Saturday May 18, 2024

Expired Domains Gone Bad

Author: Wayne Eggert
Date: 02/26/06

Do you keep a list of websites that you create new accounts on? If not, you're probably not alone -- in fact I know you're not alone because I'm guilty of this very deed. If you shop online as much as I do, you undoubtedly have dozens of accounts on shopping sites that you've used in the past 5 years, even if you haven't placed any additional orders. You've signed up with your credit card company's site to be able to pay your bills online and view personal account information. Your banking account, student loan and any number of confidential information that only YOU have access to. You'd probably agree that it's very easy to lose track of all of the websites you've registered with. This is a BIG problem for anyone who has an email account that could get into the hands of someone else in the future.

Many people use an email at their own domain as their primary email addresses, since using free email addresses like Hotmail seem to be more of a security risk with all-to-familiar stories of break-ins than using your hosting provider's mail server. What happens though when you want to let your domain expire? Well, unfortunately the answer is "nothing good."

The Issue With Expired Domains

The issue with expired domains is that they are eventually allowed to be re-registered by anyone who wants to steal the domain traffic, finds the name useful, or simply wants to squat on the domain a while to see if the original owner wants to buy it back. The worst part though is that any email addresses you previously held at the domain will still receive email. Sure, the new owner won't immediately know what email addresses existed on the domain, but a simple email catch-all can be setup and any email sent to will be caught by the catch-all.

You may still be wondering what the huge concern is. After all, you won't be making any new orders with the sites you had once purchased from 5 years ago. Well let me ask you this.. do they send out newsletters? If the answer is YES then you definitely have something to worry about. If the new domain owner catches a newsletter that in any way indicates you had ordered from the site previously.. and is feeling ambitious, he can just mozie on over to their forgotten password page, fill in the email address the newsletter was sent to and PRESTO he has your login.

I didn't think about the magnitude of this until I had purchased an expired domain and the original owner was attempting to renew another domain that he owned. The bad news for him was that the email he used as the primary contact email for the domain was on the domain I had just taken over. So I received an email notice indicating he wanted to transfer the domain -- instantly telling me I could easily have full access to his registrar account.


How can you prevent this from happening to you? Don't use your domain email for anything personal. Okay, that's kinda unrealistic, especially if you own a business because you are inevitably going to receive confidential information in your email at one point or another. My suggestion would be to write down the websites you create accounts on and the email address you use to create the account.. that way in the future if you ever stop using the email address or domain, you know which websites you have to change your information on so that it doesn't fall into the wrong hands. If you are already in a situation where you haven't the foggiest which websites you signed up for in the last 5-10 years like yours truly, the only safe suggestion would be to hang onto the domain for a few years and catch all email directed to it so that YOU are the one receiving any newsletters or other indications of account holdings for sites you previously used. After a few years when you're absolutely sure you've cleaned up your mess, then think about expiring or selling the domain. It's really not a good privacy situation with domain expirations and renewal takeovers, but unfortunately that's the cost of owning a website and using it for personal email.

Article Word Count: 745

No comments have yet been made.