Feeds

Domain name gaffe launches Clearswift clients into e-mail panic

Mission critical app in critical condition

5 things you didn’t know about cloud backup

A domain name snafu at Clearswift, a company that filters email and web pages for objectionable content, wreaked havoc on some of its business customers when admins awoke to find their organizations were unable to send or receive email.

The outage was caused when mimesweeper.biz, the domain where customers' email is routed before being filtered, went off line. It wasn't immediately clear what caused the domain name to crash, but this whois record shows it expired on Dec. 13, suggesting someone forgot to renew its registration. Naughty, naughty.

Alyn Hockey, Clearswift's director of product management, said he was unsure what caused the domain name to fail, but acknowledged the theory about the lapsed registration may be correct.

"Obviously, there will be some work after the fact to make sure it doesn't happen again," he said.

Reports of the problem began trickling in early Wednesday morning in the UK. By evening, he said, support staff had devised a work-around that involved customers putting additional addresses into their email servers' configuration files. If for some reason the first server fails, Hockey said, the change would cause email to be routed to a second or third address rather than bouncing.

Not all customers seem to be aware of solution, and that, they said, is creating big problems. Mike, an admin for a local governmental agency in the UK, is one of the plagued.

"No email has been received since last night, and most of the outbound email has stopped or been bounced under 550," he told El Reg, referring to the numeric error code that frequently indicates a faulty DNS setting. "Basically we will be pursuing serious damages for breach of contract and direct business disruption. At the current time all we have is phone calls as there is no working email."

Clearswift has about 17,000 business customers, and filters content for about 25 million end users. Hockey said only a small proportion of them - perhaps 5 per cent - were affected by the outage.

Out of all the blunders an IT organization can make, forgetting to renew a domain-name registration seems to be among the more common. Last week, Perl.com was caught redirecting users to a porn link farm after ownership of a domain name that was embedded into the site changed hands. And in 2003 someone at Microsoft failed to renew the registration for hotmail.co.uk, an oversight that allowed a Linux hacker to scoop it up.

Here's hoping the cock-ups serve as cautionary tales for all admins that in addition to firewalls, content filtering systems and intrusion detection systems, security also includes more mundane details like renewing domain names. Lose control of them, and you can kiss your security good-bye. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
One HUNDRED FAMOUS LADIES exposed NUDE online
Celebrity women victimised as Apple iCloud accounts reportedly popped
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
HP: NORKS' cyber spying efforts actually a credible cyberthreat
'Sophisticated' spies, DIY tech and a TROLL ARMY – report
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.