In the web hosting world, two tasks essential to keeping a site up and running are routinely forgotten, renewing SSL certificates and renewing domain names. Every once in awhile, we’ll hear about a big corporation that has somehow neglected to renew a domain name or buy a new SSL certificate. It’s happened to Google, to Microsoft, to thousands of less prominent site owners, and recently it happened to Samsung.
In 2014, Samsung retired an app called S Suggest, which communicated with its servers at the ssuggest.com domain. Although S Suggest isn’t maintained, it’s still installed on millions of older Samsung devices. Recently, the ssuggest.com domain expired, which means it was up for grabs by anyone smart enough to realize the implications. In theory, if a hacker got control of the trusted domain, they could have done all sorts of mischief. As it turns out, the domain was registered by security researcher João Gouveia.
Gouveia was able to observe traffic on the domain as over 2 million Samsung Android devices phoned home a total of 620 million times. According to Gouveia, if a malicious party had registered the domain, they could have rebooted phones or even installed malicious applications. Samsung disputes the seriousness of the problem, and, if those claims are true, they have bigger security problems than a forgetful executive, but the fact remains that letting a domain expire can have very bad consequences.
Can you imagine the consequences to your business if its domain expired, if a lucky domain watcher could replace your site with their own advertising, a drive-by download page, offer to sell it back to you at a vastly inflated price, or just redirect it to their own business?
It’s easy to forget to renew domains; that’s why it happens so often. If you register a domain for three years, it’s unlikely that you’ll remember when it’s time to renew without help. What can you do to avoid being put in the same position as Samsung?
First, put it on your calendar. Most of us use web-based calendar services these days, so even if you change to a different calendar application, you’ll get the reminder.
Next, make sure that the email address you give to the domain registrar is one you’ll definitely be monitoring a couple of years down the line. All respectable domain name registrars send repeated reminder notices well in advance of a domain’s expiry date. Presumably, somewhere deep in the bowels of Samsung’s IT systems, there’s an inbox full of domain renewal notices that no one ever opens. If you use a dedicated email address for domain name notices, forward it to your main email address so that you’ll be sure to get notifications.
Make sure a member of staff is responsible for checking the email inbox associated with your business’ domains. It’s all too common for the person who originally registered the domain to move on to a different company and leave the inbox unchecked.
Of course, if you really want to be safe, and your domain registrar offers the service, turn on auto renewal, so the registrar will automatically renew the domain when the time comes.
If giant corporations like Samsung and Google can neglect domain renewals, you can too, so perhaps it’s time to take stock of the domains you have registered and make sure you know when they expire.