Home / Blogs

What Is the Domain Name Expiry Cycle and Why Should You Know About It?

Protect your privacy:  Get NordVPN  [73% off 2-year plans, 3 extra months]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

Domain names are registered by the thousands every day. In July 2021, 236,336 domains were newly registered daily on average across all top-level domains (TLDs). Tens of thousands were also newly expired. Other months could be just as busy.

“Newly registered” and “newly expired.” Those are two terms I often get questions about. Newly registered domains are domains that someone just reserved, typically through a registrar or web hosting company. Newly expired domains, meanwhile, are those domains that someone had reserved but decided to let go for one reason or another.

Everything that happens after someone decides not to renew a domain can be referred to as the “domain name expiry cycle.”

Now, why is it even remotely relevant to know about the domain name expiry cycle?

The short answer is that understanding this cycle can help you better manage the domain names that are essential to you or your organization. It can also help you ensure that you do not let any of those essential domain names slip away.

Cursed was the guy (or gal) at Marketo who forgot to renew “marketo.com” on time—essentially leading to the company’s main website going down for a bit. That’s not to mention complete app failure and operations paralysis as clients couldn’t log in to their accounts. While that story had a happy ending as a white-knight geek took steps to rescue the domain, others weren’t as lucky.

Often, cybersquatters are on the lookout for expired domains.

Wesley Perkins, who repetitively registered domain names that businesses failed to renew on time, is one of them. Perkins is known for asking exorbitant amounts in return for the domain names’ transfer. Among the domain names that fell into his hands when they expired were:

Despite favorable decisions awarding the disputed domains back to their previous owners, the complainants may have suffered damages not limited to financial losses. Perkins was known for redirecting domains to adult sites, an association that could hurt the reputation of any organization.

Note that it’s also possible to lose beloved domain names after filing a dispute. An example would be titoni[.]com (WIPO Case No. D2019-0395). Titoni AG, the original owner of the domain, failed to renew the registration. After some time, Synergy Technologies, LLC registered it. The Panel denied the original owner’s complaint, stating the below:

“The Panel wishes to emphasize that it does not assume that all erroneously lapsed domain name renewals are evidence of the bad faith registration of the domain name by a new holder. Nor does the Panel believe that the Policy is designed primarily to make up for the mistakes or negligence of Registrars or Complainants in ensuring that domain names get renewed, however unfortunate that may be.”

The bottom line is, when we let domain names expire, we essentially risk sending them back to the pool of available domain names, and somebody else can pick them up. This scenario may cause several problems, including being associated with cybersquatters or losing one or more mission-critical domains for good.

The Domain Name Expiry Cycle

The book Managing Mission-Critical Domains and DNS, which I am a big fan of, explains the domain name expiry life cycle in great detail. Here is the timeline that can be derived from it:

Day 0: Expiration Day

A domain name’s expiration date indicated on its WHOIS record marks the beginning of the cycle. Failure to renew the registration on that day will prompt the registrar to remove its nameserver. At this point, the domain name stops resolving. Website visitors are greeted with a message that says something like, “This site can’t be reached.”

Day 1 to 45: Registrant Grace Period

At that point, the domain enters the Registrant Grace Period (RGP) that lasts up to 45 days. The previous registrant can still go through the usual renewal process, though it’s not risk-free. In fact, the registrar has the possibility to perform a “direct transfer” during that period—meaning that the domain could be transferred to another party.

That said, most registrars will park the domain around the third to about the fifth day after the expiration date. The nameservers indicated in the WHOIS records would typically be changed to something like ns1[.]fatcow-expired[.]domainparkingserver[.]net and ns2[.]fatcow-expired[.]domainparkingserver[.]net.

On the parked page, the registrar can display ads or inform other parties about its intention to auction the domain. Other parties can also express their interest in buying the domain, especially if it is popular, heavily backlinked, or generic.

Day 46: Redemption Period

After day 45, the domain is returned to the registry and enters the Redemption Period. At this point, only the previous registrant can redeem the domain but at an additional cost.

The domain’s WHOIS record would indicate the statuses redemptionPeriod and clientTransferProhibited.

Day 90: Pending Delete Period

The domain remains in the Redemption Period for up to 45 days. After that, or on day 90, the domain enters the PendingDelete period. This status means that it is too late to renew or redeem the domain. It will be deleted after five days and marked available for anyone to register.

A Few Takeaways from the Domain Name Expiry Cycle

The domain name expiry cycle teaches us several important things, which include:

  • Failing to renew domain names can be a hassle. Up to 45 days after letting the domain expire, anyone (including cybersquatters and competitors) could be able to take over the domain. Registrars would understandably try to earn money off the domain.
  • An “available” domain is not necessarily a “new” domain. It could be one of the domains that went through the whole cycle and got deleted by the registry. The domain could have been reported malicious and placed under clientHold status.

All stages of the cycle are indicated in the domain’s WHOIS records. Clients who want to purchase an “available” domain may want to check its historical WHOIS details first as part of a background check.

Analyzing the Expiry Cycle of a Malicious Domain Name

Aside from the normal statuses reflecting the natural life cycle of a domain name described above, the historical WHOIS records of malicious domains may be different. How so? Let’s illustrate this using the domain securityonline-reviewaccountlimitedonline[.]com. Some facts about this domain:

  • It has been flagged as “dangerous.”

  • It is currently available. Anyone can register the domain.

The WHOIS history timeline of the malicious domain can be illustrated as follows:

Less than a month after securityonline-reviewaccountlimitedonline[.]com was created, its status changed to clientHold, although all other WHOIS details remained unchanged. This status is one of the flags set by registrars that could indicate verification, billing, or legal disputes.

Since we are dealing with a malicious domain, it is highly probable that the clientHold status stemmed from being involved in malicious activities. What’s more, a domain that is being held is no longer activated in the DNS and, therefore, should not resolve.

Essentially, this example shows us that clients who want to buy an available domain may first want to look out for such red flags in the domain’s WHOIS history. Using a domain that has been used in malicious campaigns may hurt a company’s reputation and ultimately cause severe financial losses.

Conclusion

Understanding the domain name expiry cycle helps registrants avoid unnecessary costs from domain name disputes or increased registration fees. Furthermore, knowing how the stages are represented in the domain’s WHOIS records can provide intelligence to back up business decisions, such as which domain(s) to use and not to use.

If you want to have a deeper and more detailed conversation about the domain name expiry cycle and how to use historical WHOIS data, please don’t hesitate to contact me.

By Alex Ronquillo, Sr. Director of Business Development at WhoisXML API

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC

Threat Intelligence

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

DNS

Sponsored byDNIB.com

New TLDs

Sponsored byRadix