A .XYZ Disaster Story

A client recently purchased a .XYZ domain for an application that they were developing. Everything was working fine until today when suddenly the domain stopped resolving. It just so happens that in their infinite wisdom the .XYZ registry had decided to suspend the domain. So what actually happened?

When you sign-up for a .XYZ domain name you are coming under the terms and conditions of the registry. A part of the terms is they have the right to suspend a domain if they deem the domain is being used for inappropriate reasons. The stated goal is to keep the .XYZ namespace safe…..sounds interesting.

Here’s the problem. For the domain in question SpamHaus, Google Safebrowsing, SURBL, URIBL (all recommended by the registry) flagged the domain as safe. Virus Total has 68 sub-organisations that they relate to and one of these organisations flagged the domain for possible phishing reasons.

Why was this the case? It just so happens that at some time the domain had been sent to advertising networks and I’m guessing that one of these networks may have had a problem with a “spam advertiser”. This sometimes happens and the networks immediately kick these types of advertisers out. In the case of the .XYZ domain this resulted in it being banned.

What was really annoying is that neither the registry nor the registrar communicated anything like, “I think you may have problems with your domain. If you don’t do something, then we’ll have to suspend it.”

One day the domain was working and the next day it wasn’t. To track back to a registry suspending the domain wasn’t trivial when the client was in the middle of a development cycle.

And the client’s registrar wasn’t immediately helpful.  First came the “it isn’t resolving, check with your hosting provider”, then lots of apologies while the client pushed back that the problem was in the DNS somewhere, and finally the registrar pointed to the status of “Server Hold” in the Whois information and pointed our client to the unsuspend site for .xyz.

And on further quizzing the client’s registrar indicated that this was a common occurrence with .XYZ domain names…..which didn’t sound very good, and would have been useful if that was the first thing they checked.

Just for the record, getting a domain unflagged by some of these “monitoring companies” is next too impossible. In fact, at one stage I had whizzbangsblog.com flagged by a company (no idea why) and after months of filling out forms I gave up. In the end I took the attitude that if Google flagged my blog as safe then that was good enough for me!

So what’s the problem with all of this? If any .XYZ domain is flagged by any monitoring company in the world (false positive or otherwise) the domain can be banned. In fact, given our client’s experience, if the domain is not banned then the .XYZ registry is acting in a preferential manner and my guess this is breaking either their contract with ICANN or the registrars.

If you’re looking at your .XYZ domain portfolio and parking them then I’d think again. There is actually an obligation on the part of the XYZ registry to ban the domain and there goes any potential revenue (small though it may be) to help pay for the re-registration costs.

So let’s imagine you’re a business (like our client) working away at developing a brand on a .XYZ domain. A dinky little backwater monitoring company has a glitch in their software that flags your domain as suspicious. Immediately your website is taken down (by the registry) and as a business owner who knows nothing about phishing etc. you’ve got to find out what the heck happened while you’re losing sales! This is crazy!

In the end, our client gave up with the .XYZ domain and went with a .COM….probably what they should have done in the first place. There’s many good reasons why .COM is so big and one of them is they don’t behave in this ridiculous manner.