Query regarding domain on PSL

Hey infinityfree, Why don’t you submit your domain to PSL(Public Suffix List) like eu.org?

There are a few reasons for this:

  • Getting a domain added to the PSL is a rather slow and cumbersome process from what I’ve heard.
  • I don’t know what side effects the PSL registration might have. For example, would it prevent is from getting SSL certificates for *.ct.ws? Or would subdomains get inadvertently detected as valid top level domains?
  • I was told a few years ago that iFastNet looked into this some time ago and decided not to pursue it. But I don’t know exactly why that is.

All in all, it might be possible, but we have to be careful about this.

As far as I heard, if domain is added to the Public Suffix List, it will be treated like a top-level domain for many services. You could try submitting just one domain that infinityfree own, such as *.ct.ws, and see how it works. If everything goes well, subdomains like xyz.ct.ws should be accepted more easily by Google AdSense and other services that rely on the Public Suffix List, because many services don’t accept subdomain, but as soon as they are in PSL, they accept it, I would recommend trying it with one domain first.

PSL is divided into two parts: ICANN domains and private domains. ICANN domains are suffixes that is considered as regular TLDs and wildcard SSL certificates should not be issued to those domains directly.

Private domains, however, is different. Those domains are still considered as being owned by a private entity and wildcard certificates can be issued to them with one of the most famous example being github.io.

Since the three reasons you listed only includes this one actual potential drawback I don’t think it’s bad to try to submit at least InfinityFree owned free subdomains to the PSL. It might also help to mitigate the noisy neighbour effect.

I have independently looked into this a few years ago back before the SSL system was changed to the current wildcard system.

With that in mind, it was a good idea at the time for a number of reasons, mostly with security and how browsers manage cross-domain requests. It also had the side effect of heavily reducing let’s encrypt rate limiting and allowing users to signup for services like AdSense.

However, the PSL maintainers have a strict quality control process (and rightly so). The bad-neighbor effect that inclusion to the list would help solve is also the downfall, as the maintainers are not willing to accept subdomains that have a lot of spam websites and flags within Google safe browsing. Unfortunately this probably prevents any free subdomains from getting added to the list, or at least requires a fight to get them added.

Regarding the current SSL system, it would still be possible according this 2019 post: Wildcard certificates and Public Suffix List - Issuance Policy - Let's Encrypt Community Support

I think InfinityFree should try submitting its domain to the PSL. eu.org also has a large number of spam domains, but it has been accepted into the PSL. It may or may not be approved, but there is no harm in trying and seeing what the PSL maintainers decide.

I’m curious on how much the quality control process would be an issue.

Some degree of abuse is basically guaranteed to happen for any service that provides free subdomains, and the only reason you see many reports is because there are many domains. We frequently have more subdomains on our domain than there are registered domains under the extension.

And it’s not like our abuse handling is slacking. We respond faster than most registrars, and unlike those who provide domains, we control the hosting, which gives us a lot more opportunity to monitor for abuse.