Users of Zoho SaaS cloud locked out following dispute with domain name registrar TierraNet
Your regular reminder that cloud is 'someone else's computer' and can be blocked at any time
Users of the Zoho cloud software suite for small and medium-sized businesses were locked out yesterday following a dispute with domain name registrar TierraNet, which unilaterally blocked the company's Zoho.com domain.
TierraNet support staff claimed that it blocked the company's domain after abuse complaints were ignored. Zoho, though, claims that it only received three such complaints in the past two months, with two already dealt with and the third currently in hand.
Furthermore, Zoho claims that Tierra's support staff refused to resolve the company's complaints, forcing Zoho to request intervention by Tierra's executives over Twitter.
While the domain was unblocked within an hour, with more than 100 Zoho subdomains also affected and many DNS servers worldwide requiring updates, the fallout from the blockage might not be resolved until Wednesday.
CEO Sridhar Vembu described TierraNet's actions as "totally unacceptable", but added that the lock-out was the result of an automated response to abuse complaints.
Over Twitter, he wrote: "We run services for tens of millions of users. We receive complaints ourselves and take action. Complaints at a domain registrar level is very rare and this action by them is totally unacceptable when we are the ones with the responsibility…
"Look at twitter history or social media to see how many people complain about this. Anyone running an email service goes through spam and phishing complaints and we have an active team to investigate and respond with balance because ‘ban and ask later' is not good.
"There were three phishing complaints escalated to us. At our scale and volume, that is nothing. Basically an automated system triggered this action and then once a human realized what happened, it was rectified. We have to undo the damage."
This morning, CEO Sridhar Vembu offered a "genuine apology" to the thousands of businesses that were unable to access Zoho on Monday.
He went on to explain how the outage occurred: "Our domain name registrar blacklisted (shut down) our domain... The blacklist lasted about an hour before it was restored.
"This means any incoming services request to Zoho.com cannot get resolved into the proper IP address that can deliver the services (although the service is still up at the specific IP address). The shutdown impacted some, but not all, customers who tried to use any Zoho service."
The shutdown, he confirmed, was an automated response by the domain name registrar that blacklisted and shut down Zoho's domain following three complaints about phishing spam from Zoho's SMB email service.
While complaints are typically levelled at the domain owner itself - in this case, Zoho - some anti-spam activists also send complaints to domain name registrars in a bid to persuade them to act.
Vembu continued: "In this case, the registrar received three phishing complaints over the last two months (from recipients of third parties phishing messages impersonating Zoho mail), two of which were addressed immediately and one was under investigation...
"Somehow this automated algorithm decided to shut down the Zoho domain based on these three cases - without prior warning of the shutdown, or investigation into the traffic supported by this domain."
He also warned users that, while the domain name was restored within an hour, it might take some time before the service is fully restored: With more than 100 Zoho subdomains also affected, it could take between 24 and 48 hours for DNS servers around the world to be updated accordingly.
The company has also migrated its domain name registration from TierraNet to Cloudflare.
The Zoho Office Suite provides word processing, spreadsheets, databases, website builders and customer relationship management (CRM) cloud services specifically for SMBs. It claims to have around 40 million users worldwide.