Can someone read my E-Mail if I lose ownership of my domain?












96














Let's assume I have a server set up with an email address like me@mydomain.tld. Now I have distributed my business card with the e-mail address to all people all over the world and they keep sending me confidential emails. But now I don't feel like paying for the domain mydomain.tld anymore.



Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?



No, I can't tell them to stop sending confidential mails because I can't contact them.



Are there ways to prevent that or is the only option I have is to pay for the domain until I die?










share|improve this question









New contributor




Skiddie Hunter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 6




    About $14. Still pretty much for a student. But thanks for your answer. I'll probably pay for it another 5 years and then I'm gonna let it expire.
    – Skiddie Hunter
    Jan 3 at 5:47






  • 67




    $14 a year is nothing. Paying $140 over a period of 10 years is nothing (you won't be a student forever!). Forgo a cup of coffee during one day only once every three months and it'll pay for itself indefinitely.
    – forest
    Jan 3 at 5:49








  • 21




    Have you considered paying for a few more years and setting an "out of office" or "vacation auto-reply" saying that the domain will be dead after X years? That's what I did with my Gmail account when I divorced Google. It won't guarantee 100%, but how many people are likely to not contact you for 5 years, then suddenly do so after that? I guess it depends if this is a real life question or just academic.
    – Mawg
    Jan 3 at 14:42








  • 20




    @SkiddieHunter For sending credit card information e-mail was never an advisable choice. A website should use HTTP GET/POST over TLS for exchanging credit card information. And for a side business while you're a student, you really should probably use something more like PayPal where you never need to know or touch customers' credit card info at all. Even if you continue to own the domain, e-mail has never been a secure way to exchange information. It's generally unencrypted and viewable by anyone anywhere along the transmission path. Also, SMTP is about 37 years old, not over 50. :)
    – reirab
    Jan 3 at 16:34








  • 21




    @SkiddieHunter: Re: "Why hasn't e-mail been abolished and replaced by something newer and better that is, for example, based on security?" How do you expect to retain ownership of an identifier by which you can be reached without some sort of system equivalent to domain registration, in a way that's permanent across decades? Email addresses at domains registered 25+ years ago are still accessible. Do you honestly think you'll get that from anyone offering privately-controlled joke-of-a-service stuff intended to replace email?
    – R..
    Jan 3 at 23:15


















96














Let's assume I have a server set up with an email address like me@mydomain.tld. Now I have distributed my business card with the e-mail address to all people all over the world and they keep sending me confidential emails. But now I don't feel like paying for the domain mydomain.tld anymore.



Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?



No, I can't tell them to stop sending confidential mails because I can't contact them.



Are there ways to prevent that or is the only option I have is to pay for the domain until I die?










share|improve this question









New contributor




Skiddie Hunter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 6




    About $14. Still pretty much for a student. But thanks for your answer. I'll probably pay for it another 5 years and then I'm gonna let it expire.
    – Skiddie Hunter
    Jan 3 at 5:47






  • 67




    $14 a year is nothing. Paying $140 over a period of 10 years is nothing (you won't be a student forever!). Forgo a cup of coffee during one day only once every three months and it'll pay for itself indefinitely.
    – forest
    Jan 3 at 5:49








  • 21




    Have you considered paying for a few more years and setting an "out of office" or "vacation auto-reply" saying that the domain will be dead after X years? That's what I did with my Gmail account when I divorced Google. It won't guarantee 100%, but how many people are likely to not contact you for 5 years, then suddenly do so after that? I guess it depends if this is a real life question or just academic.
    – Mawg
    Jan 3 at 14:42








  • 20




    @SkiddieHunter For sending credit card information e-mail was never an advisable choice. A website should use HTTP GET/POST over TLS for exchanging credit card information. And for a side business while you're a student, you really should probably use something more like PayPal where you never need to know or touch customers' credit card info at all. Even if you continue to own the domain, e-mail has never been a secure way to exchange information. It's generally unencrypted and viewable by anyone anywhere along the transmission path. Also, SMTP is about 37 years old, not over 50. :)
    – reirab
    Jan 3 at 16:34








  • 21




    @SkiddieHunter: Re: "Why hasn't e-mail been abolished and replaced by something newer and better that is, for example, based on security?" How do you expect to retain ownership of an identifier by which you can be reached without some sort of system equivalent to domain registration, in a way that's permanent across decades? Email addresses at domains registered 25+ years ago are still accessible. Do you honestly think you'll get that from anyone offering privately-controlled joke-of-a-service stuff intended to replace email?
    – R..
    Jan 3 at 23:15
















96












96








96


11





Let's assume I have a server set up with an email address like me@mydomain.tld. Now I have distributed my business card with the e-mail address to all people all over the world and they keep sending me confidential emails. But now I don't feel like paying for the domain mydomain.tld anymore.



Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?



No, I can't tell them to stop sending confidential mails because I can't contact them.



Are there ways to prevent that or is the only option I have is to pay for the domain until I die?










share|improve this question









New contributor




Skiddie Hunter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











Let's assume I have a server set up with an email address like me@mydomain.tld. Now I have distributed my business card with the e-mail address to all people all over the world and they keep sending me confidential emails. But now I don't feel like paying for the domain mydomain.tld anymore.



Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?



No, I can't tell them to stop sending confidential mails because I can't contact them.



Are there ways to prevent that or is the only option I have is to pay for the domain until I die?







email domain






share|improve this question









New contributor




Skiddie Hunter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




Skiddie Hunter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited Jan 4 at 11:18









Mawg

698724




698724






New contributor




Skiddie Hunter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked Jan 3 at 5:20









Skiddie HunterSkiddie Hunter

586129




586129




New contributor




Skiddie Hunter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Skiddie Hunter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Skiddie Hunter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








  • 6




    About $14. Still pretty much for a student. But thanks for your answer. I'll probably pay for it another 5 years and then I'm gonna let it expire.
    – Skiddie Hunter
    Jan 3 at 5:47






  • 67




    $14 a year is nothing. Paying $140 over a period of 10 years is nothing (you won't be a student forever!). Forgo a cup of coffee during one day only once every three months and it'll pay for itself indefinitely.
    – forest
    Jan 3 at 5:49








  • 21




    Have you considered paying for a few more years and setting an "out of office" or "vacation auto-reply" saying that the domain will be dead after X years? That's what I did with my Gmail account when I divorced Google. It won't guarantee 100%, but how many people are likely to not contact you for 5 years, then suddenly do so after that? I guess it depends if this is a real life question or just academic.
    – Mawg
    Jan 3 at 14:42








  • 20




    @SkiddieHunter For sending credit card information e-mail was never an advisable choice. A website should use HTTP GET/POST over TLS for exchanging credit card information. And for a side business while you're a student, you really should probably use something more like PayPal where you never need to know or touch customers' credit card info at all. Even if you continue to own the domain, e-mail has never been a secure way to exchange information. It's generally unencrypted and viewable by anyone anywhere along the transmission path. Also, SMTP is about 37 years old, not over 50. :)
    – reirab
    Jan 3 at 16:34








  • 21




    @SkiddieHunter: Re: "Why hasn't e-mail been abolished and replaced by something newer and better that is, for example, based on security?" How do you expect to retain ownership of an identifier by which you can be reached without some sort of system equivalent to domain registration, in a way that's permanent across decades? Email addresses at domains registered 25+ years ago are still accessible. Do you honestly think you'll get that from anyone offering privately-controlled joke-of-a-service stuff intended to replace email?
    – R..
    Jan 3 at 23:15
















  • 6




    About $14. Still pretty much for a student. But thanks for your answer. I'll probably pay for it another 5 years and then I'm gonna let it expire.
    – Skiddie Hunter
    Jan 3 at 5:47






  • 67




    $14 a year is nothing. Paying $140 over a period of 10 years is nothing (you won't be a student forever!). Forgo a cup of coffee during one day only once every three months and it'll pay for itself indefinitely.
    – forest
    Jan 3 at 5:49








  • 21




    Have you considered paying for a few more years and setting an "out of office" or "vacation auto-reply" saying that the domain will be dead after X years? That's what I did with my Gmail account when I divorced Google. It won't guarantee 100%, but how many people are likely to not contact you for 5 years, then suddenly do so after that? I guess it depends if this is a real life question or just academic.
    – Mawg
    Jan 3 at 14:42








  • 20




    @SkiddieHunter For sending credit card information e-mail was never an advisable choice. A website should use HTTP GET/POST over TLS for exchanging credit card information. And for a side business while you're a student, you really should probably use something more like PayPal where you never need to know or touch customers' credit card info at all. Even if you continue to own the domain, e-mail has never been a secure way to exchange information. It's generally unencrypted and viewable by anyone anywhere along the transmission path. Also, SMTP is about 37 years old, not over 50. :)
    – reirab
    Jan 3 at 16:34








  • 21




    @SkiddieHunter: Re: "Why hasn't e-mail been abolished and replaced by something newer and better that is, for example, based on security?" How do you expect to retain ownership of an identifier by which you can be reached without some sort of system equivalent to domain registration, in a way that's permanent across decades? Email addresses at domains registered 25+ years ago are still accessible. Do you honestly think you'll get that from anyone offering privately-controlled joke-of-a-service stuff intended to replace email?
    – R..
    Jan 3 at 23:15










6




6




About $14. Still pretty much for a student. But thanks for your answer. I'll probably pay for it another 5 years and then I'm gonna let it expire.
– Skiddie Hunter
Jan 3 at 5:47




About $14. Still pretty much for a student. But thanks for your answer. I'll probably pay for it another 5 years and then I'm gonna let it expire.
– Skiddie Hunter
Jan 3 at 5:47




67




67




$14 a year is nothing. Paying $140 over a period of 10 years is nothing (you won't be a student forever!). Forgo a cup of coffee during one day only once every three months and it'll pay for itself indefinitely.
– forest
Jan 3 at 5:49






$14 a year is nothing. Paying $140 over a period of 10 years is nothing (you won't be a student forever!). Forgo a cup of coffee during one day only once every three months and it'll pay for itself indefinitely.
– forest
Jan 3 at 5:49






21




21




Have you considered paying for a few more years and setting an "out of office" or "vacation auto-reply" saying that the domain will be dead after X years? That's what I did with my Gmail account when I divorced Google. It won't guarantee 100%, but how many people are likely to not contact you for 5 years, then suddenly do so after that? I guess it depends if this is a real life question or just academic.
– Mawg
Jan 3 at 14:42






Have you considered paying for a few more years and setting an "out of office" or "vacation auto-reply" saying that the domain will be dead after X years? That's what I did with my Gmail account when I divorced Google. It won't guarantee 100%, but how many people are likely to not contact you for 5 years, then suddenly do so after that? I guess it depends if this is a real life question or just academic.
– Mawg
Jan 3 at 14:42






20




20




@SkiddieHunter For sending credit card information e-mail was never an advisable choice. A website should use HTTP GET/POST over TLS for exchanging credit card information. And for a side business while you're a student, you really should probably use something more like PayPal where you never need to know or touch customers' credit card info at all. Even if you continue to own the domain, e-mail has never been a secure way to exchange information. It's generally unencrypted and viewable by anyone anywhere along the transmission path. Also, SMTP is about 37 years old, not over 50. :)
– reirab
Jan 3 at 16:34






@SkiddieHunter For sending credit card information e-mail was never an advisable choice. A website should use HTTP GET/POST over TLS for exchanging credit card information. And for a side business while you're a student, you really should probably use something more like PayPal where you never need to know or touch customers' credit card info at all. Even if you continue to own the domain, e-mail has never been a secure way to exchange information. It's generally unencrypted and viewable by anyone anywhere along the transmission path. Also, SMTP is about 37 years old, not over 50. :)
– reirab
Jan 3 at 16:34






21




21




@SkiddieHunter: Re: "Why hasn't e-mail been abolished and replaced by something newer and better that is, for example, based on security?" How do you expect to retain ownership of an identifier by which you can be reached without some sort of system equivalent to domain registration, in a way that's permanent across decades? Email addresses at domains registered 25+ years ago are still accessible. Do you honestly think you'll get that from anyone offering privately-controlled joke-of-a-service stuff intended to replace email?
– R..
Jan 3 at 23:15






@SkiddieHunter: Re: "Why hasn't e-mail been abolished and replaced by something newer and better that is, for example, based on security?" How do you expect to retain ownership of an identifier by which you can be reached without some sort of system equivalent to domain registration, in a way that's permanent across decades? Email addresses at domains registered 25+ years ago are still accessible. Do you honestly think you'll get that from anyone offering privately-controlled joke-of-a-service stuff intended to replace email?
– R..
Jan 3 at 23:15












8 Answers
8






active

oldest

votes


















128















Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?




If they register the domain name, they will receive all email being sent to it from that point on. They will not have retroactive access to previously sent emails. There is nothing to fundamentally prevent this.




Are there ways to prevent that or is the only option I have is to pay for the domain until I die?




You can request that all contacts to you encrypt their communications with PGP using your public key, which will prevent anyone who obtains the domain later from reading new messages, but it requires people actually use PGP, which may not be likely if you are distributing the address to average people in a business card. However, if you maintain or at least renew the domain for, say, 20 years, then what are the chances that anyone is going to seriously send an email to such an ancient address?





I asked the question on the Law Stack Exchange whether or not there would be any legal recourse to someone using your domain, and the answer was no: https://law.stackexchange.com/q/35917/15724






share|improve this answer



















  • 3




    Unless OP already happens to have one, registering a trademark costs a lot more than registering a domain.
    – Federico Poloni
    Jan 3 at 9:53






  • 5




    @FedericoPoloni You do not need to explicitly register a trademark. Just use the trademark symbol (™) next to a logo or phrase and you will get a certain level of protection in many countries. However, getting a registered trademark (®) does cost money. Lack of a registered trademark might, however, prevent you from seeking damages under 15 U.S. Code § 1117 in the USA, and protections would be weaker. See also here.
    – forest
    Jan 3 at 9:55








  • 7




    Trademark protection against other people registering a domain has its limits. It will work against lego.newtld as Lego is a world wide brand and a registered trademark, though they might have to claim it when newtld is created to be sure to have it. It might not work with speterson.com, even if there is a company called Speterson with a trademark. If Steven Peterson registers it and uses it for something that is not in conflict with that trademark the Speterson company will not have an easy case.
    – Bent
    Jan 3 at 10:21






  • 5




    "They will not have retroactive access to previously sent emails." That statement should come with a bit of a caveat. Suppose OP has a webmail account somewhere, which is tied to this domain for password recovery purposes. Unless OP makes very sure to remove that e-mail address from the webmail account recovery process, having control of the domain may allow an attacker to take control over the webmail account, thus enabling access to any old e-mails stored in the webmail account. Now, is this a particularly likely scenario? I'd say no. But it's possible.
    – a CVn
    Jan 3 at 16:28








  • 4




    @hiburn8 That is incorrect. There is a domain name dispute process specifically for cases like that, and bad-faith use of a domain (selling fake lego from lego.com, for example), is explicitly a reason for a domain name to be taken away from its current owner.
    – mbrig
    Jan 3 at 20:25



















54














As others already mentioned: Yes keeping a domain name is the only way to be sure that nobody is going to receive emails sent to there.



That being said:



Just keeping a domain is often cheaper than using it



Of course everything depends on the provider, but as I understand you currently have currently more than 1 service (domain name, redirect?, email server?, hosting space?).



When your only objective is to prevent others from receiving your emails, it is sufficient to only renew the domain name, and you can avoid the costs for any further service.






share|improve this answer





























    23














    Assume someone will definitely buy your domain, as domain crawlers try to lock and resell, overpriced, domain names that people forget to renew. An MX record is not required in order to have mails delivered somewhere.



    Thanks to @Criggie, if an MX record is not set, the Mail Transfer Agent will try to point to the root A record for that domain and open a connection to its port 25. So, the web server responding for the new buyer must also be capable of mail server.



    Now, we need to estimate the odds that someone will effectively monitor the email address(es).



    In my personal opinion, unless you are a person worth to target by a human interest, the best that the buyer company will do is just crawl sender email addresses for unsolicited bulk advertising purposes, namely spam. Not to inspect the real contents.



    Update: non-scientific statistics



    I tried to ping 5 of the domains I owned in the past. Out of them, one has been purchased in 2015 by what looks like to be a business whose name is meaningful to domain name, and they have set an MX record. The other 4 are not existent.




    Are there ways to prevent that or is the only option I have is to pay for the domain until I die?




    Use a long-term grace period



    That means gradually decommission that domain. Keep it for now, e.g. renew for 2 years, but perhaps establish an auto-responder (or auto-refusal) email like




    Greetings,



    the email address me@mydomain.tld will be decommissioned by [2 years from now]. I kindly ask you to update your address book and send the email again to me@mydomain.biz.



    For the privacy of both, it is important that you kindly implement this change as soon as possible




    The last sentence explains the matter but is hard to understand for non-security-expert users.



    I would expect emails sent to mydomain.tld will gradually decrease over time. Do not forget to update your business cards immediately and start using the new ones.



    Eventually, there could still be someone, hopefully a handful, using your old email address after the grace period expires. What to do?



    This is where maths come: put on a scale the total cost of lifetime ownership of the old domain name versus the economic losses that YOU will suffer in case a confidential mail is revealed to someone unauthorized. I said YOUR losses because if your customer/sender is a jerk and keeps sending sensitive material to the wrong address it may not be your business.



    Comment



    I don't personally like this question from the very beginning. ISPs, including the sender's, have full access to plaintext emails, some may be required by law to keep ("data retention") record for months or years. In the very end, plaintext email is not the best option to deal with sensitive contents.



    Eventually, we trust major ISPs to protect our privacy. We trust them to...






    share|improve this answer



















    • 1




      It's true that plaintext email is far from ideal, but at least it requires an active attack or a position of privilege to access the contents. But anyone can register a domain once it has expired and been released.
      – forest
      Jan 4 at 21:26












    • Note if a domainname's nameserver doesn't reply with a specific MX record, then MTAs are supposed to try a connection to the root A record of the domain, if it has one. A domain squatter will frequently point the root domain and the www. host at a webserver as advertising.
      – Criggie
      Jan 5 at 10:27



















    13














    Loss of domain name is actually one of the biggest security vulnerabilities that I see "in the wild".



    It may not rate a symposium topic at Blackhat, but the threat has a gigantic surface area and high business impact, and is at the top of the list when I am briefing a small organization's Board of Directors.



    So, if you're serious about a domain name, plan to keep it for life. If you're not serious about a domain name, don't put your email on it. That simple.



    Don't treat your (serious) domain like an annual subscription



    Domains can be pre-registered out up to 10 years ahead. My own domain expires in 2025, so I'm getting sloppy. :) Long before that I will revisit it and push it out to the max again. When I survey small businesses for domain expiry, I find only about half are set to expire more than 2 years out.



    Domains are marketed in a way that encourages you to treat them like a magazine subscription or a Netflix membership, thinking they can just renew at any time. They lapse, and return a month later and find someone else has registered the domain for its cash value.



    This problem is often caused by people bundling their domain name registration with their web hosting. Domains are a measly $12/year. They are often "tossed in for free" with an expensive $180 to $600+ hosting plan. That's great for the web hoster, as he controls your domain and can ransom it if there's a billing dispute such as a $2000 bandwidth overage due to blowing up on social media. If you lapse the web hosting for the wrong 30 day period, the domain can be gone for good. The hoster doesn't care and why would they sink money into registering it out a day longer than necessary?



    How they profit by poaching domain names



    When you let your domain lapse, and the grace period ends, in milliseconds it gets pounced on by at least a dozen different actors' automated scripts, all trying to do the same thing. Here's what it gets them.




    • The ability to monetize (drive ads on) the organic traffic (links and bookmarks) to your web site, as well as any Google/Bing traffic while that holds.

    • to benefit from the PageRank and other metrics which your site earned with search engines over the years. In the link economy of the Web, a link from a reputable site is worth its weight in gold. Web spammers use this to boost their spammy, scammy or lousy sites.

    • To trick Google by directly hosting their junk content on your domain name.


    • To attack organic/search visitors to the site with malware, Flash or PDF exploits, etc. They typically use older exploits to target people who don't keep their system updated.




      • One small company lost a site which reappeared with its earlier content. Really. The goal was to convince Google the previous owner was still in reputable control, because (they assumed) Google knew to watch for sudden content changes. A few pages were added advertising Acai Berry pills. See how this works? The site outranked the company's new real site for several years.* Normally web-spammers operate on a much larger scale than this with thousands of doorway pages, but this guy was small potatoes.



    • To intercept email to your site simply to harvest email addresses.


    • To use their control of your email to do password resets/gain control of your web accounts. They will discover your accounts at at smaller, less protected vendors when those vendors send their routine promotional emails.

    • To sift through human email to your site looking for opportunities for con games or social hacks.






    share|improve this answer































      8














      Yes, the scenario described is possible. As an example, it happened to Google in 2015 when they lost control of google.com, and Microsoft back in 2003 with hotmail.co.uk. Those domains got bought. For Google's case:




      ...He also received emails with internal information, which he has
      since reported to Google's security team, Ved said.



      ...His run of Google.com was short-lived though. Google Domains
      canceled the sale a minute later...




      For Microsoft, who lost control of a domain for an email service, possibly putting thousands in the situation described:




      [Microsoft] managed to contact hotmail.co.uk's new owner, grovel at their mistake and sort out the mess. By all accounts, hotmail.co.uk will be returned in a few days.






      The only way to be sure that confidential emails don't leak is to own the domain indefinitely. However, as mentioned by usr-local-ΕΨΗΕΛΩΝ, you could balance your possible loss if a confidential email leaks versus the cost of owning the domain for a long time.



      Practically, what you could do is replace your emails with the expiring domain on sites that you registered on. Also, inform your contacts to eschew your old email (or domain, or both).



      As an additional step, hold on to the domain for a year or five and deliberately blackhole your MX records, so that senders who didn't get (or could not get) the memo would be greeted by errors. For Gmail, a sample would be



      Gmail - Message not delivered






      share|improve this answer































        4














        Yes, the new owner will be able to receive and read all your email. The only way to avoid this is to continue paying for the domain. It is not necessary to keep hosting - only pay the domain. If you prepay for 10 years, the price will be about $90 or less for .com domain. It is important to remember the expiration after 10 years and the password. If the domain is not com/net/org, the price will be higher.






        share|improve this answer





























          3















          Are there ways to prevent that or is the only option I have is to pay
          for the domain until I die?




          Depending on who is hosting your email, you maybe able to setup an auto-responder.



          Usually some kind of vacation responder is available. Either that or rule/filter can be the same thing.



          If new email arrives reply "this account is no longer active please redirect your emails to ....." or "this is services is no longer available please discontinue sending emails"



          Same thing with vacation responder.



          https://tools.ietf.org/html/rfc1846




          521 does not accept mail (see rfc1846)




          I don't know if you can configure your mail server to do a 521 response or not.



          Anyway after about a year of this everyone should get the idea and stop sending emails.






          share|improve this answer





























            0














            All the technical stuff has already been answered, but just to put a slightly different slant on it...



            If you move house, you get your postal mail redirected to your new place, but not indefinitely. Eventually you have to assume that anyone important knows where you live and can send you mail there. And that if they don't then mail sent to the old address can potentially be opened by someone else.



            I'd suggest it's the same with old domains - change your reply-to address so that it's the new domain, keep the old one for long enough to be able to reply to anyone sending you mail there, and put some effort into contacting everyone you want to stay in touch with.



            Eventually, the mail sent to the old domain will trickle to nothing, and at some point along that way, you'll be happy to stop re-registering the domain.



            If that point never comes, then you'll have to keep the domain forever, as others have said.






            share|improve this answer





















              Your Answer








              StackExchange.ready(function() {
              var channelOptions = {
              tags: "".split(" "),
              id: "162"
              };
              initTagRenderer("".split(" "), "".split(" "), channelOptions);

              StackExchange.using("externalEditor", function() {
              // Have to fire editor after snippets, if snippets enabled
              if (StackExchange.settings.snippets.snippetsEnabled) {
              StackExchange.using("snippets", function() {
              createEditor();
              });
              }
              else {
              createEditor();
              }
              });

              function createEditor() {
              StackExchange.prepareEditor({
              heartbeatType: 'answer',
              autoActivateHeartbeat: false,
              convertImagesToLinks: false,
              noModals: true,
              showLowRepImageUploadWarning: true,
              reputationToPostImages: null,
              bindNavPrevention: true,
              postfix: "",
              imageUploader: {
              brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
              contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
              allowUrls: true
              },
              noCode: true, onDemand: true,
              discardSelector: ".discard-answer"
              ,immediatelyShowMarkdownHelp:true
              });


              }
              });






              Skiddie Hunter is a new contributor. Be nice, and check out our Code of Conduct.










              draft saved

              draft discarded


















              StackExchange.ready(
              function () {
              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f200720%2fcan-someone-read-my-e-mail-if-i-lose-ownership-of-my-domain%23new-answer', 'question_page');
              }
              );

              Post as a guest















              Required, but never shown

























              8 Answers
              8






              active

              oldest

              votes








              8 Answers
              8






              active

              oldest

              votes









              active

              oldest

              votes






              active

              oldest

              votes









              128















              Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?




              If they register the domain name, they will receive all email being sent to it from that point on. They will not have retroactive access to previously sent emails. There is nothing to fundamentally prevent this.




              Are there ways to prevent that or is the only option I have is to pay for the domain until I die?




              You can request that all contacts to you encrypt their communications with PGP using your public key, which will prevent anyone who obtains the domain later from reading new messages, but it requires people actually use PGP, which may not be likely if you are distributing the address to average people in a business card. However, if you maintain or at least renew the domain for, say, 20 years, then what are the chances that anyone is going to seriously send an email to such an ancient address?





              I asked the question on the Law Stack Exchange whether or not there would be any legal recourse to someone using your domain, and the answer was no: https://law.stackexchange.com/q/35917/15724






              share|improve this answer



















              • 3




                Unless OP already happens to have one, registering a trademark costs a lot more than registering a domain.
                – Federico Poloni
                Jan 3 at 9:53






              • 5




                @FedericoPoloni You do not need to explicitly register a trademark. Just use the trademark symbol (™) next to a logo or phrase and you will get a certain level of protection in many countries. However, getting a registered trademark (®) does cost money. Lack of a registered trademark might, however, prevent you from seeking damages under 15 U.S. Code § 1117 in the USA, and protections would be weaker. See also here.
                – forest
                Jan 3 at 9:55








              • 7




                Trademark protection against other people registering a domain has its limits. It will work against lego.newtld as Lego is a world wide brand and a registered trademark, though they might have to claim it when newtld is created to be sure to have it. It might not work with speterson.com, even if there is a company called Speterson with a trademark. If Steven Peterson registers it and uses it for something that is not in conflict with that trademark the Speterson company will not have an easy case.
                – Bent
                Jan 3 at 10:21






              • 5




                "They will not have retroactive access to previously sent emails." That statement should come with a bit of a caveat. Suppose OP has a webmail account somewhere, which is tied to this domain for password recovery purposes. Unless OP makes very sure to remove that e-mail address from the webmail account recovery process, having control of the domain may allow an attacker to take control over the webmail account, thus enabling access to any old e-mails stored in the webmail account. Now, is this a particularly likely scenario? I'd say no. But it's possible.
                – a CVn
                Jan 3 at 16:28








              • 4




                @hiburn8 That is incorrect. There is a domain name dispute process specifically for cases like that, and bad-faith use of a domain (selling fake lego from lego.com, for example), is explicitly a reason for a domain name to be taken away from its current owner.
                – mbrig
                Jan 3 at 20:25
















              128















              Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?




              If they register the domain name, they will receive all email being sent to it from that point on. They will not have retroactive access to previously sent emails. There is nothing to fundamentally prevent this.




              Are there ways to prevent that or is the only option I have is to pay for the domain until I die?




              You can request that all contacts to you encrypt their communications with PGP using your public key, which will prevent anyone who obtains the domain later from reading new messages, but it requires people actually use PGP, which may not be likely if you are distributing the address to average people in a business card. However, if you maintain or at least renew the domain for, say, 20 years, then what are the chances that anyone is going to seriously send an email to such an ancient address?





              I asked the question on the Law Stack Exchange whether or not there would be any legal recourse to someone using your domain, and the answer was no: https://law.stackexchange.com/q/35917/15724






              share|improve this answer



















              • 3




                Unless OP already happens to have one, registering a trademark costs a lot more than registering a domain.
                – Federico Poloni
                Jan 3 at 9:53






              • 5




                @FedericoPoloni You do not need to explicitly register a trademark. Just use the trademark symbol (™) next to a logo or phrase and you will get a certain level of protection in many countries. However, getting a registered trademark (®) does cost money. Lack of a registered trademark might, however, prevent you from seeking damages under 15 U.S. Code § 1117 in the USA, and protections would be weaker. See also here.
                – forest
                Jan 3 at 9:55








              • 7




                Trademark protection against other people registering a domain has its limits. It will work against lego.newtld as Lego is a world wide brand and a registered trademark, though they might have to claim it when newtld is created to be sure to have it. It might not work with speterson.com, even if there is a company called Speterson with a trademark. If Steven Peterson registers it and uses it for something that is not in conflict with that trademark the Speterson company will not have an easy case.
                – Bent
                Jan 3 at 10:21






              • 5




                "They will not have retroactive access to previously sent emails." That statement should come with a bit of a caveat. Suppose OP has a webmail account somewhere, which is tied to this domain for password recovery purposes. Unless OP makes very sure to remove that e-mail address from the webmail account recovery process, having control of the domain may allow an attacker to take control over the webmail account, thus enabling access to any old e-mails stored in the webmail account. Now, is this a particularly likely scenario? I'd say no. But it's possible.
                – a CVn
                Jan 3 at 16:28








              • 4




                @hiburn8 That is incorrect. There is a domain name dispute process specifically for cases like that, and bad-faith use of a domain (selling fake lego from lego.com, for example), is explicitly a reason for a domain name to be taken away from its current owner.
                – mbrig
                Jan 3 at 20:25














              128












              128








              128







              Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?




              If they register the domain name, they will receive all email being sent to it from that point on. They will not have retroactive access to previously sent emails. There is nothing to fundamentally prevent this.




              Are there ways to prevent that or is the only option I have is to pay for the domain until I die?




              You can request that all contacts to you encrypt their communications with PGP using your public key, which will prevent anyone who obtains the domain later from reading new messages, but it requires people actually use PGP, which may not be likely if you are distributing the address to average people in a business card. However, if you maintain or at least renew the domain for, say, 20 years, then what are the chances that anyone is going to seriously send an email to such an ancient address?





              I asked the question on the Law Stack Exchange whether or not there would be any legal recourse to someone using your domain, and the answer was no: https://law.stackexchange.com/q/35917/15724






              share|improve this answer















              Now if someone buys the domain and creates a mx record pointing to the his own mail server he can read all my confidential emails the people are sending me right?




              If they register the domain name, they will receive all email being sent to it from that point on. They will not have retroactive access to previously sent emails. There is nothing to fundamentally prevent this.




              Are there ways to prevent that or is the only option I have is to pay for the domain until I die?




              You can request that all contacts to you encrypt their communications with PGP using your public key, which will prevent anyone who obtains the domain later from reading new messages, but it requires people actually use PGP, which may not be likely if you are distributing the address to average people in a business card. However, if you maintain or at least renew the domain for, say, 20 years, then what are the chances that anyone is going to seriously send an email to such an ancient address?





              I asked the question on the Law Stack Exchange whether or not there would be any legal recourse to someone using your domain, and the answer was no: https://law.stackexchange.com/q/35917/15724







              share|improve this answer














              share|improve this answer



              share|improve this answer








              edited Jan 4 at 4:02

























              answered Jan 3 at 5:32









              forestforest

              33.4k16106114




              33.4k16106114








              • 3




                Unless OP already happens to have one, registering a trademark costs a lot more than registering a domain.
                – Federico Poloni
                Jan 3 at 9:53






              • 5




                @FedericoPoloni You do not need to explicitly register a trademark. Just use the trademark symbol (™) next to a logo or phrase and you will get a certain level of protection in many countries. However, getting a registered trademark (®) does cost money. Lack of a registered trademark might, however, prevent you from seeking damages under 15 U.S. Code § 1117 in the USA, and protections would be weaker. See also here.
                – forest
                Jan 3 at 9:55








              • 7




                Trademark protection against other people registering a domain has its limits. It will work against lego.newtld as Lego is a world wide brand and a registered trademark, though they might have to claim it when newtld is created to be sure to have it. It might not work with speterson.com, even if there is a company called Speterson with a trademark. If Steven Peterson registers it and uses it for something that is not in conflict with that trademark the Speterson company will not have an easy case.
                – Bent
                Jan 3 at 10:21






              • 5




                "They will not have retroactive access to previously sent emails." That statement should come with a bit of a caveat. Suppose OP has a webmail account somewhere, which is tied to this domain for password recovery purposes. Unless OP makes very sure to remove that e-mail address from the webmail account recovery process, having control of the domain may allow an attacker to take control over the webmail account, thus enabling access to any old e-mails stored in the webmail account. Now, is this a particularly likely scenario? I'd say no. But it's possible.
                – a CVn
                Jan 3 at 16:28








              • 4




                @hiburn8 That is incorrect. There is a domain name dispute process specifically for cases like that, and bad-faith use of a domain (selling fake lego from lego.com, for example), is explicitly a reason for a domain name to be taken away from its current owner.
                – mbrig
                Jan 3 at 20:25














              • 3




                Unless OP already happens to have one, registering a trademark costs a lot more than registering a domain.
                – Federico Poloni
                Jan 3 at 9:53






              • 5




                @FedericoPoloni You do not need to explicitly register a trademark. Just use the trademark symbol (™) next to a logo or phrase and you will get a certain level of protection in many countries. However, getting a registered trademark (®) does cost money. Lack of a registered trademark might, however, prevent you from seeking damages under 15 U.S. Code § 1117 in the USA, and protections would be weaker. See also here.
                – forest
                Jan 3 at 9:55








              • 7




                Trademark protection against other people registering a domain has its limits. It will work against lego.newtld as Lego is a world wide brand and a registered trademark, though they might have to claim it when newtld is created to be sure to have it. It might not work with speterson.com, even if there is a company called Speterson with a trademark. If Steven Peterson registers it and uses it for something that is not in conflict with that trademark the Speterson company will not have an easy case.
                – Bent
                Jan 3 at 10:21






              • 5




                "They will not have retroactive access to previously sent emails." That statement should come with a bit of a caveat. Suppose OP has a webmail account somewhere, which is tied to this domain for password recovery purposes. Unless OP makes very sure to remove that e-mail address from the webmail account recovery process, having control of the domain may allow an attacker to take control over the webmail account, thus enabling access to any old e-mails stored in the webmail account. Now, is this a particularly likely scenario? I'd say no. But it's possible.
                – a CVn
                Jan 3 at 16:28








              • 4




                @hiburn8 That is incorrect. There is a domain name dispute process specifically for cases like that, and bad-faith use of a domain (selling fake lego from lego.com, for example), is explicitly a reason for a domain name to be taken away from its current owner.
                – mbrig
                Jan 3 at 20:25








              3




              3




              Unless OP already happens to have one, registering a trademark costs a lot more than registering a domain.
              – Federico Poloni
              Jan 3 at 9:53




              Unless OP already happens to have one, registering a trademark costs a lot more than registering a domain.
              – Federico Poloni
              Jan 3 at 9:53




              5




              5




              @FedericoPoloni You do not need to explicitly register a trademark. Just use the trademark symbol (™) next to a logo or phrase and you will get a certain level of protection in many countries. However, getting a registered trademark (®) does cost money. Lack of a registered trademark might, however, prevent you from seeking damages under 15 U.S. Code § 1117 in the USA, and protections would be weaker. See also here.
              – forest
              Jan 3 at 9:55






              @FedericoPoloni You do not need to explicitly register a trademark. Just use the trademark symbol (™) next to a logo or phrase and you will get a certain level of protection in many countries. However, getting a registered trademark (®) does cost money. Lack of a registered trademark might, however, prevent you from seeking damages under 15 U.S. Code § 1117 in the USA, and protections would be weaker. See also here.
              – forest
              Jan 3 at 9:55






              7




              7




              Trademark protection against other people registering a domain has its limits. It will work against lego.newtld as Lego is a world wide brand and a registered trademark, though they might have to claim it when newtld is created to be sure to have it. It might not work with speterson.com, even if there is a company called Speterson with a trademark. If Steven Peterson registers it and uses it for something that is not in conflict with that trademark the Speterson company will not have an easy case.
              – Bent
              Jan 3 at 10:21




              Trademark protection against other people registering a domain has its limits. It will work against lego.newtld as Lego is a world wide brand and a registered trademark, though they might have to claim it when newtld is created to be sure to have it. It might not work with speterson.com, even if there is a company called Speterson with a trademark. If Steven Peterson registers it and uses it for something that is not in conflict with that trademark the Speterson company will not have an easy case.
              – Bent
              Jan 3 at 10:21




              5




              5




              "They will not have retroactive access to previously sent emails." That statement should come with a bit of a caveat. Suppose OP has a webmail account somewhere, which is tied to this domain for password recovery purposes. Unless OP makes very sure to remove that e-mail address from the webmail account recovery process, having control of the domain may allow an attacker to take control over the webmail account, thus enabling access to any old e-mails stored in the webmail account. Now, is this a particularly likely scenario? I'd say no. But it's possible.
              – a CVn
              Jan 3 at 16:28






              "They will not have retroactive access to previously sent emails." That statement should come with a bit of a caveat. Suppose OP has a webmail account somewhere, which is tied to this domain for password recovery purposes. Unless OP makes very sure to remove that e-mail address from the webmail account recovery process, having control of the domain may allow an attacker to take control over the webmail account, thus enabling access to any old e-mails stored in the webmail account. Now, is this a particularly likely scenario? I'd say no. But it's possible.
              – a CVn
              Jan 3 at 16:28






              4




              4




              @hiburn8 That is incorrect. There is a domain name dispute process specifically for cases like that, and bad-faith use of a domain (selling fake lego from lego.com, for example), is explicitly a reason for a domain name to be taken away from its current owner.
              – mbrig
              Jan 3 at 20:25




              @hiburn8 That is incorrect. There is a domain name dispute process specifically for cases like that, and bad-faith use of a domain (selling fake lego from lego.com, for example), is explicitly a reason for a domain name to be taken away from its current owner.
              – mbrig
              Jan 3 at 20:25













              54














              As others already mentioned: Yes keeping a domain name is the only way to be sure that nobody is going to receive emails sent to there.



              That being said:



              Just keeping a domain is often cheaper than using it



              Of course everything depends on the provider, but as I understand you currently have currently more than 1 service (domain name, redirect?, email server?, hosting space?).



              When your only objective is to prevent others from receiving your emails, it is sufficient to only renew the domain name, and you can avoid the costs for any further service.






              share|improve this answer


























                54














                As others already mentioned: Yes keeping a domain name is the only way to be sure that nobody is going to receive emails sent to there.



                That being said:



                Just keeping a domain is often cheaper than using it



                Of course everything depends on the provider, but as I understand you currently have currently more than 1 service (domain name, redirect?, email server?, hosting space?).



                When your only objective is to prevent others from receiving your emails, it is sufficient to only renew the domain name, and you can avoid the costs for any further service.






                share|improve this answer
























                  54












                  54








                  54






                  As others already mentioned: Yes keeping a domain name is the only way to be sure that nobody is going to receive emails sent to there.



                  That being said:



                  Just keeping a domain is often cheaper than using it



                  Of course everything depends on the provider, but as I understand you currently have currently more than 1 service (domain name, redirect?, email server?, hosting space?).



                  When your only objective is to prevent others from receiving your emails, it is sufficient to only renew the domain name, and you can avoid the costs for any further service.






                  share|improve this answer












                  As others already mentioned: Yes keeping a domain name is the only way to be sure that nobody is going to receive emails sent to there.



                  That being said:



                  Just keeping a domain is often cheaper than using it



                  Of course everything depends on the provider, but as I understand you currently have currently more than 1 service (domain name, redirect?, email server?, hosting space?).



                  When your only objective is to prevent others from receiving your emails, it is sufficient to only renew the domain name, and you can avoid the costs for any further service.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Jan 3 at 12:52









                  Dennis JaheruddinDennis Jaheruddin

                  1,393913




                  1,393913























                      23














                      Assume someone will definitely buy your domain, as domain crawlers try to lock and resell, overpriced, domain names that people forget to renew. An MX record is not required in order to have mails delivered somewhere.



                      Thanks to @Criggie, if an MX record is not set, the Mail Transfer Agent will try to point to the root A record for that domain and open a connection to its port 25. So, the web server responding for the new buyer must also be capable of mail server.



                      Now, we need to estimate the odds that someone will effectively monitor the email address(es).



                      In my personal opinion, unless you are a person worth to target by a human interest, the best that the buyer company will do is just crawl sender email addresses for unsolicited bulk advertising purposes, namely spam. Not to inspect the real contents.



                      Update: non-scientific statistics



                      I tried to ping 5 of the domains I owned in the past. Out of them, one has been purchased in 2015 by what looks like to be a business whose name is meaningful to domain name, and they have set an MX record. The other 4 are not existent.




                      Are there ways to prevent that or is the only option I have is to pay for the domain until I die?




                      Use a long-term grace period



                      That means gradually decommission that domain. Keep it for now, e.g. renew for 2 years, but perhaps establish an auto-responder (or auto-refusal) email like




                      Greetings,



                      the email address me@mydomain.tld will be decommissioned by [2 years from now]. I kindly ask you to update your address book and send the email again to me@mydomain.biz.



                      For the privacy of both, it is important that you kindly implement this change as soon as possible




                      The last sentence explains the matter but is hard to understand for non-security-expert users.



                      I would expect emails sent to mydomain.tld will gradually decrease over time. Do not forget to update your business cards immediately and start using the new ones.



                      Eventually, there could still be someone, hopefully a handful, using your old email address after the grace period expires. What to do?



                      This is where maths come: put on a scale the total cost of lifetime ownership of the old domain name versus the economic losses that YOU will suffer in case a confidential mail is revealed to someone unauthorized. I said YOUR losses because if your customer/sender is a jerk and keeps sending sensitive material to the wrong address it may not be your business.



                      Comment



                      I don't personally like this question from the very beginning. ISPs, including the sender's, have full access to plaintext emails, some may be required by law to keep ("data retention") record for months or years. In the very end, plaintext email is not the best option to deal with sensitive contents.



                      Eventually, we trust major ISPs to protect our privacy. We trust them to...






                      share|improve this answer



















                      • 1




                        It's true that plaintext email is far from ideal, but at least it requires an active attack or a position of privilege to access the contents. But anyone can register a domain once it has expired and been released.
                        – forest
                        Jan 4 at 21:26












                      • Note if a domainname's nameserver doesn't reply with a specific MX record, then MTAs are supposed to try a connection to the root A record of the domain, if it has one. A domain squatter will frequently point the root domain and the www. host at a webserver as advertising.
                        – Criggie
                        Jan 5 at 10:27
















                      23














                      Assume someone will definitely buy your domain, as domain crawlers try to lock and resell, overpriced, domain names that people forget to renew. An MX record is not required in order to have mails delivered somewhere.



                      Thanks to @Criggie, if an MX record is not set, the Mail Transfer Agent will try to point to the root A record for that domain and open a connection to its port 25. So, the web server responding for the new buyer must also be capable of mail server.



                      Now, we need to estimate the odds that someone will effectively monitor the email address(es).



                      In my personal opinion, unless you are a person worth to target by a human interest, the best that the buyer company will do is just crawl sender email addresses for unsolicited bulk advertising purposes, namely spam. Not to inspect the real contents.



                      Update: non-scientific statistics



                      I tried to ping 5 of the domains I owned in the past. Out of them, one has been purchased in 2015 by what looks like to be a business whose name is meaningful to domain name, and they have set an MX record. The other 4 are not existent.




                      Are there ways to prevent that or is the only option I have is to pay for the domain until I die?




                      Use a long-term grace period



                      That means gradually decommission that domain. Keep it for now, e.g. renew for 2 years, but perhaps establish an auto-responder (or auto-refusal) email like




                      Greetings,



                      the email address me@mydomain.tld will be decommissioned by [2 years from now]. I kindly ask you to update your address book and send the email again to me@mydomain.biz.



                      For the privacy of both, it is important that you kindly implement this change as soon as possible




                      The last sentence explains the matter but is hard to understand for non-security-expert users.



                      I would expect emails sent to mydomain.tld will gradually decrease over time. Do not forget to update your business cards immediately and start using the new ones.



                      Eventually, there could still be someone, hopefully a handful, using your old email address after the grace period expires. What to do?



                      This is where maths come: put on a scale the total cost of lifetime ownership of the old domain name versus the economic losses that YOU will suffer in case a confidential mail is revealed to someone unauthorized. I said YOUR losses because if your customer/sender is a jerk and keeps sending sensitive material to the wrong address it may not be your business.



                      Comment



                      I don't personally like this question from the very beginning. ISPs, including the sender's, have full access to plaintext emails, some may be required by law to keep ("data retention") record for months or years. In the very end, plaintext email is not the best option to deal with sensitive contents.



                      Eventually, we trust major ISPs to protect our privacy. We trust them to...






                      share|improve this answer



















                      • 1




                        It's true that plaintext email is far from ideal, but at least it requires an active attack or a position of privilege to access the contents. But anyone can register a domain once it has expired and been released.
                        – forest
                        Jan 4 at 21:26












                      • Note if a domainname's nameserver doesn't reply with a specific MX record, then MTAs are supposed to try a connection to the root A record of the domain, if it has one. A domain squatter will frequently point the root domain and the www. host at a webserver as advertising.
                        – Criggie
                        Jan 5 at 10:27














                      23












                      23








                      23






                      Assume someone will definitely buy your domain, as domain crawlers try to lock and resell, overpriced, domain names that people forget to renew. An MX record is not required in order to have mails delivered somewhere.



                      Thanks to @Criggie, if an MX record is not set, the Mail Transfer Agent will try to point to the root A record for that domain and open a connection to its port 25. So, the web server responding for the new buyer must also be capable of mail server.



                      Now, we need to estimate the odds that someone will effectively monitor the email address(es).



                      In my personal opinion, unless you are a person worth to target by a human interest, the best that the buyer company will do is just crawl sender email addresses for unsolicited bulk advertising purposes, namely spam. Not to inspect the real contents.



                      Update: non-scientific statistics



                      I tried to ping 5 of the domains I owned in the past. Out of them, one has been purchased in 2015 by what looks like to be a business whose name is meaningful to domain name, and they have set an MX record. The other 4 are not existent.




                      Are there ways to prevent that or is the only option I have is to pay for the domain until I die?




                      Use a long-term grace period



                      That means gradually decommission that domain. Keep it for now, e.g. renew for 2 years, but perhaps establish an auto-responder (or auto-refusal) email like




                      Greetings,



                      the email address me@mydomain.tld will be decommissioned by [2 years from now]. I kindly ask you to update your address book and send the email again to me@mydomain.biz.



                      For the privacy of both, it is important that you kindly implement this change as soon as possible




                      The last sentence explains the matter but is hard to understand for non-security-expert users.



                      I would expect emails sent to mydomain.tld will gradually decrease over time. Do not forget to update your business cards immediately and start using the new ones.



                      Eventually, there could still be someone, hopefully a handful, using your old email address after the grace period expires. What to do?



                      This is where maths come: put on a scale the total cost of lifetime ownership of the old domain name versus the economic losses that YOU will suffer in case a confidential mail is revealed to someone unauthorized. I said YOUR losses because if your customer/sender is a jerk and keeps sending sensitive material to the wrong address it may not be your business.



                      Comment



                      I don't personally like this question from the very beginning. ISPs, including the sender's, have full access to plaintext emails, some may be required by law to keep ("data retention") record for months or years. In the very end, plaintext email is not the best option to deal with sensitive contents.



                      Eventually, we trust major ISPs to protect our privacy. We trust them to...






                      share|improve this answer














                      Assume someone will definitely buy your domain, as domain crawlers try to lock and resell, overpriced, domain names that people forget to renew. An MX record is not required in order to have mails delivered somewhere.



                      Thanks to @Criggie, if an MX record is not set, the Mail Transfer Agent will try to point to the root A record for that domain and open a connection to its port 25. So, the web server responding for the new buyer must also be capable of mail server.



                      Now, we need to estimate the odds that someone will effectively monitor the email address(es).



                      In my personal opinion, unless you are a person worth to target by a human interest, the best that the buyer company will do is just crawl sender email addresses for unsolicited bulk advertising purposes, namely spam. Not to inspect the real contents.



                      Update: non-scientific statistics



                      I tried to ping 5 of the domains I owned in the past. Out of them, one has been purchased in 2015 by what looks like to be a business whose name is meaningful to domain name, and they have set an MX record. The other 4 are not existent.




                      Are there ways to prevent that or is the only option I have is to pay for the domain until I die?




                      Use a long-term grace period



                      That means gradually decommission that domain. Keep it for now, e.g. renew for 2 years, but perhaps establish an auto-responder (or auto-refusal) email like




                      Greetings,



                      the email address me@mydomain.tld will be decommissioned by [2 years from now]. I kindly ask you to update your address book and send the email again to me@mydomain.biz.



                      For the privacy of both, it is important that you kindly implement this change as soon as possible




                      The last sentence explains the matter but is hard to understand for non-security-expert users.



                      I would expect emails sent to mydomain.tld will gradually decrease over time. Do not forget to update your business cards immediately and start using the new ones.



                      Eventually, there could still be someone, hopefully a handful, using your old email address after the grace period expires. What to do?



                      This is where maths come: put on a scale the total cost of lifetime ownership of the old domain name versus the economic losses that YOU will suffer in case a confidential mail is revealed to someone unauthorized. I said YOUR losses because if your customer/sender is a jerk and keeps sending sensitive material to the wrong address it may not be your business.



                      Comment



                      I don't personally like this question from the very beginning. ISPs, including the sender's, have full access to plaintext emails, some may be required by law to keep ("data retention") record for months or years. In the very end, plaintext email is not the best option to deal with sensitive contents.



                      Eventually, we trust major ISPs to protect our privacy. We trust them to...







                      share|improve this answer














                      share|improve this answer



                      share|improve this answer








                      edited yesterday

























                      answered Jan 4 at 21:22









                      usr-local-ΕΨΗΕΛΩΝusr-local-ΕΨΗΕΛΩΝ

                      1,376416




                      1,376416








                      • 1




                        It's true that plaintext email is far from ideal, but at least it requires an active attack or a position of privilege to access the contents. But anyone can register a domain once it has expired and been released.
                        – forest
                        Jan 4 at 21:26












                      • Note if a domainname's nameserver doesn't reply with a specific MX record, then MTAs are supposed to try a connection to the root A record of the domain, if it has one. A domain squatter will frequently point the root domain and the www. host at a webserver as advertising.
                        – Criggie
                        Jan 5 at 10:27














                      • 1




                        It's true that plaintext email is far from ideal, but at least it requires an active attack or a position of privilege to access the contents. But anyone can register a domain once it has expired and been released.
                        – forest
                        Jan 4 at 21:26












                      • Note if a domainname's nameserver doesn't reply with a specific MX record, then MTAs are supposed to try a connection to the root A record of the domain, if it has one. A domain squatter will frequently point the root domain and the www. host at a webserver as advertising.
                        – Criggie
                        Jan 5 at 10:27








                      1




                      1




                      It's true that plaintext email is far from ideal, but at least it requires an active attack or a position of privilege to access the contents. But anyone can register a domain once it has expired and been released.
                      – forest
                      Jan 4 at 21:26






                      It's true that plaintext email is far from ideal, but at least it requires an active attack or a position of privilege to access the contents. But anyone can register a domain once it has expired and been released.
                      – forest
                      Jan 4 at 21:26














                      Note if a domainname's nameserver doesn't reply with a specific MX record, then MTAs are supposed to try a connection to the root A record of the domain, if it has one. A domain squatter will frequently point the root domain and the www. host at a webserver as advertising.
                      – Criggie
                      Jan 5 at 10:27




                      Note if a domainname's nameserver doesn't reply with a specific MX record, then MTAs are supposed to try a connection to the root A record of the domain, if it has one. A domain squatter will frequently point the root domain and the www. host at a webserver as advertising.
                      – Criggie
                      Jan 5 at 10:27











                      13














                      Loss of domain name is actually one of the biggest security vulnerabilities that I see "in the wild".



                      It may not rate a symposium topic at Blackhat, but the threat has a gigantic surface area and high business impact, and is at the top of the list when I am briefing a small organization's Board of Directors.



                      So, if you're serious about a domain name, plan to keep it for life. If you're not serious about a domain name, don't put your email on it. That simple.



                      Don't treat your (serious) domain like an annual subscription



                      Domains can be pre-registered out up to 10 years ahead. My own domain expires in 2025, so I'm getting sloppy. :) Long before that I will revisit it and push it out to the max again. When I survey small businesses for domain expiry, I find only about half are set to expire more than 2 years out.



                      Domains are marketed in a way that encourages you to treat them like a magazine subscription or a Netflix membership, thinking they can just renew at any time. They lapse, and return a month later and find someone else has registered the domain for its cash value.



                      This problem is often caused by people bundling their domain name registration with their web hosting. Domains are a measly $12/year. They are often "tossed in for free" with an expensive $180 to $600+ hosting plan. That's great for the web hoster, as he controls your domain and can ransom it if there's a billing dispute such as a $2000 bandwidth overage due to blowing up on social media. If you lapse the web hosting for the wrong 30 day period, the domain can be gone for good. The hoster doesn't care and why would they sink money into registering it out a day longer than necessary?



                      How they profit by poaching domain names



                      When you let your domain lapse, and the grace period ends, in milliseconds it gets pounced on by at least a dozen different actors' automated scripts, all trying to do the same thing. Here's what it gets them.




                      • The ability to monetize (drive ads on) the organic traffic (links and bookmarks) to your web site, as well as any Google/Bing traffic while that holds.

                      • to benefit from the PageRank and other metrics which your site earned with search engines over the years. In the link economy of the Web, a link from a reputable site is worth its weight in gold. Web spammers use this to boost their spammy, scammy or lousy sites.

                      • To trick Google by directly hosting their junk content on your domain name.


                      • To attack organic/search visitors to the site with malware, Flash or PDF exploits, etc. They typically use older exploits to target people who don't keep their system updated.




                        • One small company lost a site which reappeared with its earlier content. Really. The goal was to convince Google the previous owner was still in reputable control, because (they assumed) Google knew to watch for sudden content changes. A few pages were added advertising Acai Berry pills. See how this works? The site outranked the company's new real site for several years.* Normally web-spammers operate on a much larger scale than this with thousands of doorway pages, but this guy was small potatoes.



                      • To intercept email to your site simply to harvest email addresses.


                      • To use their control of your email to do password resets/gain control of your web accounts. They will discover your accounts at at smaller, less protected vendors when those vendors send their routine promotional emails.

                      • To sift through human email to your site looking for opportunities for con games or social hacks.






                      share|improve this answer




























                        13














                        Loss of domain name is actually one of the biggest security vulnerabilities that I see "in the wild".



                        It may not rate a symposium topic at Blackhat, but the threat has a gigantic surface area and high business impact, and is at the top of the list when I am briefing a small organization's Board of Directors.



                        So, if you're serious about a domain name, plan to keep it for life. If you're not serious about a domain name, don't put your email on it. That simple.



                        Don't treat your (serious) domain like an annual subscription



                        Domains can be pre-registered out up to 10 years ahead. My own domain expires in 2025, so I'm getting sloppy. :) Long before that I will revisit it and push it out to the max again. When I survey small businesses for domain expiry, I find only about half are set to expire more than 2 years out.



                        Domains are marketed in a way that encourages you to treat them like a magazine subscription or a Netflix membership, thinking they can just renew at any time. They lapse, and return a month later and find someone else has registered the domain for its cash value.



                        This problem is often caused by people bundling their domain name registration with their web hosting. Domains are a measly $12/year. They are often "tossed in for free" with an expensive $180 to $600+ hosting plan. That's great for the web hoster, as he controls your domain and can ransom it if there's a billing dispute such as a $2000 bandwidth overage due to blowing up on social media. If you lapse the web hosting for the wrong 30 day period, the domain can be gone for good. The hoster doesn't care and why would they sink money into registering it out a day longer than necessary?



                        How they profit by poaching domain names



                        When you let your domain lapse, and the grace period ends, in milliseconds it gets pounced on by at least a dozen different actors' automated scripts, all trying to do the same thing. Here's what it gets them.




                        • The ability to monetize (drive ads on) the organic traffic (links and bookmarks) to your web site, as well as any Google/Bing traffic while that holds.

                        • to benefit from the PageRank and other metrics which your site earned with search engines over the years. In the link economy of the Web, a link from a reputable site is worth its weight in gold. Web spammers use this to boost their spammy, scammy or lousy sites.

                        • To trick Google by directly hosting their junk content on your domain name.


                        • To attack organic/search visitors to the site with malware, Flash or PDF exploits, etc. They typically use older exploits to target people who don't keep their system updated.




                          • One small company lost a site which reappeared with its earlier content. Really. The goal was to convince Google the previous owner was still in reputable control, because (they assumed) Google knew to watch for sudden content changes. A few pages were added advertising Acai Berry pills. See how this works? The site outranked the company's new real site for several years.* Normally web-spammers operate on a much larger scale than this with thousands of doorway pages, but this guy was small potatoes.



                        • To intercept email to your site simply to harvest email addresses.


                        • To use their control of your email to do password resets/gain control of your web accounts. They will discover your accounts at at smaller, less protected vendors when those vendors send their routine promotional emails.

                        • To sift through human email to your site looking for opportunities for con games or social hacks.






                        share|improve this answer


























                          13












                          13








                          13






                          Loss of domain name is actually one of the biggest security vulnerabilities that I see "in the wild".



                          It may not rate a symposium topic at Blackhat, but the threat has a gigantic surface area and high business impact, and is at the top of the list when I am briefing a small organization's Board of Directors.



                          So, if you're serious about a domain name, plan to keep it for life. If you're not serious about a domain name, don't put your email on it. That simple.



                          Don't treat your (serious) domain like an annual subscription



                          Domains can be pre-registered out up to 10 years ahead. My own domain expires in 2025, so I'm getting sloppy. :) Long before that I will revisit it and push it out to the max again. When I survey small businesses for domain expiry, I find only about half are set to expire more than 2 years out.



                          Domains are marketed in a way that encourages you to treat them like a magazine subscription or a Netflix membership, thinking they can just renew at any time. They lapse, and return a month later and find someone else has registered the domain for its cash value.



                          This problem is often caused by people bundling their domain name registration with their web hosting. Domains are a measly $12/year. They are often "tossed in for free" with an expensive $180 to $600+ hosting plan. That's great for the web hoster, as he controls your domain and can ransom it if there's a billing dispute such as a $2000 bandwidth overage due to blowing up on social media. If you lapse the web hosting for the wrong 30 day period, the domain can be gone for good. The hoster doesn't care and why would they sink money into registering it out a day longer than necessary?



                          How they profit by poaching domain names



                          When you let your domain lapse, and the grace period ends, in milliseconds it gets pounced on by at least a dozen different actors' automated scripts, all trying to do the same thing. Here's what it gets them.




                          • The ability to monetize (drive ads on) the organic traffic (links and bookmarks) to your web site, as well as any Google/Bing traffic while that holds.

                          • to benefit from the PageRank and other metrics which your site earned with search engines over the years. In the link economy of the Web, a link from a reputable site is worth its weight in gold. Web spammers use this to boost their spammy, scammy or lousy sites.

                          • To trick Google by directly hosting their junk content on your domain name.


                          • To attack organic/search visitors to the site with malware, Flash or PDF exploits, etc. They typically use older exploits to target people who don't keep their system updated.




                            • One small company lost a site which reappeared with its earlier content. Really. The goal was to convince Google the previous owner was still in reputable control, because (they assumed) Google knew to watch for sudden content changes. A few pages were added advertising Acai Berry pills. See how this works? The site outranked the company's new real site for several years.* Normally web-spammers operate on a much larger scale than this with thousands of doorway pages, but this guy was small potatoes.



                          • To intercept email to your site simply to harvest email addresses.


                          • To use their control of your email to do password resets/gain control of your web accounts. They will discover your accounts at at smaller, less protected vendors when those vendors send their routine promotional emails.

                          • To sift through human email to your site looking for opportunities for con games or social hacks.






                          share|improve this answer














                          Loss of domain name is actually one of the biggest security vulnerabilities that I see "in the wild".



                          It may not rate a symposium topic at Blackhat, but the threat has a gigantic surface area and high business impact, and is at the top of the list when I am briefing a small organization's Board of Directors.



                          So, if you're serious about a domain name, plan to keep it for life. If you're not serious about a domain name, don't put your email on it. That simple.



                          Don't treat your (serious) domain like an annual subscription



                          Domains can be pre-registered out up to 10 years ahead. My own domain expires in 2025, so I'm getting sloppy. :) Long before that I will revisit it and push it out to the max again. When I survey small businesses for domain expiry, I find only about half are set to expire more than 2 years out.



                          Domains are marketed in a way that encourages you to treat them like a magazine subscription or a Netflix membership, thinking they can just renew at any time. They lapse, and return a month later and find someone else has registered the domain for its cash value.



                          This problem is often caused by people bundling their domain name registration with their web hosting. Domains are a measly $12/year. They are often "tossed in for free" with an expensive $180 to $600+ hosting plan. That's great for the web hoster, as he controls your domain and can ransom it if there's a billing dispute such as a $2000 bandwidth overage due to blowing up on social media. If you lapse the web hosting for the wrong 30 day period, the domain can be gone for good. The hoster doesn't care and why would they sink money into registering it out a day longer than necessary?



                          How they profit by poaching domain names



                          When you let your domain lapse, and the grace period ends, in milliseconds it gets pounced on by at least a dozen different actors' automated scripts, all trying to do the same thing. Here's what it gets them.




                          • The ability to monetize (drive ads on) the organic traffic (links and bookmarks) to your web site, as well as any Google/Bing traffic while that holds.

                          • to benefit from the PageRank and other metrics which your site earned with search engines over the years. In the link economy of the Web, a link from a reputable site is worth its weight in gold. Web spammers use this to boost their spammy, scammy or lousy sites.

                          • To trick Google by directly hosting their junk content on your domain name.


                          • To attack organic/search visitors to the site with malware, Flash or PDF exploits, etc. They typically use older exploits to target people who don't keep their system updated.




                            • One small company lost a site which reappeared with its earlier content. Really. The goal was to convince Google the previous owner was still in reputable control, because (they assumed) Google knew to watch for sudden content changes. A few pages were added advertising Acai Berry pills. See how this works? The site outranked the company's new real site for several years.* Normally web-spammers operate on a much larger scale than this with thousands of doorway pages, but this guy was small potatoes.



                          • To intercept email to your site simply to harvest email addresses.


                          • To use their control of your email to do password resets/gain control of your web accounts. They will discover your accounts at at smaller, less protected vendors when those vendors send their routine promotional emails.

                          • To sift through human email to your site looking for opportunities for con games or social hacks.







                          share|improve this answer














                          share|improve this answer



                          share|improve this answer








                          edited yesterday









                          Captain Man

                          1114




                          1114










                          answered Jan 5 at 21:51









                          HarperHarper

                          1,992413




                          1,992413























                              8














                              Yes, the scenario described is possible. As an example, it happened to Google in 2015 when they lost control of google.com, and Microsoft back in 2003 with hotmail.co.uk. Those domains got bought. For Google's case:




                              ...He also received emails with internal information, which he has
                              since reported to Google's security team, Ved said.



                              ...His run of Google.com was short-lived though. Google Domains
                              canceled the sale a minute later...




                              For Microsoft, who lost control of a domain for an email service, possibly putting thousands in the situation described:




                              [Microsoft] managed to contact hotmail.co.uk's new owner, grovel at their mistake and sort out the mess. By all accounts, hotmail.co.uk will be returned in a few days.






                              The only way to be sure that confidential emails don't leak is to own the domain indefinitely. However, as mentioned by usr-local-ΕΨΗΕΛΩΝ, you could balance your possible loss if a confidential email leaks versus the cost of owning the domain for a long time.



                              Practically, what you could do is replace your emails with the expiring domain on sites that you registered on. Also, inform your contacts to eschew your old email (or domain, or both).



                              As an additional step, hold on to the domain for a year or five and deliberately blackhole your MX records, so that senders who didn't get (or could not get) the memo would be greeted by errors. For Gmail, a sample would be



                              Gmail - Message not delivered






                              share|improve this answer




























                                8














                                Yes, the scenario described is possible. As an example, it happened to Google in 2015 when they lost control of google.com, and Microsoft back in 2003 with hotmail.co.uk. Those domains got bought. For Google's case:




                                ...He also received emails with internal information, which he has
                                since reported to Google's security team, Ved said.



                                ...His run of Google.com was short-lived though. Google Domains
                                canceled the sale a minute later...




                                For Microsoft, who lost control of a domain for an email service, possibly putting thousands in the situation described:




                                [Microsoft] managed to contact hotmail.co.uk's new owner, grovel at their mistake and sort out the mess. By all accounts, hotmail.co.uk will be returned in a few days.






                                The only way to be sure that confidential emails don't leak is to own the domain indefinitely. However, as mentioned by usr-local-ΕΨΗΕΛΩΝ, you could balance your possible loss if a confidential email leaks versus the cost of owning the domain for a long time.



                                Practically, what you could do is replace your emails with the expiring domain on sites that you registered on. Also, inform your contacts to eschew your old email (or domain, or both).



                                As an additional step, hold on to the domain for a year or five and deliberately blackhole your MX records, so that senders who didn't get (or could not get) the memo would be greeted by errors. For Gmail, a sample would be



                                Gmail - Message not delivered






                                share|improve this answer


























                                  8












                                  8








                                  8






                                  Yes, the scenario described is possible. As an example, it happened to Google in 2015 when they lost control of google.com, and Microsoft back in 2003 with hotmail.co.uk. Those domains got bought. For Google's case:




                                  ...He also received emails with internal information, which he has
                                  since reported to Google's security team, Ved said.



                                  ...His run of Google.com was short-lived though. Google Domains
                                  canceled the sale a minute later...




                                  For Microsoft, who lost control of a domain for an email service, possibly putting thousands in the situation described:




                                  [Microsoft] managed to contact hotmail.co.uk's new owner, grovel at their mistake and sort out the mess. By all accounts, hotmail.co.uk will be returned in a few days.






                                  The only way to be sure that confidential emails don't leak is to own the domain indefinitely. However, as mentioned by usr-local-ΕΨΗΕΛΩΝ, you could balance your possible loss if a confidential email leaks versus the cost of owning the domain for a long time.



                                  Practically, what you could do is replace your emails with the expiring domain on sites that you registered on. Also, inform your contacts to eschew your old email (or domain, or both).



                                  As an additional step, hold on to the domain for a year or five and deliberately blackhole your MX records, so that senders who didn't get (or could not get) the memo would be greeted by errors. For Gmail, a sample would be



                                  Gmail - Message not delivered






                                  share|improve this answer














                                  Yes, the scenario described is possible. As an example, it happened to Google in 2015 when they lost control of google.com, and Microsoft back in 2003 with hotmail.co.uk. Those domains got bought. For Google's case:




                                  ...He also received emails with internal information, which he has
                                  since reported to Google's security team, Ved said.



                                  ...His run of Google.com was short-lived though. Google Domains
                                  canceled the sale a minute later...




                                  For Microsoft, who lost control of a domain for an email service, possibly putting thousands in the situation described:




                                  [Microsoft] managed to contact hotmail.co.uk's new owner, grovel at their mistake and sort out the mess. By all accounts, hotmail.co.uk will be returned in a few days.






                                  The only way to be sure that confidential emails don't leak is to own the domain indefinitely. However, as mentioned by usr-local-ΕΨΗΕΛΩΝ, you could balance your possible loss if a confidential email leaks versus the cost of owning the domain for a long time.



                                  Practically, what you could do is replace your emails with the expiring domain on sites that you registered on. Also, inform your contacts to eschew your old email (or domain, or both).



                                  As an additional step, hold on to the domain for a year or five and deliberately blackhole your MX records, so that senders who didn't get (or could not get) the memo would be greeted by errors. For Gmail, a sample would be



                                  Gmail - Message not delivered







                                  share|improve this answer














                                  share|improve this answer



                                  share|improve this answer








                                  edited 2 days ago

























                                  answered Jan 5 at 13:33









                                  pandalion98pandalion98

                                  335311




                                  335311























                                      4














                                      Yes, the new owner will be able to receive and read all your email. The only way to avoid this is to continue paying for the domain. It is not necessary to keep hosting - only pay the domain. If you prepay for 10 years, the price will be about $90 or less for .com domain. It is important to remember the expiration after 10 years and the password. If the domain is not com/net/org, the price will be higher.






                                      share|improve this answer


























                                        4














                                        Yes, the new owner will be able to receive and read all your email. The only way to avoid this is to continue paying for the domain. It is not necessary to keep hosting - only pay the domain. If you prepay for 10 years, the price will be about $90 or less for .com domain. It is important to remember the expiration after 10 years and the password. If the domain is not com/net/org, the price will be higher.






                                        share|improve this answer
























                                          4












                                          4








                                          4






                                          Yes, the new owner will be able to receive and read all your email. The only way to avoid this is to continue paying for the domain. It is not necessary to keep hosting - only pay the domain. If you prepay for 10 years, the price will be about $90 or less for .com domain. It is important to remember the expiration after 10 years and the password. If the domain is not com/net/org, the price will be higher.






                                          share|improve this answer












                                          Yes, the new owner will be able to receive and read all your email. The only way to avoid this is to continue paying for the domain. It is not necessary to keep hosting - only pay the domain. If you prepay for 10 years, the price will be about $90 or less for .com domain. It is important to remember the expiration after 10 years and the password. If the domain is not com/net/org, the price will be higher.







                                          share|improve this answer












                                          share|improve this answer



                                          share|improve this answer










                                          answered Jan 5 at 13:37









                                          i486i486

                                          1415




                                          1415























                                              3















                                              Are there ways to prevent that or is the only option I have is to pay
                                              for the domain until I die?




                                              Depending on who is hosting your email, you maybe able to setup an auto-responder.



                                              Usually some kind of vacation responder is available. Either that or rule/filter can be the same thing.



                                              If new email arrives reply "this account is no longer active please redirect your emails to ....." or "this is services is no longer available please discontinue sending emails"



                                              Same thing with vacation responder.



                                              https://tools.ietf.org/html/rfc1846




                                              521 does not accept mail (see rfc1846)




                                              I don't know if you can configure your mail server to do a 521 response or not.



                                              Anyway after about a year of this everyone should get the idea and stop sending emails.






                                              share|improve this answer


























                                                3















                                                Are there ways to prevent that or is the only option I have is to pay
                                                for the domain until I die?




                                                Depending on who is hosting your email, you maybe able to setup an auto-responder.



                                                Usually some kind of vacation responder is available. Either that or rule/filter can be the same thing.



                                                If new email arrives reply "this account is no longer active please redirect your emails to ....." or "this is services is no longer available please discontinue sending emails"



                                                Same thing with vacation responder.



                                                https://tools.ietf.org/html/rfc1846




                                                521 does not accept mail (see rfc1846)




                                                I don't know if you can configure your mail server to do a 521 response or not.



                                                Anyway after about a year of this everyone should get the idea and stop sending emails.






                                                share|improve this answer
























                                                  3












                                                  3








                                                  3







                                                  Are there ways to prevent that or is the only option I have is to pay
                                                  for the domain until I die?




                                                  Depending on who is hosting your email, you maybe able to setup an auto-responder.



                                                  Usually some kind of vacation responder is available. Either that or rule/filter can be the same thing.



                                                  If new email arrives reply "this account is no longer active please redirect your emails to ....." or "this is services is no longer available please discontinue sending emails"



                                                  Same thing with vacation responder.



                                                  https://tools.ietf.org/html/rfc1846




                                                  521 does not accept mail (see rfc1846)




                                                  I don't know if you can configure your mail server to do a 521 response or not.



                                                  Anyway after about a year of this everyone should get the idea and stop sending emails.






                                                  share|improve this answer













                                                  Are there ways to prevent that or is the only option I have is to pay
                                                  for the domain until I die?




                                                  Depending on who is hosting your email, you maybe able to setup an auto-responder.



                                                  Usually some kind of vacation responder is available. Either that or rule/filter can be the same thing.



                                                  If new email arrives reply "this account is no longer active please redirect your emails to ....." or "this is services is no longer available please discontinue sending emails"



                                                  Same thing with vacation responder.



                                                  https://tools.ietf.org/html/rfc1846




                                                  521 does not accept mail (see rfc1846)




                                                  I don't know if you can configure your mail server to do a 521 response or not.



                                                  Anyway after about a year of this everyone should get the idea and stop sending emails.







                                                  share|improve this answer












                                                  share|improve this answer



                                                  share|improve this answer










                                                  answered yesterday









                                                  cybernardcybernard

                                                  49028




                                                  49028























                                                      0














                                                      All the technical stuff has already been answered, but just to put a slightly different slant on it...



                                                      If you move house, you get your postal mail redirected to your new place, but not indefinitely. Eventually you have to assume that anyone important knows where you live and can send you mail there. And that if they don't then mail sent to the old address can potentially be opened by someone else.



                                                      I'd suggest it's the same with old domains - change your reply-to address so that it's the new domain, keep the old one for long enough to be able to reply to anyone sending you mail there, and put some effort into contacting everyone you want to stay in touch with.



                                                      Eventually, the mail sent to the old domain will trickle to nothing, and at some point along that way, you'll be happy to stop re-registering the domain.



                                                      If that point never comes, then you'll have to keep the domain forever, as others have said.






                                                      share|improve this answer


























                                                        0














                                                        All the technical stuff has already been answered, but just to put a slightly different slant on it...



                                                        If you move house, you get your postal mail redirected to your new place, but not indefinitely. Eventually you have to assume that anyone important knows where you live and can send you mail there. And that if they don't then mail sent to the old address can potentially be opened by someone else.



                                                        I'd suggest it's the same with old domains - change your reply-to address so that it's the new domain, keep the old one for long enough to be able to reply to anyone sending you mail there, and put some effort into contacting everyone you want to stay in touch with.



                                                        Eventually, the mail sent to the old domain will trickle to nothing, and at some point along that way, you'll be happy to stop re-registering the domain.



                                                        If that point never comes, then you'll have to keep the domain forever, as others have said.






                                                        share|improve this answer
























                                                          0












                                                          0








                                                          0






                                                          All the technical stuff has already been answered, but just to put a slightly different slant on it...



                                                          If you move house, you get your postal mail redirected to your new place, but not indefinitely. Eventually you have to assume that anyone important knows where you live and can send you mail there. And that if they don't then mail sent to the old address can potentially be opened by someone else.



                                                          I'd suggest it's the same with old domains - change your reply-to address so that it's the new domain, keep the old one for long enough to be able to reply to anyone sending you mail there, and put some effort into contacting everyone you want to stay in touch with.



                                                          Eventually, the mail sent to the old domain will trickle to nothing, and at some point along that way, you'll be happy to stop re-registering the domain.



                                                          If that point never comes, then you'll have to keep the domain forever, as others have said.






                                                          share|improve this answer












                                                          All the technical stuff has already been answered, but just to put a slightly different slant on it...



                                                          If you move house, you get your postal mail redirected to your new place, but not indefinitely. Eventually you have to assume that anyone important knows where you live and can send you mail there. And that if they don't then mail sent to the old address can potentially be opened by someone else.



                                                          I'd suggest it's the same with old domains - change your reply-to address so that it's the new domain, keep the old one for long enough to be able to reply to anyone sending you mail there, and put some effort into contacting everyone you want to stay in touch with.



                                                          Eventually, the mail sent to the old domain will trickle to nothing, and at some point along that way, you'll be happy to stop re-registering the domain.



                                                          If that point never comes, then you'll have to keep the domain forever, as others have said.







                                                          share|improve this answer












                                                          share|improve this answer



                                                          share|improve this answer










                                                          answered 2 hours ago









                                                          ChrisAChrisA

                                                          1113




                                                          1113






















                                                              Skiddie Hunter is a new contributor. Be nice, and check out our Code of Conduct.










                                                              draft saved

                                                              draft discarded


















                                                              Skiddie Hunter is a new contributor. Be nice, and check out our Code of Conduct.













                                                              Skiddie Hunter is a new contributor. Be nice, and check out our Code of Conduct.












                                                              Skiddie Hunter is a new contributor. Be nice, and check out our Code of Conduct.
















                                                              Thanks for contributing an answer to Information Security Stack Exchange!


                                                              • Please be sure to answer the question. Provide details and share your research!

                                                              But avoid



                                                              • Asking for help, clarification, or responding to other answers.

                                                              • Making statements based on opinion; back them up with references or personal experience.


                                                              To learn more, see our tips on writing great answers.





                                                              Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                                                              Please pay close attention to the following guidance:


                                                              • Please be sure to answer the question. Provide details and share your research!

                                                              But avoid



                                                              • Asking for help, clarification, or responding to other answers.

                                                              • Making statements based on opinion; back them up with references or personal experience.


                                                              To learn more, see our tips on writing great answers.




                                                              draft saved


                                                              draft discarded














                                                              StackExchange.ready(
                                                              function () {
                                                              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f200720%2fcan-someone-read-my-e-mail-if-i-lose-ownership-of-my-domain%23new-answer', 'question_page');
                                                              }
                                                              );

                                                              Post as a guest















                                                              Required, but never shown





















































                                                              Required, but never shown














                                                              Required, but never shown












                                                              Required, but never shown







                                                              Required, but never shown

































                                                              Required, but never shown














                                                              Required, but never shown












                                                              Required, but never shown







                                                              Required, but never shown







                                                              Popular posts from this blog

                                                              Liste der Baudenkmale in Friedland (Mecklenburg)

                                                              Single-Malt-Whisky

                                                              Czorneboh