Aller au contenu Aller au menu principal Aller au menu secondaire Aller au pied de page

What are the options for a domain name that’s no longer needed?

Home > Observatory and resources > Expert papers > What are the options for a domain name that’s no longer needed?
01/13/2025

The recent problem of a government domain name corresponding to an organisation no longer in existence, and which had been hijacked, has reopened the question of domain names that are no longer needed. For example, a company that changes its name, a project that has been concluded, a public body that ceases to exist… What good practices should be adopted in these situations?

The risks

The first option is non-decision. A project is dropped but the name is kept indefinitely because the person is unable to decide on a course of action. If the name was registered with a domain name registry, that means they will continue to pay1 even though the name is no longer used. If the name was a sub-domain of a domain which the person owns, the direct financial cost is zero, but there are other risks, such as an attack on the sub-domain, as covered below. And, of course, the biggest risk associated with this non-decision is that anything can happen to a neglected name. For example, it will likely not be carefully managed and will therefore be exposed to greater risks of being malicious hijacking, as explained above.

So it is important to make a decision. Each case is naturally different, and needs to be analysed as such. Let’s look at the possible criteria:

  • If deleted, is there a risk that the domain will be registered by someone else? If the domain name was registered under a public suffix, like .fr or .com, this re-registration presents a serious risk, with consequences like use by a competitor or by a service with which you do not want to be associated2. If, however, it was a sub-domain of a domain registered by yourself, or it was under a name registration with strict conditions (like gouv.fr or the root), the risk or re-registration is not as high.
  • Was the domain used for web hosting, with interesting and relevant content that would be beneficial to leave online? The web already has a problem with large numbers of interesting pages that become impossible to find3, and adding more 404 errors to this does nothing to help4. Of course, we can always change the internal links, but definitely not all the links, bookmarks and other references to addresses linked to the domain no longer needed5-6.
  • The same goes if the domain was used for services like email. Just as we cannot hope to change all of the references to old addresses scattered to the four corners of the Internet, references to email addresses are also too numerous to allow us to delete a domain that was used for public email addresses7. A common mistake is to believe that we are aware of all the uses of a domain. This is in fact rarely true.
  • Price is evidently a decision-making criterion. Note that domain names are often inexpensive on a corporate or State budget, and that the consequences of an ill-considered deletion can often far exceed this budget.

In short, there is no overriding rule, each case needs to be studied on its own merits.

It should be noted that, if you retain a domain name that directed to an IP address and that IP address is hosted by a public web host, and the IP address is relinquished (keeping the name, which often happens at the end of a project), you are vulnerable to a common attack, an attack on the sub-domain. How does it work? The attacker writes a programme which, using the API8 of the public host, reserves IP addresses until it stumbles upon9 the relinquished address. It then has control of a machine directed to one of your domain names, which can allow them to place or steal cookies or obtain certificates.

Recommendations

  1. Make sure to keep in mind that a domain name, once used, is difficult to delete. You need to think carefully before kicking away the ladder, so to speak. The line of reasoning “we have no more need for it so we can delete it” is often flawed.
  2. But if we keep the name, it needs to be managed with almost the same level of care as active domains.
  3. Given that relinquishing a name in a public suffix is a more delicate matter (risk of re-registration), you need to think carefully before purchasing one. If your company has the domain example.com, and creates a campaign surrounding a service named BonCafé, using boncafé.example.com is often a better option than purchasing the domain boncafé.com. So remember to use sub-domains of your domains10.

1 – For many organisations, the arduousness of decision-making mechanisms means that it is less costly to continue paying rather than make the decision to stop.

2 – Pornography, for example.

3 – The excellent Internet Archive service, which archives a large part of the web, deserves a mention as a truly essential public service. In Portugal, the Renascer project goes one step further by reusing domain names when they are relinquished, in order to direct them to the web archive. But this type of service does not exist everywhere.

4 – The standard response code for a HTTP server when requesting a page that does not exist or no longer exists.

5 – Hence the important rule: a URL (address) must always continue to work.

6 – We can find -but not correct or delete- public links with a search engine that accepts “site:DOMAIN-NAME” requests.

7 – Doing so leaves you vulnerable to a hijacking attack by which the hijacker registers a deleted domain to recover the email content, which can allow them, among other things, to pose as a contact of a domain using the deleted domain addresses.

8 – Programming interface.

9 – With a large number of public hosts, the cost of this type of search, where addresses that do not correspond are immediately relinquished, can be very low.

10 – This is also good IT security advice, given that it allows you to easily see if a domain actually belongs to you, which is a useful tool against phishing in particular.