I own a .net domain but recently I was able to get the domain that I originally wanted to own. I wanted move over to the new domain for my email which was the only thing I was using my .net domain for.
I only had two email under that .net domain which is just for looking for work and my personal for “buying” games.
What are the ramifications of letting someone else own my domain in the future? (Mostly talking about email)
5 years of a domain is a trivial expense, prepay now and let it expire in 5 years. By then you’ll be safe. Compared to the potential for identity theft.
I let a domain expire once and even though I had changed the email to something else. One of my accounts still used it and support didn’t help. I ended up having to rebuy the domain to get back into my account.
Keep it until you are 100% sure that NOTHING is tied to it. Just set up forwarding from the old domain to the new one.
I would at least wait several years before you sell it. Make sure you have thoroughly unhooked yourself from that domain. Keep an email box open there to collect any legit messages
I bought a new domain for my business and there was no trace of any old business name when researching connected to that domain. After about 6 months I received some data from an old client of theirs. It had a company name so I was able to let someone from that company know, as well the sender and I deleted the data before reading it. I guess you have to think what did you use it for, who might send data that identifies you etc. You never know who might buy it.
I remember reading an article but can’t find it now. A researcher bought tons old domains from government and local departments that had shut down or changed names, and managed to get some interesting information!
There was an example of an ethical hacker that bought up old email-domain names of police offices, city councils (name of city changed due to Mercer) and so on. He received quit a few mails with quite sensitive data.
Someone registering the domain would be able to receive any email sent to any address under this domain, including password resets.
Can confirm. I still get mail to the previous owner.
In the worst case, the new owner could create the same email account and try to supplant your identity. I think it is very unlikely, but I would not risk and keep the domain for a couple of years, at least, to be sure.
I defo agree. Keep the domain for a few years, with the email server up still, but flag any emails from the server so you can go through and unsubscribe/change emails on anything using the old address.
The purchaser of that domain will be able to send and receive email from your addresses.
The biggest concerns here are probably:
- The new owner taking over accounts that use the old email (either via password reset or email or by contacting support).
- Sensitive personal information intended for you being sent to the new owner.
- Someone spearphishing people you know from your old email address.
The purchaser of that domain will be able to send and receive email from your addresses.
Wait wait wait, DKIM doesn’t solve this???
Nope, DKIM is tied to the domain and DNS.
The owner of the domain owns DKIM. It offers no protection against that.
The only actual protection would be PGP because it provides your key as an identity rather than the domain itself.
-
You can’t receive those emails anymore.
-
Someone else can.
When I opened my business there was a company that made Android apps that had the same name. They since closed and I own the domain. I still get their Facebook and play store emails. I have tried to stop emails from both but that appears to be impossible.
Recover the accounts and close them?
The Google account’s recovery is tied to a phone number, and the Facebook account wanted me to identify pictures or ask friends for help.
I was not trying to take over those accounts, merely stop all of the emails. I have contacted both Google and Facebook about it and have done nothing in 5+ years.
Might be illegal
If the company is gone now then, I guess it would harm whoever bought the rights to the apps or the name? In which case they can contact that entity to sort it out
-
