Skip to content
Naked Security Naked Security

How forgetting to renew a domain name cost $3m

If only they'd hit auto-renew

GoDaddy does it. does it. Namecheap does it. Amazon Web Services does it. HostGator does it. The wackily named isn’t all that crazy: it does it, too.

They all offer auto-renewal of domain names. In fact, it’s hard to find any registrar that doesn’t.

But perhaps Sorenson Communications found one. Or then again, perhaps employees’ calendars all broke down simultaneously and failed to send reminders that the domain renewal was coming due. However it happened, the Utah-based telco neglected to renew its domain in 2016. So, as these things go, it slipped silently off the internet.

That’s not good for anybody. But it’s particularly not good when you’re the company that brings video relay service (VRS) to deaf, hard of hearing and speech-disabled people. For 3 days, 6 – 8 June 2016, all the users who rely on the telco to place calls—including emergency calls—were out of luck as the company was bumped into service outage.

How much does the Federal Communications Commission (FCC) dislike Sorenson having inflicted this oh-so-preventable service outage on customers? … an outage that meant the VRS provider was noncompliant with the Communications Act and FCC rules, which require that services be able at all times to handle any type of call normally provided by carriers, including emergency calls on the US 911 line?

The FCC dislikes it $3 million worth. That’s the fine the regulatory agency imposed on Sorenson on Friday.

That $3m breaks down to $2.7 million to reimburse the Telecommunications Relay Services Fund and a $252,000 penalty. Under the terms of the settlement, Sorenson has also agreed to provide enhanced notices to consumers during outages.

It didn’t have to be this way, the FCC said in its announcement of the settlement:

The Commission’s investigation found the outage was preventable.

The FCC has established specific quality requirements for TRS Fund-supported services. These requirements ensure that persons with hearing or speech disabilities are able to stay connected with friends and family, and access critical services such as 911, in a manner similar to persons without hearing or speech disabilities.

Sorenson, if it’s any consolation, you’re not the first. The Dallas Cowboys did it. Microsoft did it. Twice (buh-bye, Hotmail!). Foursquare did it. Ketchup king Heinz did it with a label-design contest,, that wound up as a porn site.

Hell, even Google did it: some guy bought for $12 in 2015 and held the keys to the Googleopolis for one glorious minute.

As Naked Security’s Mark Stockley points out, this is a cautionary tale for all of us. The lesson to be learned: don’t lose control of your domain.

But even if you don’t face regulatory pain, if your domain is worth owning, there are other people who’d like to own it too. Even if they don’t want to turn your Glory-Widgets-R-Us dot com into a porn site, there’s money to be made by trying to sell it back to you at a massively inflated price or by setting it up as a phishing site.

Failing to renew is hard.

Almost everyone wants you to renew, not least your registrar. It knows what’s in its best interest and a good registrar will make auto-renewal easy, even default to it, and start to nag you long before your domain is up for grabs; after all, you’re its bread and butter.

If you forget to renew a domain all is not lost. On expiry it will enter a grace period where you can still renew it at no extra cost, and even after that’s over there’s a further redemption period where you can still get it back, if you pay a little bit extra. The periods vary depending on the registrar and the top-level domain (the top-level domain is the last part of the name such as .com or .org) but they typically add up to months of time in which you, and only you, can reanimate your undead domain.

So, register your domain for the longest possible period, make sure auto-renew is switched on and check that your credit card isn’t going to expire. And for pity sake, use your calendar. It has all sorts of sophisticated features.

Like, say, reminders.


a good registrar will make auto-renewal easy, even default to it, and start to nag you long before your domain is up for grabs

omg, OMG! All my domains are auto-renew; we decide to dump *one domain* (of ~450). It expires in two months, and I get an email every few days warning that I “have domains about to expire” (plural) and lists all the domains that will autorenew in the next few days along with the one we canceled.

Hey GoDaddy, how about spending some of that energy improving the website?

on a less cynical and more helpful note:
register your domain for the longest possible period
I used to do this, but a couple years ago I noticed (again @GD) that the price is actually *higher* for a five-year renewal than on a one- or two-year cycle.

Certain manufacturers/providers will take advantage of the fact that most of us by now are conditioned to buy in builk; we get a better price-per-quantity than smaller purchases (and that we’re too crunched for time to double-check the math). Not all “bigger” packages are cheaper anymore.



How much is the price bump? I know it’s annoying but in the scheme of things it’s insignificant, no? Compared to the cost of the alternative…


Good point.

Last I checked (couple months ago), it was on the order of a dollar or two per domain, with one- and two-year buys tied for best rate. At 450 domains, that’s a not-insignificant sum annually. Theoretically we also pay lower interest on a lower credit card balance while Visa awaits the monthly payment.

While $500-$1000 annually is small compared to $10,000 ransom on a lapsed property, they’re all set to auto-renew–so the only true cost is my time forwarding an email receipt to our accountant (and her plugging the amount into QuickBooks).

My salaried time is arguably/subjectively “free” to my employer, but GoDaddy is a tangible cost. I vacillate frequently on whether decisions like these move me closer or further to our budget finally including an I.T. assistant (small business).

However as cash is tight lately, registering domains for five years would put more strain on the “look what Bryan made us buy NOW” platform and raise a bigger eyebrow next time I need to replace a Juniper appliance…a year at a time is the right call for us ATM.

I should note we pay for GoDaddy’s discount domain club, dropping individual .com prices from ~$15 to ~$8. IIRC the point where that breaks even is 20-25 domains. I’m unaware if these ratios mirror non-DDC costs.


Actually, it APPEARS that GoDaddy is cheaper by year for short terms than long terms but it’s not really the case. If you actually CALL them, the agents are empowered to negotiate and the longer term you agree to, the lower the per-year cost. Naturally I call them every time–but now it’s out to about 8 years at a cycle.

And don’t forget that you don’t need to pay extra for that “anonymization” service. I don’t use it and do not receive significant spam.


Very interesting; thanks for the tip Laurence. Still crappy that they know most people are in a hurry and will either not notice the higher price or just grumble and accept it.

My boss likes the private registration (he’s a bit of a micromanage/control freak), so I doubt I could talk him out of it. Since .org and .us and others can’t be privatized, I do get unsolicited communication on each of them… those snail mail letters that sound so scary that you’ll lose your domain…and then they “helpfully” register/transfer for the annual fee of $60/$85/$100 per year.

First time I bit for a minute–until I read the entire thing and logged into GD to double-check. I can only imagine how many people have been ripped off by those grifters.

Back on the other hand, my *personal* domains aren’t private, because yeah. It’s easy to toss them into the recycle pile. :-)


We’ve all heard the story of the guy who registered…but I never knew he auctioned the check they gave him. That’s awesome!


I’m curious why it took so long to restore service. Did someone pick it up and hold it for ransom?


That’s a wonderful question for which I have no answer. I asked Sorenson if they’d turned on auto-renew, but they didn’t respond. I figured they wouldn’t be inclined to tell me 1) how they lost it in the first place and 2) what happened to it while it was lost.

But hey, Sorenson, if you’re reading this, we’re all ears! :-)


Here’s another auto-renewal quandary: An organization I am associated with had its website go dark. I contacted the hosting company and explained that the person who set up the site was no longer with us and that I suspected that a renewal was needed. Since I didn’t know the secret identification code, they wouldn’t give me any information. I offered to pay any outstanding bills immediately with my own credit card, but they wouldn’t even accept my money. I asked repeatedly how to resolve the issue if the person with the passwords couldn’t be reached, and no one was able to give me an answer.
Eventually after tracking down the former associate and several unsuccessful attempts to remember the password, he was able to come up with the right one. The question still eats at me: what if he had died or could not be found? Did the provider really have no process for regaining control of our website?
I have since made sure I am not the only one who knows the passwords. I’m grateful that the provider is so careful about password resets, but their lack of a procedure to regain control of the website in this kind of sutuation is frightening.


Ever here of the scam Network Solutions runs?? Let your domain expire and you get hit with a $35.00 reactivation fee, even if the domain is parked!! Civil action suits against this practice but it still persists.


Yes, because when I take someone’s wallet it’s stealing–but when I convince them a hamburger is worth $100 and they pay me for it…I took advantage of ignorance and did nothing illegal.

Unfortunately I doubt it’ll ever be against the law to be a dick. Once it is, prison construction crews will have all the work they’ll ever need.


Lisa wrote “They all offer auto-renewal of domain names. In fact, it’s hard to find any registrar that doesn’t.
“But perhaps Sorenson Communications found one.”

Lisa, obviously you’ve never purchased for a large corporation. One-time buys (either Expense items like the domain name or Capital items like a computer) are easy. Setting up a renewable agreement requires a contract agreed-to and signed by both parties. At renewal time, the bill comes to someone in Payables who knows nothing about the agreement and has to track down the originator who may have left the company, and whose replacement knows nothing about the agreement.

As a (now retired) employee of a 400,000 employee high-tech computer company I’ve experienced this from both sides. It’s just very difficult to do and Purchasing and Legal will push hard to avoid creating a contract.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!