Can someone read my E-Mail if I lose ownership of my domain?












49














Let's assume I have a server set up with an email address like me@mydomain.tld. Now I have distributed my business card with the e-mail address to all people all over the world and they keep sending me confidential emails. But now I don't feel like paying for the domain mydomain.tld anymore.



Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?



No, I can't tell them to stop sending confidential mails because I can't contact them.



Are there ways to prevent that or is the only option I have is to pay for the domain until I die?










share|improve this question









New contributor




Skiddie Hunter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 3




    About $14. Still pretty much for a student. But thanks for your answer. I'll probably pay for it another 5 years and then I'm gonna let it expire.
    – Skiddie Hunter
    2 days ago






  • 34




    $14 a year is nothing. Paying $140 over a period of 10 years is nothing (you won't be a student forever!). Forgo a cup of coffee during one day only once every three months and it'll pay for itself indefinitely.
    – forest
    2 days ago








  • 6




    Have you considered paying for a few more years and setting an "out of office" or "vacation auto-reply" saying that the domain will be dead after X years? That's what I did with my Gmail account when I divorced Google. It won't guarantee 100%, but how many people are likely to not contact you for 5 years, then suddenly do so after that? I guess it depends if this is a real life question or just academic.
    – Mawg
    2 days ago








  • 12




    @SkiddieHunter For sending credit card information e-mail was never an advisable choice. A website should use HTTP GET/POST over TLS for exchanging credit card information. And for a side business while you're a student, you really should probably use something more like PayPal where you never need to know or touch customers' credit card info at all. Even if you continue to own the domain, e-mail has never been a secure way to exchange information. It's generally unencrypted and viewable by anyone anywhere along the transmission path. Also, SMTP is about 37 years old, not over 50. :)
    – reirab
    2 days ago








  • 7




    @SkiddieHunter: Re: "Why hasn't e-mail been abolished and replaced by something newer and better that is, for example, based on security?" How do you expect to retain ownership of an identifier by which you can be reached without some sort of system equivalent to domain registration, in a way that's permanent across decades? Email addresses at domains registered 25+ years ago are still accessible. Do you honestly think you'll get that from anyone offering privately-controlled joke-of-a-service stuff intended to replace email?
    – R..
    yesterday


















49














Let's assume I have a server set up with an email address like me@mydomain.tld. Now I have distributed my business card with the e-mail address to all people all over the world and they keep sending me confidential emails. But now I don't feel like paying for the domain mydomain.tld anymore.



Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?



No, I can't tell them to stop sending confidential mails because I can't contact them.



Are there ways to prevent that or is the only option I have is to pay for the domain until I die?










share|improve this question









New contributor




Skiddie Hunter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 3




    About $14. Still pretty much for a student. But thanks for your answer. I'll probably pay for it another 5 years and then I'm gonna let it expire.
    – Skiddie Hunter
    2 days ago






  • 34




    $14 a year is nothing. Paying $140 over a period of 10 years is nothing (you won't be a student forever!). Forgo a cup of coffee during one day only once every three months and it'll pay for itself indefinitely.
    – forest
    2 days ago








  • 6




    Have you considered paying for a few more years and setting an "out of office" or "vacation auto-reply" saying that the domain will be dead after X years? That's what I did with my Gmail account when I divorced Google. It won't guarantee 100%, but how many people are likely to not contact you for 5 years, then suddenly do so after that? I guess it depends if this is a real life question or just academic.
    – Mawg
    2 days ago








  • 12




    @SkiddieHunter For sending credit card information e-mail was never an advisable choice. A website should use HTTP GET/POST over TLS for exchanging credit card information. And for a side business while you're a student, you really should probably use something more like PayPal where you never need to know or touch customers' credit card info at all. Even if you continue to own the domain, e-mail has never been a secure way to exchange information. It's generally unencrypted and viewable by anyone anywhere along the transmission path. Also, SMTP is about 37 years old, not over 50. :)
    – reirab
    2 days ago








  • 7




    @SkiddieHunter: Re: "Why hasn't e-mail been abolished and replaced by something newer and better that is, for example, based on security?" How do you expect to retain ownership of an identifier by which you can be reached without some sort of system equivalent to domain registration, in a way that's permanent across decades? Email addresses at domains registered 25+ years ago are still accessible. Do you honestly think you'll get that from anyone offering privately-controlled joke-of-a-service stuff intended to replace email?
    – R..
    yesterday
















49












49








49


9





Let's assume I have a server set up with an email address like me@mydomain.tld. Now I have distributed my business card with the e-mail address to all people all over the world and they keep sending me confidential emails. But now I don't feel like paying for the domain mydomain.tld anymore.



Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?



No, I can't tell them to stop sending confidential mails because I can't contact them.



Are there ways to prevent that or is the only option I have is to pay for the domain until I die?










share|improve this question









New contributor




Skiddie Hunter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











Let's assume I have a server set up with an email address like me@mydomain.tld. Now I have distributed my business card with the e-mail address to all people all over the world and they keep sending me confidential emails. But now I don't feel like paying for the domain mydomain.tld anymore.



Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?



No, I can't tell them to stop sending confidential mails because I can't contact them.



Are there ways to prevent that or is the only option I have is to pay for the domain until I die?







email domain






share|improve this question









New contributor




Skiddie Hunter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




Skiddie Hunter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited yesterday









Mawg

698724




698724






New contributor




Skiddie Hunter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 2 days ago









Skiddie Hunter

34829




34829




New contributor




Skiddie Hunter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Skiddie Hunter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Skiddie Hunter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








  • 3




    About $14. Still pretty much for a student. But thanks for your answer. I'll probably pay for it another 5 years and then I'm gonna let it expire.
    – Skiddie Hunter
    2 days ago






  • 34




    $14 a year is nothing. Paying $140 over a period of 10 years is nothing (you won't be a student forever!). Forgo a cup of coffee during one day only once every three months and it'll pay for itself indefinitely.
    – forest
    2 days ago








  • 6




    Have you considered paying for a few more years and setting an "out of office" or "vacation auto-reply" saying that the domain will be dead after X years? That's what I did with my Gmail account when I divorced Google. It won't guarantee 100%, but how many people are likely to not contact you for 5 years, then suddenly do so after that? I guess it depends if this is a real life question or just academic.
    – Mawg
    2 days ago








  • 12




    @SkiddieHunter For sending credit card information e-mail was never an advisable choice. A website should use HTTP GET/POST over TLS for exchanging credit card information. And for a side business while you're a student, you really should probably use something more like PayPal where you never need to know or touch customers' credit card info at all. Even if you continue to own the domain, e-mail has never been a secure way to exchange information. It's generally unencrypted and viewable by anyone anywhere along the transmission path. Also, SMTP is about 37 years old, not over 50. :)
    – reirab
    2 days ago








  • 7




    @SkiddieHunter: Re: "Why hasn't e-mail been abolished and replaced by something newer and better that is, for example, based on security?" How do you expect to retain ownership of an identifier by which you can be reached without some sort of system equivalent to domain registration, in a way that's permanent across decades? Email addresses at domains registered 25+ years ago are still accessible. Do you honestly think you'll get that from anyone offering privately-controlled joke-of-a-service stuff intended to replace email?
    – R..
    yesterday
















  • 3




    About $14. Still pretty much for a student. But thanks for your answer. I'll probably pay for it another 5 years and then I'm gonna let it expire.
    – Skiddie Hunter
    2 days ago






  • 34




    $14 a year is nothing. Paying $140 over a period of 10 years is nothing (you won't be a student forever!). Forgo a cup of coffee during one day only once every three months and it'll pay for itself indefinitely.
    – forest
    2 days ago








  • 6




    Have you considered paying for a few more years and setting an "out of office" or "vacation auto-reply" saying that the domain will be dead after X years? That's what I did with my Gmail account when I divorced Google. It won't guarantee 100%, but how many people are likely to not contact you for 5 years, then suddenly do so after that? I guess it depends if this is a real life question or just academic.
    – Mawg
    2 days ago








  • 12




    @SkiddieHunter For sending credit card information e-mail was never an advisable choice. A website should use HTTP GET/POST over TLS for exchanging credit card information. And for a side business while you're a student, you really should probably use something more like PayPal where you never need to know or touch customers' credit card info at all. Even if you continue to own the domain, e-mail has never been a secure way to exchange information. It's generally unencrypted and viewable by anyone anywhere along the transmission path. Also, SMTP is about 37 years old, not over 50. :)
    – reirab
    2 days ago








  • 7




    @SkiddieHunter: Re: "Why hasn't e-mail been abolished and replaced by something newer and better that is, for example, based on security?" How do you expect to retain ownership of an identifier by which you can be reached without some sort of system equivalent to domain registration, in a way that's permanent across decades? Email addresses at domains registered 25+ years ago are still accessible. Do you honestly think you'll get that from anyone offering privately-controlled joke-of-a-service stuff intended to replace email?
    – R..
    yesterday










3




3




About $14. Still pretty much for a student. But thanks for your answer. I'll probably pay for it another 5 years and then I'm gonna let it expire.
– Skiddie Hunter
2 days ago




About $14. Still pretty much for a student. But thanks for your answer. I'll probably pay for it another 5 years and then I'm gonna let it expire.
– Skiddie Hunter
2 days ago




34




34




$14 a year is nothing. Paying $140 over a period of 10 years is nothing (you won't be a student forever!). Forgo a cup of coffee during one day only once every three months and it'll pay for itself indefinitely.
– forest
2 days ago






$14 a year is nothing. Paying $140 over a period of 10 years is nothing (you won't be a student forever!). Forgo a cup of coffee during one day only once every three months and it'll pay for itself indefinitely.
– forest
2 days ago






6




6




Have you considered paying for a few more years and setting an "out of office" or "vacation auto-reply" saying that the domain will be dead after X years? That's what I did with my Gmail account when I divorced Google. It won't guarantee 100%, but how many people are likely to not contact you for 5 years, then suddenly do so after that? I guess it depends if this is a real life question or just academic.
– Mawg
2 days ago






Have you considered paying for a few more years and setting an "out of office" or "vacation auto-reply" saying that the domain will be dead after X years? That's what I did with my Gmail account when I divorced Google. It won't guarantee 100%, but how many people are likely to not contact you for 5 years, then suddenly do so after that? I guess it depends if this is a real life question or just academic.
– Mawg
2 days ago






12




12




@SkiddieHunter For sending credit card information e-mail was never an advisable choice. A website should use HTTP GET/POST over TLS for exchanging credit card information. And for a side business while you're a student, you really should probably use something more like PayPal where you never need to know or touch customers' credit card info at all. Even if you continue to own the domain, e-mail has never been a secure way to exchange information. It's generally unencrypted and viewable by anyone anywhere along the transmission path. Also, SMTP is about 37 years old, not over 50. :)
– reirab
2 days ago






@SkiddieHunter For sending credit card information e-mail was never an advisable choice. A website should use HTTP GET/POST over TLS for exchanging credit card information. And for a side business while you're a student, you really should probably use something more like PayPal where you never need to know or touch customers' credit card info at all. Even if you continue to own the domain, e-mail has never been a secure way to exchange information. It's generally unencrypted and viewable by anyone anywhere along the transmission path. Also, SMTP is about 37 years old, not over 50. :)
– reirab
2 days ago






7




7




@SkiddieHunter: Re: "Why hasn't e-mail been abolished and replaced by something newer and better that is, for example, based on security?" How do you expect to retain ownership of an identifier by which you can be reached without some sort of system equivalent to domain registration, in a way that's permanent across decades? Email addresses at domains registered 25+ years ago are still accessible. Do you honestly think you'll get that from anyone offering privately-controlled joke-of-a-service stuff intended to replace email?
– R..
yesterday






@SkiddieHunter: Re: "Why hasn't e-mail been abolished and replaced by something newer and better that is, for example, based on security?" How do you expect to retain ownership of an identifier by which you can be reached without some sort of system equivalent to domain registration, in a way that's permanent across decades? Email addresses at domains registered 25+ years ago are still accessible. Do you honestly think you'll get that from anyone offering privately-controlled joke-of-a-service stuff intended to replace email?
– R..
yesterday












6 Answers
6






active

oldest

votes


















77















Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?




If they register the domain name, they will receive all email being sent to it from that point on. They will not have retroactive access to previously sent emails. There is nothing to fundamentally prevent this.




Are there ways to prevent that or is the only option I have is to pay for the domain until I die?




You can request that all contacts to you encrypt their communications with PGP using your public key, which will prevent anyone who obtains the domain later from reading new messages, but it requires people actually use PGP, which may not be likely if you are distributing the address to average people in a business card. However, if you maintain or at least renew the domain for, say, 20 years, then what are the chances that anyone is going to seriously send an email to such an ancient address?





I asked the question on the Law Stack Exchange whether or not there would be any legal recourse to someone using your domain, and the answer was no: https://law.stackexchange.com/q/35917/15724






share|improve this answer



















  • 3




    Unless OP already happens to have one, registering a trademark costs a lot more than registering a domain.
    – Federico Poloni
    2 days ago






  • 5




    @FedericoPoloni You do not need to explicitly register a trademark. Just use the trademark symbol (™) next to a logo or phrase and you will get a certain level of protection in many countries. However, getting a registered trademark (®) does cost money. Lack of a registered trademark might, however, prevent you from seeking damages under 15 U.S. Code § 1117 in the USA, and protections would be weaker. See also here.
    – forest
    2 days ago








  • 6




    Trademark protection against other people registering a domain has its limits. It will work against lego.newtld as Lego is a world wide brand and a registered trademark, though they might have to claim it when newtld is created to be sure to have it. It might not work with speterson.com, even if there is a company called Speterson with a trademark. If Steven Peterson registers it and uses it for something that is not in conflict with that trademark the Speterson company will not have an easy case.
    – Bent
    2 days ago






  • 3




    "They will not have retroactive access to previously sent emails." That statement should come with a bit of a caveat. Suppose OP has a webmail account somewhere, which is tied to this domain for password recovery purposes. Unless OP makes very sure to remove that e-mail address from the webmail account recovery process, having control of the domain may allow an attacker to take control over the webmail account, thus enabling access to any old e-mails stored in the webmail account. Now, is this a particularly likely scenario? I'd say no. But it's possible.
    – a CVn
    2 days ago








  • 3




    @hiburn8 That is incorrect. There is a domain name dispute process specifically for cases like that, and bad-faith use of a domain (selling fake lego from lego.com, for example), is explicitly a reason for a domain name to be taken away from its current owner.
    – mbrig
    2 days ago



















29














As others already mentioned: Yes keeping a domain name is the only way to be sure that nobody is going to receive emails sent to there.



That being said:



Just keeping a domain is often cheaper than using it



Of course everything depends on the provider, but as I understand you currently have currently more than 1 service (domain name, redirect?, email server?, hosting space?).



When your only objective is to prevent others from receiving your emails, it is sufficient to only renew the domain name, and you can avoid the costs for any further service.






share|improve this answer





























    7














    It is pretty sure that someone will definitely buy your domain, as domain crawlers try to lock and resell, overpriced, domain names that people forget to renew. An MX record is not required in order to have mails delivered somewhere.



    Thanks to @Criggie, if an MX record is not set, the Mail Transfer Agent will try to point to the root A record for that domain and open a connection to its port 25. So, the web server responding for the new buyer must also be capable of mail server.



    Now, we need to estimate the odds that someone will effectively monitor the email address(es).



    In my personal opinion, unless you are a person worth to target by a human interest, the best that the buyer company will do is just crawl sender email addresses for unsolicited bulk advertising purposes, namely spam. Not to inspect the real contents.



    Update: non-scientific statistics



    I tried to ping 5 of the domains I owned in the past. Out of them, one has been purchased in 2015 by what looks like to be a business whose name is meaningful to domain name, and they have set an MX record. The other 4 are not existent.




    Are there ways to prevent that or is the only option I have is to pay for the domain until I die?




    Use a long-term grace period



    That means gradually decommission that domain. Keep it for now, e.g. renew for 2 years, but perhaps establish an auto-responder (or auto-refusal) email like




    Greetings,



    the email address me@mydomain.tld will be decommissioned by [2 years from now]. I kindly ask you to update your address book and send the email again to me@mydomain.biz.



    For the privacy of both, it is important that you kindly implement this change as soon as possible




    The last sentence explains the matter but is hard to understand for non-security-expert users.



    I would expect emails sent to mydomain.tld will gradually decrease over time. Do not forget to update your business cards immediately and start using the new ones.



    Eventually, there could still be someone, hopefully a handful, using your old email address after the grace period expires. What to do?



    This is where maths come: put on a scale the total cost of lifetime ownership of the old domain name versus the economic losses that YOU will suffer in case a confidential mail is revealed to someone unauthorized. I said YOUR losses because if your customer/sender is a jerk and keeps sending sensitive material to the wrong address it may not be your business.



    Comment



    I don't personally like this question from the very beginning. ISPs, including the sender's, have full access to plaintext emails, some may be required by law to keep ("data retention") record for months or years. In the very end, plaintext email is not the best option to deal with sensitive contents.



    Eventually, we trust major ISPs to protect our privacy. We trust them to...






    share|improve this answer



















    • 1




      It's true that plaintext email is far from ideal, but at least it requires an active attack or a position of privilege to access the contents. But anyone can register a domain once it has expired and been released.
      – forest
      yesterday












    • Note if a domainname's nameserver doesn't reply with a specific MX record, then MTAs are supposed to try a connection to the root A record of the domain, if it has one. A domain squatter will frequently point the root domain and the www. host at a webserver as advertising.
      – Criggie
      11 hours ago



















    2














    Yes, the new owner will be able to receive and read all your email. The only way to avoid this is to continue paying for the domain. It is not necessary to keep hosting - only pay the domain. If you prepay for 10 years, the price will be about $90 or less for .com domain. It is important to remember the expiration after 10 years and the password. If the domain is not com/net/org, the price will be higher.






    share|improve this answer





























      1














      Yes, the scenario described is completely possible. It happened to Google relatively recently when they lost control of google.com and Microsoft back in 2003 with hotmail.co.uk. Yes, those domains got bought. For Google's case:




      ...He also received emails with internal information, which he has
      since reported to Google's security team, Ved said.



      ...His run of Google.com was short-lived though. Google Domains
      canceled the sale a minute later...




      For Microsoft, who lost control of a domain for an email service (possibly putting thousands in the situation you describe):




      [Microsoft] managed to contact hotmail.co.uk's new owner, grovel at their mistake and sort out the mess. By all accounts, hotmail.co.uk will be returned in a few days.






      The only way to be sure that confidential emails don't end up in the wrong hands is to own the domain indefinitely. However, as mentioned by usr-local-ΕΨΗΕΛΩΝ, you could balance your possible loss if a confidential email leaks versus the cost of owning the domain for a long time.



      Practically, what you could do is replace your email (that uses the expiring domain) on sites that you registered for. Also inform your contacts to eschew your old email.



      As an additional step, hold on to the domain for a year or ten and deliberately blackhole your MX records, so that senders who didn't get (or could not get) the memo would be greeted by errors. For Gmail, a sample would be



      Gmail - Message not delivered






      share|improve this answer































        0














        This entire question, in a sense, is the polar opposite of what domain ownership, and even an email address is supposed to be: An identity you keep forever*. Or, at least, could.



        Coca-cola owns cocacola.com because it provides a means of accessing the brand, which they will probably have forever*. Ditto for Intel, Amazon, Foot Locker, and so on. Your domain registrar probably used this exact form of marketing, that a domain provides YOU an identity forever*. They used this angle since the early 90s at least.



        In essence, what you are trying to do is largely the opposite of the design goal of this product. You're trying to get rid of something intended for you to keep and maintain forever*.



        Another thing to consider: I suppose, if there were a mechanism to allow a domain owner to decommission a domain permanently, that would suit your needs, but there isn't, because you don't entirely own your domain. It's more that you're leasing it.



        *Well, you can replace "forever" with "until this no longer is viable" but hopefully you get the point.






        share|improve this answer








        New contributor




        Crayoneater is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.


















          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "162"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          noCode: true, onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });






          Skiddie Hunter is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f200720%2fcan-someone-read-my-e-mail-if-i-lose-ownership-of-my-domain%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          6 Answers
          6






          active

          oldest

          votes








          6 Answers
          6






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          77















          Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?




          If they register the domain name, they will receive all email being sent to it from that point on. They will not have retroactive access to previously sent emails. There is nothing to fundamentally prevent this.




          Are there ways to prevent that or is the only option I have is to pay for the domain until I die?




          You can request that all contacts to you encrypt their communications with PGP using your public key, which will prevent anyone who obtains the domain later from reading new messages, but it requires people actually use PGP, which may not be likely if you are distributing the address to average people in a business card. However, if you maintain or at least renew the domain for, say, 20 years, then what are the chances that anyone is going to seriously send an email to such an ancient address?





          I asked the question on the Law Stack Exchange whether or not there would be any legal recourse to someone using your domain, and the answer was no: https://law.stackexchange.com/q/35917/15724






          share|improve this answer



















          • 3




            Unless OP already happens to have one, registering a trademark costs a lot more than registering a domain.
            – Federico Poloni
            2 days ago






          • 5




            @FedericoPoloni You do not need to explicitly register a trademark. Just use the trademark symbol (™) next to a logo or phrase and you will get a certain level of protection in many countries. However, getting a registered trademark (®) does cost money. Lack of a registered trademark might, however, prevent you from seeking damages under 15 U.S. Code § 1117 in the USA, and protections would be weaker. See also here.
            – forest
            2 days ago








          • 6




            Trademark protection against other people registering a domain has its limits. It will work against lego.newtld as Lego is a world wide brand and a registered trademark, though they might have to claim it when newtld is created to be sure to have it. It might not work with speterson.com, even if there is a company called Speterson with a trademark. If Steven Peterson registers it and uses it for something that is not in conflict with that trademark the Speterson company will not have an easy case.
            – Bent
            2 days ago






          • 3




            "They will not have retroactive access to previously sent emails." That statement should come with a bit of a caveat. Suppose OP has a webmail account somewhere, which is tied to this domain for password recovery purposes. Unless OP makes very sure to remove that e-mail address from the webmail account recovery process, having control of the domain may allow an attacker to take control over the webmail account, thus enabling access to any old e-mails stored in the webmail account. Now, is this a particularly likely scenario? I'd say no. But it's possible.
            – a CVn
            2 days ago








          • 3




            @hiburn8 That is incorrect. There is a domain name dispute process specifically for cases like that, and bad-faith use of a domain (selling fake lego from lego.com, for example), is explicitly a reason for a domain name to be taken away from its current owner.
            – mbrig
            2 days ago
















          77















          Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?




          If they register the domain name, they will receive all email being sent to it from that point on. They will not have retroactive access to previously sent emails. There is nothing to fundamentally prevent this.




          Are there ways to prevent that or is the only option I have is to pay for the domain until I die?




          You can request that all contacts to you encrypt their communications with PGP using your public key, which will prevent anyone who obtains the domain later from reading new messages, but it requires people actually use PGP, which may not be likely if you are distributing the address to average people in a business card. However, if you maintain or at least renew the domain for, say, 20 years, then what are the chances that anyone is going to seriously send an email to such an ancient address?





          I asked the question on the Law Stack Exchange whether or not there would be any legal recourse to someone using your domain, and the answer was no: https://law.stackexchange.com/q/35917/15724






          share|improve this answer



















          • 3




            Unless OP already happens to have one, registering a trademark costs a lot more than registering a domain.
            – Federico Poloni
            2 days ago






          • 5




            @FedericoPoloni You do not need to explicitly register a trademark. Just use the trademark symbol (™) next to a logo or phrase and you will get a certain level of protection in many countries. However, getting a registered trademark (®) does cost money. Lack of a registered trademark might, however, prevent you from seeking damages under 15 U.S. Code § 1117 in the USA, and protections would be weaker. See also here.
            – forest
            2 days ago








          • 6




            Trademark protection against other people registering a domain has its limits. It will work against lego.newtld as Lego is a world wide brand and a registered trademark, though they might have to claim it when newtld is created to be sure to have it. It might not work with speterson.com, even if there is a company called Speterson with a trademark. If Steven Peterson registers it and uses it for something that is not in conflict with that trademark the Speterson company will not have an easy case.
            – Bent
            2 days ago






          • 3




            "They will not have retroactive access to previously sent emails." That statement should come with a bit of a caveat. Suppose OP has a webmail account somewhere, which is tied to this domain for password recovery purposes. Unless OP makes very sure to remove that e-mail address from the webmail account recovery process, having control of the domain may allow an attacker to take control over the webmail account, thus enabling access to any old e-mails stored in the webmail account. Now, is this a particularly likely scenario? I'd say no. But it's possible.
            – a CVn
            2 days ago








          • 3




            @hiburn8 That is incorrect. There is a domain name dispute process specifically for cases like that, and bad-faith use of a domain (selling fake lego from lego.com, for example), is explicitly a reason for a domain name to be taken away from its current owner.
            – mbrig
            2 days ago














          77












          77








          77







          Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?




          If they register the domain name, they will receive all email being sent to it from that point on. They will not have retroactive access to previously sent emails. There is nothing to fundamentally prevent this.




          Are there ways to prevent that or is the only option I have is to pay for the domain until I die?




          You can request that all contacts to you encrypt their communications with PGP using your public key, which will prevent anyone who obtains the domain later from reading new messages, but it requires people actually use PGP, which may not be likely if you are distributing the address to average people in a business card. However, if you maintain or at least renew the domain for, say, 20 years, then what are the chances that anyone is going to seriously send an email to such an ancient address?





          I asked the question on the Law Stack Exchange whether or not there would be any legal recourse to someone using your domain, and the answer was no: https://law.stackexchange.com/q/35917/15724






          share|improve this answer















          Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?




          If they register the domain name, they will receive all email being sent to it from that point on. They will not have retroactive access to previously sent emails. There is nothing to fundamentally prevent this.




          Are there ways to prevent that or is the only option I have is to pay for the domain until I die?




          You can request that all contacts to you encrypt their communications with PGP using your public key, which will prevent anyone who obtains the domain later from reading new messages, but it requires people actually use PGP, which may not be likely if you are distributing the address to average people in a business card. However, if you maintain or at least renew the domain for, say, 20 years, then what are the chances that anyone is going to seriously send an email to such an ancient address?





          I asked the question on the Law Stack Exchange whether or not there would be any legal recourse to someone using your domain, and the answer was no: https://law.stackexchange.com/q/35917/15724







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited yesterday

























          answered 2 days ago









          forest

          32.7k15106111




          32.7k15106111








          • 3




            Unless OP already happens to have one, registering a trademark costs a lot more than registering a domain.
            – Federico Poloni
            2 days ago






          • 5




            @FedericoPoloni You do not need to explicitly register a trademark. Just use the trademark symbol (™) next to a logo or phrase and you will get a certain level of protection in many countries. However, getting a registered trademark (®) does cost money. Lack of a registered trademark might, however, prevent you from seeking damages under 15 U.S. Code § 1117 in the USA, and protections would be weaker. See also here.
            – forest
            2 days ago








          • 6




            Trademark protection against other people registering a domain has its limits. It will work against lego.newtld as Lego is a world wide brand and a registered trademark, though they might have to claim it when newtld is created to be sure to have it. It might not work with speterson.com, even if there is a company called Speterson with a trademark. If Steven Peterson registers it and uses it for something that is not in conflict with that trademark the Speterson company will not have an easy case.
            – Bent
            2 days ago






          • 3




            "They will not have retroactive access to previously sent emails." That statement should come with a bit of a caveat. Suppose OP has a webmail account somewhere, which is tied to this domain for password recovery purposes. Unless OP makes very sure to remove that e-mail address from the webmail account recovery process, having control of the domain may allow an attacker to take control over the webmail account, thus enabling access to any old e-mails stored in the webmail account. Now, is this a particularly likely scenario? I'd say no. But it's possible.
            – a CVn
            2 days ago








          • 3




            @hiburn8 That is incorrect. There is a domain name dispute process specifically for cases like that, and bad-faith use of a domain (selling fake lego from lego.com, for example), is explicitly a reason for a domain name to be taken away from its current owner.
            – mbrig
            2 days ago














          • 3




            Unless OP already happens to have one, registering a trademark costs a lot more than registering a domain.
            – Federico Poloni
            2 days ago






          • 5




            @FedericoPoloni You do not need to explicitly register a trademark. Just use the trademark symbol (™) next to a logo or phrase and you will get a certain level of protection in many countries. However, getting a registered trademark (®) does cost money. Lack of a registered trademark might, however, prevent you from seeking damages under 15 U.S. Code § 1117 in the USA, and protections would be weaker. See also here.
            – forest
            2 days ago








          • 6




            Trademark protection against other people registering a domain has its limits. It will work against lego.newtld as Lego is a world wide brand and a registered trademark, though they might have to claim it when newtld is created to be sure to have it. It might not work with speterson.com, even if there is a company called Speterson with a trademark. If Steven Peterson registers it and uses it for something that is not in conflict with that trademark the Speterson company will not have an easy case.
            – Bent
            2 days ago






          • 3




            "They will not have retroactive access to previously sent emails." That statement should come with a bit of a caveat. Suppose OP has a webmail account somewhere, which is tied to this domain for password recovery purposes. Unless OP makes very sure to remove that e-mail address from the webmail account recovery process, having control of the domain may allow an attacker to take control over the webmail account, thus enabling access to any old e-mails stored in the webmail account. Now, is this a particularly likely scenario? I'd say no. But it's possible.
            – a CVn
            2 days ago








          • 3




            @hiburn8 That is incorrect. There is a domain name dispute process specifically for cases like that, and bad-faith use of a domain (selling fake lego from lego.com, for example), is explicitly a reason for a domain name to be taken away from its current owner.
            – mbrig
            2 days ago








          3




          3




          Unless OP already happens to have one, registering a trademark costs a lot more than registering a domain.
          – Federico Poloni
          2 days ago




          Unless OP already happens to have one, registering a trademark costs a lot more than registering a domain.
          – Federico Poloni
          2 days ago




          5




          5




          @FedericoPoloni You do not need to explicitly register a trademark. Just use the trademark symbol (™) next to a logo or phrase and you will get a certain level of protection in many countries. However, getting a registered trademark (®) does cost money. Lack of a registered trademark might, however, prevent you from seeking damages under 15 U.S. Code § 1117 in the USA, and protections would be weaker. See also here.
          – forest
          2 days ago






          @FedericoPoloni You do not need to explicitly register a trademark. Just use the trademark symbol (™) next to a logo or phrase and you will get a certain level of protection in many countries. However, getting a registered trademark (®) does cost money. Lack of a registered trademark might, however, prevent you from seeking damages under 15 U.S. Code § 1117 in the USA, and protections would be weaker. See also here.
          – forest
          2 days ago






          6




          6




          Trademark protection against other people registering a domain has its limits. It will work against lego.newtld as Lego is a world wide brand and a registered trademark, though they might have to claim it when newtld is created to be sure to have it. It might not work with speterson.com, even if there is a company called Speterson with a trademark. If Steven Peterson registers it and uses it for something that is not in conflict with that trademark the Speterson company will not have an easy case.
          – Bent
          2 days ago




          Trademark protection against other people registering a domain has its limits. It will work against lego.newtld as Lego is a world wide brand and a registered trademark, though they might have to claim it when newtld is created to be sure to have it. It might not work with speterson.com, even if there is a company called Speterson with a trademark. If Steven Peterson registers it and uses it for something that is not in conflict with that trademark the Speterson company will not have an easy case.
          – Bent
          2 days ago




          3




          3




          "They will not have retroactive access to previously sent emails." That statement should come with a bit of a caveat. Suppose OP has a webmail account somewhere, which is tied to this domain for password recovery purposes. Unless OP makes very sure to remove that e-mail address from the webmail account recovery process, having control of the domain may allow an attacker to take control over the webmail account, thus enabling access to any old e-mails stored in the webmail account. Now, is this a particularly likely scenario? I'd say no. But it's possible.
          – a CVn
          2 days ago






          "They will not have retroactive access to previously sent emails." That statement should come with a bit of a caveat. Suppose OP has a webmail account somewhere, which is tied to this domain for password recovery purposes. Unless OP makes very sure to remove that e-mail address from the webmail account recovery process, having control of the domain may allow an attacker to take control over the webmail account, thus enabling access to any old e-mails stored in the webmail account. Now, is this a particularly likely scenario? I'd say no. But it's possible.
          – a CVn
          2 days ago






          3




          3




          @hiburn8 That is incorrect. There is a domain name dispute process specifically for cases like that, and bad-faith use of a domain (selling fake lego from lego.com, for example), is explicitly a reason for a domain name to be taken away from its current owner.
          – mbrig
          2 days ago




          @hiburn8 That is incorrect. There is a domain name dispute process specifically for cases like that, and bad-faith use of a domain (selling fake lego from lego.com, for example), is explicitly a reason for a domain name to be taken away from its current owner.
          – mbrig
          2 days ago













          29














          As others already mentioned: Yes keeping a domain name is the only way to be sure that nobody is going to receive emails sent to there.



          That being said:



          Just keeping a domain is often cheaper than using it



          Of course everything depends on the provider, but as I understand you currently have currently more than 1 service (domain name, redirect?, email server?, hosting space?).



          When your only objective is to prevent others from receiving your emails, it is sufficient to only renew the domain name, and you can avoid the costs for any further service.






          share|improve this answer


























            29














            As others already mentioned: Yes keeping a domain name is the only way to be sure that nobody is going to receive emails sent to there.



            That being said:



            Just keeping a domain is often cheaper than using it



            Of course everything depends on the provider, but as I understand you currently have currently more than 1 service (domain name, redirect?, email server?, hosting space?).



            When your only objective is to prevent others from receiving your emails, it is sufficient to only renew the domain name, and you can avoid the costs for any further service.






            share|improve this answer
























              29












              29








              29






              As others already mentioned: Yes keeping a domain name is the only way to be sure that nobody is going to receive emails sent to there.



              That being said:



              Just keeping a domain is often cheaper than using it



              Of course everything depends on the provider, but as I understand you currently have currently more than 1 service (domain name, redirect?, email server?, hosting space?).



              When your only objective is to prevent others from receiving your emails, it is sufficient to only renew the domain name, and you can avoid the costs for any further service.






              share|improve this answer












              As others already mentioned: Yes keeping a domain name is the only way to be sure that nobody is going to receive emails sent to there.



              That being said:



              Just keeping a domain is often cheaper than using it



              Of course everything depends on the provider, but as I understand you currently have currently more than 1 service (domain name, redirect?, email server?, hosting space?).



              When your only objective is to prevent others from receiving your emails, it is sufficient to only renew the domain name, and you can avoid the costs for any further service.







              share|improve this answer












              share|improve this answer



              share|improve this answer










              answered 2 days ago









              Dennis Jaheruddin

              1,143813




              1,143813























                  7














                  It is pretty sure that someone will definitely buy your domain, as domain crawlers try to lock and resell, overpriced, domain names that people forget to renew. An MX record is not required in order to have mails delivered somewhere.



                  Thanks to @Criggie, if an MX record is not set, the Mail Transfer Agent will try to point to the root A record for that domain and open a connection to its port 25. So, the web server responding for the new buyer must also be capable of mail server.



                  Now, we need to estimate the odds that someone will effectively monitor the email address(es).



                  In my personal opinion, unless you are a person worth to target by a human interest, the best that the buyer company will do is just crawl sender email addresses for unsolicited bulk advertising purposes, namely spam. Not to inspect the real contents.



                  Update: non-scientific statistics



                  I tried to ping 5 of the domains I owned in the past. Out of them, one has been purchased in 2015 by what looks like to be a business whose name is meaningful to domain name, and they have set an MX record. The other 4 are not existent.




                  Are there ways to prevent that or is the only option I have is to pay for the domain until I die?




                  Use a long-term grace period



                  That means gradually decommission that domain. Keep it for now, e.g. renew for 2 years, but perhaps establish an auto-responder (or auto-refusal) email like




                  Greetings,



                  the email address me@mydomain.tld will be decommissioned by [2 years from now]. I kindly ask you to update your address book and send the email again to me@mydomain.biz.



                  For the privacy of both, it is important that you kindly implement this change as soon as possible




                  The last sentence explains the matter but is hard to understand for non-security-expert users.



                  I would expect emails sent to mydomain.tld will gradually decrease over time. Do not forget to update your business cards immediately and start using the new ones.



                  Eventually, there could still be someone, hopefully a handful, using your old email address after the grace period expires. What to do?



                  This is where maths come: put on a scale the total cost of lifetime ownership of the old domain name versus the economic losses that YOU will suffer in case a confidential mail is revealed to someone unauthorized. I said YOUR losses because if your customer/sender is a jerk and keeps sending sensitive material to the wrong address it may not be your business.



                  Comment



                  I don't personally like this question from the very beginning. ISPs, including the sender's, have full access to plaintext emails, some may be required by law to keep ("data retention") record for months or years. In the very end, plaintext email is not the best option to deal with sensitive contents.



                  Eventually, we trust major ISPs to protect our privacy. We trust them to...






                  share|improve this answer



















                  • 1




                    It's true that plaintext email is far from ideal, but at least it requires an active attack or a position of privilege to access the contents. But anyone can register a domain once it has expired and been released.
                    – forest
                    yesterday












                  • Note if a domainname's nameserver doesn't reply with a specific MX record, then MTAs are supposed to try a connection to the root A record of the domain, if it has one. A domain squatter will frequently point the root domain and the www. host at a webserver as advertising.
                    – Criggie
                    11 hours ago
















                  7














                  It is pretty sure that someone will definitely buy your domain, as domain crawlers try to lock and resell, overpriced, domain names that people forget to renew. An MX record is not required in order to have mails delivered somewhere.



                  Thanks to @Criggie, if an MX record is not set, the Mail Transfer Agent will try to point to the root A record for that domain and open a connection to its port 25. So, the web server responding for the new buyer must also be capable of mail server.



                  Now, we need to estimate the odds that someone will effectively monitor the email address(es).



                  In my personal opinion, unless you are a person worth to target by a human interest, the best that the buyer company will do is just crawl sender email addresses for unsolicited bulk advertising purposes, namely spam. Not to inspect the real contents.



                  Update: non-scientific statistics



                  I tried to ping 5 of the domains I owned in the past. Out of them, one has been purchased in 2015 by what looks like to be a business whose name is meaningful to domain name, and they have set an MX record. The other 4 are not existent.




                  Are there ways to prevent that or is the only option I have is to pay for the domain until I die?




                  Use a long-term grace period



                  That means gradually decommission that domain. Keep it for now, e.g. renew for 2 years, but perhaps establish an auto-responder (or auto-refusal) email like




                  Greetings,



                  the email address me@mydomain.tld will be decommissioned by [2 years from now]. I kindly ask you to update your address book and send the email again to me@mydomain.biz.



                  For the privacy of both, it is important that you kindly implement this change as soon as possible




                  The last sentence explains the matter but is hard to understand for non-security-expert users.



                  I would expect emails sent to mydomain.tld will gradually decrease over time. Do not forget to update your business cards immediately and start using the new ones.



                  Eventually, there could still be someone, hopefully a handful, using your old email address after the grace period expires. What to do?



                  This is where maths come: put on a scale the total cost of lifetime ownership of the old domain name versus the economic losses that YOU will suffer in case a confidential mail is revealed to someone unauthorized. I said YOUR losses because if your customer/sender is a jerk and keeps sending sensitive material to the wrong address it may not be your business.



                  Comment



                  I don't personally like this question from the very beginning. ISPs, including the sender's, have full access to plaintext emails, some may be required by law to keep ("data retention") record for months or years. In the very end, plaintext email is not the best option to deal with sensitive contents.



                  Eventually, we trust major ISPs to protect our privacy. We trust them to...






                  share|improve this answer



















                  • 1




                    It's true that plaintext email is far from ideal, but at least it requires an active attack or a position of privilege to access the contents. But anyone can register a domain once it has expired and been released.
                    – forest
                    yesterday












                  • Note if a domainname's nameserver doesn't reply with a specific MX record, then MTAs are supposed to try a connection to the root A record of the domain, if it has one. A domain squatter will frequently point the root domain and the www. host at a webserver as advertising.
                    – Criggie
                    11 hours ago














                  7












                  7








                  7






                  It is pretty sure that someone will definitely buy your domain, as domain crawlers try to lock and resell, overpriced, domain names that people forget to renew. An MX record is not required in order to have mails delivered somewhere.



                  Thanks to @Criggie, if an MX record is not set, the Mail Transfer Agent will try to point to the root A record for that domain and open a connection to its port 25. So, the web server responding for the new buyer must also be capable of mail server.



                  Now, we need to estimate the odds that someone will effectively monitor the email address(es).



                  In my personal opinion, unless you are a person worth to target by a human interest, the best that the buyer company will do is just crawl sender email addresses for unsolicited bulk advertising purposes, namely spam. Not to inspect the real contents.



                  Update: non-scientific statistics



                  I tried to ping 5 of the domains I owned in the past. Out of them, one has been purchased in 2015 by what looks like to be a business whose name is meaningful to domain name, and they have set an MX record. The other 4 are not existent.




                  Are there ways to prevent that or is the only option I have is to pay for the domain until I die?




                  Use a long-term grace period



                  That means gradually decommission that domain. Keep it for now, e.g. renew for 2 years, but perhaps establish an auto-responder (or auto-refusal) email like




                  Greetings,



                  the email address me@mydomain.tld will be decommissioned by [2 years from now]. I kindly ask you to update your address book and send the email again to me@mydomain.biz.



                  For the privacy of both, it is important that you kindly implement this change as soon as possible




                  The last sentence explains the matter but is hard to understand for non-security-expert users.



                  I would expect emails sent to mydomain.tld will gradually decrease over time. Do not forget to update your business cards immediately and start using the new ones.



                  Eventually, there could still be someone, hopefully a handful, using your old email address after the grace period expires. What to do?



                  This is where maths come: put on a scale the total cost of lifetime ownership of the old domain name versus the economic losses that YOU will suffer in case a confidential mail is revealed to someone unauthorized. I said YOUR losses because if your customer/sender is a jerk and keeps sending sensitive material to the wrong address it may not be your business.



                  Comment



                  I don't personally like this question from the very beginning. ISPs, including the sender's, have full access to plaintext emails, some may be required by law to keep ("data retention") record for months or years. In the very end, plaintext email is not the best option to deal with sensitive contents.



                  Eventually, we trust major ISPs to protect our privacy. We trust them to...






                  share|improve this answer














                  It is pretty sure that someone will definitely buy your domain, as domain crawlers try to lock and resell, overpriced, domain names that people forget to renew. An MX record is not required in order to have mails delivered somewhere.



                  Thanks to @Criggie, if an MX record is not set, the Mail Transfer Agent will try to point to the root A record for that domain and open a connection to its port 25. So, the web server responding for the new buyer must also be capable of mail server.



                  Now, we need to estimate the odds that someone will effectively monitor the email address(es).



                  In my personal opinion, unless you are a person worth to target by a human interest, the best that the buyer company will do is just crawl sender email addresses for unsolicited bulk advertising purposes, namely spam. Not to inspect the real contents.



                  Update: non-scientific statistics



                  I tried to ping 5 of the domains I owned in the past. Out of them, one has been purchased in 2015 by what looks like to be a business whose name is meaningful to domain name, and they have set an MX record. The other 4 are not existent.




                  Are there ways to prevent that or is the only option I have is to pay for the domain until I die?




                  Use a long-term grace period



                  That means gradually decommission that domain. Keep it for now, e.g. renew for 2 years, but perhaps establish an auto-responder (or auto-refusal) email like




                  Greetings,



                  the email address me@mydomain.tld will be decommissioned by [2 years from now]. I kindly ask you to update your address book and send the email again to me@mydomain.biz.



                  For the privacy of both, it is important that you kindly implement this change as soon as possible




                  The last sentence explains the matter but is hard to understand for non-security-expert users.



                  I would expect emails sent to mydomain.tld will gradually decrease over time. Do not forget to update your business cards immediately and start using the new ones.



                  Eventually, there could still be someone, hopefully a handful, using your old email address after the grace period expires. What to do?



                  This is where maths come: put on a scale the total cost of lifetime ownership of the old domain name versus the economic losses that YOU will suffer in case a confidential mail is revealed to someone unauthorized. I said YOUR losses because if your customer/sender is a jerk and keeps sending sensitive material to the wrong address it may not be your business.



                  Comment



                  I don't personally like this question from the very beginning. ISPs, including the sender's, have full access to plaintext emails, some may be required by law to keep ("data retention") record for months or years. In the very end, plaintext email is not the best option to deal with sensitive contents.



                  Eventually, we trust major ISPs to protect our privacy. We trust them to...







                  share|improve this answer














                  share|improve this answer



                  share|improve this answer








                  edited 1 hour ago

























                  answered yesterday









                  usr-local-ΕΨΗΕΛΩΝ

                  1,211415




                  1,211415








                  • 1




                    It's true that plaintext email is far from ideal, but at least it requires an active attack or a position of privilege to access the contents. But anyone can register a domain once it has expired and been released.
                    – forest
                    yesterday












                  • Note if a domainname's nameserver doesn't reply with a specific MX record, then MTAs are supposed to try a connection to the root A record of the domain, if it has one. A domain squatter will frequently point the root domain and the www. host at a webserver as advertising.
                    – Criggie
                    11 hours ago














                  • 1




                    It's true that plaintext email is far from ideal, but at least it requires an active attack or a position of privilege to access the contents. But anyone can register a domain once it has expired and been released.
                    – forest
                    yesterday












                  • Note if a domainname's nameserver doesn't reply with a specific MX record, then MTAs are supposed to try a connection to the root A record of the domain, if it has one. A domain squatter will frequently point the root domain and the www. host at a webserver as advertising.
                    – Criggie
                    11 hours ago








                  1




                  1




                  It's true that plaintext email is far from ideal, but at least it requires an active attack or a position of privilege to access the contents. But anyone can register a domain once it has expired and been released.
                  – forest
                  yesterday






                  It's true that plaintext email is far from ideal, but at least it requires an active attack or a position of privilege to access the contents. But anyone can register a domain once it has expired and been released.
                  – forest
                  yesterday














                  Note if a domainname's nameserver doesn't reply with a specific MX record, then MTAs are supposed to try a connection to the root A record of the domain, if it has one. A domain squatter will frequently point the root domain and the www. host at a webserver as advertising.
                  – Criggie
                  11 hours ago




                  Note if a domainname's nameserver doesn't reply with a specific MX record, then MTAs are supposed to try a connection to the root A record of the domain, if it has one. A domain squatter will frequently point the root domain and the www. host at a webserver as advertising.
                  – Criggie
                  11 hours ago











                  2














                  Yes, the new owner will be able to receive and read all your email. The only way to avoid this is to continue paying for the domain. It is not necessary to keep hosting - only pay the domain. If you prepay for 10 years, the price will be about $90 or less for .com domain. It is important to remember the expiration after 10 years and the password. If the domain is not com/net/org, the price will be higher.






                  share|improve this answer


























                    2














                    Yes, the new owner will be able to receive and read all your email. The only way to avoid this is to continue paying for the domain. It is not necessary to keep hosting - only pay the domain. If you prepay for 10 years, the price will be about $90 or less for .com domain. It is important to remember the expiration after 10 years and the password. If the domain is not com/net/org, the price will be higher.






                    share|improve this answer
























                      2












                      2








                      2






                      Yes, the new owner will be able to receive and read all your email. The only way to avoid this is to continue paying for the domain. It is not necessary to keep hosting - only pay the domain. If you prepay for 10 years, the price will be about $90 or less for .com domain. It is important to remember the expiration after 10 years and the password. If the domain is not com/net/org, the price will be higher.






                      share|improve this answer












                      Yes, the new owner will be able to receive and read all your email. The only way to avoid this is to continue paying for the domain. It is not necessary to keep hosting - only pay the domain. If you prepay for 10 years, the price will be about $90 or less for .com domain. It is important to remember the expiration after 10 years and the password. If the domain is not com/net/org, the price will be higher.







                      share|improve this answer












                      share|improve this answer



                      share|improve this answer










                      answered 7 hours ago









                      i486

                      1214




                      1214























                          1














                          Yes, the scenario described is completely possible. It happened to Google relatively recently when they lost control of google.com and Microsoft back in 2003 with hotmail.co.uk. Yes, those domains got bought. For Google's case:




                          ...He also received emails with internal information, which he has
                          since reported to Google's security team, Ved said.



                          ...His run of Google.com was short-lived though. Google Domains
                          canceled the sale a minute later...




                          For Microsoft, who lost control of a domain for an email service (possibly putting thousands in the situation you describe):




                          [Microsoft] managed to contact hotmail.co.uk's new owner, grovel at their mistake and sort out the mess. By all accounts, hotmail.co.uk will be returned in a few days.






                          The only way to be sure that confidential emails don't end up in the wrong hands is to own the domain indefinitely. However, as mentioned by usr-local-ΕΨΗΕΛΩΝ, you could balance your possible loss if a confidential email leaks versus the cost of owning the domain for a long time.



                          Practically, what you could do is replace your email (that uses the expiring domain) on sites that you registered for. Also inform your contacts to eschew your old email.



                          As an additional step, hold on to the domain for a year or ten and deliberately blackhole your MX records, so that senders who didn't get (or could not get) the memo would be greeted by errors. For Gmail, a sample would be



                          Gmail - Message not delivered






                          share|improve this answer




























                            1














                            Yes, the scenario described is completely possible. It happened to Google relatively recently when they lost control of google.com and Microsoft back in 2003 with hotmail.co.uk. Yes, those domains got bought. For Google's case:




                            ...He also received emails with internal information, which he has
                            since reported to Google's security team, Ved said.



                            ...His run of Google.com was short-lived though. Google Domains
                            canceled the sale a minute later...




                            For Microsoft, who lost control of a domain for an email service (possibly putting thousands in the situation you describe):




                            [Microsoft] managed to contact hotmail.co.uk's new owner, grovel at their mistake and sort out the mess. By all accounts, hotmail.co.uk will be returned in a few days.






                            The only way to be sure that confidential emails don't end up in the wrong hands is to own the domain indefinitely. However, as mentioned by usr-local-ΕΨΗΕΛΩΝ, you could balance your possible loss if a confidential email leaks versus the cost of owning the domain for a long time.



                            Practically, what you could do is replace your email (that uses the expiring domain) on sites that you registered for. Also inform your contacts to eschew your old email.



                            As an additional step, hold on to the domain for a year or ten and deliberately blackhole your MX records, so that senders who didn't get (or could not get) the memo would be greeted by errors. For Gmail, a sample would be



                            Gmail - Message not delivered






                            share|improve this answer


























                              1












                              1








                              1






                              Yes, the scenario described is completely possible. It happened to Google relatively recently when they lost control of google.com and Microsoft back in 2003 with hotmail.co.uk. Yes, those domains got bought. For Google's case:




                              ...He also received emails with internal information, which he has
                              since reported to Google's security team, Ved said.



                              ...His run of Google.com was short-lived though. Google Domains
                              canceled the sale a minute later...




                              For Microsoft, who lost control of a domain for an email service (possibly putting thousands in the situation you describe):




                              [Microsoft] managed to contact hotmail.co.uk's new owner, grovel at their mistake and sort out the mess. By all accounts, hotmail.co.uk will be returned in a few days.






                              The only way to be sure that confidential emails don't end up in the wrong hands is to own the domain indefinitely. However, as mentioned by usr-local-ΕΨΗΕΛΩΝ, you could balance your possible loss if a confidential email leaks versus the cost of owning the domain for a long time.



                              Practically, what you could do is replace your email (that uses the expiring domain) on sites that you registered for. Also inform your contacts to eschew your old email.



                              As an additional step, hold on to the domain for a year or ten and deliberately blackhole your MX records, so that senders who didn't get (or could not get) the memo would be greeted by errors. For Gmail, a sample would be



                              Gmail - Message not delivered






                              share|improve this answer














                              Yes, the scenario described is completely possible. It happened to Google relatively recently when they lost control of google.com and Microsoft back in 2003 with hotmail.co.uk. Yes, those domains got bought. For Google's case:




                              ...He also received emails with internal information, which he has
                              since reported to Google's security team, Ved said.



                              ...His run of Google.com was short-lived though. Google Domains
                              canceled the sale a minute later...




                              For Microsoft, who lost control of a domain for an email service (possibly putting thousands in the situation you describe):




                              [Microsoft] managed to contact hotmail.co.uk's new owner, grovel at their mistake and sort out the mess. By all accounts, hotmail.co.uk will be returned in a few days.






                              The only way to be sure that confidential emails don't end up in the wrong hands is to own the domain indefinitely. However, as mentioned by usr-local-ΕΨΗΕΛΩΝ, you could balance your possible loss if a confidential email leaks versus the cost of owning the domain for a long time.



                              Practically, what you could do is replace your email (that uses the expiring domain) on sites that you registered for. Also inform your contacts to eschew your old email.



                              As an additional step, hold on to the domain for a year or ten and deliberately blackhole your MX records, so that senders who didn't get (or could not get) the memo would be greeted by errors. For Gmail, a sample would be



                              Gmail - Message not delivered







                              share|improve this answer














                              share|improve this answer



                              share|improve this answer








                              edited 6 hours ago

























                              answered 7 hours ago









                              pandalion98

                              265311




                              265311























                                  0














                                  This entire question, in a sense, is the polar opposite of what domain ownership, and even an email address is supposed to be: An identity you keep forever*. Or, at least, could.



                                  Coca-cola owns cocacola.com because it provides a means of accessing the brand, which they will probably have forever*. Ditto for Intel, Amazon, Foot Locker, and so on. Your domain registrar probably used this exact form of marketing, that a domain provides YOU an identity forever*. They used this angle since the early 90s at least.



                                  In essence, what you are trying to do is largely the opposite of the design goal of this product. You're trying to get rid of something intended for you to keep and maintain forever*.



                                  Another thing to consider: I suppose, if there were a mechanism to allow a domain owner to decommission a domain permanently, that would suit your needs, but there isn't, because you don't entirely own your domain. It's more that you're leasing it.



                                  *Well, you can replace "forever" with "until this no longer is viable" but hopefully you get the point.






                                  share|improve this answer








                                  New contributor




                                  Crayoneater is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                  Check out our Code of Conduct.























                                    0














                                    This entire question, in a sense, is the polar opposite of what domain ownership, and even an email address is supposed to be: An identity you keep forever*. Or, at least, could.



                                    Coca-cola owns cocacola.com because it provides a means of accessing the brand, which they will probably have forever*. Ditto for Intel, Amazon, Foot Locker, and so on. Your domain registrar probably used this exact form of marketing, that a domain provides YOU an identity forever*. They used this angle since the early 90s at least.



                                    In essence, what you are trying to do is largely the opposite of the design goal of this product. You're trying to get rid of something intended for you to keep and maintain forever*.



                                    Another thing to consider: I suppose, if there were a mechanism to allow a domain owner to decommission a domain permanently, that would suit your needs, but there isn't, because you don't entirely own your domain. It's more that you're leasing it.



                                    *Well, you can replace "forever" with "until this no longer is viable" but hopefully you get the point.






                                    share|improve this answer








                                    New contributor




                                    Crayoneater is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                    Check out our Code of Conduct.





















                                      0












                                      0








                                      0






                                      This entire question, in a sense, is the polar opposite of what domain ownership, and even an email address is supposed to be: An identity you keep forever*. Or, at least, could.



                                      Coca-cola owns cocacola.com because it provides a means of accessing the brand, which they will probably have forever*. Ditto for Intel, Amazon, Foot Locker, and so on. Your domain registrar probably used this exact form of marketing, that a domain provides YOU an identity forever*. They used this angle since the early 90s at least.



                                      In essence, what you are trying to do is largely the opposite of the design goal of this product. You're trying to get rid of something intended for you to keep and maintain forever*.



                                      Another thing to consider: I suppose, if there were a mechanism to allow a domain owner to decommission a domain permanently, that would suit your needs, but there isn't, because you don't entirely own your domain. It's more that you're leasing it.



                                      *Well, you can replace "forever" with "until this no longer is viable" but hopefully you get the point.






                                      share|improve this answer








                                      New contributor




                                      Crayoneater is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                      Check out our Code of Conduct.









                                      This entire question, in a sense, is the polar opposite of what domain ownership, and even an email address is supposed to be: An identity you keep forever*. Or, at least, could.



                                      Coca-cola owns cocacola.com because it provides a means of accessing the brand, which they will probably have forever*. Ditto for Intel, Amazon, Foot Locker, and so on. Your domain registrar probably used this exact form of marketing, that a domain provides YOU an identity forever*. They used this angle since the early 90s at least.



                                      In essence, what you are trying to do is largely the opposite of the design goal of this product. You're trying to get rid of something intended for you to keep and maintain forever*.



                                      Another thing to consider: I suppose, if there were a mechanism to allow a domain owner to decommission a domain permanently, that would suit your needs, but there isn't, because you don't entirely own your domain. It's more that you're leasing it.



                                      *Well, you can replace "forever" with "until this no longer is viable" but hopefully you get the point.







                                      share|improve this answer








                                      New contributor




                                      Crayoneater is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                      Check out our Code of Conduct.









                                      share|improve this answer



                                      share|improve this answer






                                      New contributor




                                      Crayoneater is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                      Check out our Code of Conduct.









                                      answered 7 hours ago









                                      Crayoneater

                                      1




                                      1




                                      New contributor




                                      Crayoneater is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                      Check out our Code of Conduct.





                                      New contributor





                                      Crayoneater is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                      Check out our Code of Conduct.






                                      Crayoneater is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                      Check out our Code of Conduct.






















                                          Skiddie Hunter is a new contributor. Be nice, and check out our Code of Conduct.










                                          draft saved

                                          draft discarded


















                                          Skiddie Hunter is a new contributor. Be nice, and check out our Code of Conduct.













                                          Skiddie Hunter is a new contributor. Be nice, and check out our Code of Conduct.












                                          Skiddie Hunter is a new contributor. Be nice, and check out our Code of Conduct.
















                                          Thanks for contributing an answer to Information Security Stack Exchange!


                                          • Please be sure to answer the question. Provide details and share your research!

                                          But avoid



                                          • Asking for help, clarification, or responding to other answers.

                                          • Making statements based on opinion; back them up with references or personal experience.


                                          To learn more, see our tips on writing great answers.





                                          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                                          Please pay close attention to the following guidance:


                                          • Please be sure to answer the question. Provide details and share your research!

                                          But avoid



                                          • Asking for help, clarification, or responding to other answers.

                                          • Making statements based on opinion; back them up with references or personal experience.


                                          To learn more, see our tips on writing great answers.




                                          draft saved


                                          draft discarded














                                          StackExchange.ready(
                                          function () {
                                          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f200720%2fcan-someone-read-my-e-mail-if-i-lose-ownership-of-my-domain%23new-answer', 'question_page');
                                          }
                                          );

                                          Post as a guest















                                          Required, but never shown





















































                                          Required, but never shown














                                          Required, but never shown












                                          Required, but never shown







                                          Required, but never shown

































                                          Required, but never shown














                                          Required, but never shown












                                          Required, but never shown







                                          Required, but never shown







                                          Popular posts from this blog

                                          1300-talet

                                          1300-talet

                                          Display a custom attribute below product name in the front-end Magento 1.9.3.8