zlacker

[return to "Zoho.com CEO says domain with 40M users suspended for abuse complaint"]
1. svembu+h3[view] [source] 2018-09-24 18:21:27
>>achyne+(OP)
Zoho CEO here.

Our domain was abruptly blocked by our registrar this morning. Our NOC team and myself tried to get in touch with them and they tell us "Contact our legal". Even I could not get in touch with anyone beyond their phone operator. The domain was restored, but as DNS takes time to restore, we are still facing issues. They later claimed there were abuse complaints about Zoho.com emails (which is our personal email service with millions of free and paid users). We received a total of 3 complaints from them and two of them have been acted upon and one is under investigation.

Once we dig our way out of this, we will find ways make sure no one takes down our domain again this way.

◧◩
2. tlampo+7a[view] [source] 2018-09-24 19:04:41
>>svembu+h3
Just FYI, I'm one of the maintainers of a mid-size forum regarding opensource virtualization/containers and thus spam is a daily occurrence.

While the fight against it is rather dire and no end will ever be in sight, I'll nonetheless never stop (tool assisted) fighting.

Anyway, @zoho.com addresses used by spammers started to pop up circa a month ago and increased rapidly in occurrence. As we use stopforumspam to report and track spammer info (and surely are not the single forum seeing those @zoho.com domains) you may got a few flags raised somewhere.

Not sure what caused this sudden (from our POV) attraction of spammers using zoho, you may want to look into some defense against this. While a full solution may not be achievable it's often enough to be faster than other providers, aka the tiger defense ;-)

◧◩◪
3. krn+vq[view] [source] 2018-09-24 21:01:40
>>tlampo+7a
It sounds like the spammers found a way to automatically create new @zoho.com email accounts, and the single way to stop them might be using a CAPTCHA service from the direct competitor, Google. At least that was the unfortunate case for the privacy focused German email provider Mailbox.org[1]:

> We recently detected activities on our servers where bot nets were used to create hundreds of thousands of e-mail accounts for the sending of spam e-mail. Although we take this as a compliment – somebody out there must be convinced our infrastructure is up for the job – we needed to find a solution to stop this abuse of our service, of course. We subsequently deployed a number of different CAPTCHA systems to help our servers identify bots during registration. However, spammers were able to circumvent all these solutions shortly after they were put in place. [...] We therefore decided to use Google’s CAPTCHA for the time being, because out of the set of solutions we tried thus far, this one seems to work best.

[1] https://userforum-en.mailbox.org/knowledge-base/article/goog...

◧◩◪◨
4. lwansb+ev[view] [source] 2018-09-24 21:44:03
>>krn+vq
I suppose due to the increasing risk of being broken by competing neural networks, recaptcha appears to be moving towards a model based on usage heuristics in v3. This is something that is more easily achievable by a small startup, so I hope to see competition for this type of solution if there isn't some already.
[go to top]