The Danger of Letting That Domain Name Expire

Sep 4, 2018 | Blog

So, I stumbled upon an interesting article over Labor Day weekend (do I know how to party OR WHAT?) that warned businesses of the risks that come with letting domain names expire. It’s a side of buying expired domains that most domain investors will never think of: the fact that expired domains, despite not having traffic coming to them, still could have emails with incredibly sensitive information attached. The piece gives a very solid example of domains from law firms that expire after the firm takes part in a merger:

To test just how bad the problem is, [security researcher, Gabor] Szathmari re-registered old domain names for several law firms that had merged, set up an email server, and without hacking anything, he says he received a steady stream of confidential information, including bank correspondence, invoices from other law firms, sensitive legal documents from clients, and updates from LinkedIn (Szathmari is working to return the affected domain names to their original owners).

Well, not too surprisingly, it turns out that some of these expired domains are used for fraud since the new owner could essentially gain access to a large amount of sensitive data.

This got me thinking about whether or not there’s an entire market of expired domain buyers; fraudsters and scammers that aren’t looking to resell the name, but instead are looking to use the domain to gain access to email.

It certainly sounds like that might be the case.

Email holds the keys to the kingdom. All your password resets go through email and abandoning an old domain name makes it easy for attackers to re-register the old domain and get your stuff.

According to the article, it appears that the technique of re-registering old domain names could also be used for collecting money. “By reinstating an online web shop formerly running on an abandoned domain name,” Gabor Szathmari writes, “Bad actors could download the original web pages from, then take new orders and payments by posing as a fully functioning web shop.”

“If the former web shop had a CRM system or MailChimp running marketing campaigns,” he adds, “criminals could access the list of the former customers by taking over those accounts with an email-based password reset. They could offer them a special discount code to encourage them to submit orders which would never be delivered. The sky is the limit.”

Expiring domain names are published daily by domain name registries in the form of domain name drop lists. It doesn’t take a criminal mastermind to download those lists daily and cross-reference them against news of mergers and acquisitions in the relevant trade pubs, or just re-register any domain name that catches their fancy.

So how long should you hang onto those old domains for?

Better to be safe than sorry in this case. Domain names aren’t expensive, and keeping old domains in your possession is the cheapest cybersecurity insurance policy you’ll ever purchase. I mean, is it really worth it to sell at the expense of fraud? I wouldn’t take that chance.

Szathmari recommends setting up a catch-all email service that redirects all incoming email to a trusted administrator, someone who can review correspondence addressed former and current staff, and password reset emails for online services.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation


Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!


Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523