alt Hacker NewsNever buy a .online domain
Comments
The registrar relying on Google Safe Browsing as a “trigger” for suspension is the most horrifying thing I’ve seen in a while. This basically makes the entire TLD unviable for serious use.
The TLD owner in this case was Radix, which also owns
.store .online .tech .site .fun .pw .host .press .space .uno .website
> The domain ... has been suspended due to its blacklisting on Google Safe Browsing
Et voilà ... ! this is precisely the slippery slope I warned about a decade ago. The indirect censorship becomes direct censorship, defeating all the arguments about the morality of such a list. And:
> Not adding the domain to Google Search Console immediately. I don't need their analytics and wasn't really planning on having any content on the domain, so I thought, why bother? Big, big mistake.
Yet more monopolistic power to Google.
It's not about the .online TLD being "weird". The problem is that it was free. That's going to attract a swarm of fraudsters, spammers, etc, and then turn into a strong "this is probably fraud" signal in all kinds of fraud scoring systems.
There are lots of domains out there other than .com that are just fine.
I wonder if Radix has unknowingly created a negative feedback loop here. From Google's perspective, the DNS records disappear shortly after being flagged by Safe Browsing, which their heuristics may interpret as scammy behavior.
Side note: My empirical experience is that vanity domains are disliked by some enterprise security systems. I have a friend who owns a .homes domain which ended up being blocked by quad9 as well as the enterprise security system of a friend's work for ~half a year. The block cleared by itself.
I had the same experience while buying another TLD. For ~1 month, certain people whose ISP "helpfully" had "safe browsing" features, simply blocked us outright. For being new and different.
The learning for me was that new domains are no longer trusted, and seemingly some vanity domains get even more strict treatment.
One conclusion is:
> Not adding the domain to Google Search Console immediately.
I don't understand. What is Google Search Console, and should I add all my domains there right now?
I still remember how Google banned my entire account without providing a reason for a small Android app (more than 12 years ago). To this day I have no idea why, it was absolutely green-area fit tracker or something. There was absolutely no way to know the reason or unblock my account. Turned me away from Android development forever.
We posted this warning on HN before: https://news.ycombinator.com/item?id=40195410
We struggled a lot when we opted for the .online domain for https://pinggy.io urls
It sucks so much that there is no standard way of linking additional domains to your main one and inheriting the reputation.
Want to set up a new domain for whatever purposes (conference, new product, etc)? Be prepared to spend the first half a year fighting the various blacklists before people can actually reliably connect.
Would make so much sense if you could just have a .well-known/other-domains.txt (or something something DNS) with a list of domain names that should be considered just as trustworthy as your main domain.
It's not even about .online or other weird TLDs, it's just that the domain is new and therefore "not trustworthy". Even worse if you need to use your existing branding on the new domain - instantly flagged as a phishing site everywhere.
> Not adding the domain to Google Search Console immediately. I don't need their analytics and wasn't really planning on having any content on the domain, so I thought, why bother? Big, big mistake.
I'm not particularly familiar with SEO or the massive black box that is Google Search - is this really as critical as the author makes it seem? I have both .lol and .party domains, both through porkbun (and the TLD seems to be administrated by Uniregistry), and both are able to be found on Google Search. It seems like this preemtive blacklisting would be the result of some heuristics on Google's end; is .online just one of the "cursed" TLDs like .tk?
The first mistake anyone makes is thinking they are “buying” anything with a domain. You’re renting it. And the company you are renting from can arbitrarily push up the price above inflation. NameCheap is good for the basics. But a .site or .online domain is a no-go beyond an MVP/test.
We need to rethink the web so that fewer third parties are involved in things that seem on the surface to be an A-B conversation. To say nothing of the trustworthiness of those parties, having them involved at all is needlessly brittle.
Are you 100 percent certain that the domain name wasn't registered before and then got on the blacklist because of prior misuse?
It's quite possible that the domain you chose was registered previously and dropped because the previous owner misused it and burned that domain. The .ONLINE extension has been around for several years now.
But was this because it's .online? I got one and it was fine.
The only issue was the usual trap with all Namecheap domains: They tell you it's all set, and it works, until they randomly email you a week later asking for email verification. If you don't do that promptly, they suspend your domain until you trigger a resend. Which is easy to fix but also strange.
On a side note, thanks for wisp. I was looking for something like it so I could use it to quickly test the web builds of my tauri mobile app.
I'm sorry that the author got bitten by this. But .com purism is funny to me. I only buy GTLDs for personal projects, and I've never had a problem before. But then, I've never bought .online.
Unfortunate story. It wasn't clear to me that the .online TLD led to Google blacklisting the site. Why did you think that was connected?
Took me a minute to realize Sid isn't associated with 0xide.computer. Clever domain name!
Getting Google to index my personal site has been a pain. Every other search engine works fine, but ever since I switched the images on my site to .webp (a format created by Google!), my site's content just doesn't get indexed anymore. I've given up since web search traffic matters less and less these days with LLMs, and it only really bothers me when I'm trying to search for my own articles.
Are there any other TLDs that are of this ilk or are we saying nothing but .com will ever do? Or .org, perhaps?
Google should really be seeing some anti-trust action for requiring you to create an account with them on their search console in order to contest being added to a blacklist used by all the major browsers.
Why was the domain blacklisted though? What can we do to prevent blacklisting in the first place?
tried to roll my own email server on a .xyz domain...basically a big no go, couple of emails went through, then nothing, just a black hole. Thanks corpos and the safety theatre.
A list of all registered (3,231,464 domain so far) .online domains is here: https://allzonefiles.io/zone/online
never buy anything than com domain
especially country level domains, they are not regulated and your register can ignore whatever requirements they have to fullfil
This is one of the pains of centralization. And honestly, it could happen with any TLD.
also I don't recommend using a .xyz domain for email sending. These domains are often marked as spam, and some email providers don’t support them.
So this happened only because google is so big, that it can point to any website and say that it's not safe. Even if owner of a site just don't want to be in their search engine in the first place.
How on earth we ended up with this company bother anyone including those that want their services? Imagine that you could get your driving license banned because you did not buy a toyota...
Having .online already 5 years. No problems with email or website. Don’t understand that blog post. More problems can be with .xyz
I got og.plus that expands to OpenGraphPlus.com.
At first I was stoked to have a two letter domain, but then I looked into it and learned these companies will get you hooked with a low initial price, then jack up the prices as the domain becomes established.
Quite the grift. My plan is to tread lightly on that domain and be ready to back away from it when the rent seekers move in.
You’d think there would be some sort of rules to the neutrality of these TLD administrators, but nope.
The second time around I wised up and go ogplus.net for an API domain instead of ogplus.media. I’ll take neutrality over vanity any day.
This sounds like something ICANN should prevent. Is this not against ICANN rules? These fuckers ban emoji domains, maybe they should ban registries from arbitrarily stealing domains with no recourse. Maybe write to them and see if they can move something.
I blame both the registry and Google.
If you were a lawyer, you could have fun with this.
Btw, perhaps unrelatedly, we had a domain marked as unsafe by Google as well for no particular reason.
Last year, my registrar wanted €64,99 to extend an online domain which I had created for fun.
No thanks.
Google have way too much power to mess people's lives up. Especially for an organisation with basically zero customer support.
A great reminder even if you aren't a Google customer, Google's love of banning people with no notice or recourse will still screw you over.
Never use a “free” domain is a better rule. Even if there were no technical or administrative issues, nobody trusts them.
> Update: Within 40 minutes of posting this on HN, the site has been removed from Google's Safe Search blacklist. Thank you, unknown Google hero! I've emailed Radix to remove the darn serverHold.
I wouldn't party too soon - from my experience getting something removed from Google's libel machine doesn't mean the same process that put it there in the first place is fixed and it you will most likely go through the same thing again and again.
> Not adding the domain to Google Search Console immediately. I don't need their analytics and wasn't really planning on having any content on the domain, so I thought, why bother? Big, big mistake.
This is just another way how Google has inserted themselves as the gatekeeper of the web.
why not just buy a .co.xx (country) or simply .com / .net
and if hectic maybe .io
The logic doesn't automatically extend to other TLDs unless they too are owned by the same firm. Alternative TLDs are often preferable because they're so much cheaper than wasting money on a .com, etc.
One time I bought a .dev domain, which is/was run by Google, and after missing the renewal deadline by less than 24 hours, the renewal price jumped from less than $30, to $800.
I don’t know that the advice is solid in terms of never buying an alternate TLD.
Top of HN. Well, I guess you could say that Radix's strategy to give away domains backfired spectacularly.
honestly all of these weird tld are expensive in the long term i dont see the point of getting them
Another case of Google extorting users and showing mafia-like behaviour.
So, how is this not libel by Google? The claim was that you were running an "unsafe site". Its their job to prove that, and not just "black box says so".
And you have system and reputational damages.
Go for small claims suit, $5000. It'll cost more than that for their attorney to go to your jurisdiction.
Oh man. The infinite loops of impossible verification by large companies that should know better are massive pain peeve of mine.
This goes right to the top for me, along the ubiquitous "please verify your account" emails with NO OPTION to click "that's NOT me, somebody misused my email". Either people who do this for a living have no clue how to do their job, or, depressingly more likely, their goals are just completely misaligned to mine as a consumer and it's all about "removing friction" (for them).