Domain removal from the CSV?

[simplistik]

Are we able to put in some sort of request that removes our clients or domains we own to be removed from that CSV?

Whether the request is private or public or maybe even creating an appropriate pull request, whatever the method doesn't matter to me.

Respectfully

[scottlee]

It can be safely assumed that several of these sites are for internal use only. Not that any malicious actor couldn't monitor domain registrations, but still, I'd like a mechanism for removing URLs.

[simplistik]

It does actively expose staging and development URLs which many people assume should be hard-ish to discover. A lot of people also don't put these URLs behind any type of protection for simplicity for their client(s).

[Daniel15]

many people assume should be hard-ish to discover

@simplistik For what it's worth, the domains are likely already visible in certificate transparency logs. Every TLS certificate that's issued is logged, and there's several sites to search these logs. For example, you can use this search to find all active certificates for subdomains of .github.com: https://crt.sh/?Identity=%25.github.com&exclude=expired. The only way to avoid that is by using a wildcard certificate (e.g. if you have a certificate for *.staging.example.com and use a subdomain for every client's staging site).

[simplistik]

@Daniel15 yup I know and agree, but this is “curated”.