Ask HN: Suspended by Google Domains

63 points by ml-engineer ↗ HN
We received a notice that our domain (registered with https://domains.google/) will be suspended in 72 hours due to a spam complaint. Truth is, out of 205,169 emails sent, only 15 of them were marked as spam.

There is no one at Google who would help. And now we have less than 42 hours to resolve this issue. Failing that, our website will be cut off from more than 500,000 community members worldwide.

52 comments

[ 4.6 ms ] story [ 111 ms ] thread
Hi,

This could be an instance of email spoofing. Can you check the headers of the email for any domains that look suspicious?

What did the email say exactly? Why would a spamming domain be suspended in 72 hours instead of right away?

If it actually is a legitimate "notice" and not email spoofing, you can try them on Twitter: https://twitter.com/Google

Google has been responsive pretty much every time I have needed them, which is impressive. I tweeted a few days ago, not even tweeting "at" them, and they got in touch: https://twitter.com/jugurthahadjar/status/143051010590950195...

The suspension notice was definitely sent by Google:

From: registrar-support@google.com Subject: A message from Google Domains SPF: PASS with IP 209.85.220.75 DKIM: 'PASS' with domain google.com DMARC: 'PASS'

The email said:

Hi there,

Your domain was reported for spamming activities and will be suspended in 3 days. ... It may result in cancellation of your domain registration or termination of your account.

Regards, The Google Domains Support Team

---

So far the experience has been exactly the same as how Gitbook described their similar situation: https://blog.gitbook.com/tech/post-mortems/06-20-gitbook-dom....

No one at Google would answer any questions. And we have no idea what to do right now.

Emails in email spoofing definitely show a legitimate domain in "From"; it wouldn't be fun otherwise. Look at the headers. All the domains in the many "Received" fields, "Return-Path", etc.

Look not for signs it is authentic; look for signs it is not.

Also: https://developers.google.com/domains/express/support

Sure, we did reach out to Google Domains support team. They acknowledged the case as valid, however, could not answer any questions about it (because it is being handled by the compliance team). We spoke with 5 different agents so far.
>out of 205,169 emails sent

What's the timeframe for this?

That's from the past 30 days.
Are you sure you’re not actually spamming people? What sort of messages are these? Did people subscribe to them? How long have you been sending these out for?
Absolutely not! We use double opt-in, with explicit subscribe call to action. We are fully GDPR/CCPA compliant.
If the content of your email or frequency of emails is not inline with the expectation of subscribers when they subscribed, some will report the emails as spam regardless of the steps you documented.
Sure, we have been doing this for several years so we are aware of these pitfalls. The issue is the way Google has been handling this case. There is no process, no communication. They have made extreme threats, with nothing to back it up, no way to respond.
This a thousand times. We also go to greath lengths to ensure there's no spam coming from our servers and then we get a notification and it's for a legitimate email that someone reported as spam for whatever reasons. It's frustrating.
I'm not that keen on the phrase "double opt-in". It's a phrase used by marketers, to make it look as if anti-spammers are doubling their workload and making things unnecessarily complicated.

What you are referring to should be called "confirmed opt-in", and it simply means that you don't accept an opt-in unless you can be sure it came from the owner of the mailbox in question, and was not forged. Making people opt-in twice wouldn't help with that.

Sorry this happened. All I can recommend is to transfer your domain away. We do cold reachouts as well (less than 20 a day though) and I have my domain in namecheap.
Maybe obvious and or stupid

But can you transfer the domain?

We could not transfer the domain. I would like to because the whole community is currently being threatened. Not to mention, personally it could result in "termination of your account," the Google account that I have been using for more than a decade (for my emails, cell phone, wallet, etc)!
It's a bit late now, but it's a good idea to make a new fresh Google account for each project (which will require a new fresh phone number to verify it when you create it, I suggest Mint prepaid), for reasons which are at this moment too obvious.
Thank you, especially for recommending Mint.
All google accounts are tied up/linked up. If one Google account is banned, Google will terminate every thing else.
At this point, I would like to have NO relationship with Google, period. This has been a nightmare to deal with, and I have learned my lessons. NO GOOGLE.
Only if you link them by logging in to multiple ones from the same cookie jar.

Use a distinct number for creating each, a vpn at all times, and don't cross the streams (use a fresh browser/profile).

> We could not transfer the domain

Depending on the TLD that might be a contractual breach between Google and the registry. I would suggest reading the TOS of the extension on the registry's website and complain if Google breaches them. Sometimes it's forbidden to the registrar to prevent a transfer, even when there's a dispute.

Thank you, thank you for suggesting this!
This is a lesson I learned the hard way when my Microsoft account was suspended without explanation for a month, then restored with zero explanation. I couldn't access my OneDrive, OneNote, Skype, Office, email, I couldn't even play games I had bought for my Xbox, or access apps from the Microsoft Store.

The lesson learned is don't put all your digital eggs into one digital basket. Takes a lot to make you smile after that.

> eggs into one digital basket

Not just digital. For many years I have avoided the seduction of "triple-play" TV, phone and broadband, precisely because I don't want to let a single billing dispute leave me cut off from the world.

Similarly, I choose to buy gas from a gas company, and electricity from an electricity company. I don't want a billing dispute (or an honest mistake) to leave me completely without fuel.

I really like this way of thinking. Minimizing risk over short-term convenience is something we should all think more about.
This truly is why Google should be broken up. I understand the anti-trust argument now.
(comment deleted)
There's nothing you can do. Google will not listen unless there's giant public outcry. I would recommend going with a more proven registrar and trying your hardest to inform your community of the new domain before it's too late.
Exactly, I am learning it the hard way. I have been warned many, many times before (about Google) but I did not take them seriously.
Note that in the case of domain names Google is not all powerful. The ICANN and the ccTLD registries are. If Google threatens you and your domain and doesn't let you appeal, you can (and should!) contact both the registry directly and the ICANN if the TLD is not a ccTLD (> 2 characters)
(comment deleted)
He definitely should, but the issue is that, at least in my experience, ICANN and TLD registries are rather slow, and he'll already experience serious downtime by the time he gets his domain back, assuming he ever does.

In a time of major convenience, a few days of being down can mean thousands of people move elsewhere, to services with a more proven uptime. It's really not easy to go through problems like this unscathed.

Heyo, Googler here.

Can you shoot me an email to <snip> with your domain information?

I'll forward it where I can and hope we can figure out what's going on.

I unfortunately can promise anything, but I'll try my hardest!

Disc: I work at Google, but not near Domains.

EDIT: removed email as I got the info I needed!

Forwarded you the original email. Thank you so much!!
(comment deleted)
Can you instead push for giving your *customers* the ability to actually contact you in case of a problem? It's shameful that the only way to contact one of the biggest megacorp is being noticed by an employee on Hacker News.

FWIW, in the case of a domain, this might be an ICANN breach (if OP's domain is a gTLD) or a registry breach (if it's a ccTLD). You HAVE TO be contactable and you HAVE TO reply. If you don't comply to the rules Google Domains might in theory lose its accreditation.

Indeed! We have contacted them 15 times, and provided as much detail as possible for case resolution. Forty-two hours later, we have yet to receive a single reply! It's truly astonishing.
I guarantee the actual teams on these systems want there to be a support network. Google bosses do not. There's no way internal teams are going to overcome that decision.
In this case, we do have a system for appeals, and it was included in the initial email. However, it seems like the system triggered on Friday/Saturday, where most of our support personnel were enjoying their weekend, which lead to longer response times.

Disc: I work for Google, but my opinions are my own.

I don't intend to be personally rude here and appreciate that you're trying your best to do the right thing in this circumstance. I know there's some good Googlers out there.

But I'd have to say that it is absolutely shameful that desperate businesses have to try and hope to get noticed on social media to get a problem resolved. We all know that this is true. Not having responsive customer support is the way a scam operates, not a legitimate business.

Offer a paid customer support line if you must to reduce requests to a manageable number, but Google is absolutely killing off many innocent small businesses with the way they operate. Especially in these troubled economic times, it's absolutely horrific behavior.

Move to cloudflare domains. Google has no business controlling anything.
Yes! We are moving everything away from Google. No more Google products. Personally I have been fooled by their shiny, easy-to-use UIs. Turns out it's a trap!
Love how they have this in the said page: "Get 24/7 Google support from real humans."

Amazing.

They are so shiny and so smart. It's easy to tell behind it is a group of truly smart people -- marketing, designers, engineers, and etc. Except, working with them have become our worst nightmare, the greatest risk to our existence.
They got so used of the user being their product, that they forgot sometimes they actually have to give support to the users who are using their service.
If you want to change registrar, I can recommend Dynadot. They offer support via chat, e-mail and phone.

I’ve also heard good things about Gandi.net.

Google Domains has had, from time to time, many odd complaints made against it.

Thankfully, Google Cloud Platform DNS has started to roll out, and I believe both management AND registration is available with enterprise support and more significant security.

Can you move your domain registration elsewhere?

Why you should be put it with this nonsense from google?