A new and innovative way for Google to kill your SaaS startup

I swear I have already checked the FAQ!
All this flat blue surface with a cool red roof thing! So convenient!

What's new under the sun

This is now your website or SaaS application
That's… not particularly useful.
Great! Requesting a review of an invalid report can cause my future reviews to be even slower.

What happened after

How you can prevent Google Safe Browsing from flagging your site

  • Don't keep all your eggs in one basket, domain wise. GSB appears to flag entire domains or subdomains. For that reason, it's a good idea to spread your applications over multiple domains, as that will reduce the impact of any single domain getting flagged. For example: company.com for your website, app.company.net for your application, eucdn.company.net for customers in Europe, useastcdn.company.net for customers in the US East coast, etc.
  • Don't host any customer generated data in your main domains. A lot of the cases of blacklisting that I found while researching this issue were caused by SaaS customers unknowingly uploading malicious files onto servers. Those files are harmless to the systems themselves, but their very existence can cause the whole domain to be blacklisted. Anything that your users upload onto your apps should be hosted outside your main domains. For example: use companyusercontent.com to store files uploaded by customers.
  • Proactively claim ownership of all your production domains in Google Search Console. If you do, that won't prevent your site from being blacklisted, but you will get an email as it happens which will allow you to react quickly to the issue. It takes a little while to do, and it's precious time when you are actually dealing with an incident of this sort that is impacting your customers.
  • Be ready to jump domains if you need to. This is the hardest thing to do, but it's the only effective tool against being blacklisted: engineer your systems so that their referenced service domain names can easily be modified (by having scripts or orchestration tools available to perform this change), and possibly even have alternative names available and standing by. For example, have eucdn.company2.net be a CNAME for eucdn.company.net, and if the first domain is blocked update the configuration of your app to load its assets from the alternate domain by using a tool.

What to do if your SaaS app or website is blacklisted by Google Safe Browsing

  • If you can easily and quickly switch your app to a different domain name, that is the only thing that will reliably, quickly and pseudo-definitively resolve the incident. If possible, do that. You're done.
  • Failing that, once you identify the blocked domain, review the reports that appear on Google Search Console. If you had not claimed ownership of the domain before this point, you will have to do it right now, which will take a while.
  • If your site has actually been hacked, fix the issue (i.e. delete offending content or hacked pages) and then request a security review. If your site has not been hacked or the Safe Browsing report is nonsensical, request a security review anyway and state that the report is incomplete.
  • Then, instead of waiting in agony, assuming that downtime is critical for your system or business, get to work on moving to a new domain name anyway. The review might take weeks.

A cherry on top 🍒

The "sc" in sc-noreply@google.com stands for "Search Console"

Some chilling final thoughts about the future of the Internet

--

--

--

Entrepreneur, investor and advisor.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Role of IoT in Increasing the Efficiency in PropTech

Welcome PRX Metaverse on BSC!

How to solve the issues with Foldables

Building a VR Shopping Experience for the Web: Tips and Takeaways — Shopify

Looking Deeper at New Media

Google Play Pass now available in Ireland

Taming Technology Through Design

Technology: The Source Causing the End of Our World?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Gonzalo Sainz Trápaga

Gonzalo Sainz Trápaga

Entrepreneur, investor and advisor.

More from Medium

Google Hangouts Is Shutting Down In November…And Other Small Business Tech News This Week

From Idea to MVP; a bumpy road for first-time tech founders.

[QuotaWiki] What is an ESOP?

Handling Patents as a StartUp