Xolla dead?
|
I tried to purchase the packs, but no matter what method I chose, it gets declined - even chosing paypal will result in declined BEFORE I am redirected to actual paypal page. Is this on Xolla or is there something I can do?
Last bumped on Jul 18, 2025, 12:36:00 AM
|
|
|
Hey there, I'm sorry to hear that! Could you please email us at support@grindinggear.com so we can look into this matter for you?
| |
|
So apparently, after thousands of euros spent, I get pinponged from ggg support, to xolla, then to queue with a bot . My email suddenly does not pass some mysterious security checks since Xolla only accepts "verified domains" (whatever that means). WTF? Seriously?
"I apologize, but currently our security system will only be allowing payments made from a verified domain. we apologize for the inconveniences." then goes into some robot cycle and can't explain what that means. Great, I wish someone actually told me how do I verify to be able to buy stuff in the shop again :/ edit: selecting apple pay -> scanning qr code with phone and finishing worked. I did not verify (or have been asked) for any email, so yeah :/ Last edited by AcidFrizzy#2252 on Jul 17, 2025, 8:36:06 PM
|
|
|
Just for future reference, that Xsolla error message seems to mean “please use a Gmail or Hotmail / Outlook domain.” There might be others, but it seems like a very small whitelist.
Alternatively, you can dodge Xsolla entirely by paying through Steam and giving Valve 30%. I find it difficult to justify optional purchases to support a Tencent-owned development studio that declines to provide customers Technical Support, regardless of how many thousands of euros that customer has spent...
|
|
|
I don't know what type of mail provider OP is using; but while the spam problem has been largely solved on the email recipient end for a number of years the behind the scene work major mail providers are doing are squeezing anyone running a smaller mail server out of being able to reliably send mail.
I haven't heard of the same policy changes being used to block customers due to anti-fraud paranoia but I'm not that surprised either. A longer ramble about what's going on is inside the spoiler:
Spoiler
Until a few years ago it was possible to run a personal/small business email server directly either with a server in a data center (or at home/in the office with a business class internet plan). The list of hoops you needed to jump through in terms of setting up verification systems kept growing longer; but as long as you never screwed up and had your mail server hacked and used to spam (that happening was a defacto permanent death sentence for your mail server because many spammer black lists are effectively append only with no way to ever be removed) it would work. Other than corporate inertia and gray beard stubbornness and pride it rarely made sense in time and money terms to keep doing it yourself instead of paying a tier 1/2 internet company to provide mail service for people@yourDomain.TLD but it was doable. Over the last few years I have seen a steady trickle of blog/etc posts from grey beard alpha geeks throwing in the towel. Even having done everything right they've been running into various destination providers systems deleting their messages before delivery (meaning they're just gone, not sent into a spam folder for the user to open and click *not spam*). What appears to be happening is that companies are adjusting their minimum trust filters (which they almost exclusively get from 3rd parties) from "never done anything bad" to "doesn't have a strong enough record of sending good messages" and outsourcing deciding if a sender is trustworthy to more risk-accepting peers. If paranoia thresholds are set high enough, this effectively locks out smaller entities who can never send the needed volume of not-spam to clear the thresholds. Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? |
|
" That isn't the problem whatsoever. As Xsolla staff say, they are looking at the domain. You can verify this by looking at Xsolla's error codes in the documentation on their website. They're focusing on the domain; not the provider. In practical terms, the distinction means that if you register a free Outlook account, that's okay. If you use that same Microsoft server - but pay to use a vanity domain - that's not okay. I suspect what's happening is they've noticed an uptick of people using temporary email addresses (e.g. https://temp-mail.org/en/), and have resorted to trying to manage a whitelist instead of maintaining a blacklist of domains. Less work for them; less convenience for customers. In particular, I wonder if Apple is broadly responsible for this trend. The same email servers get used regardless of whether you use a permanent Apple address, or are subscribed to iCloud+ and using their "Hide My Email" service. The first would utilise the @icloud.com domain & suffix; the latter, the @privaterelay.appleid.com domain & suffix. There has been a growing number of companies - typically those you might pay for some product or service - attempting to clamp down on both temporary address providers, and any kind of alias + forwarding service that can be swiftly disabled. They want to have your main email address on file; not something more... disposable. Xsolla seem to be hopping on the bandwagon. tl;dr: The email address you enter when making a purchase in no way has any effect on how much spam email Xsolla gets subjected to. The two problems are entirely unrelated. I find it difficult to justify optional purchases to support a Tencent-owned development studio that declines to provide customers Technical Support, regardless of how many thousands of euros that customer has spent...
|
|
|
It's really not. Spam and scamming are just different aspects of abuse by bad actors and the exact same logic behind "we don't trust your mail server to send us email" is behind "we don't trust your domains users not to be scammers".
The error code "Email address domain is not allowed. Try another email address." is too vague without more information for me to judge any of: 1) We whitelisted the 10 largest mail providers on the planet, and block the rest. 2) We whitelisted the 100,000 largest mail providers on the planet, and block the rest. 3) We use a blacklist not a white list and only block providers who have had a lot of scamming. 4) We use a blacklist and block any non-major provider if there is has been any scam attempted by its users. In many other contexts I'd add... 5) We block by TLD to limit exposure to countries that engage in lots of scamming. ... but since my understanding is that Xsolla's value proposition to businesses is that they provide a 1 stop gateway to connect a company with regional payment networks everywhere in the world that sort of ham-fisted geoblocking seems exceptionally unlikely. Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? |
|
