Due Diligence: Subtle Email Address Changes

3

There are many different facets to doing due diligence when buying a domain name. I use DomainTools’ Whois history tool to verify as much information as possible before buying a domain name. I will often call the phone number listed on the Whois record, and I may even call previous phone number listings as well. I don’t think too much due diligence is possible.

One area that may tip people off to a potential issue is a subtle email address change. When I see a very subtle change in the listed email address, it sets off alarm bells in my head. For example, if a Whois email address for 10 years was FirstNameLastName@yahoo.com and it recently changed to FirstNameLastName@hotmail.com, it makes me wonder if the change was legitimate. This change could be used for social engineering or to make others think the domain name has not changed hands.

I have seen and heard of domain name thefts where the thief makes a very subtle, almost unnoticeable change to the Whois entry. Most people might miss it, and if they do miss it, they could be buying a domain name from someone who isn’t the rightful owner of said domain name. This is especially the case when the prospective buyer does not have a DomainTools account to compare the current email address to previous email addresses on file.

There are many reasons why a subtle change might be necessary and completely legitimate. For instance, if a domain owner decides to change his email provider, he or she will need to update the Whois records.

Whenever I see a change on a Whois record, especially if it was recent and the domain owner reached out to me to sell a domain name, I have my guard up. Due diligence is necessary to be sure that a domain name  sale is legitimate. Checking the email address is one facet of due diligence, and it should be done in conjunction with other due diligence.

3 COMMENTS

  1. If in case after taking our measures still we buy a stolen domain name, from an unrightful owner and the old owner approaches us saying that the name was stolen and he needs it back. What would be our answer to this. It would be a name that is difficult to loose and the investment we made also is on the higher side. In your years have you come across something like that. If not also if in future if it happens how may you deal with it.

    • I guess it all depends on the situation (ie where you bought it, how it was paid for, when it was bought…etc. All of those things would play a major role in determining how I would handle the situation.

      If it happened to a domain name that my company bought, I would probably refer the situation to my attorney.

  2. True, when buying a domain one needs to be diligent. Although a change of address can also be used by the seller as an additional marketing tool. To explain, a big hook for domain registrars these days is to offer domain “backorders”. If you own good domains, there’s a good chance somebody placed a backorder. It’s kept confidential so you never know if someone is waiting. The backorder program usually includes sending the waiting party an update report whenever the domain’s who-is record changes. By simply changing periodically the who-is email address (like to sale@ or sale-ending@) could possibly renew their interest. Adding an extra year of registration can also push the backorder customer to not wait any longer and just buy the domain! Address changes can also be the seller shaking off spam build up.

Leave a Reply