You spend years building up an online business, working hard to provide a service that gives paying customers great value.
After a while, your company starts attracting corporate clients who need a bit more than what is available on your traditional offering. And, despite limited resources, you have no choice but to expand the service to enterprise level customers.
But this means a lot of work, and it takes months to properly plan, design and implement the new changes. It's infuriating that Google can mistakenly ruin this.
Developing the new site
Because the enterprise version operates on a flat monthly rate, instead of on a subscription basis, a decision is made to operate it as a separate site, on its own domain.
The service is essentially the same, but a lot of under-the-hood customizations are needed to bring greater flexibility to the system, and manage the new flat rate payment structure.
After the development is done, a new domain is purchased, along with an SSL certificate to secure logins and customer accounts.
Once the system has been operating successfully and bug free for a week, the launch is initiated.
Launching the startup
The launch phase is carried out in four separate stages:
- Notify existing business clients who have put themselves on a waiting list
- Notify other people who have expressed interest in a flat rate service
- Place notifications on the existing site where appropriate (i.e. on the pricing page)
- Announce the new enterprise service via email (this is the big one)
Steps one to three were carried out over the course of a day or two, and focused on relatively minor things (in terms of the numbers of people exposed to the announcement).
Why was step 4 so important?
Well, for a start, the email went out to over 4500 existing customers, some of whom are CEOs of pretty large companies, some are celebrities, many are small business owners - all of them are really important and valuable clients.
Perfectly timed with our grand announcement, Google decides that our new domain is an infected phishing site, and greets the hundreds of people (the market share percent of the customers using Chrome) arriving to take a look with this:
![Google Chrome erroneous phishing warning]()
So well timed was this warning that minutes before the announcement email was sent out, this warning was not in place. It was only because a kind customer took the time to notify us that we were even aware this had happened.
Of course, no other browser displayed this warning because this is a false positive. Testing the site on Google's safe browsing tool didn't show any problems with the site:
![Google safebrowsing]()
Great Google, thanks a lot. You can't find anything wrong with the site, but you're happy to tell the world that this is a phishing site.
Now, Google's answer to this might be that they would rather err on the side of caution. But, for goodness sake, with all their technical might, can't they determine that this site is served from a different domain but from the same server, with the same registered domain owner?
They would rather ruin a hugely important small business launch than actually check if it makes sense for the new domain to be there.
Or, if they are convinced something is wrong, why not notify the webmaster before they decide to tell the world the site is an infected phishing trap (when it bloody isn't). If another company had the power to take a big launch of your business and use it to tell everyone that you were a criminal enterprise, how would you feel?
Do you think Google has something to answer for in this case, or do you think they are justified in damaging the reputation of small businesses regardless of whether they get it right or wrong - in the interests of safety?
Share your thoughts in the comments.