Emergency maintenance: microco.sm domain suspended and moving to microcosm.app

Yup, have pinged them since, and no further update has come.

We've had this shit trying to get certs for some of our domains through Sectigo.

Please fax us a copy of your company's CEO's first born birth certificate and then at the stroke of midnight call this number in Los Angeles but only from a fixed line phone located from the CEO office and only after reciting the bible backwards while strangling a kitten.

That's mad.

Run away!

I know the domain looked sexy but if that's the sort of shit they're playing, maybe you can rebrand... microcosm.golf seems appropriate

You went with an Org verified... those are useless, just get a domain verified via Positive SSL as it's cheaper and quicker: https://www.positivessl.com/

Honestly I should just setup certbot and use Let's Encrypt, but the hassle of that and added fragility is less painful than the annual cost.

Is fixieskidd.ing available?

What about everyoneridesadadbikenow.lifestyle

The real problem: Domain names are too low margin... even at the higher prices the companies behind them run a loss. So there is no meaningful support to be had.

I actually chose microcosm.app in succession planning for the domain ages ago because Google own .app. Though Google also famously don't provide support for anything at least they're up front about that... I hope they can at least run a registrar better than anyone else.

It's not our choice. We weren't going direct, it's our DNS provider supplying certs - it was supposed to make admin easier, having them sorted in the one place but turns out they just use Sectigo and then Sectigo fuck us. Thankfully it's not me dealing with them on this so I'm not super bothered but I can understand the frustration having dealt with Sectigo in the past.

I normally deal with AWS certs which is just a CNAME validation tag or something, every now and then Cloudflare or LE but we've got rid of most of the legacy shit using this stuff and everything I've done is auto-renewing so I don't have to think about it any more. It's the on-prem (ish) stuff that causes all the drama.

We pay quite a lot for ours (compared to AWS at least) and their support is generally pretty good, it was just with the certs it seemed they're handled by a different team and outsourced to Sectigofuckyourself so nothing was resolved.

Go ride your bike.

.

2 Attachments

any update on wtf actually happened? whois states domgate.com as technical contact..did they fuck up their payments?

..same energy https://puri.sm/posts/the-great-purism-dns-outage-of-2018/

I'm still waiting on Gandi to get back to me. I still can't find a reason, though the one you linked is highly compelling

Not sure if something has changed but as of today MS365 is recognisimg your emails as junk. I've submitted white list request to them meantime.

@Velocio I see DMARC has rolled back to p=none, did you do this as a result of the above? It's unlikely to have caused the above anyway.

You'll need to create an external destination verification record in order to get reports from as many verifiers as possible.

microcosm.app._report._dmarc.david.kitchen. IN TXT "v=DMARC1;"

Again, a lack of the above shouldn't cause a deliverability issue.

No auth issues on emails I received today from Sendgrid landing at Gmail.

Authentication-Results: mx.google.com;

   dkim=pass header.i=@microcosm.app header.s=s1 header.b=Q+ZUwPZY;
   dkim=pass header.i=@sendgrid.info header.s=smtpapi header.b=g2EoFpRv;
   spf=pass (google.com: domain of bounces+151537-6093-*****=googlemail.com@em8141.microcosm.app designates 192.254.117.114 as permitted sender) smtp.mailfrom="bounces+151537-6093-*****=googlemail.com@em8141.microcosm.app";
   dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=microcosm.app

If you're willing/able to send me the email headers (or the email as an attachment), I can take a closer look.

Wait, IP address ended up on a blacklist UCEPROTECTTL3

Looks like a whole subnet of Sendgrid IPs were caught up in that, so not just this dedicated IP. So nothing VB did/could have done to prevent it (other than not using Sendgrid who get abused all the time). Listing will likely expire in due course.

Actually, it was the entire Sendgrid AS 11377

I'm on holiday and someone reported an email failing due to a DMARC check header... I'm on holiday, so I just flipped to letting everything through and send me the manual reports and I'll figure it out by hand later.

Am very very tempted to write a tool that provides free DMARC report checking to everyone and sends all data to the free tier of Grafana Cloud... as that will cost me less than trying to navigate pricing models for those providing such services.

Actually, it was the entire Sendgrid AS 11377

Yup, I saw that too... and I'm also "oh well, holiday beckons"

There are quite a few free services out there, if you're not a big complex org. For a single domain, EasyDMARC is ok. But if you want any help (not on the actual writing part) let me know.

I did not know about EasyDMARC.

But I was thinking there's a Grafana staff hackathon coming up, and a week is long enough for me to build a SaaS competitor to things like dmarcian with much much better forensics and reporting... all in the free tier.

My default response to things being crap on the internet is to build a better thing and give it away for free.

I can't imagine it would be hard to outperform Dmarcian or any of the DMARC only vendors. They really only exist as the bigger companies don't have or see the value in hiring someone like you to do as you have described. The reason we're so expensive is the additional data sources we have from our other products that Big Co. Ltd. need to weed out problematic mail flows or convince the board that it's OK to move to p=reject, our integration into the customer's own gateway (often also us), and the professional services that go along with it as DMARC at scale is... esoteric.

There's a reason we have .sm as a white-list only TLD so only REALLY interested customers who understand the risks register it and that's pretty much it. We have some other similar ones, including one where a bloke we know who owns a phone shop near a university prints out the applications and walks over to the right office with cash and the form to get things done. I know there's a big push to have some of these crappy ccTLDs put onto some "standard" platform but it's likely never going to happen as there's no real governance of ccTLDs.