Domains are a hot commodity—here’s how to prevent expiration

You’ve owned a domain for eight years. The slogan? Rolls off the tongue. The title? A household name—and one that’s unique to you. But then it happens: You chuck your coffee halfway across the room when you realize your domain is now in the hands of someone else, thousands of miles away.

Over the years, multiple users on online forums have seen their expired domains pop up elsewhere, like China, for example, where they have the option to buy it back for several hundred dollars—or in some cases, a little over a thousand.

These sorts of domain-related issues are complicated, says Adam Marrè, the CISO at cybersecurity company Arctic Wolf.

“There are people who stalk [listings] to try to find domains that are unused or have not been renewed, and they do it for a number of reasons,” he told IT Brew. “One reason [is that] you could buy it from a famous popular company and essentially make them pay you to get it back.”

Going once—sold. There is usually a grace period for expired domains that varies, but it could range from a week to a year before the domain goes back to the registry or to a redemption period, in some cases, and then to auction or deletion, according to Cloudflare.

“There are also nefarious actors out there who purchase these to use for various email scams, domain scams, phishing—anything, you name it, because one thing better than typosquatting is getting an actual domain, registering it yourself, and then being able to use that,” said Marrè. Typosquatting is a form of cybersquatting in which hackers will intentionally misspell a URL so that it appears similar to another site’s URL—usually for “malicious purposes,” according to Kaspersky. A bad actor, for example, could use “ITbreww[dot]com” to try and fool site visitors.

At the moment, there doesn’t appear to be one region among buyers nabbing expired domains, according to Marrè. “Yes, you’re going to see it in regions that are traditionally associated with phishing or other fraud campaigns—so, Eastern Europe, parts of Africa, and then yes, you can see it with…Russia and China as well. But that’s not to say you don’t also see this activity in other places like within the United States.”

Sending out an SOS. For users looking to get help with domain-related issues such as finding out that they’re the victim of typosquatting—or that their expired domain is being used for malicious or misleading purposes, there are a few options on the table, including getting in touch with ICANN, the Uniform Domain-Name Dispute-Resolution Policy (UDRP), or the court system in one’s country, according to Marrè.

“Most domain registrars, because they want to stay in business and want to stay licensed, they are good at looking at these, evaluating whether or not it looks like fraud or if it’s a redirect to fraud and then taking down those sites,” he said.

“Anyone who believes a gTLD [generic top-level] domain name is being used for an abusive and/or illegal activity can consider filing an abuse report with the sponsoring registrar of the domain name and submitting a complaint to ICANN if they believe the registrar failed to comply with the requirements set forth in ICANN agreements,” Gwen Carlson, the senior director of communications at ICANN, also told IT Brew in an email.

To be clear, not everyone who has an expired domain has a case—but if your name or brand is at stake due to misleading or malicious content via the new domain owner, Marrè said some users—most notably, public figures—“have a really good argument.”

Users can say, ‘“I did have this site. Yeah, I screwed up and didn’t [renew] it. But this really is me.’ And that is what the UDRP system or the legal system is set up to do. ‘Is this trademark—is it you? Is it unfairly representing you?’” he said, noting that this does become “a little murky if you don’t have an established brand.”