Email abuse

What is the name of the domain?

hadubadu.shop

What is the error message?

Domain does not exist

What is the issue you’re encountering

Someone created an account using my email without authorisation

What steps have you taken to resolve the issue?

Attempted to contact support, however, received an error that the domain does not exist on the service. So writing here incase someone has an idea on what is going on.

What are the steps to reproduce the issue?

Hello, someone created an account using a non-existing email address at my domain without my authorisation and added a domain to the service. I got notified that the account was setup as I have a wildcard catch-all setup for emails. Following there were two DMCA notices on my email. I tried to log an abuse report, however, I received a notification that the domain does not exist - even though the name services are listed as cloudflare.com on whois - see attached.

I did not click on any links from the emails. I was able to recover the account that was created and discovered that it had been created with a ‘admin’ @ my domain. I’ve reported this domain to the registrar (hostinger) - but I’m still unable to get support for the account that was created without my authorisation. Hope someone can help me.

Screenshot of the error

A provider cannot know in advance who owns any email address.

They can only ask the user to verify that they own the address by clicking a link or retrieving a verification code sent to the email address in question.

This is standard practice everywhere.

The verification email you received had instructions to remove the account immediately if you were not the one who created it. All you have to do was click the Unintended Registration link (or type the URL in the browser as a security precaution) and enter the email address and token from the email you received to delete the unverified account immediately.

(Even though the “Unintended Registration” page says it can take up to 12 months to delete your information completely, since this is a fresh and unverified account, it would be deleted immediately. Besides, you have no personal information in there, other than the email address. I just tested this myself and the new account was deleted immediately.)

By resetting the account, you have verified it and now have full control. You can delete it from the dashboard, or, if you still have the verification email, use the Unintended Verification link (though I doubt if that will still work after the address is now verified).

I don’t know what else you expect Cloudflare to do at this point.

Again, Cloudflare cannot know in advance who owns an email address.