4 comments

[ 4.2 ms ] story [ 14.4 ms ] thread
I'm thinking of creating a website for a friend. This includes registering a domain name and setting up a couple email addresses (myfriend@myfriend.com, etc.)

If the friend doesn't maintain the domain registration, and the domain falls into the hands of a nefarious actor, how can I protect my friends email addresses?

If I'm not mistaken, it is a common tactic to register a defunct domain name and impersonate the associated email addresses.

What can be done to avoid this?

Maintain the domain registration indefinitely on behalf of your friend. You could register it for ten years and renew it yearly so the risk is always ten years out, and hope that by the time they stop using it, whatever systems they authenticated with it are also defunct within ten years. You could also retain a company like MarkMonitor, which does domain management as part of trademark and other IP management.

But there's no way to control it after it lapses. It's an implicit risk for any system that relies on email for authentication.

Hm. This means that any domain name registered for a friend, client, project, etc. must be registered indefinitely IF a domain email address was used (and said email address is deemed to be "important").

Feels like there is a product offering here...