DNS Belgium, the Registry operating the .BE country code Top Level Domain (ccTLD), recently published an article warning domain name owners of the risks inherent in the practice of “snapping”. Although anyone can legitimately snap up an expired domain name, problems can arise when cybercriminals grab expired domain names and then use them in damaging ways, such as pointing them to fake retail websites or re-creating email addresses based on them.
The practice of “snapping” (also known as backorders or snapbacks) has been around for some time and domain name owners should carefully consider the potential risks before allowing their domain names to expire. The cost of renewing a domain name is, after all, small in comparison with the cost of legal action to recover one that has been registered by a third party who is using the domain name in a way that is damaging.
The Netherlands recently had a highly publicised incident of this kind when politicians from two well-known political parties allowed their domain names to lapse and then subsequently found them pointing to retail websites, the first selling Italian shoes for women and the second wallets from a high street fashion brand.
One element that often gets forgotten when considering whether to lapse a domain name or not is the email address. Quite often a domain name owner will have associated an email address with the domain name. Once the domain name is released, the new owner will be able to re-create and use this same email address.
Another high profile incident in the Netherlands highlighted this danger when a well-known “ethical hacker” called Wouter Slotboom registered a number of domain names previously registered to the Dutch police. For around a year and a half, Slotboom was able to receive confidential police communications, including the security plan for the Christmas market in Dordrecht, via the email addresses he re-created using these domain names.
Domain name registrants should also bear in mind that expiring domain names often feature in lists of domain names set for imminent release on so-called “dropcatching” or backorder sites that are carefully monitored by domainers, not all of whom have the best of intentions.
In view of the above, domain owners should carefully weigh up the costs versus the risks of allowing domain names to lapse and at least continue to renew a domain name that is no longer required for a further few years, especially if it is quite well known and/or generates a lot of traffic. The cost of doing this is not excessive and will reduce the risk of the domain name being of interest to cybercriminals.