Also, go figure Namecheap works with these morons.
.store, .online, .tech, .site, .fun, .pw, .host, .press, .space, .uno, .website
not sure about other registrars
Sorry, can’t buy a frame.work laptop because that’s a “Malicious TLD”, according to the folks at ZScaler.
Also, some TLDs directly speculate on having very low prices for the first year or two, then 10x it on year 2 or 3.
https://prezkennedy.com/2026/01/15/the-free-domain-trap-the-...
> Freenom’s terms of service allowed them to “cancel” a free domain at any time without warning. Users reported for years that as soon as their free site started getting significant traffic (and becoming valuable), Freenom would reclaim the domain and fill it with ads, effectively hijacking the user’s hard work.
> Not adding the domain to Google Search Console immediately.
I don't understand. What is Google Search Console, and should I add all my domains there right now?
You can also request Google to index your site on GSC as well.
You should probably add your websites to GSC.
Was called webmastertools before.
But if you do - you would get some notifications from Google about that website/domain.
I've only ever seen emails of the "There's an increase in 4xx/5xx errors on site/page(s)"
Google's way of tying real identifies of people to domains, without making it explicit.
Basically, your domain will be weirdly treated by a bunch of entities, none the less Google themselves, if you don't add your domain there (or some other Google property).
Especially with less common TLDs, like .online, they really want to be able to tie it to some identity, so unless you add it there, eventually your domain ends up on some sort of blacklist, in the case of the author it seems they used the "Google Safe Browsing" blacklist to get the author to involve Google somehow.
And yes, you probably should, if only to pre-register your ownership thereof if google ever decides to nuke you from orbit
I was price-gouged out of owning a single, rare .icu domain when renewal fee for it went from 20 usd to 220 usd overnight, just for this one domain... I'm pretty sure it's not Gandi, but the TLD opetator, because other .icu domains I've had were fine. I decided to eventually abandon them all anyway. Moved away from Gandi later when they started doing gouging of their own, too.
What is HN's opinion on Dynadot?
And you have system and reputational damages.
Go for small claims suit, $5000. It'll cost more than that for their attorney to go to your jurisdiction.
it's not meant to have any other consequences
so basically what happens is that because of hearsay of google thinking you site is not bad Radix does what normally should involve a judge order (taking down the whole domain)
(1): Yes that still would cause damages on any site with customers, but like way less and way more fixable then what happened here.
(IAAL, but this is not legal advice. Consult a licensed attorney for legal advice.)
.store .online .tech .site .fun .pw .host .press .space .uno .website
So, might as well to block entire TLDs and never buy a domain under those TLDs
Scam websites will use any TLD in my experience. Based on the ones that made it to my Google search results, .it and .info are the TLDs I should be blocking. When I search for "free roblox cash", most websites are .com. "Free robux" also brings forth a few .ca websites. "Free steam gift card" leads to .org and .com.
I use them when I need a random domain.
The bigger problem is the unbanning - for which there should be a better system, probably that should take the form of the registrar having a short grace period to aid in the Google stuff (DNS verification etc.) with additional checks by the registrar to make sure it's not being used for spam/malicious content.
The other point being why was Google banning you so quickly? This is the opaque part. Was the site reported? Was there some URL hijinks? That's the thing you'll probably never find out.
If the registrar tracks this information, a possibly helpful course of action would be to notify or warn the domain owner that they are on the list.
In the modern adversarial web, I do not want a registrar that proactively disables my domain because of some third party report.
The was my first thought as well. Yes, using the Safe Browsing list feels wrong, but I don't know enough to speak definitively in that regards. However wouldn't a relatively simple solution be that if a registrar is choosing to use some third party's list of banned DNS entries that the registrar then also implement sufficient unblocked components that will allow people to be unbanned from that third party?
> Add a DNS TXT or a CNAME record.
I haven't had a use-case for a TXT record come up yet, but isn't it low risk enough to allow domain owners to continue to configure TXT records even if the registrar wants to ban configuring other record types? Then the person in the article could prove ownership and could then get off of the third party ban list that the registrar was utilizing.
Now whether this downside justifies the massive problem it causes on false positives...
The registry only maintains a list of NameServers associated with the domain (and records for DNSSEC zone signing). Registries have nothing to do with regular records. They only record who defines those records.
Even google safe search isn't blocking you site per-se, it just adds a very annoying "this site is not safe" dialog you can "somehow" bypass (but most people wont and don't know how).
Like if this where the main site of a company (which it very much could be) this would also have taken down mail, all APIs, all Apps relying on such APIs.
so no this is absurdly unreasonable actions
that they seem to neither know nor care that this makes it impossible to "fix" false positives with google isn't helpful put this in the area of high levels of negligence which can get you into a lot of trouble in the EU
If you were a lawyer, you could have fun with this.
Btw, perhaps unrelatedly, we had a domain marked as unsafe by Google as well for no particular reason.
No thanks.
Et voilà ... ! this is precisely the slippery slope I warned about a decade ago. The indirect censorship becomes direct censorship, defeating all the arguments about the morality of such a list. And:
> Not adding the domain to Google Search Console immediately. I don't need their analytics and wasn't really planning on having any content on the domain, so I thought, why bother? Big, big mistake.
Yet more monopolistic power to Google.
On the flip side of the coin I cannot get a site removed that is a blatant rip off of one of our websites being actively used for invoice redirection fraud.
Considering that getting a domain is a normal part of business these days, this kind of thing should be illegal. Not to mention, why does Google have any say in this?
Which likely is slow without a poke it's reasonable to base the decision on whats available.
That's just how reputation works.
Because keeping Google happy or at least not bothered is an existential priority for registrars
It’s not libel. Defamation requires a false statement of fact. Marking a website as “unsafe” is an opinion.
“unsafe” is a term that is both broader and more vague, so I would consider it opinion unless backed up by appropriate facts (like “contains CSAM”, “contains malware”, and so forth).
If the opinion is meant to be just another opinion, then it shouldn't cause any blacklisting of any sorts anywhere.
I agree with this! The registrar should not have triggered a suspension because of this. They're not obligated to, and the two processes should be decoupled.
No.
The source should be more careful. It's the equivalent of a renowned newspaper printing warning a restaurant being unsafe to visit. Should the customers' willingness to visit be magically decoupled from this opinion?
I dont care if their pre-LLM ai says "thingy bad". They are responsible for the scripts or black boxes they control. I dont care if they dont give a reason.
Claiming bad/malicious/etc site is 100% libel. And doubly so, anybody who has been forced to agree to a ToS with binding arbitration should have it removed for libel.
No it isn't. https://www.law.cornell.edu/wex/defamation
Please, use words correctly.
> a plaintiff must show four things: 1) a false statement purporting to be fact; 2) publication or communication of that statement to a third person; 3) fault amounting to at least negligence; and 4) damages, or some harm caused to the reputation of the person or entity who is the subject of the statement.
They falsely marked the site unsafe[1] on a published list[2], the results weren't checked and couldn't be appealed[3] and OPs site was taken down[4].
It’s not libel. Defamation requires a false statement of fact. Marking a website as “unsafe” is an opinion.
I get that's mostly what corporate lawyers argue about, but it's functionally dishonest in this case.
Which is why:
> The precise legal definition of defamation varies from country to country. It is not necessarily restricted to making assertions that are false, and can extend to concepts that are more abstract than reputation such as dignity and honour. --- https://en.wikipedia.org/wiki/Defamation
However in such countries that don't limit defamation to facts, I believe doing things like posting a negative review of a business opens you up to having to pay damages despite everything you posted being true, verifiable facts.
The problem is that these gatekeepers of the internet respond to false statements of facts/opinions by so called professionals.
I had cloudflare mark a worker as phishing because a AI "security company" thought my 301 redirect to their clients website was somehow malicious. (url redirects are normal affiliate things)
If the professionals don't understand the difference and cloudflare and google blindly block things, this is scary.
The external people treating these lists as absolute truths and automatically taking domains down are the ones at fault here. Google didn't grab power, Radix gave it to them without asking.
The problem is the vanity domain registrar Radix using that as a reason to _put the whole domain on hold, including all subdomains, email entries etc._
This means:
- no way to fix accidental wrong "safe search" blacklisting
- if it was your main domain no mails with all the things it entails
- no way to redirect API servers, apps etc. to a different domain. In general it's not just the website which it's down it's all app, APIs, or anything you had on that domain
Google Safe search is meant to help keep chrome users safe from phishing etc. it is fundamentally not designed to be a Authority Institute which can unilaterally dictate which domains are no longer usable at all.
Like basically what Radix did was a full domain take down of the kind you normally need a judge order for... cause by a safe browsing helper service misfiring. That is is RALLY bad, and they refuse to fix their mistake, too.
You normally don't have _that_ level of fundamentally broken internal processes absurdity with the more reputable TLD operators (which doesn't mean you don't have that in edge cases, but this isn't an edge case this is there standard policy).
This goes right to the top for me, along the ubiquitous "please verify your account" emails with NO OPTION to click "that's NOT me, somebody misused my email". Either people who do this for a living have no clue how to do their job, or, depressingly more likely, their goals are just completely misaligned to mine as a consumer and it's all about "removing friction" (for them).
I wonder if finding people responsible and spamming then with their own service emails would make the team care enough to fix this. But of course that's mostly dubious, probably illegal, and shouldn't be a responsibility of some vigilante hacker
Malicious in-attention then, by the profit driven org? :)
I constantly remove it whenever Gmail sends me the notification.
I can't help but think there is some method for the other person to steal my Gmail account if I never remove my email as their backup.
I hope it's because I have small simple email and not because they want to steal it.
I do wish there was a requirement for some sort of "no" button that would stop sending sign up requests entirely.
I'm not particularly familiar with SEO or the massive black box that is Google Search - is this really as critical as the author makes it seem? I have both .lol and .party domains, both through porkbun (and the TLDs seem to be administrated by Uniregistry and Famous Four Media, respectively), and both are able to be found on Google Search. It seems like this preemtive blacklisting would be the result of some heuristics on Google's end; is .online just one of the "cursed" TLDs like .tk?
It is critical in the sense that if you want to appeal the decision in a case like this, it will go much better if you pre-verified that you own the domain.
(I don't think it has much effect on google search placement at all)
I suspect there is something the author is not telling us.
OP says:
> no gore or violence or anything of that sort
That’s not even the right criteria. OP is confused about Google Safe Browsing vs Safe Search.
We struggled a lot when we opted for the .online domain for https://pinggy.io urls
I wouldn't party too soon - from my experience getting something removed from Google's libel machine doesn't mean the same process that put it there in the first place is fixed and it you will most likely go through the same thing again and again.
> Not adding the domain to Google Search Console immediately. I don't need their analytics and wasn't really planning on having any content on the domain, so I thought, why bother? Big, big mistake.
This is just another way how Google has inserted themselves as the gatekeeper of the web.
The only issue was the usual trap with all Namecheap domains: They tell you it's all set, and it works, until they randomly email you a week later asking for email verification. If you don't do that promptly, they suspend your domain until you trigger a resend. Which is easy to fix but also strange.
ftfy
I had the same experience while buying another TLD. For ~1 month, certain people whose ISP "helpfully" had "safe browsing" features, simply blocked us outright. For being new and different.
The learning for me was that new domains are no longer trusted, and seemingly some vanity domains get even more strict treatment.
ocdtrekkie•1h ago
ssiddharth•1h ago
Citizen_Lame•1h ago
e40•1h ago
Citizen_Lame•1h ago
jgwil2•54m ago
rationalist•49m ago