So who exactly was to blame for Marketo losing its dotcom? Billion-dollar online marketing company Marketo had a bad week when it failed to renew its main dotcom domain name. On Wednesday morning, marketo.com was moved by the organization's registrar, Network Solutions, to its "pending deletion" pile after it failed to pay the $35 required for another year's registration. The result …
The online marketing trade has changed from delivering harmless animated GIFs to sending out turing complete bundles of Javascript and/or Flash. It's currently one of the biggest security threads on the web.
So it could be that their technical person simply left the company for ethical reasons and the knowledge that you need to renew domains left with it.
This time we were told: "Someone who left Marketo had arranged for the domain to be auto-renewed but the system failed,"
There seems to be the problem. The person who set things up had the emails sent to his/her own email and when they left, the email box went dead. Or... (and I've seen this one) it went to a shared email box and someone saw it, said "not my problem" and deleted it. Crap happens. The question is will the company learn from this and set up a more robust method?
@Mark 85 - I have been suspicious the problems is with Marketo. This sounds more like a problem with the recipient not knowing what the email was about and treated as a scam. I would expect the registrar to check email bounce messages for defunct email addresses as a matter of routine. Ditto, phone call, then snail mail.
"a problem with the recipient not knowing what the email was about and treated as a scam"Unfortunately NetSol do send out emails that look and smell like scams. They also started using scummy, tricksy ways to sell you stuff you didn't request. I was a customer for 15 years. No more...
I'm with @a_yank_lurker on the possibility that emails could be deleted because they get confused with a lot of similar span. I'm a nobody, but I get an awful lot of emails to renew my domains and they're almost all scams - not to mention the snail mail scam renewal requests I get. In a large company, how likely is it that these emails end up in the account of somebody who is less skilled and overwhelmed with registration spam?
So, you want to know what they did wrong, so that you can make sure you don't do that same thing.
It may be a complicated and new mistake, such as with the London "Millennium Bridge" (I think it's disputed whether that was a "new" mistake), or it may be ordinary negligence plus stonewalling denial, which is less interesting, but still entertaining in its own way.
Another possibility is that it's something that you could do to enemies, in which case it may be better that we aren't told what it is.
It is down to Dumb ass IT staff.
Several years ago, I joined a company , one of my first tasks was to assign a single email address for all critical domain/software/hardware registration.
Prior to that 4 other names of previous staff were in the system.
I'm now moving on.
Guess what...... some other guy has other ideas and is currently re-registering the services under his own company email address tied to his personal name.
So why bother being professional ........ when it can take a year to track down all the missing registrations, only to have someone else come and undo it all.
Unfortunately this attitude even applies to software companies, where the developers are treated as a cost rather than an asset. Alot of the companies are driven not by the quality of the software they ship, but by how many sales marketing and sales can land. There is a lot of software out there where the coder is forced into the situation of "it works to the spec lets ship it and we will sort out the bugs later". Net result is that you have 200 critical software paths all (most likely) using duplicated code.
Then you have the situation of Sales mis-selling the product, promissing the world cheeply or sales/marketing capturing the requirements from the client and not comunicating these to the developers who then have to deliver what sales/marketing have promissed. This leads to poor quality software being installed as bodges by developers have to be used (then bodges have to be applied to the bodges to fix the orginal bodge (add infinitum...)). Then there are systems that have become behmoths based on a c****** "database". I know this as I have worked for a company the allows the storage of names that are up to 50 characters long. The first 30 characters are stored in one table and the last 20 characters are stored in the last 20 characters of another field in a totally unrelated table. This attitude seems to have permeated the industry.
Some things need to rely on a recurring thingie in the financials or an appointment in the calendar. Really important stuff is monitored by say Icinga (OpenNMS, Zabbix and Nagios also exist)
https://exchange.nagios.org/directory/Plugins/Internet-Domains-and-WHOIS/check_domain/details is a simple plugin for Icinga and Nagios or write your own. Whilst you are at it why not monitor your SSL certs as well (the stock Monitoring Plugins SSL check will do that)?
If you are really cash strapped and can't afford an open source monitoring system then why not use some sort of calendar or a cron job (Scheduled task for the weird)
This happens every day I would imagine; infact it occured with ony of my clients this week. They registered their domain long before they hired my company. They had a bad experience with a freelancer previously and I guess had some caution with using a small business. I offered to host for them as well as designing and building a new website, but they went with a well known hosting company instead. The domain expired and none of my contacts in the company knew who the domain owner was. Turned out it was the in the name of one of the company director's wife. It was still in the redemption period, unlike Marketo's, and they were able to promptly renew it and everything was back on again.
I would imagine this is common place, perhaps even in big startups. They all start small, without any IT management in place, and probably everybody assumes that someone else has it sorted, and no-one double checks these sorts of things. For such a vital asset to any online business it does beggar belief that it doesn't carry more weight in terms of importance. Hopefully incidents like these give everyone a slap on the face and they can make sure they have their own houses in order.
Personally I prefer not to have auto renew on. I would rather keep track of my own domains, and then manually renew them, selecting the payment method I want to use at the time. This will usually also trigger an invoice to a client (a lot of hosting is renewed at the same time).
Anon obviously...
NetSol is a problem trying to look like a solution. When they were the only registrar I could find, I used them. As soon as I learned about Joker I switched, even though it meant sending a fax from the US to Dusseldorf, because it was still cheaper and a far better experience.
Every time I encounter someone using NetSol, I have pity for them. That Marketo uses them says things. None of them complimentary.
Hover includes an anon layer free, so no more fake renewal letters in the mail. While I do check in during the renewal process, it has always worked. It's almost too easy.
I agree that Marketo's specific inclusion of the words "someone who left Marketo" points towards missed emails/communication issues after the renewal didn't go ahead.
However I have no love for registrars either, after a horrible problem I had with 123-reg/webfusion a few years back. My domain was fully renewed through the registrar, with ~2 years until expiry. However I noticed one day that the domain had been moved to "pendingdelete" status. Support was dire and I had to dig around online to find the email address of someone high up in the management team before I got any traction.
Once the domain dropped it got immediately snapped up and passed around for a couple of days (potentially they used a drop catcher service?) before eventually ending up back with my registrar, and ultimately in my control. I never received the promised explanation of what went wrong. Needless to say my trust was shaken and I now have a script that monitors the status of my domains through their whois data.
The person who set it up originally is no longer with the company, and e-mail setups probably changed so that the e-mail that used to go to the person or group responsible now goes to the void. Marketo screwed themselves just by standard "eliminate position" -- institutional knowledge went by the wayside.
I do everything I'm supposed to but still both 123reg and nominet manage to screw up on a regular basis.
Some personal examples:
At 123REG I'd paid a batch of renewals (turned off auto renewal at the time to stop them renewing some that were intended to expire, the 123reg interface has improved a bit since then but they still take payment way ahead of due date).
It was quite by chance that I discovered 123reg had taken the payment but not done the renewal at Nominet. They corrected this manually but I asked how to prevent recurrence and got this response: "Kindly take note that we advise at all times that our customers check the renewals processed in the their account. Automatic renewal triggers can at times not work as expected due to spontaneous unwanted behaviours beyond our control" so that's an extra task every time because 123reg admit their "service" is unreliable.
NOMINET, despite their continual search for new revenue streams (increasing fees, make us pay again for bare .uk equivalents), large numbers of generously paid staff (all to run a simple database badly) they still cock-up so just one example of many in my personal experience...
Probably as a result of a renewal having been paid at 123reg but the renewal not having been made at Nominet a client's secondary domain name (an alias pointing at the primary domain) lapsed. Although secondary it was occasionally used and the lapse did eventually become evident. But, I hear you ask, surely Nominet send out warnings. Yes they do but despite having phone and postal addresses on file they only ever use email. One might think that towards the end of the procedure to let a domain expire they might try phone or post but no. I hear the "justification" coming "it would cost us £x.xx to do that", true but I remember when on purchase of a domain name Nominet used to send a certificate by post, I probably still have a pile of them somewhere, and that was before Nominet hiked the price by 50% so all I'm asking is to use that postage cost when an un-renewed name is nearing the point of being released. Ahh they cry, that means we'd be writing to loads of people who's intention IS to let the name lapse - OK but still you saved up front by not sending certificates so you're not out of pocket, also you could implement a way for customers to make their intention to lapse explicit.
Next comes the point that they did send a series of emails. Yes but to a lapsed email address. "Lapsed you say, that's an admission of failure on the part of the domain name owner". Yes but let's put that in context. Email is unreliable. Over aggressive spam filters are widespread. Addresses get on blacklists simply because they share an ISP with users who had their email account taken over and abused by spammers. People change email address for numerous reasons including having their account hacked, excessive spam, provider closing the service, change of ISP. I don't know what the half-life of an email address is but I'd guess in the range 5-10 years. Nominet was created over 20 years ago. When you change email address there are lots of people you need to tell. What are the chances that they'll remember ones they rarely communicate with like nominet?
My solution now is to use the same email address for all my clients' nominet registrations so I now get all the alerts (and all the fake renewal spam). The problem with that is no way to do a bulk update at 123reg or nominet if I were ever to need to change that address.
I know I just said one example from Nominet but there was a worse one. The name was dropped with no warning (not even to what in this case was a valid email address) no period of grace whereby the name was suspended so the customer would be alerted by email and web not working. It was immediately released back onto the market. Why? Because the information in the business name field was wrong (and had been for several years). How wrong? Well it was like "Freds enterprises Ltd trading as FredCo", at the time of original registration that was the only way to indicate "trading as" there's now a separate field so it was now "wrong". Anyone with a grain of sense would have exercised it but ths is Nominet. Why not go through the normal process of email alerts and a period of grace? Because Nominet is answerable to no-one, this was a violation of the rules and so the name was instantly dropped. Luckily I was able to re-purchase the name immediately and the customer only lost their web site for less than a day and it wasn't ecommerce web site so not a big deal.
jira.domain.com, now offers something.jira.domain.com The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
