I have been looking into buying a domain name, and I opened a discussion with the owner via the current Whois email address. One thing I noticed is that a year or two ago, the email address changed while the other Whois information remained the same. On very rare occasions, this can be indicative of a domain theft where a thief controls the new email address unbeknownst to the real owner.
One way that I like to do due diligence is to send an email to the old email address found via DomainTools Historical Whois search. Typically, I will send a short email to the old email address confirming that the current email address is accurate and that the rightful domain owner is aware of the email discussion.
If I don’t receive a reply confirming this, I would likely follow up with a phone call to confirm ownership. Sometimes people ditch an old email address and they bounce back as undeliverable, but sometimes they seem to disappear. Other times, the person doesn’t monitor the old email address any longer, and those emails go unanswered.
I can’t recall ever running into a situation where I have encountered a domain theft when doing this type of due diligence. I have seen stolen domain names that have a changed email address as the only indication of a theft, so it is a good idea to cover all bases.
I would imagine the vast majority of times an email address change is legitimate. People change providers for many reasons. Because it can be an indicator of a problem, I like to send an email to the old email address to be on the safe side. In the situation I mentioned above, the former email address was at an email service provider that no longer exists. The domain owner had to change the email address that was being used. I didn’t think there was an issue with the domain name, but it is better to be sure.