EasyDNS's Plain English Terms of Service make them seem like a really unprofessional company:
>We are NOT a DDoS Mitigation Service. [...] If you come on this system knowingly bringing a DDoS on your heels we shut down service (we may also wildcard your DNS to localhost and set the TTL on your zone out to a year. You’ve been warned).
or
>Guilt-by-Association: not only do we terminate any domains or websites which violate our policies, we ferret out every other domain you have on the system under different names, accounts, etc and we terminate those too (don’t worry, we can tell). There is no appeal.
I'm not looking for a DNS provider, because I'm perfectly happy with my current one, but sheesh.
It's unprofessional to let prospective customers know that EasyDNS is not a company that specializes in handling DDOS, so just keep looking for a company that can help you out? Seems refreshingly honest to me. And as a customer of theirs, I appreciate that they're looking to protect the infrastructure that I rely upon.
Regarding that second part; if you do any kind of online service provision like EasyDNS, you'll quickly realize that the scammers are legion. EasyDNS is giving fair warning to anyone who thinks that they can just burn domain after domain on spamming or other disreputable ventures. EasyDNS won't allow its infrastructure to participate in scams.
These guys are extraordinarily ethical and professional.
I read it as tongue in cheek (to emphasize DO NOT DROP YOUR ACTIVE DDOS ON OUR SERVERS) and not something they actually would execute. Has anyone ever seen them do anything like this?
If it's a joke, or sarcastic, why is it in a document labeled "Plain English Terms of Service?" For that matter, why follow it up with "You've been warned?"
>Has anyone ever seen them do anything like this?
No, I've never seen them do this. But at the same time, I'm not going to give them the opportunity.
Deciding who they do and don't want to do business with is fine. It's not their job to protect vulnerable domains. Actively sabotaging someone so they can't take their business elsewhere is not OK -- especially when their offense boils down to, "we didn't tell you that someone else was attacking us." That's not doing anyone any favors except attackers.
Bear in mind, the context here is not domains doing something awful or spamming people or mounting your own attacks. It's "somebody's attacking you, and we think that you suspected they would".
I think it depends on what you did. If you did something crazy like run a DDoS C&C layer off your subdomains then it would make perfect sense for them to respond like this.
As others said every service reserves the right to do things like this, they just typically phrase differently. To quote GoDaddy:
> You acknowledge and agree that GoDaddy and registry reserve the right to deny, cancel or transfer any registration or transaction, or place any domain name(s) on lock, hold or similar status, as either deems necessary, in the unlimited and sole discretion of either GoDaddy or the registry: .. snip .. (ii) to protect the integrity and stability of, and correct mistakes made by, any domain name registry or registrar,
Emphasis mine and a bit snipped out since this is already long. This says if it affects their stability they can transfer your registration as they see fit. It doesn't include any protections on when you can change the domain or what they can change it to meaning blackholing you into localhost for a year is fine.
>These guys are extraordinarily [...] professional.
I think part of OP's complaint is they are not coming across as professional. It is entirely reasonable to take those stances but their tact is way off and definitely portrays their company in an unprofessional manner.
They might be good at what they do, I wouldn't know personally, but they come off as edgy/abrasive/unprofessional and those two quotes alone would have me second guessing if I wanted to work with people who communicate in that manner.
The only difference between them and others is that they're plain in their language rather than obfuscating it behind lawyer speak. All providers have similar provisions hidden in their TOS, it's just buried behind layers of legalese and addendums. Personally although it might not look "professional" I wish more companies would use plain language that states what they actually mean plainly without forcing you to higher a lawyer to go through the TOS with a fine tooth comb.
I take professionalism to mean you know your craft. Like for example setting the TTL on a DNS server to a year won't cause downstream services to cache the record for a year but instead something on the order of a few hours to a few days in practice.
To quote RFC 2181:
"Implementations are always free to place an upper bound on any TTL received, and treat any larger values as if they were that upper bound. The TTL specifies a maximum time to live, not a mandatory time to live."
Professionalism, at least to me, implies both competence and tact. Its nice knowing that they're capable of offering services but its also nice knowing that if/when things go wrong whether by my own mistake or not, I will be treated respectfully. What those quotes of their ToS tell me is that they're willing to belittle clients on their perceived take on events.
The short explanation is that if shit goes wrong I don't want to deal with people who figure communication among clients should be handled that way.
Where exactly does the quoted text mention shady spam operations? It's about DDoS victims, not cybercriminals.
>We are NOT a DDoS Mitigation Service. Yes, we have a lot of DDoS mitigation in place. No, this isn’t here so that you can get cheap DDoS mitigation. You cannot use any services here if you are, have been or think you may be the direct target of a DDoS attack. Contact us instead for a referral to a real DDoS mitigation company. If you come on this system knowingly bringing a DDoS on your heels we shut down service (we may also wildcard your DNS to localhost and set the TTL on your zone out to a year. You’ve been warned).
What motivates a DDoS attacker? Are they all just wannabe vigilantes seeking to right some perceived wrong (such as being banned from a club, opposing political views, etc)? Is there ever a clear economic motive?
Correct me if I am wrong, but a TTL is specific to nameservers. So if you switch from easyDNS to say cloudflare your TTLs get completely reset and the caching does as well.
In theory, maybe? But if the TTL is 1 year, why would my caching resolver try to find the new nameservers?
Also, there's a long tail of totally garbage behavior in the DNS space. At my last job, as part of moving our domains off of Dyn/Oracle, we delegated the domains to our self hosting via the domain registry, and changed the NS records at Dyn to point only at our self hosting, but we were still seeing a steady trickle of traffic to Dyn after 30 days.
Firstly, in practice this would be very unlikely to affect a domain for an extended period of time, none of the big providers really treat TTLs like that. It's the mere spirit of the thing that counts.
However, I don't see why changing your nameservers would help if your resolver was always hitting a cache entry with a 1yr TTL.
Speaking as a consumer, I'm kind of tired of companies giving themselves enormous amounts of power and then saying, "don't worry, we won't use it."
That's not a professional relationship to me. And I would hazard a guess that if I tried to contract with EasyDNS and added clauses that gave myself similar amounts of power over them, they wouldn't be as trusting of me.
The point of a legal document is to set explicit boundaries, not to set a "tone" to the relationship or scare off scammers. Setting tone is what your FAQ is for.
I think if every company wrote a "plain english terms of service" in the same vein of brutal honesty as this one, most of them would come off as pretty unprofessional.
> "We will terminate your account for any reason at all. We'll terminate it if its associated with another account that's been terminated. Often, there won't be a reason; our systems just autonomously decided that your account had to go. None of that matters to us. We don't care, because this is just a side-project to us. We have no customer support. There are no humans you can call. There is no appeal process." - Google Play
Maybe Professionalism is a series of lies and obfuscations we tell one-another to hide our true intentions and actions. But, maybe, we should strive to be more open and honest; even if its harder to hear.
Having been in that business: Web hosting companies receive a TON of abuse.
Some of them specialize in dealing with large DDoS attacks, unpopular/illegal/shady content, but most don't and want to spend their time on their product instead.
Scammers typically open tons of similar accounts, register expensive phishing domains and host phishing pages on your network, and guilt-by-association is how you clean it up.
Most of the things in their ToS are very common with any professional hosting company who is fed up with scammers, they just don't tell you about it like that.
Their ToS, while I would never use them for my own company, made me laugh because I felt the pain.
>Most of the things in their ToS are very common with any professional hosting company who is fed up with scammers, they just don't tell you about it like that.
Yeah, maybe if you primarily deal with lowendtalk hosts operated by 12yo kids. Actual professional hosting companies would never even consider this stuff.
Screening domain registrations for abuse, removing sybil accounts (i.e. "guilt by association), cooperating with authorities, terminating the contract for DDoS attacks they can't handle and shutting down Nazi pages is something the vast majority of professional hosting companies will do.
Of course, if it's a purely B2B hosting company of the "Talk to our sales department and sign a contract" variety, it's less of issue, but even they have to deal with spammers and fake company registrations who really want those clean IP blocks and will have clauses in their ToS that allows them to terminate the contract immediately.
In fact, the only providers who do not do this are the cheap low-end hosts who don't care about their IP and ASN reputation.
With how tongue-in-cheek the whole document is, this is clearly a joke to emphasize their point (which, I agree, has no place in a legal document, no matter how plain). My point is that everything else in the document is pretty much industry standard, except that others are less...direct about it.
>My point is that everything else in the document is pretty much industry standard
Is it really surprising that a hosting industry company is similar to the other companies doing exactly the same thing? I feel like this is always going to be the case.
It's specifically the weird stuff in this document that makes them stand out from the crowd.
People complain about the incomprehensible legalese in terms of service all the time. Here you are complaining about a lack of legalese. Shows you why people just stick with the unreadable nonsense.
Many platforms (e.g. Amazon, Google) will block your account without warning and any new ones you create trying to get back into their platform, and defend their behaviour with generic 'violation of T&Cs' statements to kick you off their platforms permanently. I'm not condoning this behaviour, but at least EasyDNS spell this out plainly. And since DNS is their core product, the mechanism makes sense.
It does indeed go beyond a suspension, it's a ban, and that's why I equate it to Amazon and Google blocking any new accounts - they are banning you from their platform, arguably for life. At least EasyDNS offer it to be 12 months.
I'm no DNS expert, but AFAIK, you can transfer the zone to another provider (one that you don't violate the T&Cs with) and from there you could conceivably regain control over the domain.
You completely misunderstand, this is strictly different from a ban. This is like DDoSing someone after you banned them.
The TTL tells DNS resolvers to cache the "localhost" result for 1 year, it's specifically an attempt to prevent you from regaining control over the domain at another provider.
Okay, fair point. I can only assume they would only do this for persistent and malicious violation of the rules; it's a pretty good incentive not to do anything nasty with them if they can lock you globally out of your zone for a year. In fairness, so could any other provider if they so chose. As a registrar, I can guess the amount of abuse they have to deal with (spam domains, illegal content etc.) is high enough that they're pretty tired of dealing with it, so they take the Roosevelt approach:
Speak softly, and carry a big stick.
Again, I don't agree with this approach personally if it affected me, but I do understand it from a business POV. Letting the customer know in advance that they do have this power will weed out the ones who are most likely to fall into it.
> I can only assume they would only do this for persistent and malicious violation of the rules
No, they specifically state this in a context which does not leave room for such an interpretation.
>We are NOT a DDoS Mitigation Service. Yes, we have a lot of DDoS mitigation in place. No, this isn’t here so that you can get cheap DDoS mitigation. You cannot use any services here if you are, have been or think you may be the direct target of a DDoS attack. Contact us instead for a referral to a real DDoS mitigation company. If you come on this system knowingly bringing a DDoS on your heels we shut down service (we may also wildcard your DNS to localhost and set the TTL on your zone out to a year. You’ve been warned).
>it's a pretty good incentive not to do anything nasty with them if they can lock you globally out of your zone for a year.
Sure, like violence is a good incentive too. Both of these are likely to be illegal.
>In fairness, so could any other provider if they so chose.
So fucking what, the whole point is that nobody else would do this.
I'm guessing they have had to deal with DDoS attacks a lot, and as a sysadmin I can sympathise with their frustrations - it doesn't just affect the person fleeing to them, it affects their entire hosting platform, their other customers, and ultimately them getting paid for hosting those other customers. They're probably sick of it, which explains the drastic action. I can understand why they would threaten this if they've had to ride through multiple attacks, especially if it appears someone under fire is using them for 'cheap DDoS mitigation' when it's specifically a service they don't offer.
> Here you are complaining about a lack of legalese.
Sounds like the parent was complaining about a lack of professionalism, not about a lack of legalese. Punishing clients with unusual things like changing the zone and adding a 365day TTL is just plain unprofessional. Wrapping it in lawyer talk wouldn't change that.
Ah, "unprofessional". An adjective that can be tackled on to anything in a business setting, meaning "something I don't like but can't quite articulate why, only that's different to what I'm used to".
On the one hand, I agree. On the other, it's refreshing to see the terms actually spelled out. Often you have similar things described in a very dry almost inconspicuous way.
>We are NOT a DDoS Mitigation Service. [...] If you come on this system knowingly bringing a DDoS on your heels we shut down service (we may also wildcard your DNS to localhost and set the TTL on your zone out to a year. You’ve been warned).
or
>Guilt-by-Association: not only do we terminate any domains or websites which violate our policies, we ferret out every other domain you have on the system under different names, accounts, etc and we terminate those too (don’t worry, we can tell). There is no appeal.
I'm not looking for a DNS provider, because I'm perfectly happy with my current one, but sheesh.