When you buy an expired domain name, owning that domain name does not give you the legal right to any other accounts that are associated with that domain name. For example, if you buy a domain name that has an email address that was set up by the former owner, I don’t think that you don’t have rights to accounts that were set up by that former owner.
An interesting example of this came up when Abdu Tarabichi tweeted:
Got my hands on an expired #domain & configured catch-all on email only to discover that it’s attached to a PayPal account with $$$. Another reason why you should undo your property before you let your domain expire!
As far as I know, a PayPal account, even though it’s associated with a particular email address, doesn’t belong to the new domain name owner–even though they have access to the email address associated with the PayPal account. I confirmed this with domain name attorney Karen Bernstein, who told me: “If the guy who owns the PayPal account… it’s connected to his credit cards or bank account then he owns it. Once you get money in the PP account you usually have a bank account to transfer the funds.” Karen also mentioned to me that there is also a password associated with the PayPal account, as well. The person owning the expired domain name would only have access to the PayPal account if they reset the password on the account.
Domain Names and Email Addresses
The same rule would apply to someone who has a domain name that uses another email address as it’s contact information. The person still owns the domain name even if someone else owns the domain name with the email address associated with the domain name. Here’s an example of that:
- John owns Keyword1.com. His contact information (in WHOIS) shows john@Keyword2.com as the owner.
- Steve buys Keyword2.com. Just because he sets up john@Keyword2.com and has access to that email address doesn’t mean that he also owns Keyword1.com.
I have run into the above scenario more than once while investigating stolen domain names through my Verified Domains service. One way that thieves steal domain names is through invalid WHOIS data or through email addresses that they get access to by buying an expired domain name.
This applies to any accounts that have been set up and associated with the email address associated with an expired domain name. My personal advice would be, if you are ever in this situation, is to see if you can contact the former domain name owner and tell them about the PayPal account and make arrangements with them to remove the email address of the expired domain name from that account.
How to Set Up a Catchall Email
One of the tasks that I usually do when I buy an expired domain name is set up a catchall email address on the domain name. That way any email sent to any email addresses at that domain name are forwarded to one of my Gmail accounts. This way I can see if there were any important email addresses or email that was associated with the expired domain name. You can easily do this in cPanel if your web host provides cPanel. Here’s how to do that:
- Log into the cPanel account for the domain name.
- Scroll to the Email section and select “Default Address”:
- Select the Forward to Email Address radio button and enter the email address that you want to forward all email to, as shown below:
I usually forward all of the email to a gmail account I have set up specifically for this purpose, or the expired domain names’ email. Gmail does a fairly good job at identifying email spam, and if there are legitimate emails they’ll end up in the gmail account.
The bottom line here is that just because you buy an expired domain name you don’t necessarily have the right to other accounts. You own the domain name and the email addresses, but not any third party accounts that were set up prior to you owning the domain name. That’s what my understanding is. Let’s continue the discussion on Twitter.