Earlier today, we released a joint statement with Microsoft announcing the settlement of the unprecedented and overreaching seizure of 23 of our domains. We are thrilled to announce the settlement of this dispute and are excited to return to work connecting our 18 million users to their website and devices.
How did this happen?
On Monday, June 30, 2014, Microsoft obtained a US court order to take control of our most popular domain names used by both our Free and Enhanced Dynamic DNS services. As a result, nearly 5 million hostnames went dark and 1.8 million customer websites and devices became unreachable.
Why did this happen?
Microsoft suspected some of our customers were abusing our service for malicious purposes. However, instead of reporting the malicious activity to our abuse department or law enforcement, Microsoft decided to secretly sue us in civil court.
By filing an ex parte temporary restraining order (TRO), No-IP was prevented from having any knowledge of the case or offering any support in stopping malicious activity. Had Microsoft submitted evidence of abuse at any time, No-IP would have taken swift action to validate the claims and ban any accounts that were proven to be malicious. Instead, Microsoft wasted many months while malicious activity continued.
To state this as emphatically as possible — this entire situation could have been avoided if only Microsoft had followed industry standards. A quick email or call to the No-IP abuse team would have removed the abusive hostnames from the No-IP network.
Microsoft cited 22,000 hostnames that were abusive. Out of those 22,000 seized hostnames, the No-IP abuse department found only a fraction of the hostnames to still be active, which means that many had already been banned through our existing abuse procedures.
Microsoft promised the judge they would only block the hostnames alleged to be malicious and would forward all the remaining traffic for the non-abusive hostnames on to No-IP. This did not happen. The Microsoft DNS servers were misconfigured and failed to respond to our usual volume of billions of queries a day.
On July 1 at 6:00 AM, Microsoft claimed to resolve this error and reported that all domains were fully operational.
As depicted below, their claim was false.
Domains begin to be restored
On July 2, immediately after being contacted by No-IP and its attorneys, Microsoft agreed to contact the domain registries and have them return control of the domains to us before the court ordered them to do so. On that day, 22 of the domains were returned to No-IP. On July 3rd, the last domain was returned as well. Service returned to normal for our users within 24 hours of the domains being pointed back at our nameservers. The delay was due to the time it takes for DNS to propagate worldwide.
While we are extremely pleased with the settlement terms, we are outraged by Microsoft’s tactics and that we were not able to completely and immediately restore services to the majority of our valuable customers that had been affected.
At No-IP, we are firm believers that the Internet should be free and open. We will continue to fight for the rights of our users and our business. Moving forward, we have provisioned a solution that will reduce the risk of domain seizures. We will talk more in-depth about this in the coming days.
A Million…Actually, Many More…Thank Yous
Since 1999, our users have been spreading the word about No-IP and the helpful services that we offer.
From the entire team at No-IP we would like to send a big THANK YOU from the bottom of our hearts for supporting us throughout this crazy journey. Thank you for sticking with us, tweeting/commenting your support and pledging your support to us in the future. We wouldn’t be here today without you!
We would also like to give a big shout out to our amazing attorneys; Ron Green, our local counsel, from Randazza Legal Group and Mark Del Bianco, our attorney, from the Law Office of Mark Del Bianco. Thank you so much!
We hope that Microsoft learned a lesson from this debacle and that in the future they will not seize other companies domains and will use appropriate channels to report abuse.