Losing control of a domain name due to expiration is something every domain registrant should fear. Domain investors tend to have a solid handle on domain name renewals, but the continued flow of solid domain names at expiry auction platforms like GoDaddy Auctions and NameJet illustrate how frequently good domain names expire.
Nick Grossman is a Partner at Union Square Ventures (USV). For many years, Nick operated a blog on his first+last name .IS domain name. .IS is the ccTLD for the country of Iceland. The domain name accidentally expired, and it was grabbed by a third party. Nick was able to register and use NickGrossman.XYZ, but he faced an issue that I don’t recall hearing about in the past:
“At the time, I was bummed but figured it would just be on me to rebuild SEO to the **real** Nick Grossman blog. But, oddly, the new registrant has taken the extra step of republishing fake versions of my old content on the site, presumably in an attempt to retain SEO the old posts. Notably, all of the content has been slightly modified — just enough, I guess, to sidestep any takedown claims based on copyright infringement.
So, what started out as an annoying and unfortunate situation has taken a turn to something more ugly: at best, an attempt to farm some referral links; in the middle, a shakedown effort; and at worst, an attempt at some kind of slow-motion identity theft.”
In essence, someone used the domain name in a manner that could impersonate Nick. They could set up the same email addresses to receive inbound messages. In addition, they would be able to send outbound emails impersonating Nick as well. That would likely violate various laws, but that is not my area of expertise.
Unfortunately for Nick, domain names in the .IS extension can not use the UDRP process to re-take control of a domain name that is being used in this manner. The .IS registry has its own set of parameters that need to be followed to file a complaint for an infringing domain name.
Whether a domain name is used for business or personal reasons, it is critical to not let a meaningful domain name lapse. There are various ways a bad actor can use a domain name, and impersonation is one I had not thought about before.