TLD block

[jkstark]

So - came across another TLD block that is an issue, and a further issue in that the information presented to the user is vague and misleading..

The initial wording makes perfect sense to people who have a background in networking/IT.  To they lay person, it means nothing.  The description below also does not say anything about what a TLD actually is.  The problem that I have with this is that the wording makes it seem to lay person that the website that they are trying to visit is suspicious, not just that you block  the entirity of the BIZ domain by default.  While I have seen a large number of suspicious new TLDs such as  '.CLUB', the BIZ TLD is significantly older and used by a good number of legit businesses.  Sure, there are bad apples there too...  However, if you want to block an entire TLD, you MUST make it extremely clear and explicit to the user that the block is because you block *ALL* .BIZ addresses, and not just the domain that the user is trying to get to.

I also have a really hard time accepting that MB does not have a validation server for users (and outsiders) to check to see if a specific site is blocked and what the reasoning/evidence is for that block - something that I have had a need for earlier.  I am a customer, and am generally pretty satisfied by the efficiency of the software and the level of protection, but the number of false positives is truly troubling.

Please whitelist permanently - and rethink your message wording and your policy of wholesale blacklisting of TLDs...

 

Tnx

Kris

[gonzo]

The website has been whitelisted.

[jkstark]

Just the one, or a wildcard under that domain?  Looking at other addresses, I see that it is just the single host - which is insane... 

While this is our corporate domain, and thus has several hosts internally that are not externally accessible, there are also a number of hosts that are designed to be accessed from the outside world.  A single host being whitelisted is a backward process; you would not go and blacklist an entire .COM TLD, or a .FI, or even a .CX, and then provide whitelisting to a restricted number of hosts.

While I can understand that there is a whole rash of bad actors at certain new TLDs, blocking an entire TLD is not an effective solution to fix this.  If you want to take a reasonable approach, block "new" domains, until you have a chance to validate the host in question.  However, domains that have been active for months or years should not have to deal with finding themselves categorically blacklisted because of a blanket blacklist without any validation.

Beyond that, as I mentioned, your wording for what the error actually is and what is the cause of the alert as displayed is misleading and extremely difficult to understand for an average internet user.  The end result of that is a a rise in support calls to staff for organizations whose hosts have been blacklisted.

In this case - the error relates to a series of sites providing a service by the State of New York; your blanket blacklist is causing certain state employees from being able to complete their tasks, and preventing businesses in the state from being able to communicate with the state for regulatory issues...

Please rethink your policies and provide for easier ways to make sure that false positives cannot happen easily, and when they do, provide automated systems for validating and fixing those false positives.  I also can't be left in a situation where I have to check with you every time a new host is added to the domain to make sure that it also gets whitelisted - that is simply ineffective, overbearing, and inefficient...

 

TNX

Kris

[gonzo]

You referenced that subdomain, so I whitelisted that subdomain.  You did not ask for the entire domain to be unblocked, so it was not at the time.  I have now whitelisted it.  I agree with you that the policy is challenging for everyone involved, however I am not the person who made the rules.  I must go by them, and do my best to make everyone involved happy or at the very least, less unhappy.  We are rethinking our wording for the block messages.  I hope they are more clear in the future.

The whitelist should take effect in 15-30 minutes.

[jkstark]

Thank you.

I assumed that you are not the person who decided upon such a policy, but obviously I do not have any idea as to who did make that policy, or how to contact them.  It would stand to reason that somebody did come up with this idea, and that it also stands to reason (from simply reading through some of the topics here) that the policy is not only causing issues for me, but for a number of others as well.

As to the domain level unblock vs the single host...  I simply sent an image of what I was presented, with what I thought was reasonably clear in describing that the idea of a wholesale block was asinine...  Seeing as the host that I provided was a second level subdomain, it would stand to reason that I am probably not referring to a single host - for that matter, I can't even begin to think as to how big your whitelist is getting to be if you by default whitelist single FQDNs, as opposed to domain level names.  I apologize for not making myself any clearer and making the assumption that a domain level whitelist would have been put in place as the owner of a domain...

Speaking of the whitelist - where can we see what that is?  Also, I have asked before as well, but have not received any response as to where a domain / host / file can be validated as being in a blacklist or not, and especially for domains/hosts, what the evidence is for placing them in that blacklist, or at the very least a reason for them being in the blacklist, even if direct evidence is not show.

Don't get me wrong - I like the product generally, and have purchased several licenses for installation on machine for several years now, but these kinds of problems are making me have to rethink the idea of supporting the organization or recommending the product...

Tnx

Kris