Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
petterroea 6 hours ago

Side note: My empirical experience is that vanity domains are disliked by some enterprise security systems. I have a friend who owns a .homes domain which ended up being blocked by quad9 as well as the enterprise security system of a friend's work for ~half a year. The block cleared by itself.

I had the same experience while buying another TLD. For ~1 month, certain people whose ISP "helpfully" had "safe browsing" features, simply blocked us outright. For being new and different.

The learning for me was that new domains are no longer trusted, and seemingly some vanity domains get even more strict treatment.

mavamaarten 5 hours ago | parent | next [-]

Even (uncommon) country TLD's too. I own a .vg domain which is a perfect match with the initials of my last name. My mails end up in spam quite often too, despite having set up SPF, DKIM, DMARC and all that stuff correctly. It's just not common so some security systems block it.

Avamander 5 hours ago | parent [-]

It's not just about being common, it's also about the share of abuse coming from such domains.

wink 2 hours ago | parent [-]

Or just incompetence, I had to lobby to get .org unblocked for mail at some CS faculty of a (not my) university, 20 years ago.

Avamander 2 hours ago | parent [-]

Usually not, just look at for example SpamHaus's top abusive TLDs. New TLDs dominate.

mghackerlady 4 hours ago | parent | prev | next [-]

Fortinet blocks new domains by default so I can never check out cool new projects on the front page when I'm procrastinating nowadays :(

snailmailman 3 hours ago | parent | prev | next [-]

This does unfortunately actually work pretty well as a security measure. The new domains that are cheap and good for fun side projects, are also cheap for scammers.

For a while I noticed all the scam links my grandmother was getting were from ‘.top’ domains. I fully blocked it at the DNS level. Her DNS settings also block all newly registered sites for 90 days. She hasn’t ever had issues with it. But these have actively prevented her from clicking on scam links multiple times.

Facebook, google, and all the popular sites are all older than 90 days, on popular well known TLDs. My grandmother doesn’t seek out new trendy sites.

It was definitely something I considered when buying a new domain. I sorted by price, and then immediately ignored all the cheapest domains that were ~$1 because I’ve seen them being used for scams. They may be cheap but good luck using them.

roger110 6 hours ago | parent | prev [-]

Because the entire security mechanism of the www today is "look at the domain name to make sure it matches." And the TLD is at the end where people might miss it.

5 hours ago | parent [-]
[deleted]