Mac Musings

Learning From the MacSlash Fiasco

Daniel Knight - 2002.06.03 -

Last week MacSlash disappeared. Zap. Gone.

What happened, and why didn't some people notice?

Domain Name Registration

It used to be that everyone registered domains through the same organization here in the States, but that changed 2-3 years ago. Now there are dozens of domain registrars.

When you sign up with a registrar, you provide them with your name, address, phone number, and email address so they can contact you about renewals and other administrative concerns.

It used to be that all email on the Internet was legitimate, so nobody had to worry about filtering spam. That changed some years back, and today many ISPs and email services filter out spam automatically.

The better services are very careful to avoid filtering legitimate email while black holing as much spam as possible. And the best services let their clients know they're filtering.

Apple's Role

A less than a month ago, it came to light that Apple was filtering spam in the mac.com domain (see MacInTouch Reader Report), which gave most Mac users one more reason to use Apple's free email service. Or so we thought.

It appears that Apple has been a bit overzealous in filtering junk email. When MacSlash's registrar sent email renewal notices to MacSlash at their mac.com email address, the messages were apparently seen as unsolicited commercial email and discarded.

That's right - legitimate business-related email from a legitimate business to a user of Apple's free email service was simply thrown away. The guys as MacSlash never received the one month, 15 day, next day, and other email warning that their domain was about to expire.

• Lesson 1: Never depend on any free email service for business correspondence.
• Lesson 2: Be sure you know if your email service is filtering spam.

And we haven't even talked about the occasional service outages at mac.com.

Was It Spam?

As one person noted on MacSlash, all domain registrars seem to send out lots of unsolicited commercial email (spam) in search of new customers. They have free access to the whois database - would we expect them not to use it to further their business?

The way blacklisting works isn't on an email by email basis. Once a server is known to generate or relay spam, it's blacklisted. Once it's blacklisted, any email going through that server is suspect and will be treated as spam - even legitimate email such as domain renewal notices.

Apple has a right to filter spam, and maybe even an obligation to do so. In that case, the various registrars need to find a better marketing model, one that won't result in legitimate email being lumped together with their marketing spams. It's poor business to relay spam, let alone generate it yourself and risk having legitimate business correspondence vanish into the ether.

The Registrar's Role

Regardless of email delivery problems, every registrar asks for a snail mail address and phone number (and probably fax as well), so you've got to wonder why they apparently made no use of these methods to communicate the imminent expiration of the macslash.com domain.

Further, is appears that they immediately released the domain when it expired (although I could be wrong), making it possible for someone else to buy and register the domain on May 28.

• Lesson 3: Don't assume your registrar will use your snail mail address or phone number to contact you about renewing your domain.
• Lesson 4: Your registrar may not provide any grace period when your domain expires.

The Domain Owner's Role

Several people have posted on Slashdot, MacSlash, and other sites to criticize Ben Stanfield (akaben) for not knowing when the macslash.com domain was going to expire. They raise a good point - in this day and age, you will receive email and snail mail from several registrars who want your business when your domain is up for renewal.

That said, you would definitely assume that your own chosen registrar would take the time to contact you before expiration, so most webmasters would simply throw all those other renewal notices in the trash.

Further, like a lot of us, the folks who run MacSlash aren't running a full-time business, probably keep better track of their site than their paperwork, and have a hard time keeping the site up and running, let alone worrying about their registrar not being able to contact them at a mac.com email address.

Still, with the number of information managers available today, it's a good idea to find out when your domain is set to expire and set up some sort of reminder system so you can avoid what happened to MacSlash.

• Lesson 5: Cover your assets. Know when your domain will expire and act proactively so you're not dependent on registrars and email services for renewal notices.

The Role of Dotster

There are a lot of domain registrars to choose from, and I'm sure Dotster isn't the only the make it easy for users to "preregister" existing domains and buy them the moment they expire. And that's precisely Dotster's role in the MacSlash fiasco; nothing more, nothing less.

I agree with those who consider this "bottom feeding" behavior. I'd like to see ICANN, the Internet Corporation for Assigned Names and Numbers, set up some enforceable guidelines regarding domain expiration, release, transfer, and reuse. Here are some suggestions:

• Require registrars to let domain owners flag all owned domains as either "important" or "allow it to lapse." Any unflagged domain should be considered important. This would facilitate transfer of unused domains before they expire and allow immediate expiration of "let it lapse" domains.
• A minimum 30 day grace period after an active ("important") domain expires before it can be released for resale. Require registrars to contact domain owners via some method other than email 10 days before an active domain expires and also within 72 hours of expiry.

ICANN already has an appeals process for hijacked and trademarked domains. Providing a little more peace of mind for domain owners would be a logical extension of what they are already doing.

• Lesson 6: There are a lot of registrars out there who will make it easy for someone to take over your domain when it expires. Renew early.

The Role of Vicente Peiro Crespo

On May 28, Vicente Peiro Crespo of Valencia, Spain, acquired ownership of the expired macslash.com domain via the "preregistration" service offered by Dotster. I'm sure he's received more than his share of emails about the issue, and I hope he will agree to return the macslash.com domain to its original owners.

How should we view his actions? Is Crespo a domain pirate or has he been falsely maligned?

First, Crespo made a conscious decision to "preregister" the macslash.com domain. He knew the domain existed, and we can assume that he also knew it was in use.

Second, once Crespo acquired the domain, he immediately redirected it to a Dotster page. If he had been a good Samaritan intending to return the domain to MacSlash, he would not have redirected the DNS entries.

Third, the redirect page included a host of links to Mac-related businesses, probably affiliate programs Crespo had signed up for. We should assume that these ads indicate he had a commercial interest in the macslash.com domain.

In the final analysis, Vicente Peiro Crespo acted willfully to take over an existing domain, redirect it, and profit from doing so. I think the "domain pirate" label fits.

• Lesson 7: Domain pirates are out there. If you're lucky, they may sell your domain back to you. If you're unlucky, they may attempt to profit from existing links to your domain. And if you're really unlucky, they'll "porn out" your expired domain.

Why You May Not Have Noticed

The Internet is a peculiar place. You can connect to any server in a matter of seconds, but it can take days for a new DNS record to propagate throughout the world. (The DNS record tells your computer what IP address lowendmac.com is at.)

Because of this, for up to three days some users were able to access the old macslash.com site, and others were redirected to Crespo's page on Dotster almost immediately. Likewise, it may take up to three days before everyone on the Internet can access MacSlash at their new macslash.org domain.

• Lesson 8: Think about having two different domains (such as lowendmac.com and lowendmac.net) pointing to your server and expiring at different times of year. If worst comes to worst, at least you'll be accessible at one domain instead of having to scramble to register a new one.

Where Do We Go From Here?

After posting a link to this story on apple.slashdot.com and emailing members of my busier mailing lists, my next thought was to my own domains. I don't want this happening to lowendmac.com, lowendmac.net, or any of the other domains I'm using or have plans for.

Thanks to generous donations from dozens of LEM fans over the past weeks, I was able to renew lowendmac.com for 5 years at $47.50 on Saturday (via AIT Domains, the registrar I use for all my sites). I also renewed lowendmac.net, lowendmac.com/cobweb/, and some others for one or more years.

I have a few domains expiring in September, and I have plans for two of them. The third, cwbx.net, was to become the CobWeb Banner Xchange, but I never had the time to develop it. That domain will be allowed to lapse, as will webparody.net (on July 12).

The rest of my domains are covered until at least January 2003, and lowendmac.com is paid up through August 5, 2007. That's peace of mind.

In the end, the best protection is keeping your domain registered. Don't let it expire. Pay up several years in advance if you can afford it. (AIT Domains has very reasonable prices and good service, which is why I moved all my domains to their registry.) Cover your assets.

• Most Important Lesson: Know when your domains are going to expire and don't let it happen.

If it hadn't hit so close to home, we might have labeled this tragedy a comedy of errors, but between mac.com, two registrars, and a domain pirate, those errors completely disabled a Web-based business for several days.

Don't let your site disappear because you neglected to renew your domain.