I recently discovered a big potential security risk. I’m sure this is widely talk about on the Internet, but I failed to find it with a few quick google searches. Anyway, it’s related to letting a domain name expire.
Apparently, Webcraft Studios belonged to an active company previous to my owning it. I set up a “catch all” email address for any emails sent to any address (other than ones I setup). I started noticing a lot of mailing list type emails coming into specific addresses. Then, I got a message from ebay. That’s when I realized how dangerous this is.
Nearly every password protected website from email or forums to online banking allows you to reset a password and send it to the email address matched to the account. That said, I now - potentially - have access to someone’s ebay account. Hopefully, no paypal account is associated with the address.
I’ve never used a company email address for any private accounts; so, I never really considered the potential risk. It seems terribly obvious that someone else may one day own your domain name. I’ve also noticed that many of the domain names I’ve let expire, particularly the ones with any kind of page rank established, get bought up by domain squatters immediately. I wonder what kind of data they could mine simply by collecting all the emails being sent to those domains? I wonder if they’re actually farming this?
Leave a Reply