My domain was suspended

March 8, 2022

views
Random

TL;DR

My domain was suspended due to ICANN email verification requirements and me ignoring the verification email that AWS sent me two weeks ago.

Was it my fault or can we blame AWS instead by disguising this whole fiasco of my own making as a UX analysis?

Let's find out!

My domain was suspended.

I received this email this morning:

Let's travel back in time and retrace the sequence of events that led to this situation.

As some of you may suspect, this fiasco involves idiotic moves on my part (such as ignoring an email). But let's blame AWS instead.

There may be some interesting UX lessons to salvage out of this story. Mostly having to do with how emailing can sometimes be done wrong, as I argue is the case here.

Mon. Feb. 21st - Purchasing the domain

Today is Monday February 21st. It is no ordinary Monday. It is a day for the history books: I am starting a blog.

I am registering the domain name for my blog on AWS Route 53. I am all excited at the prospect of soon becoming an important influencer in the footsteps of Tai Lopez, Tana Mongeau, Jake Paul and so many others before me. I am already thinking about all the Lambos I am going to inevitably have to buy to street race my soon-to-be entourage.

Blinded by my excitment, a thirst for fame and greed for power, I click around in the AWS Console (no Terraform on this one, let's not get carried away, it's just a blog... or is it???).

I check the availability of multiple domain names that I think sound good and to my horror, most are already taken.

Programming.com? Taken. Google.com? Taken. Blog.com? Taken.

I get creative and come up with leonardqmarcq.com, which is just my name but without whitespace. I breathe a sigh of relief, this one is available for now!

I buy it.

I don't know it yet, but I have just paved the way for the tragedy to happen.

As I am sitting there, oblivious to what is about to unfold, finally settling on the color of the Lambo I am going to buy, AWS starts shooting rapid-fire emails into my inbox.

Here are the 3 emails:

Tue. March 8th - leonardqmarcq.com was suspended.

Today, day of the tragedy, I receive the email letting me know that my domain is now suspended because I have not verified my email.

Tears start running down my otherwise stoic face.

I am thinking about how the world might just end if my blog stays offline for too long. Commodity prices are going up, currencies are collapsing, wars are breaking out.

Now this?

I somehow manage to keep my composure in the face of adversity. I take a deep breath and start thinking up a plan to get my blog back up (and save the world).

What went wrong

I ignored the verification email

This one is too obvious, shh! I said it and I'll say it again: let's blame AWS instead. Stop it!!

Rapid-fire emails

When you purchase a domain on AWS Route 53, they tell you something along the line of "Wait a few minutes and your domain will show up".

So you start doing something else instead of just waiting around for some indefinite amount of time. The async experts out there might call that going async.

But while you are doing something else, periodically checking the console to see if your domain name shows up, AWS is sending you a bunch of emails:

  1. 10:55 PM: Verify your email address for leonardqmarcq.com.
  2. 10:57 PM: Amazon Web Services Invoice Available [Account: XXXXX] [Invoice ID: XXXXX]
  3. 11:06 PM: Registration of leonardqmarcq.com succeeded

When you eventually see your domain pop up in the console and you see the last two emails you received look like success, you assume you're good to go.

If you see the "Verify your email address for leonardqmarcq.com." email, you might even assume it has been made irrelevant by the subsequent success emails you got.

(You could also open every one of these emails... Well, yeah, but shhhh! We're blaming AWS here.)

Non-blocking emails

This is kind of the same as the previous point, but let's pretend it is a totally different point.

Your domain is essentially unusable until you have verified your email. At best what AWS is doing by letting you use the domain without first verifying your email is help you kick the can down the road and you get your domain suspended two weeks later instead of now.

There is very little to gain from allowing use of the domain while unverified.

Verifying an email is required, not optional. AWS should treat it as such and not let you use your domain until you have verified the contact email.

Spaced repetition goes a long way

What do you do when you absolutely need your user to complete a process by a fixed date?

I am of the school of thought that holds that users are not infants and should not need to be reminded 500 times that they need to complete some action, but then again I also happen to be a big hypocrite (sue me).

AWS here sends out an email, hidden in noise, and does not send you any reminder until your domain is suspended, at which point it goes finger waggy on you with their "You should have listened to our first email" email.

Uh yeah I should have listened to your first email, but then again, you could have sent me reminders too, so... Talk to the hand now, AWS.

Here's what I would suggest they do (you better sit down for this one, the idea is pretty out there):

  • send an email
  • send reminders 1 week, 3 days and 1 day before the deadline

Spam-looking emails

These emails about verifying your email look super dodgy.

Let's start with the greeting:

"Dear AWS customer"?!

Really?? Dear AWS customer??? This is so generic it looks spammy as all hell.

When I read this greeting, I feel like the person waving me hello is a Nigerian Prince asking me to wire him US$10,000 via Western Union so he can dump US$50M into my account.

Whatever the technical rationale may be here, this is an open invitation to phishing emails. The email does not contain anything suggesting the sender knows anything at all about me.

On top of that, the verification link points to a domain that many would be unfamiliar with:

The domain is fair enough. Users can't expect to know all the legitimate websites that exist out there. But that looks super dodgy when pointing at from a mega spammy-looking email.

Some applications use a simple solution to make phishing attacks more difficult. They let you define an Anti-Phishing Code. The code is a string that you define yourself (in your account settings or wherever, like you would define a password or set up 2FA). Then they include that anti-phishing code in every communication they send you so you know it is (probably) really them and not spam.

Requesting a new verification email did not work

As soon as I saw the notification telling me that my domain had been suspended, I followed the instructions to request a new verification link. I waited for about 15 minutes but did not receive anything (what's that? yeah, I also checked the junk folder, thanks for asking).

I ended up clicking the verification link in the old email (that I had not even opened yet - shhh! stop blaming me now!!).

That link was supposed to be expired and well, it wasn't. I clicked it and landed on the success page, which looked something out of a minimalistic modern art museum or from year 1996 - a page without any content other than a white banner with green text on it.

It said it right there, in glorious green letters in my browser:

Thank you for validating the email address XXX@XXX.XXX and contact XXX. No further action is required.

Given the dodginess of the whole process, I wasn't sure if that actually worked in spite of what the banner was telling me to believe.

Then came the wait.

Resolution

At this point, the domain was still down. I played around with and to see if anything had changed but nothing had.

Two apps that I often use when I am waiting for DNS cache to refresh are these two DNS propagation checkers:

The two DNS propagation checkers were returning errors from all locations and was returning the following:

If you are unfamiliar with , what this output means is no good.

Seeing this, I theorized that the would be cached (negative caching) and the problem was out of my hands at this point. Though I was still unsure.

Had clicking the (expired) verification link from the old email worked, or had it not?

As the suspense was approaching its peak, I decided to stop sitting on my hands and do something.

So I went out to have a sandwich (from Subway if you want to know) and a coffee (from Bianlifeng if you want to know this too). When the going gets tough, the tough get going. I was determined to eat my sandwich and drink my coffee in peace and not let AWS starve me.

I still checked the blog a couple of times while outside to see if it had gone back up.

I came back a couple of hours later thinking that Subway had become overpriced and that Bianlifeng coffee on the other hand was still great value for the price. As I was solving complex financial calculus in my head, some solace was finally to be found: the domain was back up and running.

I was greeted with a couple of new emails from AWS - written in the traditional writing style of the Nigerian Prince of Spamland - notifying me that my domain had just been unsuspended.

All in all, it took 3-4 hours from clicking the (expired) verification link to the domain being back online.

The world somehow survived the temporary absence of this blog.

Close call, but we have made it through!