Comment by dharmab
5 years ago
Its not just startups. I work at a major company and we’ve had internal domains flagged in the past due to internal security testing. We resolved it by making some calls to people at Google because the Safe Browsing dashboard is so slow to fix things.
This is especially troublesome if you allow customers to upload code to run on your systems (e.g. Javascript for webpages or interactive data analytics) You have to isolate every customer on separate domains.
> You have to isolate every customer on separate domains.
Allowing unvetted JavaScript to be served from your main domain is something of a security risk anyway.
But you can smother the damage; startups can't.
Do you need a real domain for each customer or is a subdomain sufficient isolation?
Real domain. If you have customer1.example.com and customer2.example.com, and customer2.example.com serves malware, all of example.com can be flagged.
apparently, submit your domain to https://publicsuffix.org/ to prevent this from happening?