Web-Based Office Suite Zoho Taken Offline By Registrar After Alleged Phishing Complaints

New submitter atxlakeshore writes: On Monday, ICANN-approved domain registrar Tierra.net turned off access to all Zoho domains, affecting 40 million customers worldwide. Zoho, a web-based office suite company, which provides customer relationship and invoicing services to small businesses, tweeted that the site was 'blocked' earlier in the day by Tierra.Net, which administers its domain name.

Zoho customers affected by the disruption reached out to the registrar's support chat and email. Tierra.net then discussed Zoho's account details with these third parties, claiming that phishing attempts were originating from Zoho's webmail service, and these attempts necessitated blocking the company's domains. Zoho is a privately held India-based competitor to Google's G Suite platform, and maintains US offices in Austin, Texas. The dispute has resulted in calls for censure from ICANN. In a series of tweets, Zoho CEO Sridhar Vembu said TierraNet blocked the domain without "ever notifying us of any issue." He also expressed frustrations at not being able to easily reach out to TierraNet executives.

rule of law breaking down.

It seems the rule of law is breaking down and the presumption of innocence is no longer required and instant guilt is all that's required.

Re:rule of law breaking down.

[alvinrod]

I don't think that's true at all. If you look back in history, mob justice was rife and there were people who were outright killed (often in unpleasant ways) over false presumption of guilt. If you're instaed referring to the court of public opinion, that's always existed and if it seems worse now, it's only because social media and global news put every bit of it at your fingertips. Twitter and Facebook are just water coolers for the entire world to share.

I wouldn't be surprised if Tierra.net knows they screwed up and are trying to take care of this internally so as not to open themselves up to any kind of legal action. Once a proper scapegoat has been found and some poor bastard is made to lean on their sword everything will be cleared up.

Re:rule of law breaking down.

[easyTree]

Once a proper scapegoat has been found and some poor bastard is made to lean on their sword everything will be cleared up.

What's taking so long? This aspect of business is ripe for disruption. Think getscapegoat.com - simply let it deep-search through your business data then only seconds after all data has been gathered, by the magic of artificial intelligence, the most plausible scapegoat is found.

CTA: Insulate yourself from consequences, getscapegoat.com now!

Migrated Off Zoho

[brian.stinar]

I had a client using Zoho Apps for a major portion of their infrastructure. It was terrible, with frequent outages, and tech support completely unable to help with anything. It was actually worse than not helping - they would pretend to help, and then burn three weeks of calendar time saying that they could perform a restoration, when they couldn't.

We migrated them off of Zoho, and are grateful to have done so. I wish we would have gotten away from Zoho sooner. They are absolutely terrible, and I feel genuinely sorry for anyone using any portion of their infrastructure.

Congrats, Zoho

[mysidia]

You won the lottery.... found a bad domain registrar.

Now I suggest reaching out to CloudFlare or CSC for help transfer your corporate registrar services to; even if it costs $50K a year --- it's better than registering your domain on some fly by night operation ICANN should've discredited for thinking they're the internet police and shutting down domains based on bogus "phishing site" or other charges which have nothing to do with the DNS system.

Re:Keep DNS and Registrar separate

[darkain]

How would this help in the given situation? ANYONE can technically setup a DNS server for ANY domain name. It is the registrar which lists either the GLUE record or authoritative DNS servers to use. The registrar can simply offline the record entirely, preventing anyone from even knowing which DNS servers to contact for the needed records.

Re:Google Docs anyone?

[Darinbob]

How do you use Google docs for phishing? Do they allow any customer to send phishing email originating from that domain?
(I never use online apps, so I don't know what these services do or allow)

Highlights a real danger of using cloud services

[misnohmer]

The higher the reliance on a centralized cloud, the more "eggs in the same basket" which break on a whim of some paper pusher in a company you don't control, caused by their incompetence, by their own beliefs or by some viral social outrage. Then of course there is "if we loose your data all you get is your monthly subscription cost back for this month", or "sorry, we're not going to fight a government request for your data", "we're shutting down the service, all the content you purchased and/or created is now gone". The industry keep cycling between centralized and decentralized computing. I wonder when the cloud based services are going to go the way of a mainframe.

Re:Tierra.net is Bullshit

[sg_oneill]

Zoho are a major cloud provider for office stuff including email.

Sure there might be some people using it for phishing, but I'd wager they are using gmail, yahoo mail, microsoft 365 mail etc etc.

Should they ALSO be taken offline everytime someone abuses the service? We're talking potentially billions of people constantly (Possibly hundreds of times a day) losing access.

I mean how much guilt by association are we talking here?