35 a year at some of the boutique registrars.

Your soul must come pretty cheap then.

Re:So Sad

[jez9999]

namecheap.com. I have all but 1 of my domains with them, and that 1 is a .tv domain (when are they gonna become transferrable?!)

As their name suggests, they are cheap. No-nonsense management interface and they're not Godaddy, which is always a plus. Only problem is their support could be a little more responsive.

Re:So Sad

[jsmethers]

That's why I always use http://www.gandi.net/. They're both high quality and low cost. You can't beat 12 euro a year (about $15 USD) for the service they offer.

Re:So Sad

[zuvembi]

I'll second that. Gandi.net is exactly who I was going to recommend. Inexpensive, no-nonsense, and reliable.

Re:So Sad

[Pink+Tinkletini]

Yup, I second that recommendation. Namecheap's web panel interface is much more pleasant than GoDaddy's frustrating little exercise in misanthropy. If you decide to register your domains from them, you can use the code "EVENLOWER" at checkout for a discount ($7.99 registration, IIRC).

Re:So Sad

I know nothing about gandi but I spent over 5 minutes clicking through their site to try to find a price list with no luck. They certainly try hard to hide it. Can you give me the URL with the price list?

Re:So Sad

[atomicgirl]

I've been moving my registrations over to Dreamhost. $9.95 including a one-year extension, and free private WHOIS listing.

Re:So Sad

It's right on the front page: See Gandi's price list.

Re:So Sad

Thanks. The colors are so close I can barely read much of their site, this included, and particularly "Please enter one domain per line" just above it which is completely illegible unless I turn off the background colors in Mozilla.

Re:So Sad

I smell a PC user. Unimaginative, dogma-bound drones like you should stick to right-wing Republican registrars. Leave tasteful registrars to your creative betters.

Re:So Sad

[the+Brightside]

Most of my registrations have been with Registerfly--private registration service free with domain names and you can nab $2.95 .nets. Their support is even pretty good. They were updating their UI and I couldn't change my nameservers, so I sent them a ticket at 3:30 in the morning on a Thursday and they'd made the changes for me in twenty minutes.

Re:So Sad

Joker.com is your friend. $12 a year, based outside of the US, private WHOIS. Excellent web front-end to manage your domains. Been using them for 5-6 years now without a hitch.

Re:So Sad

[PingXao]

Thanks for the tips. I'll keep that in mind since I have a couple of other domains I need to register in the next few months. I did search a little looking for an alternative but I guess I should have looked a little harder. I check news.admin.net-abuse.email for what the spam fighters are saying about reistrars and ISPs. The consensus seems to be that good-guy registrars are few and far between these days. The good ones aren't cheap. I really wanted to give my business to a good netizen company but in the end $35 was a little too steep for 1 domain for 1 year. Besides, I don't need free email accounts even if they are guaranteed to not be in any spam blocking lists. If I did I might have gone somewhere else.

Re:So Sad

The thing is their prices are so great it's really hard to justify going someplace else. You can pay up to $35 a year at some of the boutique registrars.

Ach mein gott, TEN CENTS PER DAY!
Face it -- people who are this cheap are just begging to be ripped off. It isn't right, but that's the way capitalism has worked in the USA and elsewhere for some time now.

Re:So Sad

They recently had some incompetant morons redesign their site. It is now largely unusable. Between the fact that they charge twice as much as normal registrats, and they said their new design is permanent and will not be fixed, its not worth using them, even though they have good service.

Re:So Sad

[Crayon+Kid]

I also recommend Gandi. Not one complaint from my part, in over 5 years and a lot of domains of all kinds.

Re:So Sad

[sodul]

1and1.com are $5.99, and they are VERY professional.

The only thing is it's on a year to year basis with automated renewals, but I love that company.

Re:So Sad

[funfail]

If you are registering a new domain, I suggest ipower.com (only 2.95$ for the first year). Their control panel is a bit confusing but you can always transfer your domain to somewhere else (like namecheap.com).

Re:So Sad

I accidently went to cheapnames.com. Fortunately I noticed the similiarity to godaddy.com. Beware

Re:So Sad

[Reziac]

I second that. I have a bunch of domains with Godaddy, but my more recent domains have been reg'd with 1&1.

I've had 1&1's "free preview" webhosting package for almost 3 years now, and when the freebie runs out I'll be a paying customer, because the price is right, everything works, and REAL HUMANS WITH A CLUE answer support emails. Yeah, it takes a couple days sometimes, but it's worth a little wait to get genuinely useful support.

And since 1&1 is the largest webhosting company in the world, and is always priced at the low end, yet still has Real Humans back there somewhere -- it's obvious that "a huge company with low prices" is no excuse for shitty service.

Re:So Sad

[Aurix]

I third the recommendation for Namecheap. It's good to see IT companies that care these days.

They're fantastic. I've got 3 domains hosted with them for a few years now, plus my mates' domains. No problems.

Odd.

[beavis88]

GoDaddy is usually pretty good about pointing out BS like this (eg bogus .eu "registrars", companies taking advantage of domain registration cancellation grace period, etc). I don't much like their style of advertising, but otherwise, they have been a great company to deal with on my personal domains. I'm looking for a place to migrate my business domains as well; this story has given me some second thoughts...

Re:Odd.

[bigman2003]

Sorry you don't like their advertising.

Personally, I use GoDaddy for a domain registrar, and a host in some cases.

The only reason I started was because of their commercials. A tech company willing to have totally gratuitous shots of a chick bouncing her big boobs...well, that's a company for me.

Really- I did move a lot of business there because of the chick with big boobs. I guess that makes me shallow. Or a guy who likes boobs.

You Go Daddy!

Re:Odd.

[sjwest]

GoDaddy has no idea about spam lists, as to blocking domains because an telecoms/hoster decided that hosting a rokso class spammer means you get terminated too - hmmm well they wont be seeing me - btw that happened to ev1.net recently, so are all ev1.net clients spammers why yes it would seem so - ker ching!!!!.

as to .eu, they could have paid more but did not, please do not get confused between generic terms and real trademarks - you americans love to do that.

While spam is a problem, if there was a problem with our domains i'd like to know about it before some rich american businessman decides that he both wants to register 'sex.eu' for us and also demand $50 to unblock it for not spamming

If your going to do mass terminations - at least check they all spammed first - ev1.net clients (not us) while 'tarred'with a spam from here brush for a day had the block removed when the one spammer 'left' thats acceptable. Godaddys actions are not.

Re:Odd.

[beavis88]

as to .eu, they could have paid more but did not, please do not get confused between generic terms and real trademarks - you americans love to do that.

I don't recall posting anything about trademarks...perhaps in your haste to out me as an ugly American you misread the original post?

The following is what I was referring to - and pretty much all the credible accounts of this story I can find agree with this posting:

http://www.bobparsons.com/EURidResponds.html

Besides, I think you missed the whole point of GP post - Godaddy has, in the past, been one of the "good guys" on stuff like this. Clearly they are NOT in this instance. I am not attempting to argue otherwise.

Not gonna be popular..

[SirFozzie]

But good for GoDaddy. Spam is one of the scourges of the net and anyone who spams doesn't deserve to be on it.

Besides, check out Spamhaus, it takes a lot more then a "few reports of spamming" to end up on their list. It takes solid evidence that you're a large-scale spammer or provide spam support services (such as bulletproof hosting)

Take the LLC approach

[terrahertz]

Just register every domain against a unique entity -- a pain in the butt, but if this is the road we're headed down, I'm sure such a practice will become commonplace given the apparent risks vs rewards.

"Hostage" is just the right word

[jiggerdot]

The most fucked-up thing about this story is not the blocking of 1399(!) domains, but the fact that fact they CAN be reactivated, if only you pay 199$(!!) for "administration fees". This is not about policing the internet, it's about squeezing more money out of their customers. If this guy pays up, what prevents them from doing the same shit all over again 2 years from now? Hell, I'd like to know what their legal justification is now. Correct me if I'm wrong, but unless they are are hosting the stuff, they have no liabliity here, do they? Huh. I wonder if this can be used as an admissin on their end of being liable for content and actions of domains registered under them? Talk about watching an avalanche begin....

Re:"Hostage" is just the right word

[tomhudson]

... well, seeing as its "reactivation fees charged to the credit card on account" ... and that the REAL spammers probably used stolen cc info, they'll be going "no problem, comradeski, here's our NEW credit card info, charge away ... heck, charge it twice, you know, one for "next time", dah?".

Of course, the non-spammers end up with a kick in the head.

This isn't going to stop real spammers - they've got millions of windows slaves.

Re:"Hostage" is just the right word

[spx]

Its like GD thinks it's the parent (weather spammer is legit or a persons email being spoofed) and GD goes: THATS A TIME OUT MISTER GIVE ME ALL YOUR MONEY.

GoDaddy did this to us, too!

About six months ago, GoDaddy held 78 (yes, seventy-eight) of our domains hostage. They had all of our sites down (we receive approximately 2 million web server hits per day, about 160,000 unique sessions) for nearly 48 hours while we wrangled control of our domains back.

What was their excuse?

Someone outside of our organization had (for whatever unknown reason, as this is not our business) spammed using ONE of our domains as a the spoofed header-from domain. And yes, we publish SPF records. That wont stop idiots from trying.

Anyway, I personally spent close to one hour on the phone with their "abuse" people (ironic that they consider what we were doing abusive). I explained the situation over and over to no avail. We escalated to their lead "abuse" person. Same story. "Your domain was in a spam and we do not allow this"... When I would try to explain that it was not from us or on our behalf in any way, shape, or form -- we were curtly told "that's not what we've been told."

Now, I had also received the spam complaint. Their "abuse" ("abusive") people were going solely off what was written in this complaint itself. In ALL CAPS, the user cried bloody murder about "I DID NOT SIGN UP AND DO NOT WANT SPAMS FROM THESE PEOPLE"... GoDaddy did not lift one finger to actually investigate the situation and instead took the end users' word for it.

We had to get our lawyers involved. We had to fax them threatening letters. Finally, they so gracefully allowed us to tranfer our domains away from GoDaddy to another registrar for the very low highjacking fee of $50 per domain we were going to transfer.

Again -- this was not a spam from us, for us, or by us. It was a completely third party individual just randomly choosing our domain to spoof.

GoDaddy is a goddamn scam and I hope their company gets burnt someday. It would not surprise me if the spam was created by them for the specific purpose of looting their more deep-pocketed customers through these $50 "re-activation" fees. Month getting slow? Craft up another fake spam. Fuckers.

Re:GoDaddy did this to us, too!

[Britz]

So if someone fakes my email address in their spam I get burnt for it? I have some 3-letter email addresses that I registered way back then with what has now become one of the largest free internet mail providers in Germany. Nowdays I get a lot of returns on those, because spammers tried to spam an email address that does not exist any more faking my email address as theirs and the server is requiered to send an error message.

Glad I am not with godaddy. Otherwise I should delete those accounts.

Even worse if I had a popular domain name.

Would they block hotmail.com too, because they send so much spam?

Re:GoDaddy did this to us, too!

[coop0030]

This happened to me with 10 domains. They held me hostage unless I paid some ridiculous amount.

They claimed we were spamming AOL domains, and we were not! It was a third party. They wouldn't even send me a copy of the spam emails. They would not listen to reason, or anything. It was the worst feeling being held hostage like that.

I didn't have lawyers to help me (couldn't afford them). You were lucky.

Godaddy is a scam, and an extortionist. I hope this story spreads all over the internet.

Re:GoDaddy did this to us, too!

[VGPowerlord]

Here, try this neat ICANN Registrar Complaint form. I can't say whether it's useful or not, but it couldn't hurt to fill it out.

Re:GoDaddy did this to us, too!

[marvinglenn]

Have you posted a write-up about this online (with all relevant information)? A decent write-up of all the details (including the bogus spam report) would do well in showing malfeasance on GD's part. Without that, it's just another complaint without any specifics from an AC.

Re:GoDaddy did this to us, too!

You should have just stopped threatening them, and just sued them into oblivion for lost revenue and punitive damages, and loss of potential revenue. Just check Go Daddy's SEC filings for their Gross revenue and triple that. I'm sure your accountants and lawyers could work a little magic and make your proposed number look legit.

Re:GoDaddy did this to us, too!

[ArsenneLupin]

And yes, we publish SPF records.

But are they correct? Are they selective enough?

You know, by publishing sth like v=spf1 a mx ?all, you're basically giving every IP worldwide permission to your domain. And then, if some domain does use that permission to spam, don't complain that you are held accountable. The netfriendly way of doing SPF is to end it in -all; not ?all or worse: +all

WTF?

[Some+guy+named+Chris]

Sometimes you read the article description, and actually know less than when you started.

This is one of those times.

not goaddy's job

[eneville]

GoDaddy are not a organisation who should tell the domain registrant what they can and cannot do with their domains.

If GoDaddy does not wish to be associated with the content or the use of the domains, then they should force the owners to transfer them to another registrar, such as preventing the name servers from being added.

I wonder if this behaviour is aginst the ICANN rules.

Re:not goaddy's job

[Reziac]

That's a very good thought -- after all, if you don't want to be associated with someone in Real Life, you don't hold them hostage, do you? Of course not. You show them the door and wash your hands of them.

As to the ICANN rules, does anyone know what presently applies, if anything? if there ARE no rules about it, that needs to be fixed, or other registrars will soon discover similar tricks.

As it is... I've been a godaddy customer for a long time, but this behaviour has me rethinking that relationship.

OK, I've had it with GoDaddy...

[Howard+Beale]

First the Microsoft migration, now this. Anyone recommend a good, inexpensive registar that supports spf?

Re:OK, I've had it with GoDaddy...

namecheap (use coupon code BESTVALUE)

Re:OK, I've had it with GoDaddy...

[Howard+Beale]

Thanks, will take a look at them.

Re:OK, I've had it with GoDaddy...

[sjwest]

'Joker' can do spf

unreliable?

[Gary+W.+Longsine]

" I am all for fighting spam, but given how unreliable spam black-lists are such actions simply damage the internet. "

Assuming the problem referred to in the article summary is that of false positives, I think "unreliable" is really a misleading term to apply to the blacklists. Some of them are relatively reliable at their intended purpose--helping people reduce spam by blocking sources of spam.

The problems with false positives are really an externalized cost, which accrues largely to innocent and not-so-innocent third parties, since sometimes spam originates from IP addresses or domains where other legitimate traffic exits (innocently) but sometimes the owners of those domains are supporting the spam activity directly (not so innocently). Of course, some of the costs of blocked legitimate traffic accrue to the user of the spam list, but those folks are making a trade-off and pretty clearly feel the benefits to be worth the annoyances.

Regarding the central thesis that taking actions like these "damage the internet," may I suggest that in fact the odds of "damage" to anyone are probabaly quite low, assuming that the Registrar does proper due diligence before taking such actions. They should not take the mere presense on a blacklist as gospel, but should check the domains directly themselves.

I'm also amused at the likely effect of the "fee for restoration of service". Ticked-off innocent users will be unfairly charged, and are likely to complain very loudly. Such users will probably receive an apology from a help desk worker, and free restoration of service. Guilty users are financing their operation with stolen identity and credit cards and will probably just pay the fee using ill gotten booty. (Aaaarh, Matey! Make 'em swab the poop deck instead!)

Re:unreliable?

[tomhudson]

assuming that the Registrar does proper due diligence before taking such actions

Read the experience of other posters ... that's not what's happened in the past.

If someone's spamming, make them take their business elsewhere. Same as if someone goes into a restaurant and starts screaming at other cutomers - make them take their business elsewhere. The "pay us $199 reactivation fee and you're back up" would be more like telling the screamer in the restaurant "pay us a cover charge and you can abuse the other customers - until I need another cash injection."

Re:unreliable?

[saikou]

When list contains false posisitves I call that "unreliable". In this case GoDaddy "relies" (or uses list as an excuse) to demand extra money from domain owners.
I so wish Google would open its own registrar.

Re:unreliable?

[spx]

They sorta have. www.wildwestdomains.com is (if you look up thru phone numbers/reserver addys/etc) taken in with "Go Daddy Software' for a Scottsdale AZ address. Kinda confusing, but they just loop back and forth. If you call GD support (I did for a friend with a question about a cart service once) the rep on the other end will ask what page you are looking at/calling for, and all are outsourced. Maybe GD is so upset with itself, it doesnt want anything to do with itself. Weird, still scary. Anyone that can use google knows that GD is pure evil and the devil in disguise.

Wrong.

Wrong.

Spamhaus is a completely wreckless group. Spamhaus Captain Steve Linford controls his posse of childish crusaders from his goddamn yacht in international waters. Not kidding. The man lives on a boat outside of the scope of any laws. His lackeys at home base act with wanton disregard for the havoc they are causing. Am I bitter? Yes. Am I a spammer? No way in hell!

We were bitten by Spamhaus not for our actions, but for the action of an individual with an open relay occupying an adjacent IP address range. Spamhaus blocked the entire thing. I emailed them our domain whois and the snobby little bastards at Spamhaus brazenly told me that we were indeed the spammer and that we need to "clean up [our] act" before they would do anything. They went on to talk about "spam payloads"... WTF?!

I hope someone takes them down. I applaud the efforts of others who try to DDoS them. Someday, Linford is going to be surrounded by the Royal Navy and he will hopefully be brought to justice.

Re:Wrong.

[therblig]

We were bitten by Spamhaus not for our actions, but for the action of an individual with an open relay occupying an adjacent IP address range. Spamhaus blocked the entire thing. I emailed them our domain whois and the snobby little bastards at Spamhaus brazenly told me that we were indeed the spammer and that we need to "clean up [our] act" before they would do anything. They went on to talk about "spam payloads"... WTF?!

I don't know about the yacht in international waters, but I agree that Spamhaus wreaks havoc on organizations that have done nothing wrong. Our organization has been black listed before too, and it was in error. It finally got cleared up, but it is still damaging.
We stopped using RBL's a long time ago, and have swtiched to something called Securence http://www.securence.com/. It has been much more reliable than RBL's, and keeps the junk from ever getting to our server in the first place. I haven't had a complaint about a false positive since we switched, and it blocks over 100,000 spam/viruses/phishing attempts a day.

Re:Wrong.

[eaolson]

I don't know about the yacht in international waters, but I agree that Spamhaus wreaks havoc on organizations that have done nothing wrong. Our organization has been black listed before too, and it was in error. It finally got cleared up, but it is still damaging.

Maybe you'd like to tell us what your organization is, so we can judge the veracity of your statments for ourselves?

It has been much more reliable than RBL's, and keeps the junk from ever getting to our server in the first place. I haven't had a complaint about a false positive since we switched, and it blocks over 100,000 spam/viruses/phishing attempts a day.

If it stops mail from ever getting to your server, and so no one ever sees it, how do you expect people to know a false positive has occurred, and to complain about it?

Re:Wrong.

You sound like a used car salesman

Re:Wrong.

[therblig]

Maybe you'd like to tell us what your organization is, so we can judge the veracity of your statments for ourselves?

I'm not an AC, but that would be a little TMI.

If it stops mail from ever getting to your server, and so no one ever sees it, how do you expect people to know a false positive has occurred, and to complain about it?

It is anecdotal evidence. When we had a RBL, I got complaints about false positives, especially for email from Asia. Since switching to a different type of spam filter, the complaints about missing mail have nearly vanished, and we have been able to verify that those complaints that do come in have nothing to do with the spam service.

Re:Wrong.

[therblig]

You sound like a used car salesman

What am I selling?

Papa Don't Preach

[Doc+Ruby]

The guy who runs GoDaddy is a rabid rightwinger. Any surprise he's gaming the system to make maximum money, though it shuts down free speech (by stealing its name)?

Re:Papa Don't Preach

[Doc+Ruby]

(Score:1, Troll)

Moderation 0
    30% Insightful
    30% Interesting
    20% Flamebait

Let the fascist TrollMod games begin!

Re:Papa Don't Preach

I normally like your posts, but you're lucky I don't have points at the moment--I mod posts whining about moderation down without exception.

Re:Papa Don't Preach

[Doc+Ruby]

I don't post just because you like them.

I do post comments about unfair moderations, like TrollMods which are anonymous mods designed to do nothing but anonymously suppress an legitimate post. Because it gives the metamods something to consider, in Slashdot's sketchy meta/moderation system.

typical?

[Gary+W.+Longsine]

Well, to be fair, Enron isn't a typical American company. Their hubris vastly exceeded their ability to cover their tracks, which got them caught!

: )

I should clarify (was: Re:Odd.)

[beavis88]

I certainly did enjoy their television advertising - I just don't much like all the on-site advertising and upsells. On the other hand, I recognize that the reality of low prices and decent service is that there will be a tradeoff to make somewhere. I can deal with wading through the crap to get good prices, but I rarely recommend their services to nontechnical friends lately, just because all the options can make purchasing quite confusing.

This is brilliant.

[gru3hunt3r]

This is brilliant!!! No seriously, i'm routinely pissed off at the limited number of domains which correctly implement SPF. Fear is a great motivator.
Hopefully now we'll see increased SPF adoption among major ISP's.

ATTENTION FLAMERS/TROLLS: I'm not an idiot - I realize that SPF doesn't actually help avoid this problem, and subsequently keep your mailserver off black lists. But it does bring the topic "hiring a secure+competent DNS/mailserver" into the forefront.
It seems to me that if your nameserver, and your mail server resolve to the same IP address - then you're cruisin for a bruisin, because you probably don't have a terribly competent mail/dns host.

I'm not a lawyer - but it seems here in the US - it allows ISP's that host spammers and thus have their customers domains blacklisted to be LIABLE for damages (the fines that go-daddy levies, plus lost revenue).
Even if the ISP has a terms of service, blah blah .. commerce law is pretty straightforward: if I pay you to do a service (host my website), and a lack of competence in your service results in damages (domain name being suspended), you are liable for those -- so either have me sign a waiver stating "i know you're incompetent", get insurance to deal with it, or hire competent administrators in the first place.

So I guess we can all expect to be signing competency waivers for most ISP's in the near future.

Rock on GoDaddy!

Too drastic measures

[skoval]

Working at hosting provider's support in Russia I often had to inform clients by sending e-mail's to often not valid addresses about abuse reports. Basically I get no resonse until their site has been blocked. But sometimes we even couldn't do that if abuse was for domain resolving to our customer's server.
Blocking ip's at registrar's layer for me is more preferable, but procedure of unlocking a domain is a bit frightening although. Mainly because of the response time.
And blocking so many domain names is unacceptable at all.

It takes more than a "few reports"

[Toe,+The]

"Now all one needs to shut down a site is a few reports of spamming, and the domain (or even better, all domains of a given small registrar) will be suspended."

This demonstrates a poor understanding of how blacklisting works and how anti-spam actions are taken. Spammers who have actions taken against them usually have thousands of reports against them, from hundreds or thousands of disparate sources, over an extended period of time.

Re:It takes more than a "few reports"

[astanley218]

Spammers who have actions taken against them usually have thousands of reports against them, from hundreds or thousands of disparate sources, over an extended period of time.

While I do not intend to negate your point, it is possible to cause havoc on a small webhost/registrar with little effort. The spammer is not always the only email user on the system in question. If the system were blacklisted, then email from all domains is affected. Likewise, if GoDaddy shuts down 400 domains in my account due to the actions of one - innocent users can and will be affected. It is also common for spammers to use injection attacks against a poorly written web-to-email form, allowing them to send spam from a machine they do not have authorization to use. Again, if this server becomes blacklisted then all innocent users are affected on that server - for the actions of one. The point is, so far as those innocent GoDaddy users are aware they could in fact suffer the consequences for actions which they are not even aware and certainly cannot control.

Personally I think that if GoDaddy wants to police their registered domains then they should have that right. If they want to extort innocent customers by suspending their domains and requiring fees then in short time they will drive everyone away. There are always two sides to every story, perhaps this Russian registrar was "bulletproof" with the intention to harbor domains for spammers...in which case - GoDaddy!!

Re:It takes more than a "few reports"

[honkycat]

I had an open relay for no more than a week or two due to a misconfiguration. I wound up on a couple of spam blacklists as a result and had to jump through hoops to get myself removed. Maybe things have improved in the couple years since this happened, but it's quite possible to have actions taken in very short time, even if you conscientiously fix your honest error within a couple hours of discovering the problem.

Re:It takes more than a "few reports"

[NormalVisual]

I would say that you've never had the pleasure of having to deal with being blacklisted by an unreasonable asshole.

I host my own mail and that of a friend. My friend was getting messages back from a couple of servers indicating that delivery of his mail was being denied because his (i.e. my) server was on the Abusive Hosts Blocking List (AHBL). Now, given that I have a very locked-down and tested qmail install and I'm providing valid SPF records from my DNS, I was a little perplexed. I got in touch with AHBL and was told that my entire IP range was on their blacklist simply because they had a beef with a particular spammer that operated from Time-Warner's network. I pointed out that this was a problem that concerned a completely different geographical area in TW's IP range, and that my IP was a static address within TW's business-class ranges. They basically said they didn't care, as my IP address belonged to TW, not to me, and because of that they absolutely were not going to unblock my IP address. It seems to me they consider their little infantile vigilante crusade against TW to be more important than anything else, even when it's pointed out to them that they are recommending the blocking of legitimate servers.

Spam is certainly an annoyance to me (close to 1K every day), but I can't afford the possibility of losing valid e-mail because some idiot spam list admin has some kind of ideological problem with an ISP, so I don't use blacklists. I can't say that Spamhaus is any better or worse, but as far as I'm concerned, the staff at the AHBL (and Andrew Kirch in particular) can go fuck themselves with a large, jagged, rough-surfaced object.

Re:It takes more than a "few reports"

[Toe,+The]

I would say that you've never had the pleasure of having to deal with being blacklisted by an unreasonable asshole.

Actually, I have been the target of blacklisting by idiocy, and it did indeed suck. I agree that sometimes one can end up on a blacklist for the wrong reasons.

However, I said that it is only the major spammers who have action taken against them. The ones who end up getting sued, prosecuted, banned by ISPs, kicked off by hosts, blacklisted on all many blacklists at once, and yes... kicked off by their registrar.

Re:It takes more than a "few reports"

[(negative+video)]

Well, denial ain't just a river in Egypt ...

It seems to me they consider their little infantile vigilante crusade against TW to be more important than anything else, even when it's pointed out to them that they are recommending the blocking of legitimate servers.

Spammers don't have legitimate servers: they use the profits from spam to cut their prices across the board, driving out their ethical competitors. Every part of their business and everything they do is subsidized by spam.

They basically said they didn't care, as my IP address belonged to TW, not to me, and because of that they absolutely were not going to unblock my IP address.

Damn skippy. You don't have any IP addresses. Read up on what an Autonomous System (AS) is. Blocks of IP addresses are granted to an AS. In exchange for taking total responsibility for those addresses, the peers accept the routes published by the AS.

Spam is certainly an annoyance to me (close to 1K every day), ...

Now multiply that by 50,000 email addresses and a four-day backlog at an email provider: 200 million spams have to be stored at a given moment. It requires hundreds of extra gigabytes of on-line, high-speed, ultra-reliable mass storage. That costs a great big pile of money.

And that's for a SMALLISH email provider. A big one with half a million users is looking at millions of dollars a year, just to shovel the spam around.

Re:It takes more than a "few reports"

[NormalVisual]

Spammers don't have legitimate servers: they use the profits from spam to cut their prices across the board, driving out their ethical competitors.

Agreed, but just because a spammer may have been hosted on a single address within a /16 block should not automatically invalidate the entire block, particularly when it's a large nationwide business-class service that is likely to have thousands of legitimate small business customers in a variety of industries.

It's not technically difficult for a blacklist provider to actually maintain a list of specific known IP addresses as opposed to wholesale blocking of entire Class Bs based on nothing more than a mere suspicion that a spammer might at some point be given an IP somewhere in that subnet. This was the essence of AHBL's argument. Sure, it requires more resources to do blocking on a per-IP basis, but that's the difference between doing it correctly and doing it in a half-assed manner that blocks legitimate servers as well.

Certainly there are organizations that do make a best-effort attempt to help control the spam problem with their blacklisting services, but there are also others that don't. I personally consider failing to receive legitimate mail a much more serious problem with a bigger dollar amount associated with it than spam.

Re:It takes more than a "few reports"

[NormalVisual]

It's not technically difficult for a blacklist provider to actually maintain a list of specific known IP addresses as opposed to wholesale blocking of entire Class Bs based on nothing more than a mere suspicion that a spammer might at some point be given an IP somewhere in that subnet.

I should clarify that a bit. It's certainly reasonable to block ranges of IPs that should not *ever* have port 25 traffic coming from them (i.e., dynamic IP ranges for general consumer use), and I would further say that any ISP offering general Internet service to the general public should be doing egress filtering to enforce their ToS. No one should *have* to be filtering dynamic IP ranges, but it obviously has to be done because a lot of ISPs are irresponsible in that regard. The quoted statement above was made in the context of subnets consisting of static IPs that are dedicated for business customers and as such can reasonably be expected to be sourcing e-mail.

Re:It takes more than a "few reports"

*Ahem*Bullshit*Ahem*

QoS, crap or Crapola(TM)?

[Gary+W.+Longsine]

QoS can be very handy for managing traffic on internal corporate networks. Like many other technologies (e.g. the Evil Petting Zoo), QoS can be applied for good or evil.

Did Microsoft cause this?

[mangu]

We know that GoDaddy is migrating to Microsoft. Now, the question that must be asked is: does this migration have anything to do with increased spam problems?

Re:Did Microsoft cause this?

[Zantetsuken]

if that is the case, how much you wanna bet a crapload of those 1399 domains are for Linux or other F/OSS projects - which we all know M$ has long since declared to be "a spreading virus" (something of the sort)

Re:Did Microsoft cause this?

[sl4sh13]

No - but the need extra money to pay for Microsoft software...

Everyone - please vote with your dollars today

Personally, I'm moving from GoDaddy today. There are plenty of other low-cost registrars: 10 cheap (less than $10) domain registrars

I agree that spam is bad. Having to worry about my domains being taken hostage is worse. Contributing to domain registrar policing of content is far, far worse.

If anyone registers a domain name with GoDaddy (or keeps an existing account) they are directly contributing to the loss of freedom on the internet.

Re:Everyone - please vote with your dollars today

Then don't spam from your domain.

Re:Koren fires missile at South, Claims Accident

[Bohemoth2]

I dont se it on any major news site. cnns server can't find it.

Wherether you agree or not on private cases...

it's an old and long discussion. there's no point in repeating things as everybody has their opinion and nobody here's likely to change it.

but i'm sure that EVERYBODY agrees (no matter what they think of privte cases) that mass blocking and such extortion (htf is it sp?) can't be accepted.

undecided

[kuyaedz]

On the one hand I use & respect the spamhaus.org RBL/XBL lists. I think they are the most organized and up-to-date spam listing site that I've been able to find & they have helped cut down on spam on our mail server by the truck load. If they say you're a spammer I would be reluctant to argue and I would suggest using their filter to anyone. On the other hand I think GoDaddy is one of the worst registrars out there. I've been fighting with them on a domain for over a year & they won't do shit about it. The registration contact information is in my name, the site content has my name all over it but because a previous marketing company (now out of business & unreachable) registered the domain I can't get a transfer w/o their acceptance. GoDaddy won't listen to anything and they can lick my balls. I basically have to wait until it expires and start from scratch. In the end my feelings on the article/news is: GoDaddy is extorting the customer. Don't use GoDaddy for anything.

Re:undecided

Ah, but spamhaus listed gmail as a spam-source two days ago.

godaddy unreliable?

[fermion]

It seems to me that godaddy has become a bad registrar over the past couple years. It has moved to MS servers, it has promoted the domain name hijacking market, it has severly degraded customer experience with exesive ads, and now had turned to extortion to make money.

Now, don't get me wrong. If godaddy saw a registrant engaging in uncuth activity, I would have no problem with godaddy sending a letter saying the registrant had 30 days to find another registrar. I would not even have a big issue with godaddy not giving a prorated refund. I would not even have an issue with godaddy helping bringing these people to justice. But in this case godaddy notices a venurable customer, perhaps engaging in crimanal acitvity, and is asking for a cut either in the form of protection money or a ransom. This is bad. This is worse than when earthlink negotiated protection money in the contract, because at least they were upfront about it.

So, who are the registrars that are not scum?

Policing thier own

[011011]

This just smacks of misunderstanding. In orer for GoDaddy to block the sites, they must have some sort of ownership/licensing over the Russian registrar. I don't know if they still do this, but I know they used to allow "reselling" of registrar services under your own name. This Russian registrar could have been one of those. This type of service would have come with certain TOS that may have been violated.

With 1399 domains being reported to have been blocked under this one registrar, and assuming that this is a "reseller" under GoDaddy, this would look like it may have been a case where a person/company created a registrar service for the express purpose of being able to register domain names without question to be able to spam easily.

I'm not saying this is the case, I'm just giving one possibilty of what the case may be as we don't know all the details. And I can't read russian, so those details elude me. Hey, I could be WAAAAAYYYY off base.

Go with 1and1.com

If you are looking for an alternative I'd (kind of) recommend 1and1.com

We have several domains with them ($5.95/domain), they are generally OK. Make sure you read the terms though, for sometimes they are not what one would implicitly expect.

Well...

[mrlsd]

GoDaddy has to pay for all those Microsoft licences somehow...

No, they're not

They're saying "Okay, you screwed up, but if you've stopped spamming or fixed the problem, we'll give you a second chance. But, since out butt is on the line here, too, we'll need to make sure it's really worth it to you to get these domains back."

Re:No, they're not

[Achromatic1978]

How exactly is "their butt on the line, too"? When was the last time you heard of a domain registrar being bitchslapped because they registered a domain later used for spam? This is purely a 'creative revenue-generating exercise': "If the return you're getting on the spam you're sending re this domain is $199, send us our cut and we'll let you keep doing it."

Their nameservers do not appear to be listed with

[jcurious]

Did a whois on a few of the domains listed in the email and they all had:
NS1.PETERHOST.RU and NS2.PETERHOST.RU listed as nameservers (ip address 80.93.50.53 and 80.93.56.2) doing a search on spamhaus site shows these ip addresses as not listed...

what is the deal?

Re:Koren fires missile at South, Claims Accident

www.cnn.com/2006/WORLD/ meast /06/17/northkoreamissle/index.html

Seoul's in the Middle East now? Very cute. Come back after you pass middle-school geography.

More profitable for you to leave than stay...

[mgkimsal2]

That's a shame. I've got a lot of domains with godaddy.com but am testing out other registrars and will be migrating more away. It's not just these sorts of reports, but also their switch to Microsoft IIS for parked domains that bothers me some.

The sad thing is that this sort of thing on their part really won't hurt all that much. How much money would they have made on each of your domains for the next *10* years? $30? I'm basing this on $3 profit ($9 - $6 wholesale cost - maybe it's different for them?) By forcing you to leave they've almost doubled that, and they don't have any work to do to service you for the next 10 years either!

If they could simply extract $50 from every single domain-name-only customer to transfer away they would be *far* more profitable than they are now because there'd be less overhead and work to do.

Re:More profitable for you to leave than stay...

[pinkocommie]

Similar weird story about GoDaddy. I had a couple of domains with them one of which was about to expire I applied for a transfer to another registrar which never went through b/c of some issue with their privacy guard feature. I didnt follow it up rigorously since i didnt think it would be an issue (obscure name) , turned out it was turned into a google link site (not sure what the exact site is but basically a bunch of links for other sites to boost google pagerank). In any case registered for a year, cool somewhat understandable shit happens. Within a few weeks of that the domain was suddenly available again

I abhor the IRS, but would still say yes

[Mostly+a+lurker]

Are you saying that the worst murderous mobsters can operate massive criminal enterprises on a website hosted in an anarchistic country and their registrar should be prevented from denying them service?

Some people may have valid reasons to access government sites.

Re:I abhor the IRS, but would still say yes

Took me a bit, but I get the joke now; i.e. that even though the USA's government is run by "the worst murderous mobsters" operating "massive criminal enterprises", blocking all its web sites would be inconvenient for many people.

A bit subtle, but I though it somewhat funny.

Re:I abhor the IRS, but would still say yes

Subtle?

You got dropped on your head a lot as a baby, didn't you?

Simple solution

[Joe+U]

Pay the $50, move your domains, chargeback the $50 and/or file a suit in small claims court.

They'll dispute the filing and keep pulling out parts of their license agreement to counter it. Dispute the agreement as being invalid. When all is said and done, you'll be out a few days of work, GoDaddy will have wasted a ton on lawyers.

(Disclaimer: I am not a lawyer, this is Slashdot, use common sense, this is not advice, you are feeling sleepy...sleepy...SLEEPY...you want to buy me a 50" HDTV.)

Re:Simple solution

[Ossifer]

Unfortunately you can't do a chargeback on this, unless you lie to your CC company. When you pay the $50, you have agreed to the charge, and (probably) do receive the service you pay for. I like the other route though. File cheaply in a local small claims court, file for the maximum small claims amount, and wait for godaddy to react. If the don't, profit! Or, if you want to be serious about it, file a charge of extortion with the FBI, and file a civil suit for extortion too...

Re:Simple solution

[Joe+U]

I think you can file a chargeback for a charge made under duress. Since the GoDaddy contract was pretty vague in the first place I don't think they could win.

Re:Simple solution

[fatdog789]

Actually, CC charges made under duress don't count as agreed upon, unless it's in the TOS from GoDaddy in the contract that you signed. If they suddenly decide to charge, it's a fraudulent transaction as far as the law and CCs are concerned. CCs have better customer service than you think.

Re:Simple solution

[Anonymous+Cowpat]

...and, if it happens enough times they'll lose their merchant account. w00t.

Re:Simple solution

I am going to buy you a 50" HDTV right now.
But I am also ... feeling very sleepy ;)

Re:Simple solution

[dfjghsk]

...and, everytime a customer files a chargeback, they'll lose the $50 + the chargeback fee their bank charges them (usually $25 or so). When you file a chargeback.. you're bank doesn't lose anything. They just take it from the merchant.

Re:Simple solution

[jbash]

I tried that when GoDaddy did the extortion on me, but my CC company refused the chargeback.

Re:Simple solution

Why didn't you escalate it?

Re:Simple solution

[jbash]

How? Probably too late now since it happened in summer 2005, but I'd like to know for future reference.

Slashdot review?

[zBoD]

It's just funny this is reported here since the slashdot review podcast always include nasty ads for Godaddy and they are VERY annoying :)
I wonder if they will report *this* news.

BoD

Anecdote: Godaddy Has Impressed Me

[Apple+Acolyte]

I'm going to have to go a bit farther in researching this matter than reading the headline, but my tendency is to give Godaddy the benefit of the doubt. That choice has been influenced by unfortunate events that gripped my father's organization. A year ago some former members of my father's organization decided to end their affiliation with us, except that they chose to attempt a hostile, unlawful takeover instead of forming a separate entity. This minor faction concealed considerable resentment for us prior to the break-away, and they believed that they would be able to easily compel us to acquiesce and hand the corporation over to them. Settlement would not come easily. Long story short, after a year long legal battle and a year's worth of high-priced lawyer fees, the other side got crushed in a pre-trail ruling and had to begrudgingly accept our (relatively) generous terms.

Now here's the Internet angle: A few months into the conflict, they started targeting our web hosts and domain registrars with unlawful DMCA notices and other underhanded legal tactics. We had been advised by one of our attorneys to go with Network Solutions instead of the smaller registrar we had been with since our domain's original creation; we chose to take the legal advice despite my grave misgivings. Predictably enough (given the myriad of horror stories about the company), Network Solutions locked down our domain on the basis of the opposition's lawsuit and refused to unlock it until the termination of legal proceedings. Plus, our domain was locked down while its DNS record pointed to a hosting company that also denied us service. It was terrifically devastating to effectively lose our domain and site for that period, as it had been our official domain since 1996. As for Godaddy, once our site got taken down indefinitely we transferred over to one of our secondary domains that was registered with Godaddy. Godaddy never took action against that domain - we never even got notice from them about the mater despite the fact the opposition obviously attempted the same maneuver against Godaddy that it used on NetSol. The only troubling thing about Godaddy's service was an automated message sent to us concerning an illegitimate challenge to our DNS contact information. Notably, the message claimed to give us only a few days to respond to the challenge before Godaddy would take action, which could have included registration deletion. We were able to take care of that issue with one phone call, and we were even given an unusually candid apology for the previous notice. Nonetheless, that experience was disconcerting. Despite that occurrence, Godaddy did not falter for us even in those adverse conditions, so I'll be staying with it unless and until it no longer merits my appreciation. (And for less important domains, I use the slightly cheaper 1and1.)

Re:Anecdote: Godaddy Has Impressed Me

[fatdog789]

I suggest filing complaints with the local bar association. If what you say is true, your opponents' lawyers can be disbarred for their actions. Also, why did you listen to your lawyer about moving to NS? He's a lawyer, not a techie.

Spamhaus blacklisted Google GMail. :-(

[JohnWasser]

Mail Delivery Subsystem to me Jun 15 (2 days ago)

This is an automatically generated Delivery Status Notification

Delivery to the following recipient failed permanently:

        xxxxxxx@frontiernet.net

Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 9): 554 Sorry, your mail server (py-out-1112.google.com[64.233.166.178]) is rejected using sbl-xbl.spamhaus.org. See http://postmaster.frontiernet.net/error.html#sbl-x bl

    ----- Original message -----

Received: by 10.35.115.18 with SMTP id s18mr2328477pym;
              Wed, 14 Jun 2006 21:52:32 -0700 (PDT)
Received: by 10.35.97.6 with HTTP; Wed, 14 Jun 2006 21:52:32 -0700 (PDT)
Message-ID:
Date: Thu, 15 Jun 2006 00:52:32 -0400
From: "John Wasser"
To: "xxxxxxx"
Subject: Re: printer setup repair
In-Reply-To:
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References:

Who appointed godaddy a judge?

[drwho]

I don't trust spam lists to be accurate. If had recurring problems with SPEWS which have never been resolved. What if godaddy starts to steal domains who are listed in SPEWS? Or what if there's a problem with my web hosting service? No way am I going to be offline while trying to sort this out. Thank god my problem domain isn't on godaddy, but plenty of other ones are (yea, I collect them...lots of people do), and I will be moving them off, or at least moving them when their going to expire. This is bad business practice, really, who made them judge jury and executioner?

I was pissed off about the whole .eu fiasco, I got NONE of the domains I wanted because I used godaddy. This is the final straw.

translation of the article

[ezh]

bear with me, this is quick and dirty translation: "GoDaddy blocked domains of Russian users" On 14 of June Majordomo company (one of Russian ISPs) received a notification from GoDaddy company (leader of world domain registrars), which stated that domains of 1399 clients of Majordomo were blocked from that day. Why would a leading domain registrar block almost one thousand and a half of domain of a Russian hosting provider using false information was not clear for Majordomo. All attempts to clear up the situation failed. Domains are still blocked. On 14th of June Majordomo's tech support recevied a letter from GoDaddy informing them that 1399 domains of Majordomo clients are blocked starting that day. The reason - so-called breaching the agreement from Majordomo's side. Complaints from Spamhouse.org (Spamhouse.org is a company hosting a database of ip-addresses of servers that send spam.) were stated as a reason for blocking the domains. Complaints stated that Majordomo's clients send spam. Majordomo says there is no evidense to support the claim, and the statement itself is false apriori. Looking at the complaints from Spamhouse to GoDaddy: First complaint is about site viptimeclub.ru, which is not a client of Majordomo from december of 2005. Second complaint, according to the company, does not have anything to do with Majordomo. It has to do with a client of Peterhost ISP instead. Majordomo says that GoDaddy considered unchecked information from Spamhouse.org sufficient to block almost a thousand and a half of domains by changing their nameserver records to: NS2.SUSPENDED-FOR.SPAM-AND-ABUSE.COM, NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM. Majordomo was not informed about these actions beforehand. All requests to GoDaddy's tech support at Spam and Abuse Department is answered only with one answer. GoDaddy suggests to pay $199 for each domain to restore or $50 for a domain transfer to another registrar. Another suggested variant - wait for domain expiration date to register it again. Majordomo is very worried about the situation and tries to resolve it. Owners of blocked domains are preparing a collective lawsuit. That includes not only private owners, companies, but also state-owned organizations of different countries in Commonwealth of Independent States. All clients are offered free domains in zones spb.ru and msk.ru For a second day ISP is trying to get an answer for unlawful actions of GoDaddy. All they hear back is 'pay up to resolve the issue'.

Re:Spamhaus blacklisted Google GMail. :-(

[nstlgc]

As it should -- Gmail isn't passing on the X-Orig mailer field, which is why they got spamlisted. Just because they're big doesn't mean they don't need to play nice.

Godaddy is making themselves a target

[drwho]

Think about this...if they really ARE busting up huge spam operations, and costing them lots of money, what do they expect these spammers to do? Many of these people are connected with one sort of organized crime gang or another. You don't extort $400,000 from a mobster, even if he is on another continent, and expect that you and your faily will be safe.

But lets suppose that some of the spammers they piss off aren't the violent type. Many of these spammers have connections to the computer underground, where they buy up zombie networks, etc. They have ready access to DoS utilities and zero-day sploits. I can see that these will most liekly be aimed at GoDaddy and will take out their servers, causing much pain to the innocent bystanders. Consumers don't tolerate downtime in DNS, for whatever reason, and will flee en masse.

So, for a variety of reasons, GoDaddy has made a very bad business decision with this policy. I don't think that the money they'll make in extortion will offset the money they'll lose when everyone else leaves. Not to mention, the fingers they'll lose for each domain they hijack from the Mob.

Too many bystanders

[jkabbe]

Spam wars just hit too many innocent bystanders. We're trying to run a business. A small one, to be sure, but communication with clients is still very important. First we were using Comcast for email. But then Comcast got into a blacklist war with mail.ru and no mail was going through either way. So we switched the email over to the mail we have through our hosting account - run by GoDaddy. Now mails have started to be rejected in Russia, probably because of GoDaddy's tactics. I care about spam. But when ISPs start pushing too hard, lots of hardworking people can be affected. This kind of crap has to stop.

This story is pure bull-crap.

[merc]

Disclaimer: I do not work for Godaddy -- in fact I work for a competing ISP in their same locale.

First off how did this story become okay'd past the slashdot moderators? This story is written with a really biased, bitter, non-neutral point-of-view.

Secondly, you can hardly call it extortion if the Terms of Service explicitly state under what conditions your domain may be suspended or put on hold. I'm constantly surprised how many spammers continue to register their domains with registrars that enforce their AUPs -- luckily there's a "rule" that explains spammers' stupidity.

"I am all for fighting spam, but given how unreliable spam black-lists are such actions simply damage the internet."

Anyone who regularly reads news.admin.net-abuse.email will instantly recognize this as sour grapes from a spammer. Funny how the writer of this story simply wants us to accept that "black-lists are unreliable" and that it's a given fact without any supporting evidence. For me, someone who runs the abuse desk for one of Arizona's oldest ISP's, using the blocking lists works wonderfully and I plan on continuing to use them.

As for Godaddy enforcing the terms of their terms and AUP -- to them I say "good job, keep it up".

Re:This story is pure bull-crap.

[The+Breeze]

Heh..the previous poster, who "works the abuse desk at one of AZ's oldest ISP's", isn't kidding around...he takes spam quite seriously as I found out when he turned off an IP that one of my clients was using, hoping I would contact him, and I did, to have him tell me that the client was infected with a virus that was allowing it to act as a spam relay. Nice catch - and then I found out that this guy was someone who was active in the BBS world 20 years ago...small world.

Oh, and Lane, this is MacLeod from Zephyr...make sure you check out www.retrobbs.org :)

Re:This story is pure bull-crap.

[ender81b]

Anyone who regularly reads news.admin.net-abuse.email [google.com] will instantly recognize this as sour grapes from a spammer.

Bullshit. Bullshit, bullshit. Want an example?

Some of our users used a white list based spam filtering solution that, if you weren't on the whitelist, would send an email out asking to confirm that your address/email was, in fact, valid. Fairly common no?

Well, somehow said emails were going to a spam trap run by spamcop and being marked as spam -- thousands of them a day. Apparently a spammer was spoofing one (or multiple) of their "spam trap" email boxes. Needless to say in fairly short order our outgoing SMTP servers were blacklisted. Upon contacting them and explaining the situation we asked if they could give us the email address of the spam trap they were using so we could simply have our confirmation messages not go to that, preventing them from blacklisting us.

Their response? No. They wouldn't give us the email address they used for spam traps, nor could they think of any other possible way to fix this. Basically, yes it was their problem, but sorry - fighting spam was more important than, you know, ensuring accuracy.

We eventually had to make all those confirmation messages send from a seperate email box dedicated solely to that purpose which (last time I checked) is *still* on the blacklist.

This is the type of day in, day out bullshit you have to deal with on these blacklists. A bunch of self-righteous pricks who flat out don't care if you are listed on their service (their fault or no). After all - can't make an omlette without breaking a few eggs right?

I'm all for using blacklists to help SCORE email as spam, but to flatout refuse email based on it is completely, totally, stupid. The example above is just one of many i've experienced and people all over the industry have experienced. No sane sysadmin should ever, ever, ever use a RBL. And pretty much everyone except for the "SPAMMERS MUST DIE -- END JUSTIFIES MEANS!!111" crowd understands that.

Re:This story is pure bull-crap.

[ar1550]

First off how did this story become okay'd past the slashdot moderators? This story is written with a really biased, bitter, non-neutral point-of-view.

You must be new here. Welcome!
Wait, your UID is 1/5th of mine...in that case, I'll have some of what you're smoking!

Re:This story is pure bull-crap.

[saikou]

Funny but your comment seems to be a typical response from anti-SPAM vigilante that prefers to blacklist everything, no matter what the real situation is.
I included in the article link to black list of Google mail relays. Would you like your Google mail be blocked because someone claims that Google is a safe haven for spammers as it "either sent mail to our spam traps or we received reports from our members of spam"?
Oh, I forgot. You work for an ISP so you don't care. But it would be interesting to see your reaction if your whole subnet gets blocked because ISP on the adjacent net got flagged as "does not react to SPAM reports" and block list would escalate original listing to a bigger subnet. I am sure you have enough time and money to quickly move to another upstream provider in a blink of an eye. Or somehow magically clean up your particular subnet over typical "Oh, but you're too close to spammers, you must be spammer yourself!" battle cry.

This particular article was about GoDaddy relying on Spamhouse for deciding what accounts to block until $50/$199 fee is paid. There are tons of discussions about black list reliability and false positives. Primary difference with spam flagging/blocking is users chose to do it. But here someone else made the decision and demanded payment.

Would you like Google.com to suddenly disappear from the DNS because Spamhaus flagged some of their IPs as "sending spam"? I am sure you would.

Re:This story is pure bull-crap.

[(negative+video)]

Some of our users used a white list based spam filtering solution that, if you weren't on the whitelist, would send an email out asking to confirm that your address/email was, in fact, valid.

The From: and Reply-to: lines of a message are easy to forge (and widely forged). By trusting them, you allow anyone to send an unstoppable flood of garbage to any email address. It's only a microscopic fraction less bad than running an open relay.

Well, somehow said emails were going to a spam trap run by spamcop and being marked as spam -- thousands of them a day.

Good heavens! You mean spammers forge the From: and Reply-to: lines?! I'm shocked, shocked!

This is the type of day in, day out bullshit you have to deal with on these blacklists ...

... when you are so stupid that you think unsolicited, unwanted messages aren't spam just because your whitelist has good intentions. Good intentions? Ha! The road to hell is paved with 'em.

Re:This story is pure bull-crap.

[ender81b]

... when you are so stupid that you think unsolicited, unwanted messages aren't spam just because your whitelist has good intentions. Good intentions? Ha! The road to hell is paved with 'em.

I see.

Unsolicted Commercial Bulk Email.

You got 2 out of 4. Anyways, go back to blacklisting and have fun, it's a ridiculous solution and people like you are the reasons why.

Re:This story is pure bull-crap.

[geminidomino]

Bullshit. Bullshit, bullshit. Want an example?

Some of our users used a white list based spam filtering solution that, if you weren't on the whitelist, would send an email out asking to confirm that your address/email was, in fact, valid. Fairly common no?

All too common. Challenge/Response backscatter (challenges sent to forged addresses) IS spam. If someone forges my email to your C/R blaster, not only am I going to add your mailserver to my local BL, but I'm going to confirm it so your users get the spam. All those C/R systems do is pass the problem on to someone else.

Exposing spamtraps leads to listwashing. No antispammer who's been at it for more than a week is going to do that for you. A better solution: fix your broken system.

No sane sysadmin should ever, ever, ever use a RBL.

Apparently, by "sane" you mean "small time." I've had smtp servers with as few as ten users brought to their knees by spam because the boss felt the same way you did. After the third time the box caved over a 3-day-weekend, he changed his mind.

Re:This story is pure bull-crap.

[(negative+video)]

Unsolicted Commercial Bulk Email.

0 out of 4. Unsolicited messages are useful. There is noncommercial spam. There is non-bulk spam. There is non-email spam.

The sole criterion for spam is the lack of any reasonable attempt at communication. That's why sending mail to a spam-trap address, as you were doing, is taken so seriously. No person or purpose is associated with the address, so sending to it is by definition done without any hope or expectation of communicating. You might as well go around posting flyers that say "I'm an evil spammer, please burn me at the stake."

Re:This story is pure bull-crap.

[ender81b]

Well, nowadays said spam listing stuff will only *globally* send 5 messages to a single email address before refusing to do (since spammers are so fond of breaking stuff) -- at the time it was set to 5 per email address per user iirc.

And, um, it was pretty obviously an attempt at communcation (Is this a valid email? Oh it is, sweet, click here to be added to whitelist, etc). Such measures are still quite popular..

Re:This story is pure bull-crap.

[(negative+video)]

And, um, it was pretty obviously an attempt at communcation ...

No. You admit that your server was sending emails to a spam-trap address on behalf of unauthenticated third-part attackers.

Well, nowadays said spam listing stuff will only *globally* send 5 messages to a single email address before refusing to do (since spammers are so fond of breaking stuff) ...

No, the message limit would be 5 multiplied by the number of assholes running similar spam relays. That means an unquenchable flood of tens of thousands of messages for a hapless denial-of-service target.

Re:Spamhaus blacklisted Google GMail. :-(

[SD_92104]

As it should -- Gmail isn't passing on the X-Orig mailer field, which is why they got spamlisted.

Cool - now non-standard headers (the X- prefixed ones) are all of a sudden required? Interesting interpretation of standards...

SO now what will stop

[future+assassin]

somone from registering with a GoDaddy reseller they dont like and then spam from the newly registered domain to shut down the reseller.

Re:Spamhaus blacklisted Google GMail. :-(

[McDutchie]

PERM_FAILURE: SMTP Error (state 9): 554 Sorry, your mail server (py-out-1112.google.com[64.233.166.178]) is rejected using sbl-xbl.spamhaus.org. See http://postmaster.frontiernet.net/error.html#sbl-x bl [frontiernet.net]

This "evidence" appears to be fabricated. The IP address 64.233.166.178 is in fact not listed on Spamhaus at all:

$ host 178.166.233.64.sbl-xbl.spamhaus.org
Host 178.166.233.64.sbl-xbl.spamhaus.org not found: 3(NXDOMAIN)
$

or see the web lookup query at spamhaus.org.

saikou the spammer writes

blah blah blah...

Obligatory alternative registrar thread

[PCM2]

OK, I'm sold. I have all my domains hosted at GoDaddy. I must say I have good experience with them but I haven't actually dealt with them in years, other than the automatic renewal. Based on the stories I'm reading here today, though, I'm ready to move.

Could people please post their experiences with alternative registrars to GoDaddy, including pricing, how long you've been using that registrar, and features available?

The shame of it is that I think my primary domains just got renewed a month or so ago.

Re:Obligatory alternative registrar thread

check out gkg.net i've been using them for 5 years for all my domains (5 or 6). they offer web-based tools to manage all the normal features you would expect, and when i have needed their help with somethin (rarely), they have responded quickly and have been helpful. it just feels more honest than other registrars. great prices too.

highly recommended, and no, I don't work for or make any money from gkg.net.

other cheap registrars: MyDomain.com, etc.

[KWTm]

The thing is their prices are so great it's really hard to justify going someplace else. You can pay up to $35 a year at some of the boutique registrars.

Of course you can pay more at another registrar. In fact, you "can" pay me $100 to do it for you. And then I'd go to MyDomain.com and register your domain for $9 per year.

Other posters have listed other places where you can do for much less. You don't even need to stay within this country; the Internet is a global thing.

Could be interesting

[bobamu]

after all, they claim they are targeting "russian spammers".

and now they are trying to extort money from them.

I find potential scenario amusing.

Re:Could be interesting

[SillyNickName4me]

I find potential scenario amusing.

Heh, hadn't looked at it from that angle, pretty funny indeed.

So you based your decision on bouncy boobs.

[KWTm]

A tech company willing to have totally gratuitous shots of a chick bouncing her big boobs...well, that's a company for me.

Really- I did move a lot of business there because of the chick with big boobs. I guess that makes me shallow. Or a guy who likes boobs.

In other news today, for some reason there aren't that many women in IT circles. No one's telling them they can't do it, but they just aren't interested. Hmm.

Re:So you based your decision on bouncy boobs.

[bigman2003]

At least GoDaddy is doing its part to break into the tech industry. Obviously they've helped at least one more woman than Gnome.

Re:So you based your decision on bouncy boobs.

[spx]

Some aren't, some are, this one is * not by bouncing anything. :) I am the project manager of a hosting/design & registrar company. I think a good many shy away from it due to the whole 'mans world' deal, I never laid down my initiative to work in a feild that I love that easy. Tis fun sometimes, I can actually give a womens prospective on things that some just wouldnt seem to think about, and they also love that things stay organized. *grin*

Re:Very dangerous precedent, or is it?

I remember doing whois lookups and digs, and with the domains resolving back to GoDaddy as the register from time to time, I would complain to them for allowing registration of what were obviously domain names for spamming or mlm purposes which always turn out to be spam related as well. So I'd be putting pressure on GoDaddy for allowing the registrations, for not having software to look for obvious spam names within the domain names they currently register, and for other actions that enable or provide refuge to spammers.

That being said, I'm also on the other end currently. One of the domains I'm hosting has the word "ebay" within the domain name. I never even realized this. The domain name is also a legal, currently registered and operating corporation within the US. It's been in business more than two years. Its line of business has nothing to do with spam, it deals with supplying certain metal goods to large distributors and large end users within the US and elsewhere. It's the type of business where you confirm the customer is a large end user or distributor, and upon doing this, you don't have a problem sending them several thousand dollars in samples, hoping they'll place blanket orders for years into the future. Without having the knowledge on running a mail server, and currently without the resources for a secondary dns on another ip block, it was decided that GoDaddy would be the host for the mail server for the domain.

A few test emails from the business domain, with an email address that is obviously business related (sales@legitdomain, a few others), everything went through without a problem, great. Add email address to invoices, statements, shipping documents, product packaging, start using to communicate with new customers, suddenly a problem. Turns out if the email contains a couple of email addresses within the body, or if the email contains a couple of urls with certain keywords (keywords normally related to some of the customers' business lines), more than two urls, a combination of an email address and a url, and the emails would be rejected. GoDaddy's smtp server wouldn't accept the email for sending. Not that it would bounce, it would outright reject the email.

Trying to get GoDaddy's tech department just to understand what was going on was difficult. Forward the bounce message. There is no bounce message, the smtp server is outright refusing to accept the email as it is being sent. Send the error message of your email client. Email client is KMail. Here's the instructions for Outlook. Email client is KMail. Here's the instructions for Mozilla mail. Email client is KMail. Here's a screenshot of the popup error message you requested. You're using a non-standard email client. Here's the instructions for outlook. Please send me responses in plain text instead of html. Sorry, our email is sent in html. Please don't send me instructions in .doc format, send in .txt or .pdf. Sorry, .doc format is all we have, here's a link to our internal documentation. Great, how do I get passed your firewall to view a GoDaddy internal documentation link?

That's just the first few attempts to get the email working. Next, we received every excuse known to man for why mail was being blocked. Your domain is blacklisted by the RBLs. No its not. Your domain is blacklisted by Spamhaus. No, its not. Your ip is listed in Spamhaus. No its not. Your ip block is listed in Spamhaus. No, its not. The email domain you are sending your email to is listed in Spamhaus. Are you serious?

Actual email trouble ticket response:

Thank you for contacting customer support. The error message received is related to our anti-phishing software, which blocks known spammer links from being sent through our system. It primarily blocks links from sites listed on http://www.spamhaus.org/ (also blocks our own "spammer" database).

nope

[phorm]

But if that were the case, they should just be shutting the "mobsters'" websites down, not doing so and then trying to cash in on a reactivation fee.

I will back this up.

[SlashChick]

Since the parent comment was written by an anonymous poster, I would like to add that one of our customers was put in the same situation by GoDaddy. His domain was used in a "joe job" (that is, someone sent out a spam with nonexistent addresses from his domain as the From: header in their spam emails.) He called us (his web hosting provider), furious, wanting to know why his domain name was down. We had received spam complaints as well, but since the spams were not from him and were not advertising his product (he runs a legitimate business that does not use email marketing), we did not shut him down. However, when running a quick WHOIS check on his domain, I noticed that GoDaddy had set his name servers to NS1/NS2.SUSPENDED-FOR-SPAM-AND-ABUSE.COM. This was well over a year ago and since then, I have urged all of our customers to switch away from GoDaddy. Some of our customers have responded, "But I don't spam anything!" Of course you don't. It doesn't matter. If any spammer sends out spam with your domain as the From address, even if you had nothing to do with that spam, and it gets reported to GoDaddy, your domain is toast.

For what it's worth, we use eNom and have never had any problems with them. If you host more than a few domain names, get an eNom reseller account (many providers offer them for free) and pay the same price as GoDaddy. I recommend them highly; we have several hundred domains with them right now.

Re:Spamhaus blacklisted Google GMail. :-(

[Wavicle]

This "evidence" appears to be fabricated. The IP address 64.233.166.178 is in fact not listed on Spamhaus at all:

The fact that it isn't listed NOW does not mean it wasn't listed THEN.

I have had spamhaus block email from yahoo too. It has been for me quite a conundrum deciding if the the false positives spamhaus gives outweigh the true spam it blocks. They do generally fix these within a couple hours, but it is really frustrating that during those couple hours, all email going to my mail server from yahoo is getting bounced because someone or something at spamhaus caught someone sending spam.

PARENT IS TROLL

[idonthack]

64.233.166.178 - Server's IP
178.166.233.64 - Your checked IP

Nice try, troll. You're on my foes list.

Re:PARENT IS TROLL

[billcopc]

LOL.. you're either pulling very hard for a joke, or majestically ignorant :) DNS records are written backwards as are regular domain names - you don't type "com.mianus.www" do you ? On second thought, maybe you do *rimshot*

Spam is legal

This is all fine and dandy if you can prove that they were doing something illegal with the domain. But, spam itself isn't illegal. There are strict laws governing the business (which, most companies don't actually follow, which is why spam is a problem). But GoDaddy is damaging a legitimate business. Spamhaus doesn't care if spam is legal or not for them to blacklist it.

Honestly, I'm all for the use of online marketing that allows you to, and respects your right to, opt-out. GoDaddy shouldn't be able to enforce content on domains, unless the content itself is illegal.

Re:Spam is legal

[SillyNickName4me]

Honestly, I'm all for the use of online marketing that allows you to, and respects your right to, opt-out.

I have no problem with online marketing, but I have a problem whenever it is not opt-in (with a decent check on if you indeed tried to opt-in)

There is no reason why people should fill my mailbox and use the bandwidth I pay for to tell me something I don't want to hear to begin with. Now, if they were paying for it themselves exclusively this might change, but for now I pay for the bandwidth usage of my mail server.

Go Daddy sits on domain names

and because "he" is such a $-grubbing SOB, I'm not even going to ask what it would cost to buy one from "him." Go Daddy can "go to .....".

GoDaddy Has a History of These Things...

[I*Love*Green*Olives]

This isn't the first time GoDaddy has arbitarily done things like this....

Lindsay Ashford, a promient memeber of the Paedophile community was once registered with GoDaddy until they started to yank his chain and play games with him using Section Seven of their Domain Registration Agreement--specifically the bit about morally objectionable activities. Lindsay was given 24 hours in which to move the site (which he began to do) only to be informed via email the change over was blocked from GoDaddy's end without explaination. The strange thing is while there was never any child porn or illegal content on puellula.comand GoDaddy never explained their actions, the site was also home to many racists and extremists hate sites that were apparently never a problem. It finally took a complaint from Lindsay to ICAAN before the domains were finally restored to him!

GoDaddy is run by people who see no evil in groups such as: Skinheads, Hammerskins, Aryan Nations, White Camelia Knights of the Ku Klux Klan, Ku Klux Klan all whom were still registered with GoDaddy as of roughly this time last year. Given the legal wrangling it took to get the company to turn over the domain names to their proper owners, why would anyone be surprised when they decide to dip into the extortion racket?

Do yourself a favor and find a domain register who is willing to take care of their customers and isn't run by a bunch of racists who think we haven't done enough torture on the Guantanamo Bay prisioners!

--I*Love*Green*Olives

Re:GoDaddy Has a History of These Things...

[I*Love*Green*Olives]

::groan::

I screwed up! The links somehow got "h t t p : / / y r o . s l a s h d o t . o r g /" added to them in the part that lists the various racists sites being hosted and considered 'okay' by GoDaddy.

Meh...Not like it matters because no one from here would want to go there right?

Still mea culpa, my mistake...I'm sorry about this! ::blushes::

--I*Love*Green*Olives

Re:GoDaddy Has a History of These Things...

GoDaddy is run by people who see no evil in groups such as: Skinheads [slashdot.org], Hammerskins, [slashdot.org]Aryan Nations [slashdot.org], White Camelia Knights of the Ku Klux Klan [slashdot.org], Ku Klux Klan [slashdot.org]

Damn... I guess I better take my black ass somewhere else. Slashdot is pretty racist!

Re:GoDaddy Has a History of These Things...

child fucker . . .

Re:GoDaddy Has a History of These Things...

Heh - I thought that either you had done it on purpose so nobody went to NSFW and objectionable links, or that Slashdot had some fancy new site replacement for a known number of objectionable sites :)

Re:GoDaddy Has a History of These Things...

Don't be sorry, it's better that way.

Re:GoDaddy Has a History of These Things...

potty mouth . . .

PARENT IS DUMBASS

[McDutchie]

Hey clown, learn how to query DNS-based blacklists before you jump to conclusions, eh? Due to the hierarchical nature of DNS, you revert the IP address, you moron.

Re:Spamhaus blacklisted Google GMail. :-(

[darien]

This definitely happened - I can vouch for it. A few days ago my girlfriend was trying to apply for a job via her GMail account, and every time she sent her CV it bounced back saying 'sender's IP address rejected' (or something like that). In the end, I had to send her CV for her through a different SMTP server. Nice going, Spamhaus!

GMail is listed....

See the X-Spam-Status. They are now on spamcop. Yes, I censored by email address and stuff!

X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on ###ERASED###
X-Spam-Level:
X-Spam-Status: No, score=-1.0 required=5.0 tests=BAYES_00,
        RCVD_IN_BL_SPAMCOP_NET autolearn=no version=3.1.3
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.169])
        by ###ERASED### with ESMTP id 1D2C640
        for ###ERASED### ; Sat, 17 Jun 2006 13:42:43 -0500 (CDT)
Received: by ug-out-1314.google.com with SMTP id q2so2098158uge
                for ###ERASED### ; Sat, 17 Jun 2006 11:42:42 -0700 (PDT)
DomainKey-Signature: ###ERASED###
Received: by 10.67.89.6 with SMTP id r6mr3903452ugl;
                Sat, 17 Jun 2006 11:42:40 -0700 (PDT)
Received: by 10.66.238.9 with HTTP; Sat, 17 Jun 2006 11:42:40 -0700 (PDT)
Message-ID:
Date: Sat, 17 Jun 2006 13:42:40 -0500
From: ###ERASED### @gmail.com>
To: ###ERASED###
Subject: Test subject
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Test email. See if gmail blacklisted....

I confirm this, as a Web Hosting Worker

[unity100]

Many in the web hosting industry had to fight with godaddy to get back their client's hostage domains at one point in time.

I strongly discourage anybody from using godaddy.

Do as I say

[Epeeist]

I have just been spammed by someone offering me tickets for the Football world cup. A glance at the whois record for their site shows their sponsoring registrar to have been no other than Go Daddy.

Re:Do as I say

Then report them to GoDaddy and they'll be shut down, instead of making up bullshit bogus accusations that they allow some spammers and only hassle others. Until you've tried it and see if they treat them all the same, the fact that they didn't somehow magically already know within minutes of you being spammed about this domain being used isn't their fault nor is it the slightest evidence of any inconsistency in their policies.

It is evidence of you crying "waaaa wwaaaaaaaa waaaaaaaa" though.

This kind of hard-core response

[netwiz]

is exactly what the situation now calls for. In the beginning, simple reminders on the part of the service provider and a no-tolerance policy toward rogue users would have been enough. Now, with the problem several orders of magnitude greater, we are forced to resort to draconian measures just to catch up. The further things deteriorate, the harsher the solution must become. It's like the US/Mexico immigration issue. The US sat by and watched things deteriorate, and now there's something like 18% of the Mexican population living in the 'States.

I have no sympathy for those that get caught spamming. If we'd been tougher about it sooner, it wouldn't be so bad now.

Re:This kind of hard-core response

[SillyNickName4me]

What people like you forget is that it is al about usability fo the net. As soon as your anti-spam measures become a bigger issue for usability of the net then spam you definitely went too far.

But hey, why am I bothering to point that out, you sound like one of those who believe that the goal justifies the means regardless of the consequences later on.

Bob Parsons contributes to online vigilantes.

[Chatmag]

Bob Parsons, owner of GoDaddy, contributed $10,000.00 US to Perverted-Justice.com, an online vigilante group. Perverted-Justice is the group involved with Dateline NBC. Media groups and journalism scholars have taken Dateline NBC to task for journalism ethics violations regarding their involvement with Perverted-Justice.

Re:This story is pure bull-crap. - Crap itself.

You're funny, stating that : "This story is written with a really biased, bitter, non-neutral point-of-view", but preceeding it with "... I work for a competing ISP in their same locale.". Why now does that sound like someone who tries to defend "its own" ?

"Secondly, you can hardly call it extortion if the Terms of Service explicitly state under what conditions your domain may be suspended or put on hold"

You're quite right, it isn't. But its certainly is when just citing some line outof the TOS to "clarify" their actions without even taking the time to hear two sides of the story, or without doing anything else than lay back and wait for the money come pouring in (one way or the other).

Yes, that does sound suspiciously like a quite a big disrespect to all the people that have got absolutily nothing to do with spamming, but are now the victims of what SpamHous itself regards as "a social mechanism to force non-criminal consumers to put pressure onto their ISP's to purge the (few) baddies amongst them".

SpamHouse does not seem to care about who they hurt in that process. And its something that is talked about regulary in all communities, from simple single-person e-mail users who have not done anything wrong, to (small) website-owners and (small) companies : They all resent being forcibly recruted by SpamHouse for its own "greater good".

"Anyone who regularly reads news.admin.net-abuse.email will instantly recognize this as sour grapes from a spammer. Funny how the writer of this story simply wants us to accept that "black-lists are unreliable" and that it's a given fact without any supporting evidence"

As I allready said, you do not seem to be reading much, but for that newsgroup. Spammers may complain, but so do lots of "collateral damage" victims. And neither GoDaddy or Spamhouse seems to care about that/those people.

And now GoDaddy allso wants ... ehh ... strike that, it should be : demands money from all those "collateral damage" victims too ? Yeah, thats the way to go for sure. No proof of their wrong-doing, no help in how to possibly avoid being caught in that "collateral damage"-net, nothing.

No, I think the article was right : Extortion from a bunch of arrogant bastards.

Oh, by the way : I am a simple consumer, and never had the "pleasure" to have been hit by any of SpamHouses blanket bombings, nor do I like any kind of unasked-for advertising (I positivily hate spam).

But I do recognise biassed bullshit when I read it, and it makes me angry. Especially when it comes from someone who could (and should) know better, being so close to the fire.

Re:Spamhaus blacklisted Google GMail. :-(

[ubernostrum]

Cool - now non-standard headers (the X- prefixed ones) are all of a sudden required? Interesting interpretation of standards... Know what? Messages that contain the phrase "ch34p c14lis" are probably going to get blocked, too, but nothing in RFC822 says to do that. You should lead a revolution or something.

Too late

[fm6]

I am all for fighting spam, but given how unreliable spam black-lists are such actions simply damage the internet.

It can't be any worse than they damage blacklists already do to innocent users who find their email mysteriously vanishing.

When are people going to realize that blacklists are worse than useless? They obviously don't work worth a shit: spam is heavier than ever. All they accomplish is making life difficult for a lot of non-spammers. Real spammers appear to have no trouble circumventing them. It's past time we gave blacklists the lack of credibility they deserve.

Re:Too late

[WuphonsReach]

The only blacklists that I support are the ones based on testing for open-relays.

That's an objective measure. I can get behind that concept.

The rest of the blacklists typically turn into power-monger-fests where the admins get a power-rush from blacklisting large swaths of the network. All it takes is one stupid user, who decides that rather then follow the unsubscribe instructions printed at the bottom of every e-mail, they'd rather report you as a spammer and get you blocked.

Hell, it wouldn't surprise me if it's a competitor who does in order to harm your business.

GoDaddy tried to scam me last month also

[dookie01]

I have a domain with them, and suddenly stopped receiving any email for a few days. So I contacted them to findout what was going on, they said it appeared I was using the domaing for sending SPAM and they have launched an investigation to evaluate the content of the emails sent. I was confused so I looked into it and saw that the SMTP mail forwarding was open on my server and a spammer started using the account. GODADDY by default sets this as PUBLIC. So I contacted them to tell them what was going on and they told me my account might be suspended if I violated TOS. I explained I send around 3 emails a month on my account, and what had happened, but they just kept responding that it is being investigated. At the time I didn't know what was going on, but now I get it. I will be forwarding all my domains registered with back to Network Solutions, I am not a fan of sleezeball operations and extortion.

no - wrong end of stick

[sjwest]

'Americans' like Bob Parsons feel that any generic term can be trademarked - my apologies, Bob Parsons would probably feel he should have handled all of the .eu domain 'sale' rather than let good old competition that Bob cant hack. I'd never acuse anybody here of being a 'yankee trader' - but you get my drift, if that american pto office which those yanks it appears employ mindless monkeys.

While godaddy might have been honourable in the past the suits are in town - and the godaddy abuse dept must now pay its way.

I've reported godaddy abuse and wrote to 'Bob' on his blog about eurid. why ? for he's an idiot, and I'm glad i dont use godaddy, in the past or now. Mind you i dont own sex.eu, but i managed to get the eu domains on landrush without godaddys 'managerial' incompetance.

Re:Wrong. Navy won't get him

Why would the Navy want to surround his yacht? Linford and Spamhaus operate with the help of the British Government. Both the Brits and the U.S. Government use his lists themselves (it's also well-known the U.S. Navy uses Spamhaus SBL&XBL).

Also who said he's in international waters? A photo some magazine took of his yacht shows it anchored in Gibraltar (you can see the rock of Gibraltar in the background). That's not 'international waters'.

URIBL.COM RSS Feed for black domains on Godaddy

[dallase]

Hell, they could just use our data feed to identify spam domains registrered through their nic. http://rss.uribl.com/nic/GO_DADDY_SOFTWARE__INC_.h tml

Intellectual Property, Expropriation, Extortion

GoDaddy held my domain hostage because they decided some of the registered information on the account was invalid, and I had failed to fix the info within 2 weeks of some emailed notice (which I never received). I told them that domain names are an Intellectual Property that is recognized worldwide on WIPO treaties and that you need a court order to expropriate one. They closed their service on me and held the domain hostage for over one month, but they finally added it back to my account after threats of law suits.

Seriously, WIPO treaty should guarantee domain names property protections, and a registrar can not just decide to hold them hostage for any reason. No matter what their rules are. Changing or limiting the rights of the owner breaks WIPO treaties and expropriation of property without a legally valid court order, together with demands for money, amounts to kidnapping and extortion. In my case hundreds of businesses suffered a month long break into their DNS servers, which I had to replace with DNS domain registered elsewhere.

I will never make the same mistake of holding all my domains in one registrar.

Re:Intellectual Property, Expropriation, Extortion

[Dave+Zan]

GoDaddy held my domain hostage because they decided some of the registered information on the account was invalid, and I had failed to fix the info within 2 weeks of some emailed notice (which I never received). I told them that domain names are an Intellectual Property that is recognized worldwide on WIPO treaties and that you need a court order to expropriate one. They closed their service on me and held the domain hostage for over one month

Every registrar must ensure the domain name's contact details are updated and accurate as one of their agreements with ICANN. Failure to ensure means ICANN can yank their accreditation.

Pardon my ignorance, but why does Go Daddy need a court order to "expropriate one"? Their legal fine prints give them the right to yank the domain name if you don't respond to their invalid WHOIS report timely, every registrar has this right.

You don't have to like with their terms, of course. But you do agree to them the minute you checked the box beside the "I have read the Service Agreement and agree to its terms".

Like someone else said here, simplest solution is not to use them.

Small claims? Yeah right

[jeffmeden]

$50? Except Godaddy wanted 50 dollars PER DOMAIN, which means they are into these guys for $69,950. That's no small claim, i also don't see it going on anyone's credit card any time soon (maybe an AMEX platinum, but do you think they used that to reg the domains?)

Simple Solution

[Brandybuck]

Simple solution. Just stop using GoDaddy.

Digg

[wbren]

Well, here's a story you won't see on Diggnation.

"This week's episode of Diggnation is brought to you by GoDaddy -- The people who are probably holding your domain hostage right now."

Actual Hard Info

[Spazmania]

Since the article is heavy on claims and light on the basis for those claims, I thought I'd dig in to it a bit. Turned out to be a difficult. I couldn't find the registration agreement via Godaddy's web page. I had to search Google for it.

http://www.godaddy.com/gdshop/legal_agreements/sho w_doc.asp?se=+&pageid=REG_SA

Section 7 is the one that deals with spam. Here's what it says:

7. restriction of services; right of refusal

You agree not to use the services provided by Go Daddy, or to allow or enable others, to use the services provided by Go Daddy for the purposes of:

        * The transmission of unsolicited email (Spam).
        * Repetitive, high volume inquires into any of the services provided by Go Daddy (i.e. domain name availability, etc.).

If You are hosting Your domain's domain name servers ("DNS") on Go Daddy's servers, or are using our systems to forward a domain, URL, or otherwise to a system or site hosted elsewhere, or if You have your domain name registered with Go Daddy, You are responsible for ensuring that there is no excessive overloading on Go Daddy's DNS systems. You may not use Go Daddy's servers and Your domain as a source, intermediary, reply to address, or destination address for mail bombs, Internet packet flooding, packet corruption, or other abusive attack. Server hacking or other perpetration of security breaches is prohibited. You agree that Go Daddy reserves the right to deactivate Your domain name from its DNS system if Go Daddy deems it is the recipient of activities caused by your site that threaten the stability of its network.

You agree that Go Daddy, in its sole discretion and without liability to You, may refuse to accept the registration of any domain name. Go Daddy also may in its sole discretion and without liability to You delete the registration of any domain name during the first thirty (30) days after registration has taken place. Go Daddy may also cancel the registration of a domain name, after thirty (30) days, if that name is being used in association with spam or morally objectionable activities. Morally objectionable activities will include, but not be limited to: activities designed to defame, embarrass, harm, abuse, threaten, slander or harass third parties; activities prohibited by the laws of the United States and/or foreign territories in which You conduct business; activities designed to encourage unlawful behavior by others, such as hate crimes, terrorism and child pornography; activities that are tortious, vulgar, obscene, invasive of the privacy of a third party, racially, ethnically, or otherwise objectionable; activities designed to impersonate the identity of a third party; and activities designed to harm minors in any way. In the event Go Daddy refuses a registration or deletes an existing registration during the first thirty (30) days after registration, You will receive a refund of any fees paid to Go Daddy in connection with the registration either being canceled or refused. In the event Go Daddy deletes the registration of a domain name being used in association with spam or morally objectionable activities, no refund will be issued.

Okay, so there are some pretty nasty things in there. One thing I don't see is where they say they'll hold on to the name, refuse to let you transfer it or charge you an extra fee. In fact, they're quite specific: If you spam, they cancel the registration. Period.

I also read the supposed letter from godaddy at http://majordomo.ru/about/letter.htm . Maybe its just me, but the letter smells false. That's not the careful legal language I would expect from a company Godaddy's size faced with this sort of situation. I'm not discounting the possibility that its real, but it smells false. If I saw that letter in my inbox, I'd suspect phishing.

good alternatives to GoDaddy?

[alizard]

While I despise spammers, the idea of using a domain registrar who is likely to unplug me because some third-party spambot owner decided to use one of my domains without my permission as a spam address makes me even more unhappy... and at least one of my domains comes up for renewal in the next few weeks.

So who's a good, low-cost registrar with no relationship to GoDaddy?

Since I'm serious, please don't respond with "Network Solutions".

Re:good alternatives to GoDaddy?

[Electrum]

So who's a good, low-cost registrar with no relationship to GoDaddy?

http://www.domaincontender.com/

They are a rebranded directNIC (one of the top ten domain registrars).

Re:good alternatives to GoDaddy?

utropicmedia network solutions :)

http://utropicmedia.net/

the problem isn't spamhaus

[alizard]

It's godaddy using spamhaus for purposes no sane person would believe is a good idea. AFAIK, there's no way a domain service provider can check in advance whether or not any given domain name applicant is or is not a spammer, anyone on the ROKSO list can use a fake business name in order to get a domain.

Gaming what godaddy's doing to unjustly shut down a domain (or in this case, 1399 domains) is just too easy.

Imagine having a legitimate website and having it shut down because godaddy has shut down your domain service provider. There are probably several hundred Russians in that position right now.

"If someone is abusing a service for illegal..."

[alizard]

Anti-China content is illegal in China. If you put or your users some on your .com domain web server, you should have no objection to godaddy blocking your domain and making it impossible for you to move it.

They got me too! And not for spam!

[Anarchy24]

I registered a domain with them for a year. Once it expired, they sent me a bill for over $20 (I forget exactly how much). They charged me the cost of the domain, and the rest was a fee because I didn't renew it, making it sound as though I had broken some contractual agreement to re-up. If I had intended to do that, I would have paid for 2 or more years at the time of registration. So now, they continue to hold my domain name (at the old nameservers, which prevents the NS IPs from being changed), and I am out of a domain name (which was registered for a non-profit organization who now wants their website back online). I refuse to pay GoDaddy for what amounts to highway robbery and terrible customer service. They screw me over, and expect me to continue doing business with them? Not happening.

Best registrar...

[SonicSpike]

...by far is DirectNIC.
$15 and no bullshit.

To me they are like the Google of registrars - "do no evil".

They even are based out of NOLA and had very little if any downtime during Katrina. You can read about it and see damage to their building here:
http://interdictor.livejournal.com/

Re:Best registrar...

utter bullshit. do you know INTERCOSMOS ? as in INTERCOSMOS MEDIA GROUP, INC. D/B/A DIRECTNIC.COM

they are the shady side of DirectNIC. you can track some names for evidence by yourself, the same individuals work in both companies. doing a blog while Katrina is not a heroic feat, just a beg for a Darwin award.

they have their own (big) data center in or near New Orleans, they host known spammers, they provide junk email services, they steal^Wregister expired domains and practice extortion when you contact them later, und so weiter.

they are no better, and maybe even far worse, than godaddy.

Slippery slope argument,

[SonicSpike]

is indeed valid IMO.

A lot of people de facto dismiss slippery slope arguments, but is valid especially when it comes to government and other human behavior that can be reviewed with history.

Those that ignore history are doomed to repeat it etc...

But as far as registrars go DirectNIC is my favorite
$15 and no bullshit.

To me they are like the Google of registrars - "do no evil".

They even are based out of NOLA and had very little if any downtime during Katrina. You can read about it and see damage to their building here:
http://interdictor.livejournal.com/

in other words

[alizard]

You support Godaddy shutting down domains that are inadvertently associated with spam due to actions unconnected to people who bought domains in good faith from them or a downstream provider unless they're yours.

This isn't the equivalent of a property owner evicting a tenant for drug violations, this is the equivalent of a property owner evicting every tenant in one of his buildings because one tenant is dealing drugs.

Re:in other words

[Shadowlore]

because one tenant is dealing drugs.

That should be: because one tenant is allegedly dealing drugs., should it not?

speaking as a member of the

[alizard]

"SPAMMERS MUST DIE -- END JUSTIFIES MEANS!!111" crowd. . . I am also not interested in being part of the "collateral damage" because some spambot decided to forge one of my domain names or associated IP addresses to the spam it's dumping into the Net.

I agree completely that blacklists should be used to score spam, not block it, I can't afford to have mail from my editors (I write Linux tutorials for money at this point) falling prey to the false positives even the best of blacklists are subject to.

So I'm suddenly a dissatisfied godaddy customer. If they don't understand why blacklists should NOT be used for domain name blocking at the registrar level, I can't believe that they have the technical competence to handle the job I'm paying them for.

Re:a company selling... $80 domain names is shady!

This has nothing to do with how much they charge for regular domain names. (Does GoDaddy even go down to that price? I thought that was Yahoo!'s first-year deal.)

This is about bad faith enforcement of a social norm, in this case spam. GoDaddy is saying these sites are spam sources and have "shut them down." However, GoDaddy is also offering to re-instate the domain names if the websites they are accusing of violating a social norm pays GoDaddy an exhorbitant fee. If that is not the definition of extortion, I do not know what is. Basically, they are saying these sites can have GoDaddy look the other way if they pay up.

Now, if you want to talk about being like a car dealer: GoDaddy charges regular everyday domain owners $80 to get back any domain name that is not timely renewed. That's right, if you accidently lapse in payment GoDaddy charges you $80 to get your domain name back. Talk about shady.

AUP Enforcement is the RIGHT way to eliminate spam

[Kisofdth]

AUP Enforcement is the RIGHT way to eliminate spammers. I have also worked at a large ISP, and this is one of the best ways to fight spammers. Keep making it costly and more trouble for them than it is worth. Spamhaus is far and above the most reliable RBL in the world today and does more to help in the fight against spam than any other organization I know of. They are VERY reliable in only listing sites and domains with proper justification, and even more important deal with proper cleanup and removal of listings that have been remediated in a timely fashion. The reason you hear all the complaints about RBL's is because they are so effective. Yes, there is the occasional person that gets burnt because of their space being adjacent to spammers, but this also helps ISP's keep pressure on their clients to stay clean to prevent such over blockage. I'm personally familiar with one client of a large ISP that had a hard time kicking a known spammer off of their network due to a long pre-existing contractual obligation, that was able to finally disco them due to Go-Daddy's listing and blocking of dozens of their domains last year. Great job Go-Daddy! Keep it up, us regular users love to see you support your AUP!

send-safe.com get's disabled/suspended too?

Does this mean joker.com can disable/suspended send-safe.com? ROK5500
And gandi.net can stop/suspended clustermailer.com? ROK5611

Exactly + ISPS Don't Extort

[Nazmun]

I had someone sending spam from among my dedicated servers and ISP's didn't try to freaking extort me with a magical bill 100x what i normally ay like godaddy. They asked me to investigate and remove the offenders which was done. Problem solved.

Re:Spamhaus blacklisted Google GMail. :-(

[Dolda2000]

It's not interesting at all, only perfectly as it should be. RFC 2821 explicitly says to leave all headers be, exactly as they are. From section 3.7:

As discussed in section 2.4.1, a relay SMTP has no need to inspect or
act upon the headers or body of the message data and MUST NOT do so
except to add its own "Received:" header (section 4.4) and,
optionally, to attempt to detect looping in the mail system (see
section 6.2).

In other words, an SMTP server shouldn't even look at the headers, even less modify then, be they X-* or not. (The funny thing is that section 2.4.1 doesn't seem to exist, though...)

I didn't even stay in the first place.....

Ages ago I once started to do some research on domanin name availability (for my own personal domain) and I started getting online quotes for a specific name from a number of domain providers. But after I checked out what GoDaddy was offering I discovered that my wanted domain name (which was fairly unique) was suddenly owned by Godaddy. And if I still wanted the domain I had to pay for their services.

I then scrapped the idea of getting a domain for a while. As I was a little pissed that some providers do nasty Domain Camping tricks just to get your money. I have since moved on without paying them a cent and got a different domain name trough a different provider.

[homepage]

Dreamhost

[robla]

Dreamhost is only a dollar more per year, and includes privacy guard as a base-level feature (which costs $1/year on GoDaddy), so they're arguably the same price.

Rob

Re:Dreamhost

[LunaticTippy]

It's quite refreshing to see a dreamhost link without the referral bs.

false reports

so lets report godaddy.com as a spam domain and get them blacklisted.

this happened to a friend of mine

[GoatPigSheep]

Same thing,claimed someone spammed through his site, and charged a 199$ extortion fee. He transfered his domain to another registar and threatened legal action if they refused to transfer. Was lucky it went though. Godaddy is a criminal organization, I smell a class-action lawsuit.

bluehost

[Travoltus]

And they respect the privacy of your information, too.

thanks, everybody...

[alizard]

Digging through the hundreds of domain registrars unassisted wasn't a job I was exactly looking forward to, and the best kind of recommendation is that from happy customers.

Yet Another Reason Why Challenge-Response Is Bad

[patio11]

Your customers running the challenge-response solution need to be told not to, post-haste. We all know that spammers routinely forge email addresses. Accepting at face value the address on a piece of email that you get of dubious veracity, then sending an email to that address saying "Hey, are you really interested in talking to me?", IS spamming. Have your customers jump on the filtering bandwagon with everyone else, it works extremely well 99% of the time and doesn't scream "My time is valuable, the rest of the Internet can go "#$#"$ off".

1 of 1399

[romantikc+p.+m.]

I'm the owner of one of those 1399 blocked domains. I assure you all the details in the original article are correct. I, my domain, e-mail, website and anything else owned by me has absolutely nothing to do with those 2 spam activities GoDaddy refers to. And I'm pretty sure the other 1398 domains has nothing to do with spam either.

For those who don't get it, I repeat: Majordomo is not "an underground spam network in the anarchist country". If you think this way, take your nose out of computer and travel the world, it's much different from what you think. Majordomo is a legal and respectable company (yes, it's reselling GoDaddy's services). On my part I'm an independent Mac shareware developer. Thanks Majordomo, now these domains are unblocked.

GoDaddy's actions look like, feel like, smell like, and in fact ARE real extortion. It's absolutely clear, this is one of their ways to earn money. This time they went too far, probably thinking that if Russia is far abroad, such actions won't be noticed. I would recommend to everyone never have any business with GoDaddy, and those who already use it as a registrar, switch immediately.

Did I get any response to my e-mail to GoDaddy? No. Did I get any excuses for their actions? No. Will I get a reimbursement for the loss of profits? No. Anyone who had the same problems with them, send a report at internic and FBI websites, and I hope that scum will be shutdown.

Re:Spamhaus blacklisted Google GMail. :-(

[cbirkett]

A few months ago my grandmother's ISP started using the sorbs.net blacklist which blocks quite a few gmail servers. At least half the e-mails I sent her were returned because of the blacklist. I eventually gave up on e-mailing her through gmail because it was so unreliable.

This is an automatically generated Delivery Status Notification

Delivery to the following recipient failed permanently:

        xxxxxxxx@cogeco.ca

Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 9): 554 Service unavailable; Client host [64.233.184.194] blocked using dnsbl.sorbs.net; Spam Received See: http://www.sorbs.net/lookup.shtml?64.233.184.194

This is an automatically generated Delivery Status Notification

Delivery to the following recipient failed permanently:

        xxxxxxxx@cogeco.ca

Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 9): 554 Service unavailable; Client host [64.233.166.179] blocked using dnsbl.sorbs.net; Spam Received See: http://www.sorbs.net/lookup.shtml?64.233.166.179

Re:"If someone is abusing a service for illegal...

[Halo1]

You're right I used illegal as in "illegal and I agree it's bad". So I'll retract that and just keep it at the TOS level: in their TOS they reserve the right to suspend your account if you use it in connection with spamming or phishing.

Re:Spamhaus blacklisted Google GMail. :-(

This was sorbs, which is well known for having strange crieteria. My own static IP address is regularly listed as dynamic, unlisted after several maisl of complaints to them, then relisted a few weeks after...

Personally, I don't think

[alizard]

being on the receiving end of a spamhaus complaint is immoral conduct. You think spamhaus is perfect? You're in a pretty small minority. While they are very, very good, given how blacklists are put together, nobody in the domain registration business should depend on them for the purpose of deciding whether or not to deliver the services customers pay them for.

However, I agree with you that if godaddy shuts down your website down for actions you had absolutely nothing to do with or for any other reason, that you should pay the $200 to persuade them to turn it back on. But I don't think anyone else should have that problem.

Re:Personally, I don't think

[Halo1]

being on the receiving end of a spamhaus complaint is immoral conduct.

Of course it isn't. Only the actions that lead to this listing could be immoral conduct.

You think spamhaus is perfect?

No.

While they are very, very good, given how blacklists are put together, nobody in the domain registration business should depend on them for the purpose of deciding whether or not to deliver the services customers pay them for.

GoDaddy strongly encourages people to report spam to them as well, and most people who report their spam know this. It would surprise me a lot if GoDaddy based their decision solely on Spamhaus' data.

3 more cheers for eNom/boos for GoDaddy

[Zaphod2016]

I've had 50 or so domains with eNom for a year now. No problems, solid backend.

And yes, GoDaddy sucks.

OT: Just putting this domain idea out there...

[Zaphod2016]

I see quite a few of us are sitting on some unused domain names. I will assume, like me, most of you are just defending a project yet-to-be, or have "inherited" them from some goon refusing to pay a bill somewhere along the way.

There are at least 25 domains I have right now that I have no intention of using any time soon. I would be happy to trade my domains for other domains, assuming I found a name I liked better than the ones I have.

Am I a lone nut? Are you thinking to yourself "hey, me too"? Does a site exist where geeks trade the old and unloved domains? if, not does anyone else have interested in starting one?

Point of clarity: I am not talking about SEDO or any "sell your domain" service. I am envisioning a simple community "trading post"; the only fees necessary would be those to transfer the domians to each other (blame ICANN).

Just putting it out there...

Translation

Sorry for not having an account, but I never did register and don't feel like doing so now.

"GoDaddy has blocked domains of Russian users"

14 June - the company Majordomo (a Russian Internet hosting provider) has received notice from the company GoDaddy (a leading worldwide registrar of domains) in which it was written that the domains of 1399 Majordomo clients were blocked from that day.

No one at Majordomo understands why a leading registrar of domains on the world level would block almost one and a half thousand domains of a Russian hosting provider referring to false evidence. All attempts to clarify the situation have not gotten anywhere. The domains remain inactive.

On 16 June 2006 a letter to Majordomo's support office from GoDaddy came, informing that the domains of 1399 Majordomo clients were blocked from that day forward. The reason is ostensibly violation of the user service agreement with GoDaddy. The the block ostensibly originated with complaints from Spamhouse.org (a company which works with databases of various IP addresses of servers which are implicated in the delivery of spam) to the effect that Majordomo's clients are involved in that same delivery. At Majordomo they say that this allegation not only has absolutely no evidence in and of itself, but is also deliberately false. For evidence, references to complaints addressed by Spamhouse to GoDaddy were brought forward.

The first complaint was founded against the site viptimeclub.ru, which hasn't been a client of Majordomo since December of 2005. The second complaint, by the same company, wasn't founded against Majordomo; the language in it goes about one of the clients of the company Peterhost.

At Majordomo they say that the untried information from Spamhouse.org to GoDaddy is regarded as sufficient grounds to block almost 1,500 domains and change their DNS servers to: NS2.SUSPENDED-FOR.SPAM-AND-ABUSE.COM and NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM.

No notification was sent about such activities to Majordomo, but in response to questions sent to GoDaddy's spam and abuse department, there is only one answer: they suggest to pay GoDaddy $199 for each domain for its release or $50 to move it to another registrar. Yet another exit proposed by GoDaddy is to wait out the GoDaddy domain registration and register it again.

At Majordomo this situation is very worrisome, and they are struggling to resolve it. At this time they are making a collective search of owners of blocked domains, amongst which are not only actual and important juridicial persons, but also goverment instutitions of the Commonwealth of Independent States. All victims are clients of freely registered domains in the zones spb.ru and msk.ru.

The second day the hosting provider tried to get a reponse about GoDaddy's unsanctioned actions. The answer to the letters and calls was almost the same offers: various payments of money as the possible way of resolving the conflict.

I see a solution

[Hyperhaplo]

1) Craft a single spam from every single domain GODADDY has.
2) Make a complain about every single spam.
3) Watch GoDaddy take down thousands of websites
4) Watch GoDaddy get sued to oblivion in a class action suit
5) Profit!

Seriously, what happens when they pull thousands of customers sites offline and demand extortion money to reinstate them? Would banks put up with this? Government sites? Perhaps send fake spam from these sites, watch GoDaddy take them down and let someone bigger than the rest of us with very deep pockets, a very long memory and lots of hate to burn crusade on your behalf.

How unreliable black-lists are?

[Skapare]

How unreliable black-lists are? I find them to be very reliable. They tend to be way more reliable than content analysis. The latter could not understand that mail containing sales pitches for music CDs was something I actually signed up to get.

Re:Spamhaus blacklisted Google GMail. :-(

[cos(0)]

You missed the point of the grandparent. The point is that Spamhaus shouldn't require X-Orig or any other X-* header, as those are not required by standards. It is irrelevant whether headers are added or removed during transit.

Re:Yet Another Reason Why Challenge-Response Is Ba

[ender81b]

Yeah, very few are using it anymore -- and for those that are there is now a global per-email-address message limit of 5 emails.

Said policy was implemented shortly after the spamcop debacle (before it was 5 emails per user per email address iirc) but because of how they score stuff, I'm fairly sure that SMTP server is still on that blacklist (I could be wrong, haven't worked there in about half a year).

heh

[SillyNickName4me]

Moderation -1
    40% Offtopic
    30% Troll
    30% Underrated

I think those with mod points are taking this post way too serious...

GoDaddy is selling domain name querries??

[ray-solomon]

Yes, Godaddy is believed to be selling domain name querries to other companies to supplement their income. Read the full article here: http://ray-solomon.com/2006/06/10/dns-question/

Hegelian

Long term goal: gain control of the Internet

Short term goal: secretly send out spam as an excuse to shut down "spammers" who aren't actually spammers but are actually dangerous free speechers. Wooooooo!

Result: an Internet with content at a 12 year old level and very subtle propaganda at a very sophisticated level. End result is something similar to television: hell.

This is the Internet going from the control of engineers to politicians and social scientists.

Do *NOT* use domaincontender or directnic

they are behind a massive squatting outfit. Reading http://www.rootfest.net/squatters.html will bring you up to speed on it, and there's more information on a few forums, such as www.kenyatechwatch.com

Re:Spamhaus blacklisted Google GMail. :-(

[mysidia]

Not only is it not a required header, it's not even suggested or advisable to include such a header, out of respect for for clear harmful security and privacy implications of including a X-Orig header.

Totally made up claims

For all you non-Russian speakers here is some info from majordome press release ( http://majordomo.ru/about/150606.php ):
First complaint (SBL 36165) referenced in letter is about a site viptimeclub.ru, which is not a client of majordomo at all
The second compaint (SBL 42891) is about even different hosting company at all

All claims have absolutely no relation to majordomo, and yet godaddy blocked 1400 domains...

Re:Spamhaus blacklisted Google GMail. :-(

[Cramer]

This is exactly why I explicitly ignore the SORBS SpamTrap RBL. All it takes is ONE "spam" message EVER to be listed FOREVER. It doesn't even have to be spam; any message to one of their fly traps is all it takes. (they are such asses about it, too.) And they LIE about the process to get delisted -- "oh, nobody pays that 'donation' anymore..."

Basically, SORBS is pissed at gmail because they don't do any outbound anti-spam inspection. (distributed sender database thing. I'd have to dig through my email to find exactly what they insist everyone run.)

Majordomo.ru and spam

[ThePhilips]

Majordomo.ru hosts many free mail lists. It sends *large* amounts of e-mails daily. There were many attempts to curcumvent the service and use it as spam relay. Probably some of the attempts succeded to some extent. Most probably, the spam black list service just got them once N years ago listed, and never bothered to contact admins / resolve the matter. Admins over there are quite responsive.

Re:Spamhaus blacklisted Google GMail. :-(

[ubernostrum]

You missed the point of the grandparent. The point is that Spamhaus shouldn't require X-Orig or any other X-* header, as those are not required by standards. It is irrelevant whether headers are added or removed during transit.

And you miss the point of spam filtering. Nothing in the standards says it's OK to drop messages which contain the word 'c14lis', so does that mean it's a violation of standards to "require" messages not to include it? If spam heuristics indicate that the overwhelming majority of messages which meet certain conditions are spam (e.g., false positive rate less than a fraction of 1%), it makes sense to start dropping those messages. That one of those conditions is the presence or absence of a header has nothing to do with "standards", because SMTP is not being violated.

Re:Spamhaus blacklisted Google GMail. :-(

Posting anonymously just because I don't want to incur the rath of Mathew Sullivan (who is infamous for holding a grudge), the owner/operator of SORBS. I had my office email server listed in SORBS a few weeks ago for the exact same reason. My ISP had generic rDNS names for most of the IPs that shared my block (ie. w-x-y-z.company.com where w,x,y and z are the octets of the IP address associated with the record). SORBS listed this because of the rDNS naming convention. They *assumed* that the block of addresses was dynamic and listed them because of this. In reality, this entire block of addresses are static and have been static for a number of years.

Regardless, after literally dozens of attempts to
1). register with SORBS in order to delist the addresses (and having the site fail miserably, not to mention never receiving a "confirmation" email -- I went as far as to tail my mail log -- there was no connection initiated at all) and
2). filling out the contact form to report problems with their terminally-broken website
I have *yet* to recieve a response of *any* kind from them. Screw SORBS and their arrogance. For the record, Habeas (habeas.com) no longer considers SORBS to be accurate (My company being a customer of Habeas and asking them for help when there was nothing my company could do -- Seems like Habeas ran into the same problems that I did).

slick mischaracterization

Nothing in the GoDaddy story suggests that they took actions similar to the nuke switch spamhaus rarely pulls, when they block an entire huge subnet.

GoDaddy is addressing a single owner or group who control a number of websites that are related by ownership. The spam has been coming from or pointing to those domains. In an ongoing spam operation it would behoove the spam operators to maintain fresh, clean domains that can be put to use at a moment's notice once their active spam domains are discovered and blocked.

I've seen nothing to indicate that other than shutting down a single owner or group of owners operating as one, controlling the same domains, is what GoDaddy did. Why didn't they indicate that all of their domains were found to be spamming? Maybe at the time GoDaddy looked at them, they only found specific ones even though Spamhaus points the finger to others as well. Maybe GoDaddy is anticipating due to specific names, same ownership, dormant names almost exactly matching active spamming domains, or for other obvious reasons that the dormant (non-spamming) domains either haven't been caught by them or haven't been put to use yet and are being held to be put to use at a moment's notice.

Either way, if you have a problem with subnet blocking, then you have a problem with Spamhaus, not GoDaddy.

As for my position, this clarification makes clear my position as stated in the original post for those that don't get it. As for the the drug dealer analogy, in quite a few areas including in Europe and Western Asia, it is the duty of the landlord to evict a drug dealer if that drug dealer is dealing drugs from the landlord's property. In some areas the landlord can be fined the first or second time the drug dealer is caught, and the third time the landlord can lose the property. In other areas its possible for the landlord to lose the property on two or even one drug arrest, but in the ones I'm familiar with, it is after a long and protracted battle with the local government, even though the government wins these cases in the end unless a local politician's property is involved.

GoDaddy's TOS _does_ allow this

GO read the TOS. Godaddy has made provision for this already and are now enforcing it.

Enough said.

$199 OR get unlisted from spamhaus.

Read the notice again.

It's $199 OR get unlisted from spamhaus.

There's an awful lot of FUD being posted.

Godaddy have an antispam policy, are enforcing their ToS and they have the right to simply shut down and lock the domains forever.

As for all the carryon about the other registrars with privacy policies - they also mostly have antispam policies and tend to unmask anyone caught spamming.

GMail got listed because of spam.

Gmail is one of the world's single largest sources of 419-type scam email.

Adding to that, they shield the scammers by not showing the originating IPs and refuse to take action against the s[c|p]ammers.

They are fully aware they're listed - the attitude is "WE ARE TOO BIG TO BLOCK".

As soon as they deal with the spam, then they'll get unlisted.