[dtdynasty]

> Ideally, search engine algorithms would give new domain owners a fresh start.

Sadly, I think this would be instantly gamed by abusers. They would release the domain name and attempt to register as a new owner or start repeatedly doing handoffs. It's difficult to tell who the owner is changing between and whether or not the new one is a better actor than the former.

[AnthonyMouse]

> It's difficult to tell who the owner is changing between and whether or not the new one is a better actor than the former.

This doesn't seem like that hard of a problem to solve, because these are domains with negative reputation, i.e. worse than zero.

So if a) the domain is no longer hosting any of the stuff previously complained about and b) is no longer receiving new complaints over a period of a year, it costs you nothing to reset the domain to zero. Because the bad actors don't have to behave for a year to get back to zero, they can just register a new domain.

All you're doing is giving the new owner the same fresh start that anybody can get by buying a never before registered domain for the same price as a year's renewal on the existing one.

[dustyventure]

Using a domain every second year in that environment would get it a gradually raising rank where it isn't penalized/sanitized (by accident, on principle, etc) so every restart after a $30 pause year would be much more effective than a new domain.

[soared]

It gets reset every year so how would it be more effective?

[dustyventure]

A system gets reset, what happens in obscure places like old HN content?

[AnthonyMouse]

The search index knows when the first time it saw that old link was. If it was before the reset, regard it as pointing to a different domain than the current one.

[dustyventure]

Google can take various actions to put pressure but it ultimately doesn't control how the entire world treats archived text.

A google rank at zero and lots of 2 hop routes to your site that google can either penalize for being an accurate historical record or not is better than a rank of zero and a domain that has never been in historical artifacts.

[jacobyoder]

How about not even look for a new owner, and just... check the content and complaint levels? If I was hacked and hosted spam, getting blocked/banned for months at a time when... the spam is cleaned and the hole that allowed it is fixed ASAP... that gives folks less incentive to fix/clean/remediate.

[dtdynasty]

3 assumptions that from my read are baked into your comment.

- Any empty domain starts with the same reputation

- Registering a new domain is a 0 cost action

- The eng effort to reset domain reputation is 0

Certain domains are used by abusers more often, usually due to them being cheaper. Forcing them to move domains is extra friction to the abusers which "haunted" domains force more than the proposed new system.

For the last point, I think it's simplifying a complex system change. Even if the new system was marginally better, it could be a large eng effort and not worth pursuing.

edit: styling

[AnthonyMouse]

> Any empty domain starts with the same reputation

What basis would you have to do otherwise, and if there is something (like TLD), why wouldn't "resetting to zero" in terms of past content just mean resetting to that zero?

> Registering a new domain is a 0 cost action

No, that registering a new domain has a similar cost to renewing an existing domain, which is a valid assumption. In fact, the new domains are often cheaper because registrars often discount the initial registration as a loss leader with the expectation that people will make future renewals at a higher price.

> The eng effort to reset domain reputation is 0

It is the job of the party operating that system to make it operate as correctly as feasible. Needlessly causing collateral damage purely out of laziness and unaccountability is how you get people showing up at government offices demanding for you to be regulated or broken up, if not showing up at your offices with a disposition to cause bodily harm.

> Certain domains are used by abusers more often, usually due to them being cheaper.

Running out of domain names is physically impossible. There are more possible domain names in any given TLD than there are atoms in the observable universe. So the low price is going to be the price set by the registry for that TLD.

Whether the TLD itself has some reputation is orthogonal to the reputation of one domain in that TLD relative to another one in the same TLD. Moreover, you would presumably do the same thing for the TLD -- if one TLD is doing promotion and has $1 registrations this year and then gets used for a lot of scams, and then next year it costs $15 and so do the renewals so the scammers move to a different TLD, the reputation of the TLD should be reset just the same as the individual domains.

> Even if the new system was marginally better, it could be a large eng effort and not worth pursuing.

If the primary goal is to reduce engineering effort then the obvious solution is to delete the entire reputation system so it doesn't have to be maintained anymore. If the primary goal is to make it work well then you have to, well, you know.

[dtdynasty]

> What basis would you have to do otherwise, and if there is something (like TLD), why wouldn't "resetting to zero" in terms of past content just mean resetting to that zero?

Fair enough, but I'm not sure it resolves "haunted" domains as a TLD which is often abused could have a lower "0" reputation and thus by default is "haunted". Perhaps it lessens the impact though by how much is quite opaque to us.

> Whether the TLD itself has some reputation is orthogonal to the reputation of one domain in that TLD relative to another one in the same TLD.

I think this depends on how reputation works and is not so clear. Registrars for these TLD also have a responsibility but have no incentives to stop abusers. If TLD domain reputation is not orthogonal to reputation individual domains on that TLD then that could be an incentive for them to also crack down on abuse as their domains have bad SEO etc.

> If the primary goal is to reduce engineering effort then the obvious solution is to delete the entire reputation system so it doesn't have to be maintained anymore. If the primary goal is to make it work well then you have to, well, you know.

I think this is the most uncharitable interpretation. The eng effort could go to features that improves other customer experiences affecting more people.

[fhub]

Google product manager interview question - Write some code with an LLM tool that leverages a LLM to determine if the new owner of a domain is doing (a) same dodgy thing as prior owner that got flagged (b) different dodgy thing as prior owner but should be flagged (c) something completely innocuous (d) needs further review.

[jsheard]

Please don't give Google ideas for more ways they can have an algorithm arbitrarily screw you over with no recourse, they're listening.

[richardw]

Well, current approach guarantees you’re getting screwed over. Any improvement is beneficial unless it blocks a better approach?

[bruce511]

You're looking at this from the perspective of a haunted domain owner. And from that perspective your idea is fine.

A good technique to evaluate ideas though is to try and view it from different perspectives.

In this case from the owner of a non-haunted domain. Can you see any potential problem with your idea when viewed from that perspective?

Now, if there are potential problems, consider the relative sizes of the two groups. Do the benefits to one outweigh harm to the other?

This technique can be used every day with pretty much any idea.

[richardw]

The parents rules seemed to indicate only reevaluating the status of a haunted domain. I see nothing about evaluating a normal domain.

[richardw]

(Therefore, this has a one-way function of improving the status of haunted domains and why I think anything is better than nothing unless it blocks a better strategy.)

[fhub]

Follow up interview question. Update the code using your LLM code gen tool of choice that, when someone submits a complaint via an online form, feeds that complaint text back into your LLM to score it again. Points deduction if the candidate ever mentions informing the complainant of anything.

[lazide]

Why would they care?

[xg15]

If it's instantly released, then yes. But in this thread are reports where the offensive actions happened 15 years ago. After such a long time of "good behavior" it makes no sense for me to still keep the domain blocked/downranked.

[xp84]

Honestly, these days, with domains in general being nearly free compared to the profit potential of a single successful spammer grift, I’m not sure I even see the point of blacklisting domains at all. 25 years ago maybe a spammer would be devastated that he had to “start all over and buy a new domain and build up its reputation.” Now, spammers launch and abandon what, a million new domains a day? Google or anyone spitefully holding onto hard feelings about what a domain “did” years ago is pointless because the spammers will move on anyway. They wouldn’t reuse abcqwertuiop26abc dot xyz anyway because it’s safer to make up a new gibberish domain anyway. Only people who acquire domains legitimately are hurt by this.

I would want to experiment judging them based on what they’ve been seen to do in the past month.

[lazide]

The only reason they go to those new domains is because of the blacklist.

If you remove the blacklist, they’d just stop doing that and it would be even easier for them.

[xp84]

I'm imagining/advocating for blacklisting them for say, 12 months, and re-evaluating them at that point. This imposes the identical cost on the spammer as now (each "detection" costs them a year's domain registration) while allowing a reputation "reset" for innocent people who acquire haunted domains.

Yes, the spammers can sit on their domains once blacklisted, renew them, and redeploy their spam on them 12 months later, but they'd have nothing to gain from the reuse, since the names of their domains are just nonsense anyway.

[lazide]

Fair point.

I’m guessing that would complicate blacklist maintenance quite a bit, which is why we aren’t seeing it work that way.

Most of these blacklists (at least initially) were emergency type measures - ‘block these spammers’, then move on with life.

Blacklist maintainers would need to maintain date first seen/date last seen info, and purge/re-add correctly.

Technically, seems like an ‘append only’ type thing is what they’ve been doing for the most part.

As this evolves and the idea that these do need some kind of expiration or we end up with more maintenance headaches becomes more widely known, maybe eh?

Or if there is some kind of legal rules around it.

[ricardo81]

A tweak to that could be along the lines of "if the DNS lookup of the domain responds with NXDOMAIN for more than x days, give it a fresh start".

I'm not up to date with SEO so unsure whether Google would (or is able to) reset the domain's backlink profile, I'd guess it would be possible. A lot of the value of using expired domains is for backlinks (or at least was)

[mschuster91]

Require a deposit then, say 1000$, that is to be refunded after a year of probationary period. You get caught being a scammer/spammer, you lose the deposit.

[Dilettante_]

The deposit would be either too high for normal people to pay, or too low to matter to bad actors

[mschuster91]

Given that spammers cycle through thousands of domains, they'd run into serious cash flow issues very soon.

[lazide]

Who holds the deposit, and what is to stop them from having someone report your domain as a spammer so they can keep your money?

[kmoser]

Sadly, the same holds true for IP addresses.