Add alibabacloudcs.com

[iiiibukifalling]

Public Suffix List (PSL) Submission

Checklist of required steps

• Description of Organization

• Robust Reason for PSL Inclusion

• DNS verification via dig

• Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the _psl TXT record in place in the respective zone(s).

Submitter affirms the following:

• We are listing any third-party limits that we seek to work around in our rationale such as those between IOS 14.5+ and Facebook (see Issue #1245 as a well-documented example)

• This request was not submitted with the objective of working around other third-party limits.

• The submitter acknowledges that it is their responsibility to maintain the domains within their section. This includes removing names which are no longer used, retaining the _psl DNS entry, and responding to e-mails to the supplied address. Failure to maintain entries may result in removal of individual entries or the entire section.

• The Guidelines were carefully read and understood, and this request conforms to them.
• The submission follows the guidelines on formatting and sorting.

• A role-based email address has been used and this inbox is actively monitored with a response time of no more than 30 days.

Abuse Contact:

• Abuse contact information (email or web form) is available and easily accessible.

  URL where abuse contact or abuse reporting form can be found:

https://report.alibabacloud.com

---

For PRIVATE section requests that are submitting entries for domains that match their organization website's primary domain, please understand that this can have impacts that may not match the desired outcome and take a long time to rollback, if at all.

To ensure that requested changes are entirely intentional, make sure that you read the affectation and propagation expectations, that you understand them, and confirm this understanding.

PR Rollbacks have lower priority, and the volunteers are unable to control when or if browsers or other parties using the PSL will refresh or update.

(Link: about propagation/expectations)

• Yes, I understand. I could break my organization's website cookies and cause other issues, and the rollback timing is acceptable. Proceed anyways.

---

Description of Organization

Alibaba Cloud (Aliyun) maintains a global cloud infrastructure spanning 28 geographic regions with 85 availability zones, providing core cloud services including elastic computing, distributed database solutions, and AI-powered data analytics. Its security portfolio features enterprise-grade threat detection systems, DDoS protection services, identity and access management (IAM) controls, and compliance certifications aligned to international standards such as GDPR, ISO 27001, and China's Multi-Level Protection Scheme (MLPS). The platform enables hybrid and multi-cloud deployments with specialized security protocols for regulated industries including finance, government, and retail sectors.

Who I am: Security Engineer within Alibaba Cloud’s Security Team.

Organization Website:
https://alibabacloud.com

Reason for PSL Inclusion

The domain alibabacloudcs.com is utilized by Alibaba Cloud API Gateway, where subdomains (e.g., serviceA.alibabacloudcs.com, serviceB.alibabacloudcs.com) are allocated to distinct internal systems and services managed by Alibaba Cloud.

Number of users this request is being made to serve:

These changes will impact all customers using Alibaba Cloud services, including both Alibaba Cloud-managed internal systems and external customer workloads.

DNS Verification

[wdhdev]

Does alibabacloudcs.com have existing users?

[iiiibukifalling]

Does alibabacloudcs.com have existing users?

alibabacloudcs.com currently does not have any active users. This domain is planned to be utilized as an API gateway in the near future.

[wdhdev]

A couple more questions:

1. Are the subdomains are only delegated for use by Alibaba themselves, or is it for customers as well?
2. Are you able to get a link added to your report abuse page onto https://alibabacloud.com? We normally request a report abuse link to be easily accessible from the company's website.
3. Please expand on your inclusion rationale, it is not very evident as to why you require PSL status.

[simon-friedberger]

Specifically regarding 3:

• If you are only exposing Alibaba systems switching to __Host- cookies (see MDN Set-Cookie) should be enough to prevent cookie sharing.
• There would also not be any security issues because the systems are all managed by Alibaba.

[iiiibukifalling]

A couple more questions:

1. Are the subdomains are only delegated for use by Alibaba themselves, or is it for customers as well?
2. Are you able to get a link added to your report abuse page onto https://alibabacloud.com? We normally request a report abuse link to be easily accessible from the company's website.
3. Please expand on your inclusion rationale, it is not very evident as to why you require PSL status.

1.Subdomain Delegation
The subdomains under alibabacloudcs.com are fully owned and managed by Alibaba Cloud. However, certain subdomains (e.g., https://pageview.alibabacloudcs.com/userA) may host user-controlled content, such as web pages or configurations generated by customers through our platform. While the domain ownership remains with Alibaba, these subdomains serve as dedicated endpoints for customer-specific use cases.

2.Report Abuse Link Accessibility
Currently, the "Report Abuse" page is accessible via a floating phone icon in the lower-right corner of https://alibabacloud.com. Clicking this icon reveals the abuse reporting option. While this complies with our internal design standards, we acknowledge your feedback on ensuring "easily accessible" visibility. If required, we can add a direct link to the abuse page in the website footer or a dedicated section during our next UI update. Please let us know your preference.

3.Inclusion Rationale
The request for Public Suffix List (PSL) status is primarily driven by the structure of user-controlled subdomains (as noted in point 1). Without PSL recognition, cookies or security policies could inadvertently span across these subdomains, posing risks to both Alibaba and its users. Additionally, this inclusion serves as a controlled test for future domain integrations: since alibabacloudcs.com currently has no active users, any unforeseen issues can be mitigated with minimal impact. Following this, we plan to submit other Alibaba-owned domains to the PSL, aligning with our long-term infrastructure strategy.

We hope this addresses your concerns. Should you need further details or adjustments, please feel free to reach out.

[fakeboboliu]

To maintainers: alibabacloudcs.com now uses NS server ns1.alibabadns.com, which is only used by Alibaba's services.

It should be okay to say it's Alibaba's official service if DNS verification can be done with this NS server.

[iiiibukifalling]

Explanation:
Due to Alibaba Cloud's mandatory change freeze policy (effective to ensure pre-holiday system stability), all non-emergency DNS modifications, including domain verification, are temporarily restricted during this period.

To comply with these operational safeguards, DNS verification for alibabacloudcs.com will be completed on or after February 5th, immediately following the freeze phase. We assure you this task will be prioritized post-freeze.

[wdhdev]

We do require an _psl TXT record to be put in place permanently for verification purposes.

A dedicated link for a report abuse button would be ideal if possible.