No, this does not refer to an old ‘Seinfeld’ episode. This is about what happens when an organization loses control of their Domain Name by letting it expire. The natural inclination is to think, “Who would be that careless?” Plenty of companies, that’s who. And we’re not just talking about ‘Bob’s Hardware’ or ‘Aunt Alice’s Knick-Knacks.’

Major organizations that have let one or more of their domain names expire:
Google Argentina
The Dallas Cowboys
Regions Bank
Clydesdale Bank
Yorkshire Bank
Sorenson Communications
Parker Hannifin

A few surprising names in that list: Microsoft? You would think they would be on top of things like their domains. Their lapse is old – from 1999, but when they forgot to renew their Hotmail domain it caused major email disruptions and associated problems for years. Did they learn? Eventually, one would suppose, but they failed to renew just 4 years later in 2003.

No matter the type of company, most domains expire through carelessness. Some expire simply because the responsible party forgot to renew. Also, domain renewals can fall through the cracks during mergers and acquisitions. Back in 2007 Parker Hannifin purchased Rectus and its subsidiary Tema. While it attended to the Rectus domain, was overlooked and it expired – eventually fetching $128,938 at auction, according to DomainGang.

What happens when a domain name lapses?

The moment a domain expires, the domain and every service connected to it becomes inoperable. Think about how your business depends on email. If your domain is ‘’ and your email scheme is ‘[email protected]’, your email will stop working immediately. That is not a situation that boosts confidence among your clientele.

Once a new entity purchases your old domain, any emails sent to your expired domain will go to the new domain owner, thereby allowing them to pick through your client base – and any other information you would prefer to keep private.

How a domain expiration threatens Cybersecurity

This has a crucial effect on Cybersecurity. Feeding on expired domains is a big tool in the cyber criminal’s tool belt. It’s like a potato – so many things you can do with one. The variety of attack tactics range from buying an expired domain, then ‘spoofing’ (copying) the website to lure unsuspecting customers into forking over their credit information with an alarm page that says “please verify your payment information” – or they may replace formerly innocent links with malicious ones to infect the site visitor’s computer or network.

They can send fake invoices in phishing campaigns containing malicious links or attachments, or even use the domain to set up fraudulent mail servers which they can use to obtain access to social media accounts, web services or Software as a Service (SaaS) accounts.

Cyber crooks depend on the domain’s reputation to lend legitimacy and trust to their various attack methods, which is why they act quickly – because all of these tactics and many more, cause damage to a company’s reputation and, more directly, a breach of the company’s network infrastructure.

Such events are not uncommon: every reputable member of the IT Support Los Angeles community has had clients’ networks invaded through these means – from the top Managed IT Services firms to the dime-a-dozen Break/Fix IT support ‘guys’. The best Cybersecurity cannot prevent an end-user clicking on a malicious link and releasing malware into the system, but any worthy Managed Services Provider (MSP) is aware that these attacks can and WILL happen and have already arranged solutions that stem the attack and clean up the damage quickly.

The smart money is on using a Managed Services Provider that performs true Vendor Relationship Management.

What is the role of vendor management?

There are nine different types of Vendor Management. Simplicable explains the differences HERE. The Vendor Management that a Managed IT Services firm provides is usually involved only in matters concerning electronic communications and the third-party vendors involved (not coffee service or janitorial types of vendors).

For example, if there is a problem with your VoIP (Voice over Internet Protocol) phone system, or your internet provider, where it is possible to get into ‘blame game’ – the VoiP provider blames the internet provider or the IT vendor and vice versa - we step in and sort through the issues directly with each involved vendor. Since we speak their technological lingo, they can’t try to pull the wool over our eyes, so we get to the bottom of it without you juggling frustrating and time-consuming phone calls.

This is a high-value service that IT Support LA has offered since we first opened our doors. Among other vendor-based solutions, we monitor and handle expiration dates and renewals for any client that agrees to let us do that – it’s a little different than more directly ‘network-centric’ services like the internet, so not all clients want to have us do it. However, we have had clients who allowed their domains to expire (to disastrous results), and when that has happened, they typically let us take over responsibility.

Frequently Asked Questions

Q: Who is the owner responsible for a domain name?

A:  The owner and responsible party is the person/organization listed as the domain’s registrant/owner - that first registered the domain name.

Q: How long after a domain is expired can I buy it?

A: According to, some top-tier domains can enter ‘Redemption’ wherein it is up for sale the day after it expires, but the industry standard tends to be 30 to 45 days. It depends on the agreement with the registrar and the Domain Registration Provider.

Q: What are Domain Registration Providers?

A:  They are companies that allow you to purchase and register domain names. All registrars are accredited by the Internet Corporation for Assigned Names and Numbers (ICANN). GoDaddy is a well-known domain registration provider.

Q: Do I need domain expiration protection?

A: Domain Expiration Protection (DEP) is certainly advisable. In the event of an expiration, the DEP provider ensures that for one year, the site remains registered to the original registrant, and cannot be purchased by a third party. That gives a domain owner plenty of time to effect renewal.

Is your network secure?

The best defense is the best Cybersecurity to protect your data from theft. IT Support LA offers a FREE, no-risk network and security assessment. No strings, and no obligation to ever use our Managed IT Services.

Just fill out the form on this page or call us at: