Expect registering a domain to get more expensive as registrars have to hire dozens more customer service staff.https://twitter.com/rafi0t/status/984398893696811008 …
I don't follow. Why would registrars spend money on customer service staff to help people who aren't their customers reach their customers?
-
-
Because if they don't, they'll eventually get blackholed off the internet. CERTs can also (eventually) often draw on MLATS and compel compliance.
-
I think I'm missing a lot of context. But it doesn't seem like your registrar's responsibility to tell you your website got owned and is serving malware or whatever.
-
(I work for the Luxembourgish CERT, here is more context) We receive notifications about compromised .lu website. Today, we get the contact point in the whois record, and send a mail (that process is automated). If whois isn't there, our closest contact point is the registrar.
-
Relatively often, it is possible to manually search a contact point on the website itself, but it is a lot harder to automate. Out approach will be to ask the company owning the IP for a takedown, instead of informing the owner of the domain. This part can be automated.
-
I see lots of potential solutions that don't involve any customer service work by registrar. Ideally whois would just eliminate PII and provide a forwarding email for the registrant. But in absence of that...
-
But from your side you can just mail well-known addresses @ the domain and the one published in the SOA. If these don't work, I don't have much sympathy for the customer who doesn't get informed about the compromise. They should ensure standard contact mechanisms work.
-
Guessing email addresses is an option, but then we need to check the bounces and so on. Now, we have an actual contact point the owner is actually using. No, we will contact the registrars, and the hosting company, we know those email addresses are valid and a human read them.
End of conversation
New conversation -
-
-
And frankly, no sane person wants to use a registrar that doesn't do this.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Seems the more likely outcome is that ppl whose sites get compromised and who don't have a working abuse/security/hostmaster/etc. email just don't get notified about it.
-
No. That is not what happens.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.