Okay, fair point. I can only assume they would only do this for persistent and malicious violation of the rules; it's a pretty good incentive not to do anything nasty with them if they can lock you globally out of your zone for a year. In fairness, so could any other provider if they so chose. As a registrar, I can guess the amount of abuse they have to deal with (spam domains, illegal content etc.) is high enough that they're pretty tired of dealing with it, so they take the Roosevelt approach:
Speak softly, and carry a big stick.
Again, I don't agree with this approach personally if it affected me, but I do understand it from a business POV. Letting the customer know in advance that they do have this power will weed out the ones who are most likely to fall into it.
> I can only assume they would only do this for persistent and malicious violation of the rules
No, they specifically state this in a context which does not leave room for such an interpretation.
>We are NOT a DDoS Mitigation Service. Yes, we have a lot of DDoS mitigation in place. No, this isn’t here so that you can get cheap DDoS mitigation. You cannot use any services here if you are, have been or think you may be the direct target of a DDoS attack. Contact us instead for a referral to a real DDoS mitigation company. If you come on this system knowingly bringing a DDoS on your heels we shut down service (we may also wildcard your DNS to localhost and set the TTL on your zone out to a year. You’ve been warned).
>it's a pretty good incentive not to do anything nasty with them if they can lock you globally out of your zone for a year.
Sure, like violence is a good incentive too. Both of these are likely to be illegal.
>In fairness, so could any other provider if they so chose.
So fucking what, the whole point is that nobody else would do this.
I'm guessing they have had to deal with DDoS attacks a lot, and as a sysadmin I can sympathise with their frustrations - it doesn't just affect the person fleeing to them, it affects their entire hosting platform, their other customers, and ultimately them getting paid for hosting those other customers. They're probably sick of it, which explains the drastic action. I can understand why they would threaten this if they've had to ride through multiple attacks, especially if it appears someone under fire is using them for 'cheap DDoS mitigation' when it's specifically a service they don't offer.
Speak softly, and carry a big stick.
Again, I don't agree with this approach personally if it affected me, but I do understand it from a business POV. Letting the customer know in advance that they do have this power will weed out the ones who are most likely to fall into it.