A friend of mine forwarded me an email he received from GoDaddy informing him that McAfee “blacklisted” one of his domain names. The subject of the email was, “McAfee has blacklisted [domain name redacted]” and the email had GoDaddy’s logo and branding. In the heading of the email, the message was clear in bolded font: “Security warning: McAfee blacklisted your domain. It’s important you resolve this issue as soon as possible. Contact our security team if you need any help.”
The messaging provided a bit more information, although the owner of the domain name was encouraged to call GoDaddy to rectify:
During a routine security audit of our network, we found that [redacted domain name] (hosted via ns2. redacted .com,ns1. redacted .com) was blacklisted by McAfee. This audit was performed by the GoDaddy Security Unit to ensure the integrity and trust of the network.
You can find details of why your domain was blacklisted here: https://www.mcafee.com/threat-intelligence/site/default.aspx?url=[redacted]
What this means for you.
A McAfee blacklisting means visitors with McAfee antivirus or who use Opera for browsing can’t see your website. It also means your site may be inaccessible to other networks too.
McAfee flagged your website because it has identified it as a potential threat based on its own web reputation ranking system. It’s ranking system is proprietary and crawls websites looking for indicators of malware and spam.
I could tell the email was legitimately from GoDaddy because it had my friend’s name and account number at the top. However, I reached out to GoDaddy to confirm its authenticity and see if the company could share additional details about the email warning. Here’s what I was told by Tony Perez, Head of Security Business at GoDaddy:
“The email the customer received is part of a new initiative we’re testing. We are scanning any domain under management against various blacklisting services. This isn’t limited to one vendor or service, it’s a number of different blacklist providers.
When a website appears on a blacklist, it’s losing potential visitors. Many times, website owners don’t know their site has been impacted until it’s too late. We wanted to provide this notification so customers can quickly take action to reduce how long they are blacklisted.”
I asked GoDaddy if the email is an upsell, and while the company is selling services to help remedy this, “the primary motivation is to let people know their domains/websites are being blacklisted,” I was told by GoDaddy.
The domain name in question is currently parked at a major parking service, and my friend noticed it was resolving to a zero-click lander. When I asked GoDaddy if it is the zero click lander that caused the warning, a rep from GoDaddy couldn’t answer without looking into the situation more specifically.
I was told that GoDaddy is interested in hearing feedback about this email campaign. At first blush, my thought was that it was an interesting upsell opportunity for the company. Whether or not you use GoDaddy to resolve the situation, I think it is helpful to know that a domain name might be on a blacklist and something should be done to resolve the issue.