Skip to content

I suggest you ...

← General

Allow root domain to verify subdomains

This idea can be broken down into two seperate ideas, I'd be happy with either.

  1. When registering to monitor a domain that is a subdomain of another, for example subdomain.domain.com, the verifcation email should be able to be sent to postmaster@domain.com.

  2. Allow an option to monitor a domain and all subdomains.

140 votes
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Benjamin Maynard shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • MysticJ commented  ·   ·  Report

    Completely agree with the need to able to monitor subdomains from domain.tld if I can proof to be in control of domain.tld. Disagree on sending the results of any subdomain to any address where the requester is not able to proof to be in control of THAT subdomain or the domain.

    Hint: mail addresses belong to an account stored on a server, so basically if you add a server named "mail" that account is created as account@mail.domain.tld. But that is certainly not a subdomain called "mail". I am not sure if the discussion and the offered solution is capable to cover that setup.

  • Martin commented  ·   ·  Report

    This thread is about SUB-domains, not domains as such. I see nothing in the link below that suggest that you're able to get alerts on subdomains. We do monitor our main domain name, but the problem is that none of our users have the mail address that ends with our domain, only with subdomains.

  • D commented  ·   ·  Report

    I'm concerned only with #2: Option to monitor a domain. If we leave the TXT record in the domain, then perhaps you could alert us when there is any new breach containing emails from that domain.

  • Martin commented  ·   ·  Report

    Any suggestions to work around this?
    We have over 400 subdomains at the university where I work. Far from all have their own abuse address, and even if they had, it would be quite a bit of work to add them all. The torrent that recently surfaced showed us the scope of employees using their work addresses for private reasons, but I'd much prefer being able to contact users based on haveibeenpwned information. Especially since - as you stated on twitter - there is no way to know where and when the email/password combos came from in that particular dump.

    Thank you. :)

  • Magnus commented  ·   ·  Report

    We are a university with hundreds of subdomains and there is no way we can register all with the domain search. To let a domain monitor subdomains would be fantastic.

  • Amivit commented  ·   ·  Report

    I would really like to see this implemented as well. I own a domain with GoogleApps for email, and a "catch-all" that forwards all emails to my inbox.
    So when I register for sites, I use stackexchange@domain.com or facebook@domain.com for example.
    If I could be notified for any & all breaches for the emails on my domain, it would be amazing!

  • Anonymous commented  ·   ·  Report

    Comment on 1:

    This is a bad idea for third level domain owners, such as mywebsite.co.uk, or someone with a free domain such as mywebsite.freehost.com.

General

Categories

Feedback and Knowledge Base

(thinking…)