The Business Risk of Abandoned Domain Names

When setting up your small business website, you want a memorable name and sleek Web design. You know your website is an important online calling card. Then, when you grow or your business evolves, you might rebrand and add a site. But wait, don’t abandon the old domain name.

When you set up your Web presence, you select a domain name, and it’s part of all your URLs (FYI: URL stands for uniform resource locator). For example, you have created stylish caps and coats for small dogs. You pick the domain name for your business. Your emails come from [email protected]. Then, off you go building Web traffic to your cool dog duds.

Maybe you even think ahead and buy similar domain names. You can redirect traffic and avoid losing customers to misspellings or typos.

The domain name, after all, establishes the business and provides you with a foundation to grow. As you build the business, you may expand to new verticals and outgrow the dogs-only website. Or, perhaps you wrap up your line for pups and move on to dressing parakeets. Whatever your reason, don’t abandon those old domain names.

Abandoned Domain Name Security Risks

To keep your domain name, you must continue to pay annual registration fees. If you have multiple domains, that can be a lot of small renewals to track and pay. Along the way, a domain renewal gets overlooked. So, the domain name is abandoned.

Domain names can also get abandoned as a result of a business rebranding or company restructuring. Or you might decide a domain is no longer worth continued renewals.

Your hosting company should tell you the Internet domain name is due to expire. After you stop paying, after a certain grace period, anyone can buy that abandoned domain name.

That doesn’t sound so bad. You didn’t want it anymore anyway, right? But you don’t know who might snatch up your old online calling card. Bad actors buy up abandoned domain names and re-register them with catch-all emails.

What’s a catch-all email? Well, remember [email protected]? That was you. But maybe you also had distinct emails for accounts, info, sales, support, James, and Shauna. All of them were going through If someone emails someone at the previous domain owner’s business, it goes instead to the new owner. Having seized control of your old site, they gain access to all incoming emails, and they could see the information you don’t want them to see.

The bad actor could also access online services once used by [email protected]. All they would need to do is reset the password to hijack that account.

Security researchers have seen criminals claim abandoned domains to:

  • access confidential email correspondence;
  • access personal information of former clients and current or former employees;
  • hijack personal user accounts (e.g. LinkedIn, Facebook, etc.) linked to old domain e-mail addresses.

What to do with domain names

Especially if you use a domain name for email, don’t let the renewal expire. We didn’t even mention pirates who look for business websites that have lapsed so they can charge exorbitant ransoms to return that domain.

When you move to a new domain address, communicate the change with all your clients and vendors. Close any cloud-based user accounts registered with the old domain email address. Also, unsubscribe from email notifications that might share sensitive data.

Not sure about your domain name registrations, renewals, and what’s set to expire? An IT service provider can handle this for you. Our experts can make sure you don’t abandon domain names. Or we can ensure you close any associated accounts properly to protect your security.

Contact us now at 317-497-5500.