The Danger of Expired Domains

When former organization’s domains fall into the wrong hands, they create a unique convergence of trademark infringement and cybersecurity risk

Organizations regularly act to remove unauthorized uses of their logos or copyrighted content. The stakes are higher when these violations happen on domains the organization previously owned. In these cases, the priority shifts from brand protection to preventing potential harm to users who may still trust the domain.

This is not about main organizational domains like UNU.EDU or UN.ORG, which are well protected and actively managed. Instead, it concerns secondary domains that organizations register for particular uses, such as campaign websites, regional projects, acquisitions, or temporary initiatives. For example, an organization might register aiforgood.org for a project, use it for several years, and then let it expire when the project ends or is rebranded. These are the domains that become risky if they expire and are acquired by others.

Why Former Domains Are Particularly Dangerous

Unlike typical trademark infringement, hijacked former domains carry built-in credibility. Years of backlinks, search engine history, and institutional memory work in the bad actor’s favor.  Partners and even employees may instinctively trust these domains based on past legitimacy.

When such a domain is compromised with malware or used for phishing, the damage multiplies. Emails from familiar domains achieve higher success rates. Malicious downloads appear more credible. The organization’s historical reputation becomes a weapon against its own stakeholders.

A Real-World Example

I recently discovered that one of an organization’s former project websites has been taken over by an unauthorized party, who is continuing to use the organization’s logo and contact details. The project concluded in mid-year, after which the organization relinquished the domain and took the website offline. It appears that a third party subsequently acquired the domain, restored archived content, and republished the site. Some pages now contain content that does not align with the original intent of the domain. This misuse creates a risk of confusion and potential reputational damage to the organization. A takedown request is currently in progress.

The Cost-Benefit Reality

Maintaining expired domains indefinitely sounds good in theory, but at $10-15 per year per domain (more for premium extensions), keeping every legacy domain can become expensive. Organizations need to make strategic decisions:

Domains worth keeping:

• Former primary domains used for 5+ years
• URLs closely matching current trademarks
• Domains that still receive significant direct traffic
• URLs in printed materials or permanent media
• Common misspellings of active domains

Domains you can consider releasing:

• Campaign-specific URLs with clear end dates
• Regional variations never heavily promoted
• Domains that never achieved significant brand association 

For domains you decide to release, redirect them to your current site for 12-24 months first. This trains users and search engines, significantly reducing the risk that someone will stumble onto a hijacked version later.

Steps for Taking Down an Infringing Former Domain

If you discover unauthorized use of a former domain, especially one using our trademark(s) or compromised with malicious content, here’s a structured approach:

Important: Work with your legal team from the start. Trademark enforcement requires proper documentation and procedural compliance. Improper handling can weaken your legal position or even create liability. The legal team can ensure notices are properly drafted, deadlines are met, and your trademark rights are preserved throughout the process.

1. Document Everything

• Take timestamped screenshots of the infringing site
• Document all uses of your logos, trademarks, or copyrighted content
• Note any malicious behavior (phishing, malware, fraud)
• Capture WHOIS information for the current registrant

2. Identify the Responsible Parties

• Domain registrar: Where the domain is registered (found in WHOIS)
• Hosting provider: Where the site is hosted (use tools like whois.domaintools.com)
• Current owner: May be masked by privacy protection

3. Send Formal Notices

To the hosting provider:

• File infringement notices based on what’s being misused:
  • Copyright infringement (for original content like articles, images, designs): DMCA notice in the US, or equivalent copyright complaints in other jurisdictions
  • Trademark infringement (for logos, brand names, trade dress): Report through the hosting provider’s trademark complaint process
• Report Terms of Service violations (impersonation, fraud)
• Flag security threats if the site is distributing malware 

To the domain registrar:

• File a trademark complaint through their dispute resolution process
• Many registrars have specific forms for trademark infringement
• Reference the Uniform Domain-Name Dispute-Resolution Policy (UDRP) if applicable 

To the domain owner (if identifiable):

• Send a cease-and-desist letter demanding:
  • Immediate removal of all trademarked content
  • Transfer of the domain back to your organization
  • Confirmation within 10 business days
• Include evidence of your prior ownership and trademark rights

4. Escalate as Needed

If initial notices fail:

• File a UDRP complaint through ICANN-approved dispute resolution providers (typically $1,500-2,000)
  • UDRP applies to most generic top-level domains (.com, .net, .org) regardless of country
  • To succeed, you must prove ALL THREE elements:
    1. The domain is identical or confusingly similar to your trademark
    2. The current owner has no legitimate rights or interests in the domain
    3. The domain was registered and is being used in bad faith
  • Note: UDRP can be challenging for former domains you once owned, as the current owner may argue they registered it legitimately after it became available
  • For country-code domains (.uk, .ca, .au, etc.), check the specific ccTLD dispute policy
     
• Consider trademark infringement litigation in the appropriate jurisdiction:
  • Where the infringer is located
  • Where the domain registrar is based
  • Where the harm is occurring
     
• Report to relevant authorities based on your location and the nature of the violation:
  • Cybercrime/fraud: National cybercrime units (FBI IC3 in US, Action Fraud in UK, Europol’s EC3 in EU, etc.)
  • Consumer protection: National consumer protection agencies (FTC in US, CMA in UK, national consumer authorities in EU, etc.)
  • Business impersonation: Local law enforcement or business fraud divisions

5. Protect Your Stakeholders

While pursuing takedown:

• Publish warnings on your official channels about the unauthorized site
• Submit delisting requests to search engines (Google Search Console, Bing Webmaster Tools)
• Alert customers directly if you have contact information
• Consider purchasing ads on the old domain name to direct searchers to your warning

Prevention: The Best Strategy

Domain portfolio management is a critical component of brand protection. The best approach:

1. Audit your project domain portfolio annually
2. Categorize by strategic importance
3. Set renewal reminders 90 days before expiration
4. For domains you’ll release: redirect for 12-24 months first
5. Monitor expired domains quarterly using domain watch services such as DomainTools, BrandShield, and UNICC (United Nations International Computing Centre), which offers comprehensive monitoring and takedown services for UN entities.

The cost of maintaining truly important legacy domains, perhaps $100-500 annually, is almost always less than the cost of dealing with a single well-executed impersonation campaign or the legal fees for reclaiming a hijacked domain.

When unauthorized use does occur, especially on a compromised former domain, swift and coordinated action across legal, technical, and communications channels is essential. Every day of delay increases both reputational damage and the risk of harm to those who still trust your brand.