domaindetails.com
Back to the blog
Behind the product
6 min read

Keeping Domain Details available when automated traffic spikes

Public tools are useful because they are easy to access. This is how we are keeping that openness while making sure unusually heavy automation cannot interrupt everyone else.

DD

Domain Details team

Product and infrastructure note

Public stays public

Anonymous API and MCP access remains available with a fair-use allowance.

Overload fails small

Excess automation receives a retry response instead of taking unrelated features down.

Product access is separate

Accounts, apps, monitoring, billing, and Pro workflows keep their existing access rules.

The short version

On July 14 and 15, unusually large, distributed automated traffic repeatedly interrupted some public lookups. We restored service, then replaced the temporary broad restrictions with layered limits that keep normal access open and contain excessive traffic before it can affect the wider product.

What happened

Domain Details intentionally lets people research a domain without creating an account first. Some of those lookups require us to speak to external domain-data providers, so they are more expensive than loading a normal web page.

A coordinated wave of automated requests repeatedly asked for that expensive work from many different network locations. The volume was large enough that our shared web infrastructure became saturated, which made some lookups and pages intermittently unavailable.

We found no indication that account, subscription, or payment routes were the target. This was an availability incident focused on public research functions.

Why the first response was not enough

Our first response identified the visible traffic pattern and restricted it. That restored service quickly, but it was too specific: distributed automation can change its signature or move between public entry points.

The better question is not “can we recognize this exact traffic again?” It is “how much work should any public traffic be allowed to create?” Once that boundary exists, changing an address or client signature no longer bypasses the protection.

Public access should be generous for people and predictable for software—without being unlimited work for the systems behind it.

What changed

Existing integrations keep the same public URLs. The difference is that expensive anonymous work now passes through a dedicated protection layer before reaching the systems that perform it.

  • Public API clients receive 30 lookups per minute across the protected research routes.
  • Frequently repeated results can be safely reused instead of performing the same external work again.
  • Hard capacity limits stop a distributed spike from becoming unlimited backend work.
  • Requests above the allowance receive a clear 429 response and Retry-After guidance.
  • Normal product and authenticated workflows remain separate from anonymous automation.

MCP remains available

The Domain Details MCP server remains public. Actual lookup calls receive the same straightforward allowance of 30 per client per minute, while setup, capability negotiation, and tool discovery do not use that allowance.

This keeps everyday agent use simple while preventing one workload from turning into an outage for everyone. If sustained high-volume access becomes useful, we can add identified access tiers later without removing the anonymous tier.

What this means for normal users

Most people will notice no change. Website research, the iOS app, the browser extension, monitoring, reports, billing, and Pro features keep their existing behavior. Ordinary interactive use sits comfortably below the public allowance.

During an abnormal spike, excessive anonymous automation should now fail quickly and temporarily. The rest of Domain Details should continue working instead of sharing the failure.

What happens next

We will watch legitimate usage and adjust the public allowance if the data shows it is too restrictive. Material changes will continue to appear in our public changelog, and any future higher-volume access will use verifiable identity rather than a client-supplied label.

The principle is simple: stay open, set fair boundaries, and make overload boring.

Keep up with Domain Details

Useful product notes, without the noise.

Get occasional domain research, practical tools, and the important changes behind the product.

By subscribing, you agree to receive Domain Details updates. Unsubscribe anytime. Privacy policy