Google workspace account has been suspended with no recovery method - google-workspace

Many years ago I set up my domain so Google would manage my domain's email. Today, possibly because I was accessing from another state, Google decides to suspend the service:
Your organization's Google workspace account has been suspended. Please contact your Google workspace organization administrator to re-activate your organization.
So since I'm the administrator, I try to logon with those credentials, which are correct, but they challenge me, and want me to complete an email loop, but the recovery email is in the locked domain!
There seems to be no way to get this fixed. There's some code they can send me that I'm supposed to put my domain's server to prove I'm legit, but Google controls that...I have nothing on the domain except email. I'm paying Hover as the registrar.
Any way out?
I appreciate "Only Google can help", but there's no path forward. No phone number, no button to "open a ticket", no live chat. If you can't log on as administrator, none of that is available. How would a superuser get through on a problem like this?
There is a page that says:
To get phone, chat, or email support for your legacy free account at xxxxxxx.com, you need to upgrade to Google Workspace.
To continue, switch to an administrator account. This will open the Google Admin console.
https://support.google.com/a
But I can't log in as administrator to upgrade my account so I can get support because when I log in with correct credentials, they send a challenge to an email address that's in the locked domain!
I can't be the only one this happened to, so figure they're just hiding the path to victory so they don't have to answer too many phone calls. This page might be as close as I've gotten: https://support.google.com/a/answer/6335621
When I try to open a support case under my non-admin account, it says
You do not have permission to create support cases.
I found a form to fill out: https://support.google.com/accounts/contact/disabled2
The above form accepts any email address, so you enter any email address that you currently have access to (not one that is locked, obviously).
But matter what I do, they want me to prove my identity by adding something to my domain. I've asked Hover how to do this, but have not received a response yet.
Here's the email Google sent
Your action is required in order for us to assist with your request.
We were unable to verify the DNS ownership of Google Workspace Account sengsational.com. Please follow the instructions below to verify domain ownership.
The following instructions outline the DNS record (CNAME or TXT) to add to your domain settings. Learn more
Via CNAME (preferred):
Label/Host: [eight digit number removed]
Destination/Target: google.com
Time to live (TTL): 3600 seconds / 60 minutes / 1 Hour
For more information on how to create a CNAME record, please refer to the article Add a CNAME record to your domain's DNS records. If you need assistance creating the CNAME record, please contact your hosting provider for support.
You can verify your CNAME record here.
Via TXT:
Label/Host: enter # or leave it blank
Value/Destination: google-gws-recovery-domain-verification=[eight digit number]
Time to live (TTL): 3600 seconds / 60 minutes / 1 Hour
For more information on how to create a TXT record, please refer to the article Verify your domain with a TXT record . If you need assistance creating the TXT record, please contact your hosting provider for support.
You can verify your TXT record here.
Note: Updates to DNS records may take 24-48 hours to propagate across the entire internet.
In order for us to help you with the sign-up process, please follow this link and submit your request.
Best regards,
Google Workspace Support

Key Finding:Contact the company where you have your domain registered to have them manage the DNS records.
Hover is who I pay every year to keep my domain name active. I logged on, opened a chat, pasted-in the email from Google, and they were more than happy to update those records, right there on the spot!
Then, I went back to the email that Google sent me. To complete this authentication loop, there is a button on the page to re-check DNS.
After refreshing the page, I was provided the option to change the password. After I did that, I was logged into the gSuite administrator account, finally!"
They also automatically changed the recovery email to the one I was using that was outside the domain that was locked.

Related

How to show brand avatar in e. g. Gmail for non-Gmail e-mail addresses?

Hej there,
I am currently try to find a solution for showing an avatar to the e-mails sent by own organization. Our e-mails are not bound to Google Workspace, because we don't want to pay for features that we're not using.
So far I added a BIMI DNS entry to our domain (currently without DKMI). I tried to figure out how other people / organizations solve the problem, but could find neither a BIMI TXT DNS entry on their domain nor an entry on Gravatar. Possibly they have an Google Workspace account, but maybe there is another solution I could not find yet.
Has anybody an idea how to get our avatar to e. g. Gmail e-mail boxes?
(Yes, I know about X-Face or Face header in e-mail, but I don't think that Gmail supports them – I also could not find them in any e-mail)
The official solution is to reference a Verified Mark Certificate (VMC) in your BIMI record. This handles all of your email addresses at once. Your logo needs to be registered as a trademark, and you will need to purchase a VMC from DigiCert or Entrust. The cost to register a trademark is roughly $660, plus attorney fees, and the cost to purchase a VMC is $1,499 per year.
The solution provided by #HTeaMeuLeu is a free alternative for anyone who can't afford a VMC.
Create a Google account with your company's email address.
Change the profile picture to your company's logo.
Wait up to 48 hours for the logo to become visible in the inbox.
Do not create the Google account using the "To manage my business" option. This account type isn't able to change its profile picture, and the account type can't be changed after its created.
For everyone else:
First, you will need complete the BIMI specification. Then, you will need to complete any additional requirements that each email service provider may have to display the logo in their inbox. This tutorial walks you through the process and explains everything you need to know.
Here’s a detailed article on how to do this for a newsletter: Logos in the Inbox: Gmail.
You basically need to create a Google account without Gmail (at https://accounts.google.com/SignUpWithoutGmail) and setup your image there.

Locked out of GSuite Admin after domain verification

I have signed up for Gsuite Essentials and attempted up upgrade to Gsuite Enterprise. I only have a single email address eg a#abc.com. I had already been using this account as a normal google account. (no gmail though).
I couldn't get the admin console to show the upgrade option, but found I needed to verify my domain. So I added the TXT record to my domain abc.com, which would then let me verify.
I could then log in to the admin console as a#abc.com and clicked on the upgrade option and completed the process. This then let my a#abc.com user have access to Gmail. I have not transferred any domain settings over to google, that is all still externally hosted.
I can now no longer log in to the admin console, it says that my a#abc.com account doesn't have the rights and I need to log in as the administrator. There is no other account linked to the Gsuite settings, so there is no other administrator. I can still log in to the normal google account and do the same functions as previous.
I have now removed the TXT record hoping that would cancel it out again.
How do I get access to the admin side again?
Side note: What I am mostly worried about is that I put my credit card details into the signup, but can't get into the admin page and can't contact any form of support. It is literally impossible to get support to use the serve I paid for.
First thing first, the txt records are a string for the only purpose to verify the ownership of the domain therefore deleting them won't change anything you only need this record for the verification process and once is done you can delete them.
As an example is like a text message sent to your mobile phone, if you delete the message nothing will happen right?
I tell you this so you won't more time on the domain DNS zone settings because the issue is not there and you won't solve the problem.
There may be few things that may have happened.
The first thing you should do is to navigate in an Incognito page, make sure that is the only incognito page that you have opened and log in with a#abc.com.
Try to run different test in incognito, the issue really looks like that you are logged in with multiple Google Accounts and when you go do admin.google.com it picks up the wrong one. That's why you should go in incognito.
EDIT
Use as reference this link Here.
Follow the steps in Paragraph 'I'm taking control from another admin' here the steps:
Go to the G Suite Essentials sign-up page.
2, Sign up using your email address at the domain you're verifying.
Use an address where you can get mail.
Follow instructions in the Setup Wizard to become the admin who manages G Suite Essentials for all users at your organization.
If this didn't solve the issue then you should contact the Google Support and they will tell you what happened.
The thing is that if you can't access the Google Admin you won't be able to contact the Google Support, hence you should follow this:
.1 Can't sign in to the Admin console: https://support.google.com/a/answer/6335621?hl=en

Re-activated users not receiving Google group emails

I'm an administrator of a Google apps domain and we recently reactivated an account which was suspended for around 6 months. Regular emails to this user are working well but emails to a group to which this user belongs does not seem to reach the user.
I tried deleting the user from the group and adding him again, but to no avail.
What might be the problem? And what is the solution to this?
You may refer with this thread. It suggested to check the email delivery setting and the spam folder. Here's another reference which might also help: Not getting a group’s emails
If you’re not getting emails from your group, check your email delivery setting:
Sign in to Google Groups.
Click My Groups.
Choose a group.
At the top right, click My settings.
Select Membership and email settings.
Check "Email delivery preference." Make sure that you haven’t selected "Don’t send email updates."
After making changes, click Save.

Facebook test users and auth

I have a project where I am using Selenium to test the Facebook auth. I created a Facebook app, created a test user inside this app and created some tests using Facebook login. Until now, it was working. But during the last two weeks something changed in Facebook and my tests are failing. It is due to interface changes in permissions dialog (I am targeting the button by his id). The second problem is that I don't get the email address from Facebook test user but a proxy email which is longer than 75 characters (my db field length is hardcoded in framework I am using).
If I log in as a regular user, it is working correctly and I get this permission box:
But when I log in as the test user I created (via 'switch to' in app's developer roles), I get this box:
I tested it ~2 weeks ago and this was yet working. Today it is changed. So my questions:
How to get back the old permissions box for test users?
How can I get the real email address and not the proxy?
Thanks!
I experienced the same problem with the Auth Dialog. I tried it with some old and new apps with various settings including March/Apr. 2013 Breaking Changes enabled/disabled, but it didn't help.
However, I guess I can help you with the email problem. When you login as a test user and go to account settings page, you will see the test user's primary email addres. By default this should be a really long one like the image I attached.
Facebook Platform returns this primary email address. If you pass the Auth Dialog with your test user account and see the privacy setting page, you will find the default primary email address is shared with the app. You have to provide a new email address for the test user and set the new one as primary email address via account setting page.
Why is the Login Dialog different with a test user?
With your test user, you can see the future of login dialogs. In fact, this isn't "not working" but this is an update which was unveiled on December 2012. Let me quote:
Our Login dialogs have undergone a redesign to make it easier to
understand permissions that apps request. We've simplified
presentation and have also updated our language for greater clarity.
“Basic info” has been renamed to “public profile and friend list,” to
reflect what what is being shared. Apps accessing your public profile
get your name, profile picture, age range, gender, language, country
and other public information.
Source: Providing People Greater Clarity and Control, developers.facebook.com/blog
The reason why you don't meet this update with a regular user, is that Facebook doesn't use to update everyone at the same time. They partially launch updates depending on the country, the type of account or some other parameters I ignore.
Example of a partial update (unified_message FQL table) dedicated to developer accounts:
We are providing early access to this API for registered developer
accounts only until the new messaging system is broadly available. You
should use the message table for production applications at the
current time.
In our case, we now know that test users can access to the update, but it is also said:
We have already launched many of these improvements as part of our
iOS6 integration and are now rolling them out more broadly.
About proxy emails
In fact, proxy emails are a way for any users to keep their real email anonymous. You have to consider proxy emails.
When joining an app, the user can choose between a real email and a proxy email:
Other thing you need to expect are users who didn't validate their account when connecting to your app, a case which is possible as described here and here.
Then, why do test users give back a proxy email? Because test users (being bots and having fake emails) didn't validate their emails.
You see that in at least 3 cases (and finally, test users are a good example), you need to handle these proxy emails. They are incidentally or accidentally met by developers and they can't be neglected. For your case, you can still try to disallow tests users who have a proxy email from accessing your app. But you should accept them and shouldn't force them to share their original e-mail addresses. A better solution is that you validate the test users emails:
Connect to the test user account that gives a proxy email
Add an email address (password needed here),
Go to the email mailbox and click on the validation link,
Set the new email address as primary,
The test user should now give his original email and not a proxy anymore!

Cpanel Addon Domain Email Migrating to Own Cpanel Account

I have a cpanel account with multiple addon domains. I am in the process of moving every website to its own cpanel account.
I have email set up on the addon domains and before I go and move the files and the database over to the new account, I want to make sure that their emails move over as well.
I don't want the users to have to change their passwords, lose any email, etc. I have a couple clients that have dozens of email accounts attached to them, and they cannot afford to lose anything or change passwords.
I believe I can assist you. I suggest you create a test/fake domain to test! You can use your hosts file to point to a fake domain at your cpanel server!
Lets get started:
I have a cpanel account with multiple addon domains.
This means each addon domain have a folder in the main user account!
/home/main_user/addon_domain.tld
I am in the process of moving every website to it's own cpanel account.
I guess you will create a new account for each addon addon_domain.tld
and move to /home/New_addon_domain_username/public_html
I have email set up on the addon domains and before I go and move the files and the #database over to the new account, I want to make sure that their emails move over as well.
For the databases there are 2 cases! We can get back to that later.
For the email accounts, the solution may not be as hard as you think, and the users can keep there emails. Better, they will not notice any changes. All you need to know is this:
1- DATA
emails data is stored at /home/main_user/mail, you can copy those folders and sym-links for and in the separated accounts your create
There you can run the command "ls -l" and you will get it. (if not paste the results here)
2- Authentication, user/password
This can be found at /home/main_user/etc , take note they're hidden files (ls -a)
the files are .passwd and .shadow
I believe that in /home/main_user/etc you will find a unique folder for each addon_domain
which will contain both of .passwd and .shadow
I don't want the users to have to change their passwords, lose any email, etc. I have a
couple clients that have dozens of email accounts attached to them, and they cannot afford
to lose anything or change passwords.
I've done this zillions of time, the users keep the same account and password.
As I suggested, before you start, try with a test domain! Or at least create a test mail account to know where the data goes (/home.../mail) and the password auth goes (/home/.../etc)
Careful, you can not have the same mail account in 2 cpanel accounts. If you move it to a new one, you have to delete it from the previous one.