Add: MyOnlinePortal.net subdomains

[geraldhansen]

Public Suffix List (PSL) Submission

Checklist of required steps

• Description of Organization

• Robust Reason for PSL Inclusion

• DNS verification via dig

• Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the _psl TXT record in place in the respective zone(s).

Submitter affirms the following:

• This request was not submitted with the objective of working around other third-party limits.

• The submitter acknowledges that it is their responsibility to maintain the domains within their section. This includes removing names which are no longer used, retaining the _psl DNS entry, and responding to e-mails to the supplied address. Failure to maintain entries may result in removal of individual entries or the entire section.

• The Guidelines were carefully read and understood, and this request conforms to them.
• The submission follows the guidelines on formatting and sorting.

• A role-based email address has been used and this inbox is actively monitored with a response time of no more than 30 days. psl-contact@myonlineportal.net

Abuse Contact: abuse@myonlineportal.net

• Abuse contact information (email or web form) is available and easily accessible.

  URL where abuse contact or abuse reporting form can be found:
  https://myonlineportal.net - on each page at the footer

  Domains which where reported and verified as abuse are put into quarantine and can't be use anymore.

---

For PRIVATE section requests that are submitting entries for domains that match their organization website's primary domain, please understand that this can have impacts that may not match the desired outcome and take a long time to rollback, if at all.

To ensure that requested changes are entirely intentional, make sure that you read the affectation and propagation expectations, that you understand them, and confirm this understanding.

PR Rollbacks have lower priority, and the volunteers are unable to control when or if browsers or other parties using the PSL will refresh or update.

(Link: about propagation/expectations)

• Yes, I understand. I could break my organization's website cookies and cause other issues, and the rollback timing is acceptable. Proceed anyways.

---

Description of Organization

We are a free DynDNS provider and have been active since 2010. We offer various subdomains and additional services in this area. Customer have to register and can use all services for free, they just have to extend their accounts once a month (Freemium Model) with 10 domains and 10 PortMappings for free.
For payed accounts extension isn't needed until the payment is valid - after this account is switched back to a free account.
We have also some business accounts with more registered domains.

Accounts which are not proactively extended will be erased after one month grace period. This keeps our user database quite active - even old domains will be removed.

I am the owner of these domain and technical responsible.

Organization Website:
https://myonlineportal.net

Reason for PSL Inclusion

Our customers have brought to our attention that not being included in the Public Suffix List (PSL) may pose a potential security risk. As every customer is using their registered subdomains for own private purposes we need to give them the most available security (including cross-subdomain cookie injection, unintended credential autofill, and potential abuse of email authentication mechanisms).

For the moment we haven't reported limitations from third parties but to avoid this for the future (like Let's Encrypt issuances) it will be good to be present in the PSL.

We confirm that we hold the registration for mentioned domains already over 10 years and will maintain them also for the future.

Previous PRs:
None - this is our first PSL submission.

Number of users this request is being made to serve:
10000

DNS Verification

dig +short TXT _psl.my-homeip.com
"https://github.com/publicsuffix/list/pull/2759"

dig +short TXT _psl.my-homeip.de
"https://github.com/publicsuffix/list/pull/2759"

dig +short TXT _psl.my-homeip.net
"https://github.com/publicsuffix/list/pull/2759"

dig +short TXT _psl.myonlineportal.at
"https://github.com/publicsuffix/list/pull/2759"

dig +short TXT _psl.myonlineportal.ch
"https://github.com/publicsuffix/list/pull/2759"

dig +short TXT _psl.myonlineportal.eu
"https://github.com/publicsuffix/list/pull/2759"

dig +short TXT _psl.myonlineportal.net
"https://github.com/publicsuffix/list/pull/2759"

dig +short TXT _psl.myonlineportal.org
"https://github.com/publicsuffix/list/pull/2759"

[pencilnav]

Similar to #2750 (comment) (also a free DynDNS provider)

All submitted domains have multiple security vendors listing it as malicious/phishing/suspicious on virustotal.
e.g. https://www.virustotal.com/gui/domain/my-homeip.com has 8 security vendors listing it as malicious/phishing.

Can be a blocker. (see #2750 (comment))

[geraldhansen]

Exactly - but all these malicious domains are probably reasoned by subdomains from fraud users where we like to protect all other users.

[geraldhansen]

I checked all mentioned subdomain which are mentioned by virustotal they all doesn't exists anymore - because we take fraud quite serious - the checks looks quite old for me and incredible intransparent. It's quite not clear why pages like alphamountain.ai BitDefender or CyRadar are doing and how they check or what kind of databases they maintain.
But all of them are behind a paywall - which looks like another step away from the free internet.

[hiifeng]

For DynDNS-style platforms, aggregated security signals (e.g. VirusTotal) are commonly used as a high-level indicator of recurring abuse patterns.
The current page shows that multiple security vendors (such as alphamountain.ai, BitDefender, and CyRadar) have flagged the relevant domains.
In this situation, those reputation and abuse-related flags typically need to be actively remediated and cleared (for example, by working with the affected security vendors) before this PSL PR can move forward.

[pencilnav]

@geraldhansen Based on previous PRs with similar situations (multiple of them), it is likely that you'll need to conduct these security vendors (which is not behind a paywall) to reduce your virustotal counts to zero for all domains before this can go any further. (#2515 (comment))

the checks looks quite old for me

It was analayzed 6 hrs ago.

[simon-friedberger]

Hi @geraldhansen!

• Could you provide a little more info on your 10k users, please? Are those registered users? Active users? For what kind of period? Can you split those by domain?
• Do you need all the domains to be added?
• Can you please switch to a role-based IP address such that we can reach somebody even if you leave the project?
• Can you please add landing pages to all the domains with instructions on how to report abuse?

[pencilnav]

@simon-friedberger

role-based IP address

*role based email address (e.g. psl-contact@example.com)

[geraldhansen]

Finally,
we established a dedicated workflow for abuse reports and also a dedicated contact for the PSL with psl-contact@myonlineportal.net
In the Description of the Organisation I put some more information about our user-base and abuse handling.
I also reduce the pull request to two domains only - which are not reported as malicious.

But I tried to find out why still some domains are reported as malicious and try to created accounts at least where it's free. I checked my domains at seclookup - but the only reference I get there is, my domain is malicious because it's listed on virustotal as malicious - looks like a loop where it's impossible to break out.

Second vendor I tried to figure out was yandex - which you spent some trust - otherwise it wouldn't be on the list. But registration is only possible with phone and SMS - I was wondering why these SMS never arrived - but probably they are not allowed to send SMS to Europeen Union countries anymore.

Who and in which period is the list of so named security vendors reviewed? Who monitors the monitors?

[dnsguru]

@geraldhansen short answer to your question, but candidly, nobody.

a lot of those lists are based upon subjective or hair-trigger reporting and it is a challenge to get removed from them once added. It is a bane of existence for those swept up as friendly-fire casualties or poor signal interpretation resulting often in names that get listed with no clear appeals or delisting process.
And where you can find a means to submit something for consideration, there is high opacity to what the process is/was or how long it can take to get off the list.

That said, the ones that make it onto virustotal catch a lot of the bad actor namespaces that are perpetrating bad_stuff, so the misidentified ones get considered 'reasonable margin of error' by the lists, and there is a casual 'eggs get broken in the kitchen' attitude my many of them. I myself have lost many days and thousands perhaps tens of thousands of dollars by having a healthy name submitted to one of the lists by a competitor as a dirty tactic.

So there is empathy, is all I am saying. Part of why we work to be incredibly transparent on the PSL.

All that aside, if we do see a lot of abuse signals, it is something that is difficult to ignore as a metric before adding something to the list by merging a pull request. So such metrics are the least awful means to ensure the PSL does not empower or amplify the actions of bad actors.

[simon-friedberger]

Does the number of users change if you don't count the domains you have removed from the PR?

[geraldhansen]

Does the number of users change if you don't count the domains you have removed from the PR?

Not significant and as this was requested from user perspective maybe this number will rise up as only these two domains fullfill their requirements.

[pencilnav]

Email wasn't changed to a role based one

[simon-friedberger]

@pencilnav is correct. You need a role based email. The smiley was just for the mid-air collision of our comments.

[pencilnav]

@geraldhansen The user requirement is per entry (see #2768 (comment)). Im only able to observe ~250 valid certificates on CT logs for myonlineportal.eu and 76 valid ones for myonlineportal.ch
I recommend resubmitting when your user counts match the requirements. See #2750 as a good example (also a DynDNS provider, was able to comply with all request including getting virustotal counts to zero)

https://crt.sh/?q=myonlineportal.eu&dir=^&sort=1&group=icaid&exclude=expired
https://crt.sh/?q=myonlineportal.ch&dir=^&sort=1&group=icaid&exclude=expired

[simon-friedberger]

@pencilnav is correct. You need a role based email. The smiley was just for the mid-air collision of our comments.

[simon-friedberger]

And why are there only 11 tasks in this template? There should be 12.

[geraldhansen]

And why are there only 11 tasks in this template? There should be 12.

Because we are NOT listing any third-party limits that we seek to work around in the moment and in the template it's mentioned

MAKE SURE UPDATE THE FOLLOWING LIST WITH YOUR LIMITATIONS! REMOVE ENTRIES WHICH DO NOT APPLY AS WELL AS REMOVING THIS LINE!

[simon-friedberger]

Ah, "this line" referring to the comment. Not to the checkbox affirming that you are listing them all. See for example #2775