My registrar suspended my domain because an abusive user was using a subdomain for phishing. They told me they can't inform me first of abuse so I can deal with it; they'll suspend the domain immediately.
Who's a good registrar that will contact me first if they get an abuse report?
Yep, I've learned that hosting other people's stuff on your domain will harm the domain's reputation. Use a different domain for user content, and make it fungible.
The problem was the phishing, not the subdomain. If your app allows users to run phishing operations, moving the content from user.foo.com to www.foo.com/user probably won't help much in parent's scenario.
I have to disagree. A phishing scam from "billing.foo.com" would be much harder to spot than one from "user-content.foo.com/billing". Especially if the user has free reign over the style + content.
If the user is going to be able to design + style the pages any way they want, having something in the URL to indicate it's still user content is important.
No. The problem is the subdomain. Allowing people to phish on a subdomain is lending the phisher the credibility of legitimate websites hosted on the domain. It’s like lending a thief your uniform so that he can disguise himself as an employee. You’re an accomplice when he uses it to steal.
> How is abuse reported? Can I be made aware of reports of abuse before the domain is suspended?
And support responded:
> Abuse reports can be submitted to our Abuse Team via email using registrar-abuse@google.com where reports are analyzed and investigated further. Warnings are not given out, however, unless the reporter also reached out to the registrant of the domain in question. If a domain has been found to be in violation of our terms of service, the necessary actions are taken.
I've been happy with EasyDNS for more than a decade. They charge a bit more but treat customers well and in the few instances where I've contacted support, they've been great. I know there's a lot of cheaper registrars, but $1/wk doesn't seem like a lot to me to never worry about this stuff.
It’s your domain. They are under no obligation to report to you something you are doing. Phishers would use these emails to test whether or not they’re avoiding detection.
Who's a good registrar that will contact me first if they get an abuse report?