[teddyh]

Calling a domain “haunted” is an awful, terrible way to frame it. It places all the badness of the domain on the domain itself, as if the domain name had something with it which could be removed or fixed by the domain owner. Instead, what has actually happened is that the domain is blacklisted by entirely too powerful entities. The problem lies with these blacklisting entities, not with the domain, and the solution must be done there, too. It should not be a domain owner’s responsibility to get out of being unfairly blacklisted.

It’s like when cars took over the streets, and instead of blaming cars for being dangerous for regular people using the streets for walking, the concept of “jaywalking” was invented by car companies to place the blame on people for daring to obstruct cars. Or the concept of “personal carbon footprint”, commonly used to move blame from companies to individuals, when in reality whatever individuals, even in aggregate, could do is utterly insignificant compared to what companies and legislation could accomplish.

[sealeck]

> what has actually happened is that the domain is blacklisted by entirely too powerful entities. The problem lies with these blacklisting entities, not with the domain, and the solution must be done there, too. It should not be a domain owner’s responsibility to get out of being unfairly blacklisted.

These kinds of blacklists exist because these domains have been used to host scams or distribute spam (or some other malicious activity) in the past. They're there to protect people (e.g. so that Firefox can disply a "warning: this site is a scam") and reduce abuse. They're not just there so people at Google can get a good kick out of blacklisting random domains.

[tekchip]

I'm guessing here because I'm not the author but I believe this statement is directed towards the blocklisting entities because they don't provide transparencies or a method to reach them to resolve issues with a domain once it's aquired by someone else. That absolutely is the issue of those entities.

[supriyo-biswas]

At one point of time when I had to deal with people submitting phishing links to a web service I owned, I learned some of the tricks that phishers use to get around reports, such as using IP geolocation or the accept-language and accept-encoding header to determine if the phishing page should be served.

With tricks like this, it's not a surprise to see why the companies operating blocklists are hesitant to make this process easy; after all, what's to prevent the phishers from temporarily stating that the issue has been resolved to get out of the denylist, and then restarting their campaign again?

[Seattle3503]

If the process required you to verify ID, e.g. a passport + video selfie, some accountability might be possible. But that might be too invasive for many folks.

[bragr]

This doesn't work because there's a nearly unlimited supply of people willing (out of desperation, drug addiction, or just plain poor decision making) to let bad actors use their IDs.

[lazide]

Also, all that info has been leaked a billion times now, and there are tools to allow real-time filter/overlays of faces to make it even easier.

[chrischen]

If you could get out of blacklists by transferring ownerships then people can “wash” domains by fake transfers.

[perching_aix]

I really disagree with pulling the power dynamic angle into focus here. Injustice can also be carried out by the "little man", sometimes even at scale, and is every bit as awful to remedy if not even more so.

The issue is with the issue: people/systems (big and small) blacklisting an ownable identifier pointing to some ownable content without any care for the lifecycle of either.

Painting this with a social brush is extremely unhelpful and is guaranteed to derail conversations for no benefit whatsoever.

[cj]

> The issue is with the issue: people/systems (big and small) blacklisting an ownable identifier pointing to some ownable content without any care for the lifecycle of either.

Does the lifecycle matter much, though?

Kind of like a carfax report. Tells you whether a vehicle you’re buying has been in an accident before (if it has, the value goes down because maybe there’s some latent issue that isn’t obvious at the time of purchase)

It would be nice if ICANN had some equivalent of a carfax for domains, perhaps even with a requirement that registrars expose at time of purchase whether a domain has been misused in the past (and who the prior owners were, or at the very minimum what the historical DNS records were).

Basically you want to avoid buying a “lemon” domain by accident.

I place zero fault/blame on “powerful entities” maintaining lists of domains used for spam/scams. How else will we protect grandma?

[CityOfThrowaway]

For readers: you could build Namefax as a startup! Pure-partnerships based model... distribute it through registrars.

"Heads up, this is a pre-owned domain. Do you want to get the Namefax for $0.99 before you buy?"

[teddyh]

A carfax report lists issues with the actual car. You don’t want a car with “car exploded” in the carfax report, since this would translate to actual damage in the car, damage which could actually affect you if you were to drive the car.

On the other hand, a domain reputation at Google et al. is more like Carfax reporting “This car was once parked at the same street where a horrific mass murder took place.” If this was a problem since, let’s assume for the sake of argument, the police would pull you over all the time if you drove it, it would still not be a problem with the actual car; the problem would be the police, and fixing police behavior would be the only workable solution. Using Carfax as an analogy still places the blame on the domain owner, not on Google et al.

[perching_aix]

But in this scenario there are many more parties involved than just "the police". So you can't "just fix the police behavior" for a "solution". You'd have to "fix" any and every party that already exists or pops up in the future.

This kind of issue is inherent to any system where identifiers are recycled, particularly when that recycling happens on demand. It's not "fixable", at best it's combatable. And trying to language police away the symptom and blaming it all on the pivotal participants supports and achieves neither.

[teddyh]

The analogy is not perfect, but there aren’t myriads of parties, there’s basically only Google, plus a handful of others of greatly decreasing importance.

If it was a reputation problem where, say, end clients with web browsers would each have a separate and uniquely derived negative opinion about domain names, this would indeed be a “bad reputation” problem and not a Google problem, since the problem could not be fixed at the Google side. But with domain reputation being so centralized, the problem is at the center.

[perching_aix]

> Does the lifecycle matter much, though?

How could it not? It's essentially the same issue as an unmaintained phonebook or a map. What's at a given address or phone number changes, and if your solution is not equipped to handle that change, your solution is bad.

[cj]

I agree.

But that’s not a fixable problem in my eyes. At least not without extreme and sweeping changes driven by some kind of government regulation or ICANN mandates which, if enacted, would probably be highly criticized on HN.

There are just too many block lists for domains (literally thousands if you include open source ad blockers).

The lifecycle “should” matter in a perfect world, I agree.

[perching_aix]

Oh I don't think it's full-on fixable either. What I wanted to challenge was just the characterization of the issue itself.

As you say there are plenty of volunteer maintained blocklists as well, and there are also the countless privately deployed filters using those lists, which may or may not get updated properly. That's the "little man" part, and is why I think the characterization the thread starter was trying to push is ill-fitting.

[HeatrayEnjoyer]

I couldn't disagree more. What you've written is both apologetics and simply untrue.

[perching_aix]

Sorry to hear you feel that way.

[quotemstr]

Who says it's the fault of the domain in some abstract sense? A house becomes haunted when something bad happens in it. It's not the fault of the rafters and joists. I think "haunted" is an apt description.

[teddyh]

“Haunted” still implies that the problem exists at the house/domain, and can be fixed there. But a domain being blacklisted is not something which a domain owner can fix by themselves, they have to beg the blacklister to de-list them.

[sealeck]

You'd usually describe a house as haunted if something bad has happened in the past (e.g. a murder, evil spirits, etc) and people are superstitious about this (e.g. believe some ghosts are still living in the house). Hard to see how an owner can fix this. All the usual problems the owner can fix (floorboards need replacing, gutters need cleaning, general repairs) aren't really examples of a house being "haunted".

[johnisgood]

Oh, I know people who spray holy water all around the house as a "possible remedy".

[furyofantares]

Houses are also not haunted, so it's fine. It's also fine to have fun.

[bryanbraun]

The post talks a bit about this:

In a perfect world, when your legitimately good content isn’t being surfaced by Google, it’s a failure on their part, and their problem to solve, not yours. In practice, it is your problem and you have to do a bunch of work to help them see that their current assessment of your domain name is no longer accurate.

You're right, the fault lies with the search engines, but in practice it sure feels like the domain itself is tainted somehow.

[teddyh]

We should avoid words and concepts which places the blame unfairly on mostly powerless individuals.

[deltarholamda]

"Haunted" is actually a pretty good descriptor.

Something terrible happened here in the past.

The intangible spirts from this terrible event remain.

The new owner discovers his pictures scream at him and his closet constantly fills up with blood.

The fault, ultimately, belongs with the one who did the terrible deed.

[detourdog]

blacklisted would be a good description as well.

[CityOfThrowaway]

Blacklist is too concrete.

With some domains, you merely will find a higher % of your emails land in spam, or your content ranks a bit worse, etc.

There's a somewhat random continuum. Haunting is a funny word that does sort of include some variability.

[detourdog]

Yes, but they are on some blacklist somewhere. One could say greylisted. The point is the whatever term describes the issue shouldn't be mystical.

Haunted implies a supernatural condition that just isn't helpful in system administration.

If something isn't working with a service there is always a method to troubleshoot and isolate the issue. Contact the appropriate people when needed. This is how NeoTokyo restored his "listed" domain.

[deltarholamda]

Maybe, but it's not "blacklisted" per se. You can go to the URL and do whatever.

It's not getting SEO blessings, true, but it's not disappeared.

[perching_aix]

Domains aren't individuals. Owners of domains aren't necessarily individuals either.

[simonh]

> by entirely too powerful entities

So, haunted then?