Can someone read my E-Mail if I lose ownership of my domain?
Let's assume I have a server set up with an email address like me@mydomain.tld. Now I have distributed my business card with the e-mail address to all people all over the world and they keep sending me confidential emails. But now I don't feel like paying for the domain mydomain.tld anymore.
Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?
No, I can't tell them to stop sending confidential mails because I can't contact them.
Are there ways to prevent that or is the only option I have is to pay for the domain until I die?
email domain
New contributor
|
show 4 more comments
Let's assume I have a server set up with an email address like me@mydomain.tld. Now I have distributed my business card with the e-mail address to all people all over the world and they keep sending me confidential emails. But now I don't feel like paying for the domain mydomain.tld anymore.
Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?
No, I can't tell them to stop sending confidential mails because I can't contact them.
Are there ways to prevent that or is the only option I have is to pay for the domain until I die?
email domain
New contributor
3
About $14. Still pretty much for a student. But thanks for your answer. I'll probably pay for it another 5 years and then I'm gonna let it expire.
– Skiddie Hunter
2 days ago
34
$14 a year is nothing. Paying $140 over a period of 10 years is nothing (you won't be a student forever!). Forgo a cup of coffee during one day only once every three months and it'll pay for itself indefinitely.
– forest
2 days ago
6
Have you considered paying for a few more years and setting an "out of office" or "vacation auto-reply" saying that the domain will be dead after X years? That's what I did with my Gmail account when I divorced Google. It won't guarantee 100%, but how many people are likely to not contact you for 5 years, then suddenly do so after that? I guess it depends if this is a real life question or just academic.
– Mawg
2 days ago
12
@SkiddieHunter For sending credit card information e-mail was never an advisable choice. A website should use HTTP GET/POST over TLS for exchanging credit card information. And for a side business while you're a student, you really should probably use something more like PayPal where you never need to know or touch customers' credit card info at all. Even if you continue to own the domain, e-mail has never been a secure way to exchange information. It's generally unencrypted and viewable by anyone anywhere along the transmission path. Also, SMTP is about 37 years old, not over 50. :)
– reirab
2 days ago
7
@SkiddieHunter: Re: "Why hasn't e-mail been abolished and replaced by something newer and better that is, for example, based on security?" How do you expect to retain ownership of an identifier by which you can be reached without some sort of system equivalent to domain registration, in a way that's permanent across decades? Email addresses at domains registered 25+ years ago are still accessible. Do you honestly think you'll get that from anyone offering privately-controlled joke-of-a-service stuff intended to replace email?
– R..
yesterday
|
show 4 more comments
Let's assume I have a server set up with an email address like me@mydomain.tld. Now I have distributed my business card with the e-mail address to all people all over the world and they keep sending me confidential emails. But now I don't feel like paying for the domain mydomain.tld anymore.
Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?
No, I can't tell them to stop sending confidential mails because I can't contact them.
Are there ways to prevent that or is the only option I have is to pay for the domain until I die?
email domain
New contributor
Let's assume I have a server set up with an email address like me@mydomain.tld. Now I have distributed my business card with the e-mail address to all people all over the world and they keep sending me confidential emails. But now I don't feel like paying for the domain mydomain.tld anymore.
Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?
No, I can't tell them to stop sending confidential mails because I can't contact them.
Are there ways to prevent that or is the only option I have is to pay for the domain until I die?
email domain
email domain
New contributor
New contributor
edited yesterday
Mawg
698724
698724
New contributor
asked 2 days ago
Skiddie Hunter
34829
34829
New contributor
New contributor
3
About $14. Still pretty much for a student. But thanks for your answer. I'll probably pay for it another 5 years and then I'm gonna let it expire.
– Skiddie Hunter
2 days ago
34
$14 a year is nothing. Paying $140 over a period of 10 years is nothing (you won't be a student forever!). Forgo a cup of coffee during one day only once every three months and it'll pay for itself indefinitely.
– forest
2 days ago
6
Have you considered paying for a few more years and setting an "out of office" or "vacation auto-reply" saying that the domain will be dead after X years? That's what I did with my Gmail account when I divorced Google. It won't guarantee 100%, but how many people are likely to not contact you for 5 years, then suddenly do so after that? I guess it depends if this is a real life question or just academic.
– Mawg
2 days ago
12
@SkiddieHunter For sending credit card information e-mail was never an advisable choice. A website should use HTTP GET/POST over TLS for exchanging credit card information. And for a side business while you're a student, you really should probably use something more like PayPal where you never need to know or touch customers' credit card info at all. Even if you continue to own the domain, e-mail has never been a secure way to exchange information. It's generally unencrypted and viewable by anyone anywhere along the transmission path. Also, SMTP is about 37 years old, not over 50. :)
– reirab
2 days ago
7
@SkiddieHunter: Re: "Why hasn't e-mail been abolished and replaced by something newer and better that is, for example, based on security?" How do you expect to retain ownership of an identifier by which you can be reached without some sort of system equivalent to domain registration, in a way that's permanent across decades? Email addresses at domains registered 25+ years ago are still accessible. Do you honestly think you'll get that from anyone offering privately-controlled joke-of-a-service stuff intended to replace email?
– R..
yesterday
|
show 4 more comments
3
About $14. Still pretty much for a student. But thanks for your answer. I'll probably pay for it another 5 years and then I'm gonna let it expire.
– Skiddie Hunter
2 days ago
34
$14 a year is nothing. Paying $140 over a period of 10 years is nothing (you won't be a student forever!). Forgo a cup of coffee during one day only once every three months and it'll pay for itself indefinitely.
– forest
2 days ago
6
Have you considered paying for a few more years and setting an "out of office" or "vacation auto-reply" saying that the domain will be dead after X years? That's what I did with my Gmail account when I divorced Google. It won't guarantee 100%, but how many people are likely to not contact you for 5 years, then suddenly do so after that? I guess it depends if this is a real life question or just academic.
– Mawg
2 days ago
12
@SkiddieHunter For sending credit card information e-mail was never an advisable choice. A website should use HTTP GET/POST over TLS for exchanging credit card information. And for a side business while you're a student, you really should probably use something more like PayPal where you never need to know or touch customers' credit card info at all. Even if you continue to own the domain, e-mail has never been a secure way to exchange information. It's generally unencrypted and viewable by anyone anywhere along the transmission path. Also, SMTP is about 37 years old, not over 50. :)
– reirab
2 days ago
7
@SkiddieHunter: Re: "Why hasn't e-mail been abolished and replaced by something newer and better that is, for example, based on security?" How do you expect to retain ownership of an identifier by which you can be reached without some sort of system equivalent to domain registration, in a way that's permanent across decades? Email addresses at domains registered 25+ years ago are still accessible. Do you honestly think you'll get that from anyone offering privately-controlled joke-of-a-service stuff intended to replace email?
– R..
yesterday
3
3
About $14. Still pretty much for a student. But thanks for your answer. I'll probably pay for it another 5 years and then I'm gonna let it expire.
– Skiddie Hunter
2 days ago
About $14. Still pretty much for a student. But thanks for your answer. I'll probably pay for it another 5 years and then I'm gonna let it expire.
– Skiddie Hunter
2 days ago
34
34
$14 a year is nothing. Paying $140 over a period of 10 years is nothing (you won't be a student forever!). Forgo a cup of coffee during one day only once every three months and it'll pay for itself indefinitely.
– forest
2 days ago
$14 a year is nothing. Paying $140 over a period of 10 years is nothing (you won't be a student forever!). Forgo a cup of coffee during one day only once every three months and it'll pay for itself indefinitely.
– forest
2 days ago
6
6
Have you considered paying for a few more years and setting an "out of office" or "vacation auto-reply" saying that the domain will be dead after X years? That's what I did with my Gmail account when I divorced Google. It won't guarantee 100%, but how many people are likely to not contact you for 5 years, then suddenly do so after that? I guess it depends if this is a real life question or just academic.
– Mawg
2 days ago
Have you considered paying for a few more years and setting an "out of office" or "vacation auto-reply" saying that the domain will be dead after X years? That's what I did with my Gmail account when I divorced Google. It won't guarantee 100%, but how many people are likely to not contact you for 5 years, then suddenly do so after that? I guess it depends if this is a real life question or just academic.
– Mawg
2 days ago
12
12
@SkiddieHunter For sending credit card information e-mail was never an advisable choice. A website should use HTTP GET/POST over TLS for exchanging credit card information. And for a side business while you're a student, you really should probably use something more like PayPal where you never need to know or touch customers' credit card info at all. Even if you continue to own the domain, e-mail has never been a secure way to exchange information. It's generally unencrypted and viewable by anyone anywhere along the transmission path. Also, SMTP is about 37 years old, not over 50. :)
– reirab
2 days ago
@SkiddieHunter For sending credit card information e-mail was never an advisable choice. A website should use HTTP GET/POST over TLS for exchanging credit card information. And for a side business while you're a student, you really should probably use something more like PayPal where you never need to know or touch customers' credit card info at all. Even if you continue to own the domain, e-mail has never been a secure way to exchange information. It's generally unencrypted and viewable by anyone anywhere along the transmission path. Also, SMTP is about 37 years old, not over 50. :)
– reirab
2 days ago
7
7
@SkiddieHunter: Re: "Why hasn't e-mail been abolished and replaced by something newer and better that is, for example, based on security?" How do you expect to retain ownership of an identifier by which you can be reached without some sort of system equivalent to domain registration, in a way that's permanent across decades? Email addresses at domains registered 25+ years ago are still accessible. Do you honestly think you'll get that from anyone offering privately-controlled joke-of-a-service stuff intended to replace email?
– R..
yesterday
@SkiddieHunter: Re: "Why hasn't e-mail been abolished and replaced by something newer and better that is, for example, based on security?" How do you expect to retain ownership of an identifier by which you can be reached without some sort of system equivalent to domain registration, in a way that's permanent across decades? Email addresses at domains registered 25+ years ago are still accessible. Do you honestly think you'll get that from anyone offering privately-controlled joke-of-a-service stuff intended to replace email?
– R..
yesterday
|
show 4 more comments
6 Answers
6
active
oldest
votes
Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?
If they register the domain name, they will receive all email being sent to it from that point on. They will not have retroactive access to previously sent emails. There is nothing to fundamentally prevent this.
Are there ways to prevent that or is the only option I have is to pay for the domain until I die?
You can request that all contacts to you encrypt their communications with PGP using your public key, which will prevent anyone who obtains the domain later from reading new messages, but it requires people actually use PGP, which may not be likely if you are distributing the address to average people in a business card. However, if you maintain or at least renew the domain for, say, 20 years, then what are the chances that anyone is going to seriously send an email to such an ancient address?
I asked the question on the Law Stack Exchange whether or not there would be any legal recourse to someone using your domain, and the answer was no: https://law.stackexchange.com/q/35917/15724
3
Unless OP already happens to have one, registering a trademark costs a lot more than registering a domain.
– Federico Poloni
2 days ago
5
@FedericoPoloni You do not need to explicitly register a trademark. Just use the trademark symbol (™) next to a logo or phrase and you will get a certain level of protection in many countries. However, getting a registered trademark (®) does cost money. Lack of a registered trademark might, however, prevent you from seeking damages under 15 U.S. Code § 1117 in the USA, and protections would be weaker. See also here.
– forest
2 days ago
6
Trademark protection against other people registering a domain has its limits. It will work against lego.newtld as Lego is a world wide brand and a registered trademark, though they might have to claim it when newtld is created to be sure to have it. It might not work with speterson.com, even if there is a company called Speterson with a trademark. If Steven Peterson registers it and uses it for something that is not in conflict with that trademark the Speterson company will not have an easy case.
– Bent
2 days ago
3
"They will not have retroactive access to previously sent emails." That statement should come with a bit of a caveat. Suppose OP has a webmail account somewhere, which is tied to this domain for password recovery purposes. Unless OP makes very sure to remove that e-mail address from the webmail account recovery process, having control of the domain may allow an attacker to take control over the webmail account, thus enabling access to any old e-mails stored in the webmail account. Now, is this a particularly likely scenario? I'd say no. But it's possible.
– a CVn
2 days ago
3
@hiburn8 That is incorrect. There is a domain name dispute process specifically for cases like that, and bad-faith use of a domain (selling fake lego from lego.com, for example), is explicitly a reason for a domain name to be taken away from its current owner.
– mbrig
2 days ago
|
show 8 more comments
As others already mentioned: Yes keeping a domain name is the only way to be sure that nobody is going to receive emails sent to there.
That being said:
Just keeping a domain is often cheaper than using it
Of course everything depends on the provider, but as I understand you currently have currently more than 1 service (domain name, redirect?, email server?, hosting space?).
When your only objective is to prevent others from receiving your emails, it is sufficient to only renew the domain name, and you can avoid the costs for any further service.
add a comment |
It is pretty sure that someone will definitely buy your domain, as domain crawlers try to lock and resell, overpriced, domain names that people forget to renew. An MX record is not required in order to have mails delivered somewhere.
Thanks to @Criggie, if an MX record is not set, the Mail Transfer Agent will try to point to the root A record for that domain and open a connection to its port 25. So, the web server responding for the new buyer must also be capable of mail server.
Now, we need to estimate the odds that someone will effectively monitor the email address(es).
In my personal opinion, unless you are a person worth to target by a human interest, the best that the buyer company will do is just crawl sender email addresses for unsolicited bulk advertising purposes, namely spam. Not to inspect the real contents.
Update: non-scientific statistics
I tried to ping 5 of the domains I owned in the past. Out of them, one has been purchased in 2015 by what looks like to be a business whose name is meaningful to domain name, and they have set an MX record. The other 4 are not existent.
Are there ways to prevent that or is the only option I have is to pay for the domain until I die?
Use a long-term grace period
That means gradually decommission that domain. Keep it for now, e.g. renew for 2 years, but perhaps establish an auto-responder (or auto-refusal) email like
Greetings,
the email address me@mydomain.tld will be decommissioned by [2 years from now]. I kindly ask you to update your address book and send the email again to me@mydomain.biz.
For the privacy of both, it is important that you kindly implement this change as soon as possible
The last sentence explains the matter but is hard to understand for non-security-expert users.
I would expect emails sent to mydomain.tld will gradually decrease over time. Do not forget to update your business cards immediately and start using the new ones.
Eventually, there could still be someone, hopefully a handful, using your old email address after the grace period expires. What to do?
This is where maths come: put on a scale the total cost of lifetime ownership of the old domain name versus the economic losses that YOU will suffer in case a confidential mail is revealed to someone unauthorized. I said YOUR losses because if your customer/sender is a jerk and keeps sending sensitive material to the wrong address it may not be your business.
Comment
I don't personally like this question from the very beginning. ISPs, including the sender's, have full access to plaintext emails, some may be required by law to keep ("data retention") record for months or years. In the very end, plaintext email is not the best option to deal with sensitive contents.
Eventually, we trust major ISPs to protect our privacy. We trust them to...
1
It's true that plaintext email is far from ideal, but at least it requires an active attack or a position of privilege to access the contents. But anyone can register a domain once it has expired and been released.
– forest
yesterday
Note if a domainname's nameserver doesn't reply with a specific MX record, then MTAs are supposed to try a connection to the root A record of the domain, if it has one. A domain squatter will frequently point the root domain and the www. host at a webserver as advertising.
– Criggie
11 hours ago
add a comment |
Yes, the new owner will be able to receive and read all your email. The only way to avoid this is to continue paying for the domain. It is not necessary to keep hosting - only pay the domain. If you prepay for 10 years, the price will be about $90 or less for .com
domain. It is important to remember the expiration after 10 years and the password. If the domain is not com/net/org, the price will be higher.
add a comment |
Yes, the scenario described is completely possible. It happened to Google relatively recently when they lost control of google.com
and Microsoft back in 2003 with hotmail.co.uk
. Yes, those domains got bought. For Google's case:
...He also received emails with internal information, which he has
since reported to Google's security team, Ved said.
...His run of Google.com was short-lived though. Google Domains
canceled the sale a minute later...
For Microsoft, who lost control of a domain for an email service (possibly putting thousands in the situation you describe):
[Microsoft] managed to contact hotmail.co.uk's new owner, grovel at their mistake and sort out the mess. By all accounts, hotmail.co.uk will be returned in a few days.
The only way to be sure that confidential emails don't end up in the wrong hands is to own the domain indefinitely. However, as mentioned by usr-local-ΕΨΗΕΛΩΝ, you could balance your possible loss if a confidential email leaks versus the cost of owning the domain for a long time.
Practically, what you could do is replace your email (that uses the expiring domain) on sites that you registered for. Also inform your contacts to eschew your old email.
As an additional step, hold on to the domain for a year or ten and deliberately blackhole your MX records, so that senders who didn't get (or could not get) the memo would be greeted by errors. For Gmail, a sample would be
add a comment |
This entire question, in a sense, is the polar opposite of what domain ownership, and even an email address is supposed to be: An identity you keep forever*. Or, at least, could.
Coca-cola owns cocacola.com because it provides a means of accessing the brand, which they will probably have forever*. Ditto for Intel, Amazon, Foot Locker, and so on. Your domain registrar probably used this exact form of marketing, that a domain provides YOU an identity forever*. They used this angle since the early 90s at least.
In essence, what you are trying to do is largely the opposite of the design goal of this product. You're trying to get rid of something intended for you to keep and maintain forever*.
Another thing to consider: I suppose, if there were a mechanism to allow a domain owner to decommission a domain permanently, that would suit your needs, but there isn't, because you don't entirely own your domain. It's more that you're leasing it.
*Well, you can replace "forever" with "until this no longer is viable" but hopefully you get the point.
New contributor
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Skiddie Hunter is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f200720%2fcan-someone-read-my-e-mail-if-i-lose-ownership-of-my-domain%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
6 Answers
6
active
oldest
votes
6 Answers
6
active
oldest
votes
active
oldest
votes
active
oldest
votes
Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?
If they register the domain name, they will receive all email being sent to it from that point on. They will not have retroactive access to previously sent emails. There is nothing to fundamentally prevent this.
Are there ways to prevent that or is the only option I have is to pay for the domain until I die?
You can request that all contacts to you encrypt their communications with PGP using your public key, which will prevent anyone who obtains the domain later from reading new messages, but it requires people actually use PGP, which may not be likely if you are distributing the address to average people in a business card. However, if you maintain or at least renew the domain for, say, 20 years, then what are the chances that anyone is going to seriously send an email to such an ancient address?
I asked the question on the Law Stack Exchange whether or not there would be any legal recourse to someone using your domain, and the answer was no: https://law.stackexchange.com/q/35917/15724
3
Unless OP already happens to have one, registering a trademark costs a lot more than registering a domain.
– Federico Poloni
2 days ago
5
@FedericoPoloni You do not need to explicitly register a trademark. Just use the trademark symbol (™) next to a logo or phrase and you will get a certain level of protection in many countries. However, getting a registered trademark (®) does cost money. Lack of a registered trademark might, however, prevent you from seeking damages under 15 U.S. Code § 1117 in the USA, and protections would be weaker. See also here.
– forest
2 days ago
6
Trademark protection against other people registering a domain has its limits. It will work against lego.newtld as Lego is a world wide brand and a registered trademark, though they might have to claim it when newtld is created to be sure to have it. It might not work with speterson.com, even if there is a company called Speterson with a trademark. If Steven Peterson registers it and uses it for something that is not in conflict with that trademark the Speterson company will not have an easy case.
– Bent
2 days ago
3
"They will not have retroactive access to previously sent emails." That statement should come with a bit of a caveat. Suppose OP has a webmail account somewhere, which is tied to this domain for password recovery purposes. Unless OP makes very sure to remove that e-mail address from the webmail account recovery process, having control of the domain may allow an attacker to take control over the webmail account, thus enabling access to any old e-mails stored in the webmail account. Now, is this a particularly likely scenario? I'd say no. But it's possible.
– a CVn
2 days ago
3
@hiburn8 That is incorrect. There is a domain name dispute process specifically for cases like that, and bad-faith use of a domain (selling fake lego from lego.com, for example), is explicitly a reason for a domain name to be taken away from its current owner.
– mbrig
2 days ago
|
show 8 more comments
Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?
If they register the domain name, they will receive all email being sent to it from that point on. They will not have retroactive access to previously sent emails. There is nothing to fundamentally prevent this.
Are there ways to prevent that or is the only option I have is to pay for the domain until I die?
You can request that all contacts to you encrypt their communications with PGP using your public key, which will prevent anyone who obtains the domain later from reading new messages, but it requires people actually use PGP, which may not be likely if you are distributing the address to average people in a business card. However, if you maintain or at least renew the domain for, say, 20 years, then what are the chances that anyone is going to seriously send an email to such an ancient address?
I asked the question on the Law Stack Exchange whether or not there would be any legal recourse to someone using your domain, and the answer was no: https://law.stackexchange.com/q/35917/15724
3
Unless OP already happens to have one, registering a trademark costs a lot more than registering a domain.
– Federico Poloni
2 days ago
5
@FedericoPoloni You do not need to explicitly register a trademark. Just use the trademark symbol (™) next to a logo or phrase and you will get a certain level of protection in many countries. However, getting a registered trademark (®) does cost money. Lack of a registered trademark might, however, prevent you from seeking damages under 15 U.S. Code § 1117 in the USA, and protections would be weaker. See also here.
– forest
2 days ago
6
Trademark protection against other people registering a domain has its limits. It will work against lego.newtld as Lego is a world wide brand and a registered trademark, though they might have to claim it when newtld is created to be sure to have it. It might not work with speterson.com, even if there is a company called Speterson with a trademark. If Steven Peterson registers it and uses it for something that is not in conflict with that trademark the Speterson company will not have an easy case.
– Bent
2 days ago
3
"They will not have retroactive access to previously sent emails." That statement should come with a bit of a caveat. Suppose OP has a webmail account somewhere, which is tied to this domain for password recovery purposes. Unless OP makes very sure to remove that e-mail address from the webmail account recovery process, having control of the domain may allow an attacker to take control over the webmail account, thus enabling access to any old e-mails stored in the webmail account. Now, is this a particularly likely scenario? I'd say no. But it's possible.
– a CVn
2 days ago
3
@hiburn8 That is incorrect. There is a domain name dispute process specifically for cases like that, and bad-faith use of a domain (selling fake lego from lego.com, for example), is explicitly a reason for a domain name to be taken away from its current owner.
– mbrig
2 days ago
|
show 8 more comments
Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?
If they register the domain name, they will receive all email being sent to it from that point on. They will not have retroactive access to previously sent emails. There is nothing to fundamentally prevent this.
Are there ways to prevent that or is the only option I have is to pay for the domain until I die?
You can request that all contacts to you encrypt their communications with PGP using your public key, which will prevent anyone who obtains the domain later from reading new messages, but it requires people actually use PGP, which may not be likely if you are distributing the address to average people in a business card. However, if you maintain or at least renew the domain for, say, 20 years, then what are the chances that anyone is going to seriously send an email to such an ancient address?
I asked the question on the Law Stack Exchange whether or not there would be any legal recourse to someone using your domain, and the answer was no: https://law.stackexchange.com/q/35917/15724
Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?
If they register the domain name, they will receive all email being sent to it from that point on. They will not have retroactive access to previously sent emails. There is nothing to fundamentally prevent this.
Are there ways to prevent that or is the only option I have is to pay for the domain until I die?
You can request that all contacts to you encrypt their communications with PGP using your public key, which will prevent anyone who obtains the domain later from reading new messages, but it requires people actually use PGP, which may not be likely if you are distributing the address to average people in a business card. However, if you maintain or at least renew the domain for, say, 20 years, then what are the chances that anyone is going to seriously send an email to such an ancient address?
I asked the question on the Law Stack Exchange whether or not there would be any legal recourse to someone using your domain, and the answer was no: https://law.stackexchange.com/q/35917/15724
edited yesterday
answered 2 days ago
forest
32.7k15106111
32.7k15106111
3
Unless OP already happens to have one, registering a trademark costs a lot more than registering a domain.
– Federico Poloni
2 days ago
5
@FedericoPoloni You do not need to explicitly register a trademark. Just use the trademark symbol (™) next to a logo or phrase and you will get a certain level of protection in many countries. However, getting a registered trademark (®) does cost money. Lack of a registered trademark might, however, prevent you from seeking damages under 15 U.S. Code § 1117 in the USA, and protections would be weaker. See also here.
– forest
2 days ago
6
Trademark protection against other people registering a domain has its limits. It will work against lego.newtld as Lego is a world wide brand and a registered trademark, though they might have to claim it when newtld is created to be sure to have it. It might not work with speterson.com, even if there is a company called Speterson with a trademark. If Steven Peterson registers it and uses it for something that is not in conflict with that trademark the Speterson company will not have an easy case.
– Bent
2 days ago
3
"They will not have retroactive access to previously sent emails." That statement should come with a bit of a caveat. Suppose OP has a webmail account somewhere, which is tied to this domain for password recovery purposes. Unless OP makes very sure to remove that e-mail address from the webmail account recovery process, having control of the domain may allow an attacker to take control over the webmail account, thus enabling access to any old e-mails stored in the webmail account. Now, is this a particularly likely scenario? I'd say no. But it's possible.
– a CVn
2 days ago
3
@hiburn8 That is incorrect. There is a domain name dispute process specifically for cases like that, and bad-faith use of a domain (selling fake lego from lego.com, for example), is explicitly a reason for a domain name to be taken away from its current owner.
– mbrig
2 days ago
|
show 8 more comments
3
Unless OP already happens to have one, registering a trademark costs a lot more than registering a domain.
– Federico Poloni
2 days ago
5
@FedericoPoloni You do not need to explicitly register a trademark. Just use the trademark symbol (™) next to a logo or phrase and you will get a certain level of protection in many countries. However, getting a registered trademark (®) does cost money. Lack of a registered trademark might, however, prevent you from seeking damages under 15 U.S. Code § 1117 in the USA, and protections would be weaker. See also here.
– forest
2 days ago
6
Trademark protection against other people registering a domain has its limits. It will work against lego.newtld as Lego is a world wide brand and a registered trademark, though they might have to claim it when newtld is created to be sure to have it. It might not work with speterson.com, even if there is a company called Speterson with a trademark. If Steven Peterson registers it and uses it for something that is not in conflict with that trademark the Speterson company will not have an easy case.
– Bent
2 days ago
3
"They will not have retroactive access to previously sent emails." That statement should come with a bit of a caveat. Suppose OP has a webmail account somewhere, which is tied to this domain for password recovery purposes. Unless OP makes very sure to remove that e-mail address from the webmail account recovery process, having control of the domain may allow an attacker to take control over the webmail account, thus enabling access to any old e-mails stored in the webmail account. Now, is this a particularly likely scenario? I'd say no. But it's possible.
– a CVn
2 days ago
3
@hiburn8 That is incorrect. There is a domain name dispute process specifically for cases like that, and bad-faith use of a domain (selling fake lego from lego.com, for example), is explicitly a reason for a domain name to be taken away from its current owner.
– mbrig
2 days ago
3
3
Unless OP already happens to have one, registering a trademark costs a lot more than registering a domain.
– Federico Poloni
2 days ago
Unless OP already happens to have one, registering a trademark costs a lot more than registering a domain.
– Federico Poloni
2 days ago
5
5
@FedericoPoloni You do not need to explicitly register a trademark. Just use the trademark symbol (™) next to a logo or phrase and you will get a certain level of protection in many countries. However, getting a registered trademark (®) does cost money. Lack of a registered trademark might, however, prevent you from seeking damages under 15 U.S. Code § 1117 in the USA, and protections would be weaker. See also here.
– forest
2 days ago
@FedericoPoloni You do not need to explicitly register a trademark. Just use the trademark symbol (™) next to a logo or phrase and you will get a certain level of protection in many countries. However, getting a registered trademark (®) does cost money. Lack of a registered trademark might, however, prevent you from seeking damages under 15 U.S. Code § 1117 in the USA, and protections would be weaker. See also here.
– forest
2 days ago
6
6
Trademark protection against other people registering a domain has its limits. It will work against lego.newtld as Lego is a world wide brand and a registered trademark, though they might have to claim it when newtld is created to be sure to have it. It might not work with speterson.com, even if there is a company called Speterson with a trademark. If Steven Peterson registers it and uses it for something that is not in conflict with that trademark the Speterson company will not have an easy case.
– Bent
2 days ago
Trademark protection against other people registering a domain has its limits. It will work against lego.newtld as Lego is a world wide brand and a registered trademark, though they might have to claim it when newtld is created to be sure to have it. It might not work with speterson.com, even if there is a company called Speterson with a trademark. If Steven Peterson registers it and uses it for something that is not in conflict with that trademark the Speterson company will not have an easy case.
– Bent
2 days ago
3
3
"They will not have retroactive access to previously sent emails." That statement should come with a bit of a caveat. Suppose OP has a webmail account somewhere, which is tied to this domain for password recovery purposes. Unless OP makes very sure to remove that e-mail address from the webmail account recovery process, having control of the domain may allow an attacker to take control over the webmail account, thus enabling access to any old e-mails stored in the webmail account. Now, is this a particularly likely scenario? I'd say no. But it's possible.
– a CVn
2 days ago
"They will not have retroactive access to previously sent emails." That statement should come with a bit of a caveat. Suppose OP has a webmail account somewhere, which is tied to this domain for password recovery purposes. Unless OP makes very sure to remove that e-mail address from the webmail account recovery process, having control of the domain may allow an attacker to take control over the webmail account, thus enabling access to any old e-mails stored in the webmail account. Now, is this a particularly likely scenario? I'd say no. But it's possible.
– a CVn
2 days ago
3
3
@hiburn8 That is incorrect. There is a domain name dispute process specifically for cases like that, and bad-faith use of a domain (selling fake lego from lego.com, for example), is explicitly a reason for a domain name to be taken away from its current owner.
– mbrig
2 days ago
@hiburn8 That is incorrect. There is a domain name dispute process specifically for cases like that, and bad-faith use of a domain (selling fake lego from lego.com, for example), is explicitly a reason for a domain name to be taken away from its current owner.
– mbrig
2 days ago
|
show 8 more comments
As others already mentioned: Yes keeping a domain name is the only way to be sure that nobody is going to receive emails sent to there.
That being said:
Just keeping a domain is often cheaper than using it
Of course everything depends on the provider, but as I understand you currently have currently more than 1 service (domain name, redirect?, email server?, hosting space?).
When your only objective is to prevent others from receiving your emails, it is sufficient to only renew the domain name, and you can avoid the costs for any further service.
add a comment |
As others already mentioned: Yes keeping a domain name is the only way to be sure that nobody is going to receive emails sent to there.
That being said:
Just keeping a domain is often cheaper than using it
Of course everything depends on the provider, but as I understand you currently have currently more than 1 service (domain name, redirect?, email server?, hosting space?).
When your only objective is to prevent others from receiving your emails, it is sufficient to only renew the domain name, and you can avoid the costs for any further service.
add a comment |
As others already mentioned: Yes keeping a domain name is the only way to be sure that nobody is going to receive emails sent to there.
That being said:
Just keeping a domain is often cheaper than using it
Of course everything depends on the provider, but as I understand you currently have currently more than 1 service (domain name, redirect?, email server?, hosting space?).
When your only objective is to prevent others from receiving your emails, it is sufficient to only renew the domain name, and you can avoid the costs for any further service.
As others already mentioned: Yes keeping a domain name is the only way to be sure that nobody is going to receive emails sent to there.
That being said:
Just keeping a domain is often cheaper than using it
Of course everything depends on the provider, but as I understand you currently have currently more than 1 service (domain name, redirect?, email server?, hosting space?).
When your only objective is to prevent others from receiving your emails, it is sufficient to only renew the domain name, and you can avoid the costs for any further service.
answered 2 days ago
Dennis Jaheruddin
1,143813
1,143813
add a comment |
add a comment |
It is pretty sure that someone will definitely buy your domain, as domain crawlers try to lock and resell, overpriced, domain names that people forget to renew. An MX record is not required in order to have mails delivered somewhere.
Thanks to @Criggie, if an MX record is not set, the Mail Transfer Agent will try to point to the root A record for that domain and open a connection to its port 25. So, the web server responding for the new buyer must also be capable of mail server.
Now, we need to estimate the odds that someone will effectively monitor the email address(es).
In my personal opinion, unless you are a person worth to target by a human interest, the best that the buyer company will do is just crawl sender email addresses for unsolicited bulk advertising purposes, namely spam. Not to inspect the real contents.
Update: non-scientific statistics
I tried to ping 5 of the domains I owned in the past. Out of them, one has been purchased in 2015 by what looks like to be a business whose name is meaningful to domain name, and they have set an MX record. The other 4 are not existent.
Are there ways to prevent that or is the only option I have is to pay for the domain until I die?
Use a long-term grace period
That means gradually decommission that domain. Keep it for now, e.g. renew for 2 years, but perhaps establish an auto-responder (or auto-refusal) email like
Greetings,
the email address me@mydomain.tld will be decommissioned by [2 years from now]. I kindly ask you to update your address book and send the email again to me@mydomain.biz.
For the privacy of both, it is important that you kindly implement this change as soon as possible
The last sentence explains the matter but is hard to understand for non-security-expert users.
I would expect emails sent to mydomain.tld will gradually decrease over time. Do not forget to update your business cards immediately and start using the new ones.
Eventually, there could still be someone, hopefully a handful, using your old email address after the grace period expires. What to do?
This is where maths come: put on a scale the total cost of lifetime ownership of the old domain name versus the economic losses that YOU will suffer in case a confidential mail is revealed to someone unauthorized. I said YOUR losses because if your customer/sender is a jerk and keeps sending sensitive material to the wrong address it may not be your business.
Comment
I don't personally like this question from the very beginning. ISPs, including the sender's, have full access to plaintext emails, some may be required by law to keep ("data retention") record for months or years. In the very end, plaintext email is not the best option to deal with sensitive contents.
Eventually, we trust major ISPs to protect our privacy. We trust them to...
1
It's true that plaintext email is far from ideal, but at least it requires an active attack or a position of privilege to access the contents. But anyone can register a domain once it has expired and been released.
– forest
yesterday
Note if a domainname's nameserver doesn't reply with a specific MX record, then MTAs are supposed to try a connection to the root A record of the domain, if it has one. A domain squatter will frequently point the root domain and the www. host at a webserver as advertising.
– Criggie
11 hours ago
add a comment |
It is pretty sure that someone will definitely buy your domain, as domain crawlers try to lock and resell, overpriced, domain names that people forget to renew. An MX record is not required in order to have mails delivered somewhere.
Thanks to @Criggie, if an MX record is not set, the Mail Transfer Agent will try to point to the root A record for that domain and open a connection to its port 25. So, the web server responding for the new buyer must also be capable of mail server.
Now, we need to estimate the odds that someone will effectively monitor the email address(es).
In my personal opinion, unless you are a person worth to target by a human interest, the best that the buyer company will do is just crawl sender email addresses for unsolicited bulk advertising purposes, namely spam. Not to inspect the real contents.
Update: non-scientific statistics
I tried to ping 5 of the domains I owned in the past. Out of them, one has been purchased in 2015 by what looks like to be a business whose name is meaningful to domain name, and they have set an MX record. The other 4 are not existent.
Are there ways to prevent that or is the only option I have is to pay for the domain until I die?
Use a long-term grace period
That means gradually decommission that domain. Keep it for now, e.g. renew for 2 years, but perhaps establish an auto-responder (or auto-refusal) email like
Greetings,
the email address me@mydomain.tld will be decommissioned by [2 years from now]. I kindly ask you to update your address book and send the email again to me@mydomain.biz.
For the privacy of both, it is important that you kindly implement this change as soon as possible
The last sentence explains the matter but is hard to understand for non-security-expert users.
I would expect emails sent to mydomain.tld will gradually decrease over time. Do not forget to update your business cards immediately and start using the new ones.
Eventually, there could still be someone, hopefully a handful, using your old email address after the grace period expires. What to do?
This is where maths come: put on a scale the total cost of lifetime ownership of the old domain name versus the economic losses that YOU will suffer in case a confidential mail is revealed to someone unauthorized. I said YOUR losses because if your customer/sender is a jerk and keeps sending sensitive material to the wrong address it may not be your business.
Comment
I don't personally like this question from the very beginning. ISPs, including the sender's, have full access to plaintext emails, some may be required by law to keep ("data retention") record for months or years. In the very end, plaintext email is not the best option to deal with sensitive contents.
Eventually, we trust major ISPs to protect our privacy. We trust them to...
1
It's true that plaintext email is far from ideal, but at least it requires an active attack or a position of privilege to access the contents. But anyone can register a domain once it has expired and been released.
– forest
yesterday
Note if a domainname's nameserver doesn't reply with a specific MX record, then MTAs are supposed to try a connection to the root A record of the domain, if it has one. A domain squatter will frequently point the root domain and the www. host at a webserver as advertising.
– Criggie
11 hours ago
add a comment |
It is pretty sure that someone will definitely buy your domain, as domain crawlers try to lock and resell, overpriced, domain names that people forget to renew. An MX record is not required in order to have mails delivered somewhere.
Thanks to @Criggie, if an MX record is not set, the Mail Transfer Agent will try to point to the root A record for that domain and open a connection to its port 25. So, the web server responding for the new buyer must also be capable of mail server.
Now, we need to estimate the odds that someone will effectively monitor the email address(es).
In my personal opinion, unless you are a person worth to target by a human interest, the best that the buyer company will do is just crawl sender email addresses for unsolicited bulk advertising purposes, namely spam. Not to inspect the real contents.
Update: non-scientific statistics
I tried to ping 5 of the domains I owned in the past. Out of them, one has been purchased in 2015 by what looks like to be a business whose name is meaningful to domain name, and they have set an MX record. The other 4 are not existent.
Are there ways to prevent that or is the only option I have is to pay for the domain until I die?
Use a long-term grace period
That means gradually decommission that domain. Keep it for now, e.g. renew for 2 years, but perhaps establish an auto-responder (or auto-refusal) email like
Greetings,
the email address me@mydomain.tld will be decommissioned by [2 years from now]. I kindly ask you to update your address book and send the email again to me@mydomain.biz.
For the privacy of both, it is important that you kindly implement this change as soon as possible
The last sentence explains the matter but is hard to understand for non-security-expert users.
I would expect emails sent to mydomain.tld will gradually decrease over time. Do not forget to update your business cards immediately and start using the new ones.
Eventually, there could still be someone, hopefully a handful, using your old email address after the grace period expires. What to do?
This is where maths come: put on a scale the total cost of lifetime ownership of the old domain name versus the economic losses that YOU will suffer in case a confidential mail is revealed to someone unauthorized. I said YOUR losses because if your customer/sender is a jerk and keeps sending sensitive material to the wrong address it may not be your business.
Comment
I don't personally like this question from the very beginning. ISPs, including the sender's, have full access to plaintext emails, some may be required by law to keep ("data retention") record for months or years. In the very end, plaintext email is not the best option to deal with sensitive contents.
Eventually, we trust major ISPs to protect our privacy. We trust them to...
It is pretty sure that someone will definitely buy your domain, as domain crawlers try to lock and resell, overpriced, domain names that people forget to renew. An MX record is not required in order to have mails delivered somewhere.
Thanks to @Criggie, if an MX record is not set, the Mail Transfer Agent will try to point to the root A record for that domain and open a connection to its port 25. So, the web server responding for the new buyer must also be capable of mail server.
Now, we need to estimate the odds that someone will effectively monitor the email address(es).
In my personal opinion, unless you are a person worth to target by a human interest, the best that the buyer company will do is just crawl sender email addresses for unsolicited bulk advertising purposes, namely spam. Not to inspect the real contents.
Update: non-scientific statistics
I tried to ping 5 of the domains I owned in the past. Out of them, one has been purchased in 2015 by what looks like to be a business whose name is meaningful to domain name, and they have set an MX record. The other 4 are not existent.
Are there ways to prevent that or is the only option I have is to pay for the domain until I die?
Use a long-term grace period
That means gradually decommission that domain. Keep it for now, e.g. renew for 2 years, but perhaps establish an auto-responder (or auto-refusal) email like
Greetings,
the email address me@mydomain.tld will be decommissioned by [2 years from now]. I kindly ask you to update your address book and send the email again to me@mydomain.biz.
For the privacy of both, it is important that you kindly implement this change as soon as possible
The last sentence explains the matter but is hard to understand for non-security-expert users.
I would expect emails sent to mydomain.tld will gradually decrease over time. Do not forget to update your business cards immediately and start using the new ones.
Eventually, there could still be someone, hopefully a handful, using your old email address after the grace period expires. What to do?
This is where maths come: put on a scale the total cost of lifetime ownership of the old domain name versus the economic losses that YOU will suffer in case a confidential mail is revealed to someone unauthorized. I said YOUR losses because if your customer/sender is a jerk and keeps sending sensitive material to the wrong address it may not be your business.
Comment
I don't personally like this question from the very beginning. ISPs, including the sender's, have full access to plaintext emails, some may be required by law to keep ("data retention") record for months or years. In the very end, plaintext email is not the best option to deal with sensitive contents.
Eventually, we trust major ISPs to protect our privacy. We trust them to...
edited 1 hour ago
answered yesterday
usr-local-ΕΨΗΕΛΩΝ
1,211415
1,211415
1
It's true that plaintext email is far from ideal, but at least it requires an active attack or a position of privilege to access the contents. But anyone can register a domain once it has expired and been released.
– forest
yesterday
Note if a domainname's nameserver doesn't reply with a specific MX record, then MTAs are supposed to try a connection to the root A record of the domain, if it has one. A domain squatter will frequently point the root domain and the www. host at a webserver as advertising.
– Criggie
11 hours ago
add a comment |
1
It's true that plaintext email is far from ideal, but at least it requires an active attack or a position of privilege to access the contents. But anyone can register a domain once it has expired and been released.
– forest
yesterday
Note if a domainname's nameserver doesn't reply with a specific MX record, then MTAs are supposed to try a connection to the root A record of the domain, if it has one. A domain squatter will frequently point the root domain and the www. host at a webserver as advertising.
– Criggie
11 hours ago
1
1
It's true that plaintext email is far from ideal, but at least it requires an active attack or a position of privilege to access the contents. But anyone can register a domain once it has expired and been released.
– forest
yesterday
It's true that plaintext email is far from ideal, but at least it requires an active attack or a position of privilege to access the contents. But anyone can register a domain once it has expired and been released.
– forest
yesterday
Note if a domainname's nameserver doesn't reply with a specific MX record, then MTAs are supposed to try a connection to the root A record of the domain, if it has one. A domain squatter will frequently point the root domain and the www. host at a webserver as advertising.
– Criggie
11 hours ago
Note if a domainname's nameserver doesn't reply with a specific MX record, then MTAs are supposed to try a connection to the root A record of the domain, if it has one. A domain squatter will frequently point the root domain and the www. host at a webserver as advertising.
– Criggie
11 hours ago
add a comment |
Yes, the new owner will be able to receive and read all your email. The only way to avoid this is to continue paying for the domain. It is not necessary to keep hosting - only pay the domain. If you prepay for 10 years, the price will be about $90 or less for .com
domain. It is important to remember the expiration after 10 years and the password. If the domain is not com/net/org, the price will be higher.
add a comment |
Yes, the new owner will be able to receive and read all your email. The only way to avoid this is to continue paying for the domain. It is not necessary to keep hosting - only pay the domain. If you prepay for 10 years, the price will be about $90 or less for .com
domain. It is important to remember the expiration after 10 years and the password. If the domain is not com/net/org, the price will be higher.
add a comment |
Yes, the new owner will be able to receive and read all your email. The only way to avoid this is to continue paying for the domain. It is not necessary to keep hosting - only pay the domain. If you prepay for 10 years, the price will be about $90 or less for .com
domain. It is important to remember the expiration after 10 years and the password. If the domain is not com/net/org, the price will be higher.
Yes, the new owner will be able to receive and read all your email. The only way to avoid this is to continue paying for the domain. It is not necessary to keep hosting - only pay the domain. If you prepay for 10 years, the price will be about $90 or less for .com
domain. It is important to remember the expiration after 10 years and the password. If the domain is not com/net/org, the price will be higher.
answered 7 hours ago
i486
1214
1214
add a comment |
add a comment |
Yes, the scenario described is completely possible. It happened to Google relatively recently when they lost control of google.com
and Microsoft back in 2003 with hotmail.co.uk
. Yes, those domains got bought. For Google's case:
...He also received emails with internal information, which he has
since reported to Google's security team, Ved said.
...His run of Google.com was short-lived though. Google Domains
canceled the sale a minute later...
For Microsoft, who lost control of a domain for an email service (possibly putting thousands in the situation you describe):
[Microsoft] managed to contact hotmail.co.uk's new owner, grovel at their mistake and sort out the mess. By all accounts, hotmail.co.uk will be returned in a few days.
The only way to be sure that confidential emails don't end up in the wrong hands is to own the domain indefinitely. However, as mentioned by usr-local-ΕΨΗΕΛΩΝ, you could balance your possible loss if a confidential email leaks versus the cost of owning the domain for a long time.
Practically, what you could do is replace your email (that uses the expiring domain) on sites that you registered for. Also inform your contacts to eschew your old email.
As an additional step, hold on to the domain for a year or ten and deliberately blackhole your MX records, so that senders who didn't get (or could not get) the memo would be greeted by errors. For Gmail, a sample would be
add a comment |
Yes, the scenario described is completely possible. It happened to Google relatively recently when they lost control of google.com
and Microsoft back in 2003 with hotmail.co.uk
. Yes, those domains got bought. For Google's case:
...He also received emails with internal information, which he has
since reported to Google's security team, Ved said.
...His run of Google.com was short-lived though. Google Domains
canceled the sale a minute later...
For Microsoft, who lost control of a domain for an email service (possibly putting thousands in the situation you describe):
[Microsoft] managed to contact hotmail.co.uk's new owner, grovel at their mistake and sort out the mess. By all accounts, hotmail.co.uk will be returned in a few days.
The only way to be sure that confidential emails don't end up in the wrong hands is to own the domain indefinitely. However, as mentioned by usr-local-ΕΨΗΕΛΩΝ, you could balance your possible loss if a confidential email leaks versus the cost of owning the domain for a long time.
Practically, what you could do is replace your email (that uses the expiring domain) on sites that you registered for. Also inform your contacts to eschew your old email.
As an additional step, hold on to the domain for a year or ten and deliberately blackhole your MX records, so that senders who didn't get (or could not get) the memo would be greeted by errors. For Gmail, a sample would be
add a comment |
Yes, the scenario described is completely possible. It happened to Google relatively recently when they lost control of google.com
and Microsoft back in 2003 with hotmail.co.uk
. Yes, those domains got bought. For Google's case:
...He also received emails with internal information, which he has
since reported to Google's security team, Ved said.
...His run of Google.com was short-lived though. Google Domains
canceled the sale a minute later...
For Microsoft, who lost control of a domain for an email service (possibly putting thousands in the situation you describe):
[Microsoft] managed to contact hotmail.co.uk's new owner, grovel at their mistake and sort out the mess. By all accounts, hotmail.co.uk will be returned in a few days.
The only way to be sure that confidential emails don't end up in the wrong hands is to own the domain indefinitely. However, as mentioned by usr-local-ΕΨΗΕΛΩΝ, you could balance your possible loss if a confidential email leaks versus the cost of owning the domain for a long time.
Practically, what you could do is replace your email (that uses the expiring domain) on sites that you registered for. Also inform your contacts to eschew your old email.
As an additional step, hold on to the domain for a year or ten and deliberately blackhole your MX records, so that senders who didn't get (or could not get) the memo would be greeted by errors. For Gmail, a sample would be
Yes, the scenario described is completely possible. It happened to Google relatively recently when they lost control of google.com
and Microsoft back in 2003 with hotmail.co.uk
. Yes, those domains got bought. For Google's case:
...He also received emails with internal information, which he has
since reported to Google's security team, Ved said.
...His run of Google.com was short-lived though. Google Domains
canceled the sale a minute later...
For Microsoft, who lost control of a domain for an email service (possibly putting thousands in the situation you describe):
[Microsoft] managed to contact hotmail.co.uk's new owner, grovel at their mistake and sort out the mess. By all accounts, hotmail.co.uk will be returned in a few days.
The only way to be sure that confidential emails don't end up in the wrong hands is to own the domain indefinitely. However, as mentioned by usr-local-ΕΨΗΕΛΩΝ, you could balance your possible loss if a confidential email leaks versus the cost of owning the domain for a long time.
Practically, what you could do is replace your email (that uses the expiring domain) on sites that you registered for. Also inform your contacts to eschew your old email.
As an additional step, hold on to the domain for a year or ten and deliberately blackhole your MX records, so that senders who didn't get (or could not get) the memo would be greeted by errors. For Gmail, a sample would be
edited 6 hours ago
answered 7 hours ago
pandalion98
265311
265311
add a comment |
add a comment |
This entire question, in a sense, is the polar opposite of what domain ownership, and even an email address is supposed to be: An identity you keep forever*. Or, at least, could.
Coca-cola owns cocacola.com because it provides a means of accessing the brand, which they will probably have forever*. Ditto for Intel, Amazon, Foot Locker, and so on. Your domain registrar probably used this exact form of marketing, that a domain provides YOU an identity forever*. They used this angle since the early 90s at least.
In essence, what you are trying to do is largely the opposite of the design goal of this product. You're trying to get rid of something intended for you to keep and maintain forever*.
Another thing to consider: I suppose, if there were a mechanism to allow a domain owner to decommission a domain permanently, that would suit your needs, but there isn't, because you don't entirely own your domain. It's more that you're leasing it.
*Well, you can replace "forever" with "until this no longer is viable" but hopefully you get the point.
New contributor
add a comment |
This entire question, in a sense, is the polar opposite of what domain ownership, and even an email address is supposed to be: An identity you keep forever*. Or, at least, could.
Coca-cola owns cocacola.com because it provides a means of accessing the brand, which they will probably have forever*. Ditto for Intel, Amazon, Foot Locker, and so on. Your domain registrar probably used this exact form of marketing, that a domain provides YOU an identity forever*. They used this angle since the early 90s at least.
In essence, what you are trying to do is largely the opposite of the design goal of this product. You're trying to get rid of something intended for you to keep and maintain forever*.
Another thing to consider: I suppose, if there were a mechanism to allow a domain owner to decommission a domain permanently, that would suit your needs, but there isn't, because you don't entirely own your domain. It's more that you're leasing it.
*Well, you can replace "forever" with "until this no longer is viable" but hopefully you get the point.
New contributor
add a comment |
This entire question, in a sense, is the polar opposite of what domain ownership, and even an email address is supposed to be: An identity you keep forever*. Or, at least, could.
Coca-cola owns cocacola.com because it provides a means of accessing the brand, which they will probably have forever*. Ditto for Intel, Amazon, Foot Locker, and so on. Your domain registrar probably used this exact form of marketing, that a domain provides YOU an identity forever*. They used this angle since the early 90s at least.
In essence, what you are trying to do is largely the opposite of the design goal of this product. You're trying to get rid of something intended for you to keep and maintain forever*.
Another thing to consider: I suppose, if there were a mechanism to allow a domain owner to decommission a domain permanently, that would suit your needs, but there isn't, because you don't entirely own your domain. It's more that you're leasing it.
*Well, you can replace "forever" with "until this no longer is viable" but hopefully you get the point.
New contributor
This entire question, in a sense, is the polar opposite of what domain ownership, and even an email address is supposed to be: An identity you keep forever*. Or, at least, could.
Coca-cola owns cocacola.com because it provides a means of accessing the brand, which they will probably have forever*. Ditto for Intel, Amazon, Foot Locker, and so on. Your domain registrar probably used this exact form of marketing, that a domain provides YOU an identity forever*. They used this angle since the early 90s at least.
In essence, what you are trying to do is largely the opposite of the design goal of this product. You're trying to get rid of something intended for you to keep and maintain forever*.
Another thing to consider: I suppose, if there were a mechanism to allow a domain owner to decommission a domain permanently, that would suit your needs, but there isn't, because you don't entirely own your domain. It's more that you're leasing it.
*Well, you can replace "forever" with "until this no longer is viable" but hopefully you get the point.
New contributor
New contributor
answered 7 hours ago
Crayoneater
1
1
New contributor
New contributor
add a comment |
add a comment |
Skiddie Hunter is a new contributor. Be nice, and check out our Code of Conduct.
Skiddie Hunter is a new contributor. Be nice, and check out our Code of Conduct.
Skiddie Hunter is a new contributor. Be nice, and check out our Code of Conduct.
Skiddie Hunter is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f200720%2fcan-someone-read-my-e-mail-if-i-lose-ownership-of-my-domain%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
3
About $14. Still pretty much for a student. But thanks for your answer. I'll probably pay for it another 5 years and then I'm gonna let it expire.
– Skiddie Hunter
2 days ago
34
$14 a year is nothing. Paying $140 over a period of 10 years is nothing (you won't be a student forever!). Forgo a cup of coffee during one day only once every three months and it'll pay for itself indefinitely.
– forest
2 days ago
6
Have you considered paying for a few more years and setting an "out of office" or "vacation auto-reply" saying that the domain will be dead after X years? That's what I did with my Gmail account when I divorced Google. It won't guarantee 100%, but how many people are likely to not contact you for 5 years, then suddenly do so after that? I guess it depends if this is a real life question or just academic.
– Mawg
2 days ago
12
@SkiddieHunter For sending credit card information e-mail was never an advisable choice. A website should use HTTP GET/POST over TLS for exchanging credit card information. And for a side business while you're a student, you really should probably use something more like PayPal where you never need to know or touch customers' credit card info at all. Even if you continue to own the domain, e-mail has never been a secure way to exchange information. It's generally unencrypted and viewable by anyone anywhere along the transmission path. Also, SMTP is about 37 years old, not over 50. :)
– reirab
2 days ago
7
@SkiddieHunter: Re: "Why hasn't e-mail been abolished and replaced by something newer and better that is, for example, based on security?" How do you expect to retain ownership of an identifier by which you can be reached without some sort of system equivalent to domain registration, in a way that's permanent across decades? Email addresses at domains registered 25+ years ago are still accessible. Do you honestly think you'll get that from anyone offering privately-controlled joke-of-a-service stuff intended to replace email?
– R..
yesterday