1 comment

[ 1.9 ms ] story [ 13.1 ms ] thread
The first responsibility here lies with the owners of these domains letting them expire, of course. But this is such a simple and effective way gather data for phishing, identity theft and fraud that it will hopefully somehow be handled better.

The best I can come up with is that domains used like this should really have TLD level protection from resale. With email so often being the key to a whole account, letting the access to that be put at risk by an IT admin letting a domain expire or an organisation simply forgetting about an old domain is kind of insane.