Can someone read my E-Mail if I lose ownership of my domain?

Let's assume I have a server set up with an email address like me@mydomain.tld. Now I have distributed my business card with the e-mail address to all people all over the world and they keep sending me confidential emails. But now I don't feel like paying for the domain mydomain.tld anymore.

Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?

No, I can't tell them to stop sending confidential mails because I can't contact them.

Are there ways to prevent that or is the only option I have is to pay for the domain until I die?

edited yesterday

Mawg

698724

asked 2 days ago

Skiddie Hunter

34829

New contributor

3

About $14. Still pretty much for a student. But thanks for your answer. I'll probably pay for it another 5 years and then I'm gonna let it expire.
– Skiddie Hunter
2 days ago

34

$14 a year is nothing. Paying $140 over a period of 10 years is nothing (you won't be a student forever!). Forgo a cup of coffee during one day only once every three months and it'll pay for itself indefinitely.
– forest
2 days ago

6

Have you considered paying for a few more years and setting an "out of office" or "vacation auto-reply" saying that the domain will be dead after X years? That's what I did with my Gmail account when I divorced Google. It won't guarantee 100%, but how many people are likely to not contact you for 5 years, then suddenly do so after that? I guess it depends if this is a real life question or just academic.
– Mawg
2 days ago

12

@SkiddieHunter For sending credit card information e-mail was never an advisable choice. A website should use HTTP GET/POST over TLS for exchanging credit card information. And for a side business while you're a student, you really should probably use something more like PayPal where you never need to know or touch customers' credit card info at all. Even if you continue to own the domain, e-mail has never been a secure way to exchange information. It's generally unencrypted and viewable by anyone anywhere along the transmission path. Also, SMTP is about 37 years old, not over 50. :)
– reirab
2 days ago

7

@SkiddieHunter: Re: "Why hasn't e-mail been abolished and replaced by something newer and better that is, for example, based on security?" How do you expect to retain ownership of an identifier by which you can be reached without some sort of system equivalent to domain registration, in a way that's permanent across decades? Email addresses at domains registered 25+ years ago are still accessible. Do you honestly think you'll get that from anyone offering privately-controlled joke-of-a-service stuff intended to replace email?
– R..
yesterday

|
show 4 more comments

Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?

No, I can't tell them to stop sending confidential mails because I can't contact them.

Are there ways to prevent that or is the only option I have is to pay for the domain until I die?

edited yesterday

Mawg

698724

asked 2 days ago

Skiddie Hunter

34829

New contributor

3

About $14. Still pretty much for a student. But thanks for your answer. I'll probably pay for it another 5 years and then I'm gonna let it expire.
– Skiddie Hunter
2 days ago

34

$14 a year is nothing. Paying $140 over a period of 10 years is nothing (you won't be a student forever!). Forgo a cup of coffee during one day only once every three months and it'll pay for itself indefinitely.
– forest
2 days ago

6

Have you considered paying for a few more years and setting an "out of office" or "vacation auto-reply" saying that the domain will be dead after X years? That's what I did with my Gmail account when I divorced Google. It won't guarantee 100%, but how many people are likely to not contact you for 5 years, then suddenly do so after that? I guess it depends if this is a real life question or just academic.
– Mawg
2 days ago

12

@SkiddieHunter For sending credit card information e-mail was never an advisable choice. A website should use HTTP GET/POST over TLS for exchanging credit card information. And for a side business while you're a student, you really should probably use something more like PayPal where you never need to know or touch customers' credit card info at all. Even if you continue to own the domain, e-mail has never been a secure way to exchange information. It's generally unencrypted and viewable by anyone anywhere along the transmission path. Also, SMTP is about 37 years old, not over 50. :)
– reirab
2 days ago

7

@SkiddieHunter: Re: "Why hasn't e-mail been abolished and replaced by something newer and better that is, for example, based on security?" How do you expect to retain ownership of an identifier by which you can be reached without some sort of system equivalent to domain registration, in a way that's permanent across decades? Email addresses at domains registered 25+ years ago are still accessible. Do you honestly think you'll get that from anyone offering privately-controlled joke-of-a-service stuff intended to replace email?
– R..
yesterday

|
show 4 more comments

Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?

No, I can't tell them to stop sending confidential mails because I can't contact them.

Are there ways to prevent that or is the only option I have is to pay for the domain until I die?

edited yesterday

Mawg

698724

asked 2 days ago

Skiddie Hunter

34829

New contributor

Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?

No, I can't tell them to stop sending confidential mails because I can't contact them.

Are there ways to prevent that or is the only option I have is to pay for the domain until I die?

email domain

edited yesterday

Mawg

698724

asked 2 days ago

Skiddie Hunter

34829

New contributor

edited yesterday

Mawg

698724

asked 2 days ago

Skiddie Hunter

34829

New contributor

edited yesterday

Mawg

698724

edited yesterday

Mawg

698724

edited yesterday

Mawg

698724

asked 2 days ago

Skiddie Hunter

34829

New contributor

asked 2 days ago

Skiddie Hunter

34829

asked 2 days ago

Skiddie Hunter

34829

New contributor

Skiddie Hunter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

3

About $14. Still pretty much for a student. But thanks for your answer. I'll probably pay for it another 5 years and then I'm gonna let it expire.
– Skiddie Hunter
2 days ago

34

$14 a year is nothing. Paying $140 over a period of 10 years is nothing (you won't be a student forever!). Forgo a cup of coffee during one day only once every three months and it'll pay for itself indefinitely.
– forest
2 days ago

6

Have you considered paying for a few more years and setting an "out of office" or "vacation auto-reply" saying that the domain will be dead after X years? That's what I did with my Gmail account when I divorced Google. It won't guarantee 100%, but how many people are likely to not contact you for 5 years, then suddenly do so after that? I guess it depends if this is a real life question or just academic.
– Mawg
2 days ago

12

@SkiddieHunter For sending credit card information e-mail was never an advisable choice. A website should use HTTP GET/POST over TLS for exchanging credit card information. And for a side business while you're a student, you really should probably use something more like PayPal where you never need to know or touch customers' credit card info at all. Even if you continue to own the domain, e-mail has never been a secure way to exchange information. It's generally unencrypted and viewable by anyone anywhere along the transmission path. Also, SMTP is about 37 years old, not over 50. :)
– reirab
2 days ago

7

@SkiddieHunter: Re: "Why hasn't e-mail been abolished and replaced by something newer and better that is, for example, based on security?" How do you expect to retain ownership of an identifier by which you can be reached without some sort of system equivalent to domain registration, in a way that's permanent across decades? Email addresses at domains registered 25+ years ago are still accessible. Do you honestly think you'll get that from anyone offering privately-controlled joke-of-a-service stuff intended to replace email?
– R..
yesterday

|
show 4 more comments

3

About $14. Still pretty much for a student. But thanks for your answer. I'll probably pay for it another 5 years and then I'm gonna let it expire.
– Skiddie Hunter
2 days ago

34

$14 a year is nothing. Paying $140 over a period of 10 years is nothing (you won't be a student forever!). Forgo a cup of coffee during one day only once every three months and it'll pay for itself indefinitely.
– forest
2 days ago

6

Have you considered paying for a few more years and setting an "out of office" or "vacation auto-reply" saying that the domain will be dead after X years? That's what I did with my Gmail account when I divorced Google. It won't guarantee 100%, but how many people are likely to not contact you for 5 years, then suddenly do so after that? I guess it depends if this is a real life question or just academic.
– Mawg
2 days ago

12

@SkiddieHunter For sending credit card information e-mail was never an advisable choice. A website should use HTTP GET/POST over TLS for exchanging credit card information. And for a side business while you're a student, you really should probably use something more like PayPal where you never need to know or touch customers' credit card info at all. Even if you continue to own the domain, e-mail has never been a secure way to exchange information. It's generally unencrypted and viewable by anyone anywhere along the transmission path. Also, SMTP is about 37 years old, not over 50. :)
– reirab
2 days ago

7

@SkiddieHunter: Re: "Why hasn't e-mail been abolished and replaced by something newer and better that is, for example, based on security?" How do you expect to retain ownership of an identifier by which you can be reached without some sort of system equivalent to domain registration, in a way that's permanent across decades? Email addresses at domains registered 25+ years ago are still accessible. Do you honestly think you'll get that from anyone offering privately-controlled joke-of-a-service stuff intended to replace email?
– R..
yesterday

About $14. Still pretty much for a student. But thanks for your answer. I'll probably pay for it another 5 years and then I'm gonna let it expire.
– Skiddie Hunter
2 days ago

$14 a year is nothing. Paying $140 over a period of 10 years is nothing (you won't be a student forever!). Forgo a cup of coffee during one day only once every three months and it'll pay for itself indefinitely.
– forest
2 days ago

Have you considered paying for a few more years and setting an "out of office" or "vacation auto-reply" saying that the domain will be dead after X years? That's what I did with my Gmail account when I divorced Google. It won't guarantee 100%, but how many people are likely to not contact you for 5 years, then suddenly do so after that? I guess it depends if this is a real life question or just academic.
– Mawg
2 days ago

@SkiddieHunter For sending credit card information e-mail was never an advisable choice. A website should use HTTP GET/POST over TLS for exchanging credit card information. And for a side business while you're a student, you really should probably use something more like PayPal where you never need to know or touch customers' credit card info at all. Even if you continue to own the domain, e-mail has never been a secure way to exchange information. It's generally unencrypted and viewable by anyone anywhere along the transmission path. Also, SMTP is about 37 years old, not over 50. :)
– reirab
2 days ago

@SkiddieHunter: Re: "Why hasn't e-mail been abolished and replaced by something newer and better that is, for example, based on security?" How do you expect to retain ownership of an identifier by which you can be reached without some sort of system equivalent to domain registration, in a way that's permanent across decades? Email addresses at domains registered 25+ years ago are still accessible. Do you honestly think you'll get that from anyone offering privately-controlled joke-of-a-service stuff intended to replace email?
– R..
yesterday

|
show 4 more comments

6 Answers
6

active

oldest

votes

Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?

If they register the domain name, they will receive all email being sent to it from that point on. They will not have retroactive access to previously sent emails. There is nothing to fundamentally prevent this.

Are there ways to prevent that or is the only option I have is to pay for the domain until I die?

You can request that all contacts to you encrypt their communications with PGP using your public key, which will prevent anyone who obtains the domain later from reading new messages, but it requires people actually use PGP, which may not be likely if you are distributing the address to average people in a business card. However, if you maintain or at least renew the domain for, say, 20 years, then what are the chances that anyone is going to seriously send an email to such an ancient address?

I asked the question on the Law Stack Exchange whether or not there would be any legal recourse to someone using your domain, and the answer was no: https://law.stackexchange.com/q/35917/15724

edited yesterday

answered 2 days ago

forest

32.7k15106111

3

Unless OP already happens to have one, registering a trademark costs a lot more than registering a domain.
– Federico Poloni
2 days ago

5

@FedericoPoloni You do not need to explicitly register a trademark. Just use the trademark symbol (™) next to a logo or phrase and you will get a certain level of protection in many countries. However, getting a registered trademark (®) does cost money. Lack of a registered trademark might, however, prevent you from seeking damages under 15 U.S. Code § 1117 in the USA, and protections would be weaker. See also here.
– forest
2 days ago

6

Trademark protection against other people registering a domain has its limits. It will work against lego.newtld as Lego is a world wide brand and a registered trademark, though they might have to claim it when newtld is created to be sure to have it. It might not work with speterson.com, even if there is a company called Speterson with a trademark. If Steven Peterson registers it and uses it for something that is not in conflict with that trademark the Speterson company will not have an easy case.
– Bent
2 days ago

3

"They will not have retroactive access to previously sent emails." That statement should come with a bit of a caveat. Suppose OP has a webmail account somewhere, which is tied to this domain for password recovery purposes. Unless OP makes very sure to remove that e-mail address from the webmail account recovery process, having control of the domain may allow an attacker to take control over the webmail account, thus enabling access to any old e-mails stored in the webmail account. Now, is this a particularly likely scenario? I'd say no. But it's possible.
– a CVn
2 days ago

3

@hiburn8 That is incorrect. There is a domain name dispute process specifically for cases like that, and bad-faith use of a domain (selling fake lego from lego.com, for example), is explicitly a reason for a domain name to be taken away from its current owner.
– mbrig
2 days ago

|
show 8 more comments

As others already mentioned: Yes keeping a domain name is the only way to be sure that nobody is going to receive emails sent to there.

That being said:

Just keeping a domain is often cheaper than using it

Of course everything depends on the provider, but as I understand you currently have currently more than 1 service (domain name, redirect?, email server?, hosting space?).

When your only objective is to prevent others from receiving your emails, it is sufficient to only renew the domain name, and you can avoid the costs for any further service.

answered 2 days ago

Dennis Jaheruddin

1,143813

add a comment |

It is pretty sure that someone will definitely buy your domain, as domain crawlers try to lock and resell, overpriced, domain names that people forget to renew. An MX record is not required in order to have mails delivered somewhere.

Thanks to @Criggie, if an MX record is not set, the Mail Transfer Agent will try to point to the root A record for that domain and open a connection to its port 25. So, the web server responding for the new buyer must also be capable of mail server.

Now, we need to estimate the odds that someone will effectively monitor the email address(es).

In my personal opinion, unless you are a person worth to target by a human interest, the best that the buyer company will do is just crawl sender email addresses for unsolicited bulk advertising purposes, namely spam. Not to inspect the real contents.

Update: non-scientific statistics

I tried to ping 5 of the domains I owned in the past. Out of them, one has been purchased in 2015 by what looks like to be a business whose name is meaningful to domain name, and they have set an MX record. The other 4 are not existent.

Are there ways to prevent that or is the only option I have is to pay for the domain until I die?

Use a long-term grace period

That means gradually decommission that domain. Keep it for now, e.g. renew for 2 years, but perhaps establish an auto-responder (or auto-refusal) email like

Greetings,

the email address me@mydomain.tld will be decommissioned by [2 years from now]. I kindly ask you to update your address book and send the email again to me@mydomain.biz.

For the privacy of both, it is important that you kindly implement this change as soon as possible

The last sentence explains the matter but is hard to understand for non-security-expert users.

I would expect emails sent to mydomain.tld will gradually decrease over time. Do not forget to update your business cards immediately and start using the new ones.

Eventually, there could still be someone, hopefully a handful, using your old email address after the grace period expires. What to do?

This is where maths come: put on a scale the total cost of lifetime ownership of the old domain name versus the economic losses that YOU will suffer in case a confidential mail is revealed to someone unauthorized. I said YOUR losses because if your customer/sender is a jerk and keeps sending sensitive material to the wrong address it may not be your business.

Comment

I don't personally like this question from the very beginning. ISPs, including the sender's, have full access to plaintext emails, some may be required by law to keep ("data retention") record for months or years. In the very end, plaintext email is not the best option to deal with sensitive contents.

Eventually, we trust major ISPs to protect our privacy. We trust them to...

edited 1 hour ago

answered yesterday

usr-local-ΕΨΗΕΛΩΝ

1,211415

1

It's true that plaintext email is far from ideal, but at least it requires an active attack or a position of privilege to access the contents. But anyone can register a domain once it has expired and been released.
– forest
yesterday

Note if a domainname's nameserver doesn't reply with a specific MX record, then MTAs are supposed to try a connection to the root A record of the domain, if it has one. A domain squatter will frequently point the root domain and the www. host at a webserver as advertising.
– Criggie
11 hours ago

add a comment |

Yes, the new owner will be able to receive and read all your email. The only way to avoid this is to continue paying for the domain. It is not necessary to keep hosting - only pay the domain. If you prepay for 10 years, the price will be about $90 or less for .com domain. It is important to remember the expiration after 10 years and the password. If the domain is not com/net/org, the price will be higher.

answered 7 hours ago

i486

1214

add a comment |

Yes, the scenario described is completely possible. It happened to Google relatively recently when they lost control of google.com and Microsoft back in 2003 with hotmail.co.uk. Yes, those domains got bought. For Google's case:

...He also received emails with internal information, which he has
since reported to Google's security team, Ved said.

...His run of Google.com was short-lived though. Google Domains
canceled the sale a minute later...

For Microsoft, who lost control of a domain for an email service (possibly putting thousands in the situation you describe):

[Microsoft] managed to contact hotmail.co.uk's new owner, grovel at their mistake and sort out the mess. By all accounts, hotmail.co.uk will be returned in a few days.

The only way to be sure that confidential emails don't end up in the wrong hands is to own the domain indefinitely. However, as mentioned by usr-local-ΕΨΗΕΛΩΝ, you could balance your possible loss if a confidential email leaks versus the cost of owning the domain for a long time.

Practically, what you could do is replace your email (that uses the expiring domain) on sites that you registered for. Also inform your contacts to eschew your old email.

As an additional step, hold on to the domain for a year or ten and deliberately blackhole your MX records, so that senders who didn't get (or could not get) the memo would be greeted by errors. For Gmail, a sample would be

Gmail - Message not delivered

edited 6 hours ago

answered 7 hours ago

pandalion98

265311

add a comment |

This entire question, in a sense, is the polar opposite of what domain ownership, and even an email address is supposed to be: An identity you keep forever*. Or, at least, could.

Coca-cola owns cocacola.com because it provides a means of accessing the brand, which they will probably have forever*. Ditto for Intel, Amazon, Foot Locker, and so on. Your domain registrar probably used this exact form of marketing, that a domain provides YOU an identity forever*. They used this angle since the early 90s at least.

In essence, what you are trying to do is largely the opposite of the design goal of this product. You're trying to get rid of something intended for you to keep and maintain forever*.

Another thing to consider: I suppose, if there were a mechanism to allow a domain owner to decommission a domain permanently, that would suit your needs, but there isn't, because you don't entirely own your domain. It's more that you're leasing it.

*Well, you can replace "forever" with "until this no longer is viable" but hopefully you get the point.

answered 7 hours ago

Crayoneater

New contributor

add a comment |

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});

}
});

Skiddie Hunter is a new contributor. Be nice, and check out our Code of Conduct.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f200720%2fcan-someone-read-my-e-mail-if-i-lose-ownership-of-my-domain%23new-answer', 'question_page');
}
);

Post as a guest

Name

Required, but never shown

6 Answers
6

active

oldest

votes

6 Answers
6

active

oldest

votes

Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?

Are there ways to prevent that or is the only option I have is to pay for the domain until I die?

I asked the question on the Law Stack Exchange whether or not there would be any legal recourse to someone using your domain, and the answer was no: https://law.stackexchange.com/q/35917/15724

edited yesterday

answered 2 days ago

forest

32.7k15106111

3

Unless OP already happens to have one, registering a trademark costs a lot more than registering a domain.
– Federico Poloni
2 days ago

5

@FedericoPoloni You do not need to explicitly register a trademark. Just use the trademark symbol (™) next to a logo or phrase and you will get a certain level of protection in many countries. However, getting a registered trademark (®) does cost money. Lack of a registered trademark might, however, prevent you from seeking damages under 15 U.S. Code § 1117 in the USA, and protections would be weaker. See also here.
– forest
2 days ago

6

Trademark protection against other people registering a domain has its limits. It will work against lego.newtld as Lego is a world wide brand and a registered trademark, though they might have to claim it when newtld is created to be sure to have it. It might not work with speterson.com, even if there is a company called Speterson with a trademark. If Steven Peterson registers it and uses it for something that is not in conflict with that trademark the Speterson company will not have an easy case.
– Bent
2 days ago

3

"They will not have retroactive access to previously sent emails." That statement should come with a bit of a caveat. Suppose OP has a webmail account somewhere, which is tied to this domain for password recovery purposes. Unless OP makes very sure to remove that e-mail address from the webmail account recovery process, having control of the domain may allow an attacker to take control over the webmail account, thus enabling access to any old e-mails stored in the webmail account. Now, is this a particularly likely scenario? I'd say no. But it's possible.
– a CVn
2 days ago

3

@hiburn8 That is incorrect. There is a domain name dispute process specifically for cases like that, and bad-faith use of a domain (selling fake lego from lego.com, for example), is explicitly a reason for a domain name to be taken away from its current owner.
– mbrig
2 days ago

|
show 8 more comments

Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?

Are there ways to prevent that or is the only option I have is to pay for the domain until I die?

I asked the question on the Law Stack Exchange whether or not there would be any legal recourse to someone using your domain, and the answer was no: https://law.stackexchange.com/q/35917/15724

edited yesterday

answered 2 days ago

forest

32.7k15106111

3

Unless OP already happens to have one, registering a trademark costs a lot more than registering a domain.
– Federico Poloni
2 days ago

5

@FedericoPoloni You do not need to explicitly register a trademark. Just use the trademark symbol (™) next to a logo or phrase and you will get a certain level of protection in many countries. However, getting a registered trademark (®) does cost money. Lack of a registered trademark might, however, prevent you from seeking damages under 15 U.S. Code § 1117 in the USA, and protections would be weaker. See also here.
– forest
2 days ago

6

Trademark protection against other people registering a domain has its limits. It will work against lego.newtld as Lego is a world wide brand and a registered trademark, though they might have to claim it when newtld is created to be sure to have it. It might not work with speterson.com, even if there is a company called Speterson with a trademark. If Steven Peterson registers it and uses it for something that is not in conflict with that trademark the Speterson company will not have an easy case.
– Bent
2 days ago

3

"They will not have retroactive access to previously sent emails." That statement should come with a bit of a caveat. Suppose OP has a webmail account somewhere, which is tied to this domain for password recovery purposes. Unless OP makes very sure to remove that e-mail address from the webmail account recovery process, having control of the domain may allow an attacker to take control over the webmail account, thus enabling access to any old e-mails stored in the webmail account. Now, is this a particularly likely scenario? I'd say no. But it's possible.
– a CVn
2 days ago

3

@hiburn8 That is incorrect. There is a domain name dispute process specifically for cases like that, and bad-faith use of a domain (selling fake lego from lego.com, for example), is explicitly a reason for a domain name to be taken away from its current owner.
– mbrig
2 days ago

|
show 8 more comments

Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?

Are there ways to prevent that or is the only option I have is to pay for the domain until I die?

I asked the question on the Law Stack Exchange whether or not there would be any legal recourse to someone using your domain, and the answer was no: https://law.stackexchange.com/q/35917/15724

edited yesterday

answered 2 days ago

forest

32.7k15106111

Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?

Are there ways to prevent that or is the only option I have is to pay for the domain until I die?

I asked the question on the Law Stack Exchange whether or not there would be any legal recourse to someone using your domain, and the answer was no: https://law.stackexchange.com/q/35917/15724

edited yesterday

answered 2 days ago

forest

32.7k15106111

edited yesterday

answered 2 days ago

forest

32.7k15106111

answered 2 days ago

forest

32.7k15106111

answered 2 days ago

forest

32.7k15106111

3

Unless OP already happens to have one, registering a trademark costs a lot more than registering a domain.
– Federico Poloni
2 days ago

5

@FedericoPoloni You do not need to explicitly register a trademark. Just use the trademark symbol (™) next to a logo or phrase and you will get a certain level of protection in many countries. However, getting a registered trademark (®) does cost money. Lack of a registered trademark might, however, prevent you from seeking damages under 15 U.S. Code § 1117 in the USA, and protections would be weaker. See also here.
– forest
2 days ago

6

Trademark protection against other people registering a domain has its limits. It will work against lego.newtld as Lego is a world wide brand and a registered trademark, though they might have to claim it when newtld is created to be sure to have it. It might not work with speterson.com, even if there is a company called Speterson with a trademark. If Steven Peterson registers it and uses it for something that is not in conflict with that trademark the Speterson company will not have an easy case.
– Bent
2 days ago

3

"They will not have retroactive access to previously sent emails." That statement should come with a bit of a caveat. Suppose OP has a webmail account somewhere, which is tied to this domain for password recovery purposes. Unless OP makes very sure to remove that e-mail address from the webmail account recovery process, having control of the domain may allow an attacker to take control over the webmail account, thus enabling access to any old e-mails stored in the webmail account. Now, is this a particularly likely scenario? I'd say no. But it's possible.
– a CVn
2 days ago

3

@hiburn8 That is incorrect. There is a domain name dispute process specifically for cases like that, and bad-faith use of a domain (selling fake lego from lego.com, for example), is explicitly a reason for a domain name to be taken away from its current owner.
– mbrig
2 days ago

|
show 8 more comments

3

Unless OP already happens to have one, registering a trademark costs a lot more than registering a domain.
– Federico Poloni
2 days ago

5

@FedericoPoloni You do not need to explicitly register a trademark. Just use the trademark symbol (™) next to a logo or phrase and you will get a certain level of protection in many countries. However, getting a registered trademark (®) does cost money. Lack of a registered trademark might, however, prevent you from seeking damages under 15 U.S. Code § 1117 in the USA, and protections would be weaker. See also here.
– forest
2 days ago

6

Trademark protection against other people registering a domain has its limits. It will work against lego.newtld as Lego is a world wide brand and a registered trademark, though they might have to claim it when newtld is created to be sure to have it. It might not work with speterson.com, even if there is a company called Speterson with a trademark. If Steven Peterson registers it and uses it for something that is not in conflict with that trademark the Speterson company will not have an easy case.
– Bent
2 days ago

3

"They will not have retroactive access to previously sent emails." That statement should come with a bit of a caveat. Suppose OP has a webmail account somewhere, which is tied to this domain for password recovery purposes. Unless OP makes very sure to remove that e-mail address from the webmail account recovery process, having control of the domain may allow an attacker to take control over the webmail account, thus enabling access to any old e-mails stored in the webmail account. Now, is this a particularly likely scenario? I'd say no. But it's possible.
– a CVn
2 days ago

3

@hiburn8 That is incorrect. There is a domain name dispute process specifically for cases like that, and bad-faith use of a domain (selling fake lego from lego.com, for example), is explicitly a reason for a domain name to be taken away from its current owner.
– mbrig
2 days ago

Unless OP already happens to have one, registering a trademark costs a lot more than registering a domain.
– Federico Poloni
2 days ago

@FedericoPoloni You do not need to explicitly register a trademark. Just use the trademark symbol (™) next to a logo or phrase and you will get a certain level of protection in many countries. However, getting a registered trademark (®) does cost money. Lack of a registered trademark might, however, prevent you from seeking damages under 15 U.S. Code § 1117 in the USA, and protections would be weaker. See also here.
– forest
2 days ago

Trademark protection against other people registering a domain has its limits. It will work against lego.newtld as Lego is a world wide brand and a registered trademark, though they might have to claim it when newtld is created to be sure to have it. It might not work with speterson.com, even if there is a company called Speterson with a trademark. If Steven Peterson registers it and uses it for something that is not in conflict with that trademark the Speterson company will not have an easy case.
– Bent
2 days ago

"They will not have retroactive access to previously sent emails." That statement should come with a bit of a caveat. Suppose OP has a webmail account somewhere, which is tied to this domain for password recovery purposes. Unless OP makes very sure to remove that e-mail address from the webmail account recovery process, having control of the domain may allow an attacker to take control over the webmail account, thus enabling access to any old e-mails stored in the webmail account. Now, is this a particularly likely scenario? I'd say no. But it's possible.
– a CVn
2 days ago

@hiburn8 That is incorrect. There is a domain name dispute process specifically for cases like that, and bad-faith use of a domain (selling fake lego from lego.com, for example), is explicitly a reason for a domain name to be taken away from its current owner.
– mbrig
2 days ago

|
show 8 more comments

As others already mentioned: Yes keeping a domain name is the only way to be sure that nobody is going to receive emails sent to there.

That being said:

Just keeping a domain is often cheaper than using it

Of course everything depends on the provider, but as I understand you currently have currently more than 1 service (domain name, redirect?, email server?, hosting space?).

When your only objective is to prevent others from receiving your emails, it is sufficient to only renew the domain name, and you can avoid the costs for any further service.

answered 2 days ago

Dennis Jaheruddin

1,143813

add a comment |

As others already mentioned: Yes keeping a domain name is the only way to be sure that nobody is going to receive emails sent to there.

That being said:

Just keeping a domain is often cheaper than using it

Of course everything depends on the provider, but as I understand you currently have currently more than 1 service (domain name, redirect?, email server?, hosting space?).

When your only objective is to prevent others from receiving your emails, it is sufficient to only renew the domain name, and you can avoid the costs for any further service.

answered 2 days ago

Dennis Jaheruddin

1,143813

add a comment |

As others already mentioned: Yes keeping a domain name is the only way to be sure that nobody is going to receive emails sent to there.

That being said:

Just keeping a domain is often cheaper than using it

Of course everything depends on the provider, but as I understand you currently have currently more than 1 service (domain name, redirect?, email server?, hosting space?).

When your only objective is to prevent others from receiving your emails, it is sufficient to only renew the domain name, and you can avoid the costs for any further service.

answered 2 days ago

Dennis Jaheruddin

1,143813

As others already mentioned: Yes keeping a domain name is the only way to be sure that nobody is going to receive emails sent to there.

That being said:

Just keeping a domain is often cheaper than using it

Of course everything depends on the provider, but as I understand you currently have currently more than 1 service (domain name, redirect?, email server?, hosting space?).

When your only objective is to prevent others from receiving your emails, it is sufficient to only renew the domain name, and you can avoid the costs for any further service.

answered 2 days ago

Dennis Jaheruddin

1,143813

answered 2 days ago

Dennis Jaheruddin

1,143813

answered 2 days ago

Dennis Jaheruddin

1,143813

answered 2 days ago

Dennis Jaheruddin

1,143813

add a comment |

Now, we need to estimate the odds that someone will effectively monitor the email address(es).

Update: non-scientific statistics

Are there ways to prevent that or is the only option I have is to pay for the domain until I die?

Use a long-term grace period

That means gradually decommission that domain. Keep it for now, e.g. renew for 2 years, but perhaps establish an auto-responder (or auto-refusal) email like

Greetings,

the email address me@mydomain.tld will be decommissioned by [2 years from now]. I kindly ask you to update your address book and send the email again to me@mydomain.biz.

For the privacy of both, it is important that you kindly implement this change as soon as possible

The last sentence explains the matter but is hard to understand for non-security-expert users.

I would expect emails sent to mydomain.tld will gradually decrease over time. Do not forget to update your business cards immediately and start using the new ones.

Eventually, there could still be someone, hopefully a handful, using your old email address after the grace period expires. What to do?

Comment

Eventually, we trust major ISPs to protect our privacy. We trust them to...

edited 1 hour ago

answered yesterday

usr-local-ΕΨΗΕΛΩΝ

1,211415

1

It's true that plaintext email is far from ideal, but at least it requires an active attack or a position of privilege to access the contents. But anyone can register a domain once it has expired and been released.
– forest
yesterday

Note if a domainname's nameserver doesn't reply with a specific MX record, then MTAs are supposed to try a connection to the root A record of the domain, if it has one. A domain squatter will frequently point the root domain and the www. host at a webserver as advertising.
– Criggie
11 hours ago

add a comment |

Now, we need to estimate the odds that someone will effectively monitor the email address(es).

Update: non-scientific statistics

Are there ways to prevent that or is the only option I have is to pay for the domain until I die?

Use a long-term grace period

That means gradually decommission that domain. Keep it for now, e.g. renew for 2 years, but perhaps establish an auto-responder (or auto-refusal) email like

Greetings,

the email address me@mydomain.tld will be decommissioned by [2 years from now]. I kindly ask you to update your address book and send the email again to me@mydomain.biz.

For the privacy of both, it is important that you kindly implement this change as soon as possible

The last sentence explains the matter but is hard to understand for non-security-expert users.

I would expect emails sent to mydomain.tld will gradually decrease over time. Do not forget to update your business cards immediately and start using the new ones.

Eventually, there could still be someone, hopefully a handful, using your old email address after the grace period expires. What to do?

Comment

Eventually, we trust major ISPs to protect our privacy. We trust them to...

edited 1 hour ago

answered yesterday

usr-local-ΕΨΗΕΛΩΝ

1,211415

1

It's true that plaintext email is far from ideal, but at least it requires an active attack or a position of privilege to access the contents. But anyone can register a domain once it has expired and been released.
– forest
yesterday

Note if a domainname's nameserver doesn't reply with a specific MX record, then MTAs are supposed to try a connection to the root A record of the domain, if it has one. A domain squatter will frequently point the root domain and the www. host at a webserver as advertising.
– Criggie
11 hours ago

add a comment |

Now, we need to estimate the odds that someone will effectively monitor the email address(es).

Update: non-scientific statistics

Are there ways to prevent that or is the only option I have is to pay for the domain until I die?

Use a long-term grace period

That means gradually decommission that domain. Keep it for now, e.g. renew for 2 years, but perhaps establish an auto-responder (or auto-refusal) email like

Greetings,

the email address me@mydomain.tld will be decommissioned by [2 years from now]. I kindly ask you to update your address book and send the email again to me@mydomain.biz.

For the privacy of both, it is important that you kindly implement this change as soon as possible

The last sentence explains the matter but is hard to understand for non-security-expert users.

I would expect emails sent to mydomain.tld will gradually decrease over time. Do not forget to update your business cards immediately and start using the new ones.

Eventually, there could still be someone, hopefully a handful, using your old email address after the grace period expires. What to do?

Comment

Eventually, we trust major ISPs to protect our privacy. We trust them to...

edited 1 hour ago

answered yesterday

usr-local-ΕΨΗΕΛΩΝ

1,211415

Now, we need to estimate the odds that someone will effectively monitor the email address(es).

Update: non-scientific statistics

Are there ways to prevent that or is the only option I have is to pay for the domain until I die?

Use a long-term grace period

That means gradually decommission that domain. Keep it for now, e.g. renew for 2 years, but perhaps establish an auto-responder (or auto-refusal) email like

Greetings,

the email address me@mydomain.tld will be decommissioned by [2 years from now]. I kindly ask you to update your address book and send the email again to me@mydomain.biz.

For the privacy of both, it is important that you kindly implement this change as soon as possible

The last sentence explains the matter but is hard to understand for non-security-expert users.

I would expect emails sent to mydomain.tld will gradually decrease over time. Do not forget to update your business cards immediately and start using the new ones.

Eventually, there could still be someone, hopefully a handful, using your old email address after the grace period expires. What to do?

Comment

Eventually, we trust major ISPs to protect our privacy. We trust them to...

edited 1 hour ago

answered yesterday

usr-local-ΕΨΗΕΛΩΝ

1,211415

edited 1 hour ago

answered yesterday

usr-local-ΕΨΗΕΛΩΝ

1,211415

answered yesterday

usr-local-ΕΨΗΕΛΩΝ

1,211415

answered yesterday

usr-local-ΕΨΗΕΛΩΝ

1,211415

1

It's true that plaintext email is far from ideal, but at least it requires an active attack or a position of privilege to access the contents. But anyone can register a domain once it has expired and been released.
– forest
yesterday

Note if a domainname's nameserver doesn't reply with a specific MX record, then MTAs are supposed to try a connection to the root A record of the domain, if it has one. A domain squatter will frequently point the root domain and the www. host at a webserver as advertising.
– Criggie
11 hours ago

add a comment |

1

It's true that plaintext email is far from ideal, but at least it requires an active attack or a position of privilege to access the contents. But anyone can register a domain once it has expired and been released.
– forest
yesterday

Note if a domainname's nameserver doesn't reply with a specific MX record, then MTAs are supposed to try a connection to the root A record of the domain, if it has one. A domain squatter will frequently point the root domain and the www. host at a webserver as advertising.
– Criggie
11 hours ago

It's true that plaintext email is far from ideal, but at least it requires an active attack or a position of privilege to access the contents. But anyone can register a domain once it has expired and been released.
– forest
yesterday

Note if a domainname's nameserver doesn't reply with a specific MX record, then MTAs are supposed to try a connection to the root A record of the domain, if it has one. A domain squatter will frequently point the root domain and the www. host at a webserver as advertising.
– Criggie
11 hours ago

add a comment |

answered 7 hours ago

i486

1214

add a comment |

answered 7 hours ago

i486

1214

add a comment |

answered 7 hours ago

i486

1214

answered 7 hours ago

i486

1214

answered 7 hours ago

i486

1214

answered 7 hours ago

i486

1214

answered 7 hours ago

i486

1214

add a comment |

...He also received emails with internal information, which he has
since reported to Google's security team, Ved said.

...His run of Google.com was short-lived though. Google Domains
canceled the sale a minute later...

For Microsoft, who lost control of a domain for an email service (possibly putting thousands in the situation you describe):

[Microsoft] managed to contact hotmail.co.uk's new owner, grovel at their mistake and sort out the mess. By all accounts, hotmail.co.uk will be returned in a few days.

Practically, what you could do is replace your email (that uses the expiring domain) on sites that you registered for. Also inform your contacts to eschew your old email.

Gmail - Message not delivered

edited 6 hours ago

answered 7 hours ago

pandalion98

265311

add a comment |

...He also received emails with internal information, which he has
since reported to Google's security team, Ved said.

...His run of Google.com was short-lived though. Google Domains
canceled the sale a minute later...

For Microsoft, who lost control of a domain for an email service (possibly putting thousands in the situation you describe):

[Microsoft] managed to contact hotmail.co.uk's new owner, grovel at their mistake and sort out the mess. By all accounts, hotmail.co.uk will be returned in a few days.

Practically, what you could do is replace your email (that uses the expiring domain) on sites that you registered for. Also inform your contacts to eschew your old email.

Gmail - Message not delivered

edited 6 hours ago

answered 7 hours ago

pandalion98

265311

add a comment |

...He also received emails with internal information, which he has
since reported to Google's security team, Ved said.

...His run of Google.com was short-lived though. Google Domains
canceled the sale a minute later...

For Microsoft, who lost control of a domain for an email service (possibly putting thousands in the situation you describe):

[Microsoft] managed to contact hotmail.co.uk's new owner, grovel at their mistake and sort out the mess. By all accounts, hotmail.co.uk will be returned in a few days.

Practically, what you could do is replace your email (that uses the expiring domain) on sites that you registered for. Also inform your contacts to eschew your old email.

Gmail - Message not delivered

edited 6 hours ago

answered 7 hours ago

pandalion98

265311

...He also received emails with internal information, which he has
since reported to Google's security team, Ved said.

...His run of Google.com was short-lived though. Google Domains
canceled the sale a minute later...

For Microsoft, who lost control of a domain for an email service (possibly putting thousands in the situation you describe):

[Microsoft] managed to contact hotmail.co.uk's new owner, grovel at their mistake and sort out the mess. By all accounts, hotmail.co.uk will be returned in a few days.

Practically, what you could do is replace your email (that uses the expiring domain) on sites that you registered for. Also inform your contacts to eschew your old email.

Gmail - Message not delivered

edited 6 hours ago

answered 7 hours ago

pandalion98

265311

edited 6 hours ago

answered 7 hours ago

pandalion98

265311

answered 7 hours ago

pandalion98

265311

answered 7 hours ago

pandalion98

265311

add a comment |

This entire question, in a sense, is the polar opposite of what domain ownership, and even an email address is supposed to be: An identity you keep forever*. Or, at least, could.

In essence, what you are trying to do is largely the opposite of the design goal of this product. You're trying to get rid of something intended for you to keep and maintain forever*.

*Well, you can replace "forever" with "until this no longer is viable" but hopefully you get the point.

answered 7 hours ago

Crayoneater

New contributor

add a comment |

This entire question, in a sense, is the polar opposite of what domain ownership, and even an email address is supposed to be: An identity you keep forever*. Or, at least, could.

In essence, what you are trying to do is largely the opposite of the design goal of this product. You're trying to get rid of something intended for you to keep and maintain forever*.

*Well, you can replace "forever" with "until this no longer is viable" but hopefully you get the point.

answered 7 hours ago

Crayoneater

New contributor

add a comment |

This entire question, in a sense, is the polar opposite of what domain ownership, and even an email address is supposed to be: An identity you keep forever*. Or, at least, could.

In essence, what you are trying to do is largely the opposite of the design goal of this product. You're trying to get rid of something intended for you to keep and maintain forever*.

*Well, you can replace "forever" with "until this no longer is viable" but hopefully you get the point.

answered 7 hours ago

Crayoneater

New contributor

This entire question, in a sense, is the polar opposite of what domain ownership, and even an email address is supposed to be: An identity you keep forever*. Or, at least, could.

In essence, what you are trying to do is largely the opposite of the design goal of this product. You're trying to get rid of something intended for you to keep and maintain forever*.

*Well, you can replace "forever" with "until this no longer is viable" but hopefully you get the point.

answered 7 hours ago

Crayoneater

New contributor

answered 7 hours ago

Crayoneater

New contributor

answered 7 hours ago

Crayoneater

answered 7 hours ago

Crayoneater

New contributor

Crayoneater is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment |

Skiddie Hunter is a new contributor. Be nice, and check out our Code of Conduct.

draft saved

draft discarded

Skiddie Hunter is a new contributor. Be nice, and check out our Code of Conduct.

Thanks for contributing an answer to Information Security Stack Exchange!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

Some of your past answers have not been well-received, and you're in danger of being blocked from answering.

Please pay close attention to the following guidance:

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Mfrhtyj

Can someone read my E-Mail if I lose ownership of my domain?

6 Answers
6

Just keeping a domain is often cheaper than using it

Update: non-scientific statistics

Use a long-term grace period

Comment

Your Answer

Post as a guest

6 Answers
6

6 Answers
6

Just keeping a domain is often cheaper than using it

Just keeping a domain is often cheaper than using it

Just keeping a domain is often cheaper than using it

Just keeping a domain is often cheaper than using it

Update: non-scientific statistics

Use a long-term grace period

Comment

Update: non-scientific statistics

Use a long-term grace period

Comment

Update: non-scientific statistics

Use a long-term grace period

Comment

Update: non-scientific statistics

Use a long-term grace period

Comment

Post as a guest

Popular posts from this blog

An IMO inspired problem

Management

Has there ever been an instance of an active nuclear power plant within or near a war zone?

Can someone read my E-Mail if I lose ownership of my domain?

6 Answers 6

Just keeping a domain is often cheaper than using it

Update: non-scientific statistics

Use a long-term grace period

Comment

Your Answer

Sign up or log in

Post as a guest

Post as a guest

6 Answers 6

6 Answers 6

Just keeping a domain is often cheaper than using it

Just keeping a domain is often cheaper than using it

Just keeping a domain is often cheaper than using it

Just keeping a domain is often cheaper than using it

Update: non-scientific statistics

Use a long-term grace period

Comment

Update: non-scientific statistics

Use a long-term grace period

Comment

Update: non-scientific statistics

Use a long-term grace period

Comment

Update: non-scientific statistics

Use a long-term grace period

Comment

Sign up or log in

Post as a guest

Post as a guest

Sign up or log in

Post as a guest

Sign up or log in

Post as a guest

Sign up or log in

Post as a guest

Popular posts from this blog

An IMO inspired problem

Management

Has there ever been an instance of an active nuclear power plant within or near a war zone?

6 Answers
6

6 Answers
6

6 Answers
6