Expired domain names expose confidential information

Did you see that story last month making the rounds on social media? The one about how law firms are placing themselves at risk when they allow their domain names to expire?

The author points out that many law firms typically just abandon their domains once they cease operations or merge with another firm. Their abandoned domain is left wide open for re-registration by someone else. Anyone. The domain’s new owner will have access to not only the firm’s domain name but everything associated with the domain: email, information and documentation related to the firm’s legal practices, it’s financial details, and – yes – privileged attorney-client information that legal firms are, by law, obligated to keep confidential.

The writer, who based his findings on domain names abandoned by Australian law firms, concludes that this is one of the most significant and overlooked cyber threats law firms face today. Moreover, expired domain names pose significant problems for all businesses. If a bad actor takes control of an abandoned domain, there’s no end to the damage that can be done.

What else can happen when you let your domain name expire?

Legal firms are by no means the only ones vulnerable to problems caused by domain name expiration. Just take a look at these examples.

Expired domain leads to Google pay out

Although it’s by no means the worst story, back in 2015, the world’s most heavily trafficked domain became available for registration. Former Google employee Sanmay Ved scooped it up for all of $12.00 (you can read his own account here). He only owned the domain for about a minute before Google cancelled the registration, paying Ved $6,006.13 in “reward” money, a drop in the bucket for a company the size of Google. Many companies (see below) have paid a far greater price. By the way, in case you’re wondering why $6,006.13, the company said “squint a little and you’ll see” the number resembles the word “Google”. So, there you go.

Domain name squatter targets UK fostering agency

Last year, Little Acorns Fostering was forced to give up its .COM when, upon expiration, a domain squatter bought it and demanded the family-run agency pay £9,000 to get it back. Fortunately, Little Acorn also owns a .CO.UK domain, making it possible to transfer its website to that address. But as with the reregistration of expired domains once held by legal entities, whoever owns Little Acorn’s expired domain acquired instant access to all emails, information, and documentation associated with the domain name. Incidentally, rather than give into the squatter demands, the agency hired legal counsel.

Expiration causes embarrassment for Marketo

Marketo, multibillion dollar company, seller of automated marketing software, (ironically) forgot to renew its domain, causing it to lose every hyperlink, image, and form in all of its client emails, not to mention its main website. Clients were unable to log in to their accounts where, among other things, they access forms needed for their customer-facing services. Denied access, they were, of course, angry. Marketo scrambled to resolve the problem. Fortunately, a very helpful customer stepped in to help. But, even then, it still took a few days for DNS to propagate and for everything to return to normal. Could a much smaller business survive this?

Competency questioned when city’s domain expires

In April, the city of Oakland in Northern California forgot to renew its domain name. Visitors were greeted with the message, “Back order domain, renew now.” Luckily for Oakland opportunists weren’t able to get their hands on the domain. The city’s IT department was able to renew it but, while it was propagating, many took the opportunity to jump online and share their less-than-flattering thoughts about city administration.

Oakland-1.jpg#asset:13680

Oakland-2.jpg#asset:13681

Customer experience takes a hit when domain isn’t renewed

Earlier this year, UK wedding gift registry John Lewis forgot to renew their domain name, creating panic among the site’s users who, upon logging on, were greeted with a message informing them that the site was down due to an expired domain. Some customers were even prompted to renew the domain themselves for £84. Sure enough, customers took their complaints to Twitter. Many registrants expressed concern that gifts purchased for couples about to get married wouldn’t be delivered on time. And married couples vented that John Lewis added huge amounts of stress to their big day.

 

Domain name expiration is easy to avoid

Confidential information exposed, pay outs, squatting, embarrassment. Allowing a domain name to expire may not hurt the big guys (Google) so much. But most businesses are in no position to take these kinds of hits. Here’s what we recommend:

Don’t ignore those reminder emails

EuroDNS sends multiple emails reminding you that your domain name is set to expire. But beware of “domain slamming”, the unauthorised transfer of a domain from one register to another. Sometimes, an unethical registrar will email a registrant a domain expiration or renewal notice warning. The registrant will respond to the email but, unbeknownst to them, terminate their contract with their current registrar, reregistering their domain with the new registrar. If you aren’t sure whether or not an email notice is legit, contact us immediately: sales@testedtechs.com.

Hit that auto-renew button

Go to your account settings and do it now! It’s hassle free. You just need to make sure that you have an up-to-date credit card on file. You have up until seven days to activate auto-renew. Effortless.

Register/renew your domain for multiple years

Domain names can be registered and/or renewed for up to ten years. And EuroDNS has recently removed the 60-days prior expiration renewal period which means you can renew your domain anytime you want

Perform a full domain name audit

Especially if your domain portfolio is large, do you know which ones you own or when they’re set to expire? Is your WHOIS and account admin contact information correct? Do you have full control of the email address to which reminder emails will be sent? Have you deleted the domains you no longer want? To keep track of multiples, we strongly suggest you consolidate your domain names.

Build a brand customers want to succeed

We like the story of the customer who helped Marketo get up and running again after their domain name expired. If you build a brand that customers love, they’ll cut you some slack, maybe even go out of their way to help you avoid problems that arise if, for whatever reason, you allow your domain name to expire.

Reactivate your expired domain name

Your domain name already expired? The procedure for reactivating an expired domain is pretty straightforward. But note: domain reactivation periods can vary.

Don’t let an expired domain become a problem for you and your users!

Whether you’re a law firm who’s closed shop or an e-commerce site, you need to stay on top of your domain names and their renewal dates. Failure to do so could put your domain name in the wrong hands and cause big problems for you and your users.

And if you’d like to know more about all our renewal options, take a look at our knowledge base where you’ll find loads of helpful information.

You can Transfer or Register Your Domain With Us Right away, very affordable