[snowwrestler]

Why not use full domains for a service like this?

Instead of client.your domain.tld, register client-your domain.tld. This would prevent one bad actor from nuking your whole business.

Yes it has a cost, but it’s like $10 a year for a new domain, which I bet pales in comparison to other direct costs of running a SaaS.

[jabart]

So let's look at this situation. It's a shop page, shop.{clientdomain}.tld. Now you need SSL for this, using AWS you need a TXT record from their ACM. You also need a CNAME to your domain (ideally) or to a Cloudfront instance. For your customer you now need them to make 2 DNS entries. This is from my experience having non-profit like entities setup DNS.

- Well the person who set that up stopped responding, isn't there another way to get this going? - I've added all the record in what do you mean they don't match? - I don't even know what DNS is, why is this necessary? - I added in the record but the system didn't take one of them because it started with an underscore and they said that was invalid. - We just switched websites to WIX, why is our shop page not loading, is your system down? - Will this break my email, I don't want it to break my email. - Here is my login, just go in and change what you need.

So in all, it's not just $10, it's a significant investment in time and resources to do this "simple" change that until this point did not have any downside. Hindsight is like that every time.

[snowwrestler]

No, you automate all this on behalf of your clients. The customer is not registering the domain and managing DNS, you are.

The best reason not to do full domains is the risk of bad actors re-registering domains you release, as schroeding points out in another reply.

[jabart]

Now the customer has two domains and we have been training users to look for signs of phishing attempts using look alike domains AND ask them to put in their CC to buy things. Hard pass.

[luckylion]

> Now the customer has two domains and we have been training users to look for signs of phishing attempts using look alike domains AND ask them to put in their CC to buy things

They already have to do that, only currently they have to put it into customername.shop-saas.com, not customername-shop.com, or even shop.customername.com.

[snowwrestler]

The customer would already have had two domains because the subdomain was off the SaaS domain, not the client domain.

Client.SaaSdomain.tld

not

Shop.clientdomain.tld

If you’re setting up your service as a subdomain off the client domain, you won’t face the risk that one customer will get your entire service domain blocked (since it’s the customers domain).

[seszett]

They provide webshops for 60€/year and a .be or .nl domain costs 15€/year, so 25% of that. That's a lot.

[sigio]

A .nl domain name costs < $5... be probably <$10, but still.

[chrisan]

Here is our 60/year plan with a sub domain. We can't control the fact Facebook/Google/whatever might ban you because of a bad acting neighbor

Or here is our 75/year plan which includes a domain to ensure you don't run into problems with social media

[schroeding]

Apart from the cost, this would allow bad actors to reregister domains, once a shop is expired, though. Subdomains do not.

[snowwrestler]

This is true. But this risk should probably be weighed against the risk of a bad customer getting your entire root domain deny-listed.

[bo1024]

Or preregistration domains for nonprofits that aren’t on your service (or not yet).

[simonbackx]

Yes, that is a possibility. But we only charge $59 per year, so there is not much room for extra costs.