Domain names are registered by the thousands every day. As of July 2021, 236,336 domains were newly registered daily on average across all Top Level Domains (TLDs). Tens of thousands were also newly expired. Other months could be just as busy.
“Newly Registered” and “Newly Expired”. These are two terms I often wonder about. Newly registered domains are domains that someone has just reserved, usually through a registrar or web hosting company. Newly expired domains, on the other hand, are domains that someone had reserved but decided to give up for one reason or another.
Anything that happens after someone decides not to renew a domain can be called a “domain name expiration cycle”.
Now, why is it even remotely relevant to know the domain name expiration cycle?
The short answer is that understanding this cycle can help you better manage the domain names that are essential to you or your organization. It can also help you make sure that you don’t let any of those essential domain names get away from you.
Cursed was the guy (or girl) from Marketo who forgot to renew “marketo.com” on time, which resulted in the company’s main website going down. Not to mention the app’s complete failure and operations paralysis as customers couldn’t log into their accounts. While this story had a happy ending when a white knight geek took action to save the estate, others weren’t so lucky.
Often, cybersquatters are looking for expired domains.
One of them is Wesley Perkins, who has repeatedly registered domain names that companies haven’t renewed on time. Perkins is known to charge exorbitant sums in exchange for transferring domain names. Among the domain names that fell into its hands when they expired were:
Despite favorable decisions attributing the disputed estates to their former owners, the plaintiffs may have suffered damages which are not limited to financial losses. Perkins was known to redirect domains to adult sites, an association that could damage the reputation of any organization.
Note that it is also possible to lose beloved domain names after filing a dispute. An example would be titoni[.]com (WIPO case n ° D2019-0395). Titoni AG, the original owner of the domain, did not renew the registration. After a while, Synergy Technologies, LLC registered it. The Panel dismissed the original owner’s complaint, stating the following:
“The Panel wishes to stress that it does not assume that all renewals of expired domain names in error constitute evidence of bad faith registration of the domain name by a new registrant. The Panel also does not believe that the Policy is designed primarily to compensate for the errors or negligence of registrars or complainants in ensuring that domain names are renewed, as unfortunate as that may be.
At the end of the day, when we let domain names expire, we basically run the risk of sending them back to the pool of available domain names, and someone else can get them back. This scenario can cause several issues, including being associated with cybersquatters or losing one or more critical areas for good.
The domain name expiration cycle
The book Management of critical domains and DNS, which I’m a big fan of, explains in detail the domain name expiration life cycle. Here is the chronology that can be deduced from it:
Day 0: Expiration day
The expiration date of a domain name shown on its WHOIS record marks the beginning of the cycle. If you do not renew the registration that day, the Registrar will be prompted to remove their nameserver. At this point, the domain name stops resolving. Visitors to the website are greeted with a message that says something like “This site cannot be reached. “
Day 1 to 45: Holder’s grace period
At this point, the domain enters the Registrant Grace Period (RGP) which lasts up to 45 days. The previous registrant can still go through the usual renewal process, although this is not without risk. In fact, the registrar has the option of doing a “direct transfer” during this time, which means that the domain could be transferred to another party.
That said, most registrars will park the domain between the third and fifth day or so after the expiration date. Nameservers shown in WHOIS records would typically be replaced with something like ns1[.]fatcow-expired[.]domaineparkingserver[.]net and ns2[.]fatcow-expired[.]domaineparkingserver[.]report.
On the parked page, the registrar may display ads or notify other parties of their intention to auction the domain. Other parties may also express an interest in purchasing the domain, especially if it is popular, strongly return-related, or generic.
Day 46: Repayment period
After day 45, the domain is returned to the registry and enters the redemption period. At this point, only the previous owner can buy back the domain, but at an additional cost.
The domain WHOIS record would show redemptionPeriod and clientTransferProhibited status.
Day 90: Pending deletion period
The domain remains in the redemption period for up to 45 days. After that, or on day 90, the domain enters the PendingDelete period. This status means that it is too late to renew or buy back the domain. It will be deleted after five days and marked available for anyone to sign up.
Some takeaways from the domain name expiration cycle
We learn several important things from the domain name expiration cycle, including:
- Not renewing domain names can be a problem. Up to 45 days after you let the domain expire, anyone (including cybersquatters and competitors) could take control of the domain. Registrars would naturally try to make money from the domain.
- An “available” domain is not necessarily a “new” domain. It could be one of the areas that went through the entire cycle and was deleted by the registry. The domain could have been flagged as malicious and placed under clientHold status.
All stages of the cycle are shown in the domain’s WHOIS records. Customers who wish to purchase an “available” domain can first verify its historical WHOIS details as part of a background check.
Analyze the expiration cycle of a malicious domain name
In addition to the normal statuses reflecting the natural life cycle of a domain name described above, historical WHOIS records for malicious domains can be different. How? ‘Or’ What? Let’s illustrate this using the securityonline-reviewaccountlimitedonline domain[.]com. Some facts about this area:
- It was flagged as “dangerous”.
- It is currently available. Anyone can register the domain.
The malicious domain WHOIS history timeline can be illustrated as follows:
Less than a month after securityonline-reviewaccountlimitedonline[.]com was created, its status changed to clientHold, although all other WHOIS details remained unchanged. This status is one of the indicators set by registrars that could indicate verification, billing, or legal disputes.
Since we are dealing with a malicious domain, it is highly likely that the clientHold status is the result of involvement in malicious activity. Additionally, a owned domain is no longer enabled in DNS and therefore should not resolve itself.
Essentially, this example shows us that customers who want to purchase an available domain can first look for such red flags in the domain’s WHOIS history. Using a domain that has been used in malicious campaigns can damage a company’s reputation and ultimately lead to serious financial loss.
Understanding the domain name expiration cycle helps registrants avoid unnecessary costs associated with domain name disputes or increased registration fees. Additionally, knowing how steps are represented in domain WHOIS records can provide information to support business decisions, such as which domain (s) to use and not to use.
If you would like to have a more in-depth and detailed conversation about the domain name expiration cycle and how to use historical WHOIS data, please don’t hesitate to contact me.