Allow root domain to verify subdomains
This idea can be broken down into two seperate ideas, I'd be happy with either.
1. When registering to monitor a domain that is a subdomain of another, for example subdomain.domain.com, the verifcation email should be able to be sent to email@example.com.
2. Allow an option to monitor a domain and all subdomains.
Completely agree with the need to able to monitor subdomains from domain.tld if I can proof to be in control of domain.tld. Disagree on sending the results of any subdomain to any address where the requester is not able to proof to be in control of THAT subdomain or the domain.
Hint: mail addresses belong to an account stored on a server, so basically if you add a server named "mail" that account is created as firstname.lastname@example.org. But that is certainly not a subdomain called "mail". I am not sure if the discussion and the offered solution is capable to cover that setup.
This thread is about SUB-domains, not domains as such. I see nothing in the link below that suggest that you're able to get alerts on subdomains. We do monitor our main domain name, but the problem is that none of our users have the mail address that ends with our domain, only with subdomains.
I missed it, but it is possible to monitor a domain. See here:
I'm concerned only with #2: Option to monitor a domain. If we leave the TXT record in the domain, then perhaps you could alert us when there is any new breach containing emails from that domain.
Any suggestions to work around this?
We have over 400 subdomains at the university where I work. Far from all have their own abuse address, and even if they had, it would be quite a bit of work to add them all. The torrent that recently surfaced showed us the scope of employees using their work addresses for private reasons, but I'd much prefer being able to contact users based on haveibeenpwned information. Especially since - as you stated on twitter - there is no way to know where and when the email/password combos came from in that particular dump.
Thank you. :)
We are a university with hundreds of subdomains and there is no way we can register all with the domain search. To let a domain monitor subdomains would be fantastic.
I would really like to see this implemented as well. I own a domain with GoogleApps for email, and a "catch-all" that forwards all emails to my inbox.
So when I register for sites, I use email@example.com or firstname.lastname@example.org for example.
If I could be notified for any & all breaches for the emails on my domain, it would be amazing!
Comment on 1:
This is a bad idea for third level domain owners, such as mywebsite.co.uk, or someone with a free domain such as mywebsite.freehost.com.