Julianna
Missed domain renewals and accidental domain expiry impact countless brands and businesses every year in significant and often costly ways – occurring more often than you might think. It’s happened to many household corporate names from Microsoft to Marketo, as well as thousands of smaller businesses, resulting in a range of consequences from inconvenient to disastrous.
One scenario is when a business-critical domain name accidentally expires, taking a business’ operations offline and impacting customers that are dependent on their services. Imagine thousands of clients unable to access their business marketing software, banking information, a payment portal, email platform or some other important service in their work or personal lives. The revenue loss and reputational damage incurred from instances such as these can seriously damage a brand.
Another less commonly known, but more common scenario is when expired domain names go unnoticed, are released back into the wild and get re-registered by other parties resulting in intellectual property loss, brand infringement, or worse, website spoofing, phishing, or cybersquatting.
You don’t have to look very hard on the web or even in your email inbox most days to find domains that, at first glance, look legitimate, but that have been sneakily shifted to other purposes.
The thriving industry around registering expired domains, whether for honest attempts at jumpstarting a new business or for more nefarious or criminal intentions, is a growing problem that’s vexing for brands, search engines like Google and law enforcement alike. There’s no way of knowing where your expired domain will end up.
Accidental Domain Expiry – How it Happens
Most accidental domain expirations are 100% preventable and the result of simple human error or oversight. In the vast majority of cases, one of these two things occurs:
- Missed Domain Renewal Notifications – When renewal notification emails are missed, it’s usually because they are going to an unmonitored, inactive, or forgotten email account. Oftentimes this occurs when the Organisational, Administrative, or Technical contact information associated with the domain name is no longer valid due to a change in personnel.
All domain registrars are required to send renewal notices one month and one week prior to expiry, as well as 5-days post expiry as you can still renew during the 30-day redemption grace period. Webnames’ renewal notification system is even more robust and includes an old fashioned snail mail reminder posted 3-week prior to expiry as well as a phone call 3 days before, so we are not fully dependent on email. In vary rare cases, however, all three points of contact can fail if phone numbers change or get reassigned, or a business moves locations.
- Expired Credit Card on File – This is the other major culprit behind accidental domain expiry. Auto-renewal can’t save your domain name if your credit card information expires and you either miss or don’t receive the notification to update your payment information. While Webnames notifies accounts when a credit card associated with a recurring payment is set to expire 30-days prior to renewal, if that notification is missed for some reason, accidental expiry can occur.
While Webnames goes through some of the greatest lengths in the industry to ensure renewal notifications are received, business critical and branded domain names are deserving of extra protection. Let’s explore what that looks like.
Preventing Accidental Domain Name Expiry
Domain Name Expiry Protection – New in the Webnames arsenal of domain security tools is expiry protection. Designed to safeguard your domain ownership if payment fails, Domain Expiry Protection ensures that your domain name will be securely held for up to 1-year preventing it from being released and potentially registered by another party.
When Domain Expiry Protection is used with Webnames’ 5-touchpoint renewal notification process and auto-renew, valuable domain names are comprehensively protected from unintentional expiry that can lead to domain redemption and restoration fees, or worse, protracted and potentially costly processes such as having to file a Uniform Domain Dispute Resolution Policy (UDRP) with WIPO or engage in takedown procedures such as the DMCA or the Notice and Notice regime in Canada.
Additional Steps to Take to Prevent Accidental Domain Name Expiry
Expiry Protection is an inexpensive, failsafe precaution that every domain owner should take to safeguard their core domain names, but it’s always best practice to layer with additional security features for a more comprehensive security approach.
Enable Auto-renewal for all critical services
These days, most people are familiar with the concept of a subscription whereby a credit card on file is used to automatically extend the validity of a service. Domain name auto-renewal practically the same idea and works like a charm except in scenarios such as expired credit cards or transactions declined by financial institutions.
It is important to remember that domain auto-renewal is NOT the same as domain expiry protection. With auto-renewal enabled, a domain name that approaches its slated expiry date will get automatically renewed for the term you select, so long as your payment method supports the transaction. There is no disruption of services or domain ownership in the case of a successful auto-renewal.
On the other hand, a domain with expiry protection enabled (and no auto-renewal) that is not renewed past its expiry date will remain in the ownership of its current registrant, but will be in a suspended status until it has been renewed by the domain owner.
Domain Registration and Management Policy
This might sound lofty, but it’s extremely important whether you have a handful of domains or thousands. Your domain name policy should require an up-to-date master inventory of all registrations to be maintained, and additionally identify who your Organizational, Administrative and Technical contacts are. These contacts should be set in the default settings at your registrar for all future registrations. Conduct a review to make sure this information, in addition to your corporate information (e.g. address, entity legal name, phone numbers) and credit card details, are up-to-date and consistent across all of your registrations and account contact information then schedule quarterly or bi-annual reviews.
Check and Double Check Email Addresses
Along with the step above, ensure that the email addresses associated with your domain registrations are consistent, current and going to actively monitored accounts that are 100% within your direct control, as email will be the primary way your registrar communicates with you. If you are a business or corporation, consider creating a dedicated email address for your domains – e.g. domainnames@companyname.com – that both the registrant (or legal department by proxy) and IT management receive.
Register and/or Transfer to a Reputable, Security Focused Registrar
The domain name registrar that you choose to do business with is significant when it comes to the overall security of your domain names, in addition to preventing accidental expiry – as mentioned, a lot depends on the stability of your domain names, from the accessibility of your website and web services to the perception of your brand.
Here’s what to look for in a registrar if you’re serious about domain security:
Expiry Protection and Auto-Renewal – Does your registrar offer both of these services? Remember, if your credit card expires or payment fails, and this is not communicated or goes unnoticed, your domain name can still expire without expiry protection.
Expanded Renewal Notification Process – Webnames’ renewal notification process involves 5 touch points across 3 communication channels (email, mail, phone) for every domain that comes up for renewal. That means if an email address is out of date leading to missed notifications, backup measures kick-in and contact attempts are made through other channels. Find out how your registrar runs its renewal notification process. Does your registrar use more than one communication channel for renewals or does it stick only to the minimum ICANN-mandated process?
Domain and Account Security Features – Does your registrar offer domain locks such as Registry or Registrar Lock as an option to protect high value domain names? What about Account Lock and Two-Factor Authentication? Is 2FA or MFA required on accounts, or is it optional? Does your registrar employ a stringent identity verification and/or authentication process for change requests or technical support initiated by phone, instant messaging and email?
Customer Support Response Times and Expertise – What are your registrar’s response times for email support and telephone support? When you send an email, did you get a quality, helpful, personalized response? How long did you wait on hold to speak to an agent and were they knowledgeable and efficient in responding to your questions or resolving your issue? When you need support for a business critical asset such as your domain name, you need to know the team you’re dealing with is responsive, professional, and accountable.
[Learn more about domain name security: 5 Domain Name Security tips for every website owner in 2022]
Final Thoughts – Reducing the Chances of Accidental Domain Expiration
Accidental domain expiry is pretty rare, thankfully – however, the stakes are extremely high when it occurs and can result in downtime that results in revenue loss for you business, permanent loss of your domain name or an unnecessarily expensive fight to get it back. While there are a variety of precautionary measures you can take to help prevent unintentional domain expiry, Domain Expiry Protection at $10 or less/year is an affordable and prudent insurance policy for domain names that your business depends upon, that you simply want to hold on to, and those that may not be in active use but can harm your brand or become the root of a cybersecurity issue if they fall into the wrong hands.