Zoho is fine as a service, but a domain suspension shouldn't cut tens of millions of people off from email.
Terms:
ICANN: The organization responsible for coordinating the maintenance of the domain name system (among other things).
Registrar: A company authorized to update ICANN database on behalf of registrants. Google, GoDadddy, Enom, etc are registrars
Registrants: An entity that wants to register a domain name. In this case, Zoho is a registrant, but it could also be an individual. This is your role if you 'own' a domain.
Authoritative Name Server: A domain name server that is considered authoritative for a specific domain.
Stuff registrars can do (among other things):
1.) They can update the ICANN database to disable a domain completely[1]
2.) They can replace your authoritative name servers with their own or someone else's (ex: botnet domains being reassigned to a security company for dismantling via court order)[2]
3.) If the authoritative name servers for a domain are owned by the registrar, then the registrar can merely change the DNS entries themselves to point to something other than the domain owner's wishes.
[0] - https://en.wikipedia.org/wiki/ICANN
[1] - https://www.icann.org/resources/pages/epp-status-codes-2014-...
[2] - https://www.icann.org/en/system/files/files/guidance-domain-...
If you have something with 40M customers I'd highly recommend going with the same domain registrars used by some of the Fortune 100 companies.
Seizing a domain at the registrar level, by court order, is also how the US government implements "seizure" of domains, if you've ever seen a torrent index site that has suddenly been replaced with a big scary FBI page (examples: https://www.google.com/search?q=this+domain+has+been+seized+... )
Domain Name: GOOGLE.COM
Registry Domain ID: 2138514_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2018-02-21T18:36:40Z
Creation Date: 1997-09-15T04:00:00Z
Registry Expiry Date: 2020-09-14T04:00:00Z
Registrar: MarkMonitor Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email:
Registrar: Google Inc.
Registrar IANA ID: 895
Registrar Abuse Contact Email: registrar-abuse@google.com
Registrar Abuse Contact Phone: +1.8772376466
Verify yourself at: https://www.iana.org/assignments/registrar-ids/registrar-ids...
Zoho is Zoho Corporation Private Limited IANA ID: 3803
I heard a lot of good things about German INWX[1], even though French Gandi[2] is more popular and is the registrar of ycombinator.com (and was the registrar of reddit.com until recently, before they moved to MarkMonitor).
> We recently detected activities on our servers where bot nets were used to create hundreds of thousands of e-mail accounts for the sending of spam e-mail. Although we take this as a compliment – somebody out there must be convinced our infrastructure is up for the job – we needed to find a solution to stop this abuse of our service, of course. We subsequently deployed a number of different CAPTCHA systems to help our servers identify bots during registration. However, spammers were able to circumvent all these solutions shortly after they were put in place. [...] We therefore decided to use Google’s CAPTCHA for the time being, because out of the set of solutions we tried thus far, this one seems to work best.
[1] https://userforum-en.mailbox.org/knowledge-base/article/goog...
[1] - https://www.epag.de/en/
https://www.icann.org/resources/pages/accreditation-2012-02-...
The cheaper, and easier way, if you're looking to start selling domains with a lower barrier to entry (but less control over how much you pay/how you sell your domains) is to find a white-label reseller registrar.
In all that time of being perplexed, you never thought to do a simple Google search? https://www.google.com/search?q=how+registrar%27s+are+create...
That being said, the proper way to report abuse to an ISP is to email the official point of contact for abuse associated with their IP netblock. In the case of Zoho, that contact info can be found here: https://bgp.he.net/AS2639#_whois
ARIN rules require that all IP netblock owners provide a valid point of contact for abuse issues. ARIN validates the points of contact annually. I believe that RIPE, APNIC and LACNIC have similar rules.
If an ISP doesn't act on the abuse after it has been reported to their abuse point of contact, then you have a legitimate complaint against them.
The gold standard for any enterprise is MarkMonitor. You can pick any other enterprise level service which would mean you don't resort to lowering yourself to begging on Twitter to find a contact at a pivotal service provider
This has damaged you beyond DNS propagation, I don't know how anybody in tech is going to take you seriously again without some serious action
Can you shoot me an email? ted [at] namecheap.com
"Email marketing software that drives sales. Create, send, and track email campaigns that help you build a strong customer base."
They don't have 40 million users. They have 40 million targets.
Of course they don't get many complaints. If you search for "zoho opt out", you get sent to a page with a HTTP 400 error.[2]
[1] https://www.zoho.com/campaigns [2] https://help.zoho.com/portal/kb/articles/what-does-email-opt...
Is the problem systematic?
Never use namecheap for anything important.
I almost has a domain frozen with namecheap after one warning. If I missed the warning email or checked my email after 24 hours they would have completely suspended my domain. I'm talking about a site with MILLIONS of visitors per month and ten thousands of posts per day, not some small blog.
I almost has a domain frozen with namecheap after one warning. If I missed the warning email or checked my email after 24 hours they would have completely suspended my domain. I'm talking about a site with MILLIONS of visitors per month and ten thousands of posts per day, not some small blog.
I run a forum site with MILLIONS of visitors and about 5,000 TB of traffic per month. Namecheap.com suddenly sent me a link warning that they will suspend my domain completely within 24 hours, if I did not delete two problem images (which were inappropriate/troublesome images but in the context of the forum posts, "a very poor attempt at humor"). I deleted the images and avoided being suspended, but the way they threatened to suspend my domain due to two images was ridiculous. If I missed the warning email or checked my email after 24 hours they would have completely suspended my domain. I'm talking about a site with MILLIONS of visitors per month and ten thousands of posts per day, not some small blog.
They may be suitable for some blog, but I can now say to NEVER use them for any enterprise site.
This has already happened with tor and Cloudflare, but at least that changed for the better recently (see https://www.zdnet.com/article/cloudflare-ends-captcha-challe...). In that case it was just one CDN using captchas to discriminate against a group of users, so that one change by the CDN could fix the issue. If too many random sites are independently blocking or slowing down anyone not logged into Google, then that'll turn the web into Google's web.
One possible solution is a proof of work for name registrations, similar to the Onion Name System [1]. There is a short talk by Jesse Victors that explains it nicely [2].
400 Bad Request in Firefox.
curl:
curl https://help.zoho.com
<html>
<head><title>400 Bad Request</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
</body>
</html>