I like my smaller customer to register and pay for their own domains, but recently I have had a customer accidentally reset their domain information because they strayed into the Google Domains section of their Google account. They see a rather well promoted button telling them that their domain is not set up to the default Google settings and that this might cause them problems, so they see the highlighted button and reset the domain to default and lose all their external domain settings!
 The second issue is the real reason for this review. For me it has stopped me considering Google going forward and may spell the end of the road for this service in my business. I had a website hacked, my first and I am a bit ashamed it happened. Fortunately, it was not a customer account. I had been sloppy and tried out a demo website built from a tool and used a spare domain name to just get it running. It got hacked and started phishing. Google did the right thing and shut it down, I made sure the door was shut, cleaned up the whole server and deleted that website. No issues. Now the problem, Google sealed the domain. That rendered it inoperative and unable to be edited, transfer or any form of control. Remember this is my domain. They sent this e-mail to me:
“Your domain somedomain.now was suspended due to reports of phishing activities. Please take any necessary corrective actions to remove any malicious or compromised activities on the domain. You should conduct a review of the content and infrastructure including website(s) content, application and DNS servers, and hosting and security setup. Failure to take the necessary corrective actions may result in cancellation of your domain registration or termination of your account.
Please note that for us to restore the domain name, you need to do the following:
• Get a vulnerability audit from either:
o the hosting company providing services
o a 3rd party scanning service (from a mutually agreed vendor)
o a self-service vulnerability scanner
• Provide a report from one of the above that validates no vulnerabilities found, for example:
o an "all-clear" report from the hosting company or vendor
o an "all-clear" output from a self-service scan
o a log from a self-service scan showing "all clear"
Now the problem with this and the subsequent six or so e-mails aver the course of a week, was that with no live site, no external report could be generated, my small shared hosting company declined to commit anything in writing, correctly saying it was my responsibility to check the software. So despite me being a webmaster with over 30 websites, ten years in the business, never any other bad record and this being a minor first offence I was locked in a standoff with Google on how to validate a clean website. They wanted a scan, despite the fact that they had disabled the service so I could not run any external scan. They would not accept my self-certification. After a long e-mail exchange, I got this final response:
“We just received an updated from our Technical Team and they decided to lift the suspension of your domain name somedomain.now. That being said, this does guarantee that the domain is "immune" to any possible sanction in case we receive another report for the same domain name. Feel free to reply to this email should you have any clarification”
It all ended well but took about a week. So imagine if it had been a serious customer, I would lose my business if it took me a week to get their service back.