Your preparation
0 of 0 safeguards readyMake the next decision with evidence
Regain registrar control, restore trusted DNS and certificates, and protect email and account recovery from whoever can use the domain.
Capture before evidence disappears
- Save registrar status, expiry, grace or redemption dates, registrant, nameservers, DNSSEC, transfer locks, auth events, invoices, and support cases.
- Export the intended DNS zone, certificates, email authentication, hosted services, verification records, and third-party dependencies.
- Monitor current DNS, website, mail routing, certificate issuance, search results, and any content or messages served by another party.
Decisions that change the response
| Question | Act when | Action |
|---|---|---|
| Renew, redeem, or dispute? | The registrar status and registry lifecycle show the available recovery path. | Use the official registrar route immediately; do not negotiate through unverified contacts. |
| Suspend domain-based trust? | Another party can receive mail, issue certificates, or serve content. | Change recovery emails and verification on critical accounts; warn contacts through an independent channel. |
Proof that recovery worked
- Business-owned registrar accounts control the domain with correct nameservers, DNSSEC, locks, and recovery methods.
- Web, API, email, certificates, redirects, and verification records pass from external networks.
- Critical providers no longer trust any compromised domain email or DNS proof used during loss.
Controls to put in place
- Enable multiyear auto-renew with two payment methods and alerts far before expiry.
- Keep two named registrar administrators with secure MFA and recovery outside the domain.
- Export zones and monitor expiry, nameservers, DNSSEC, certificates, website, and mail externally.
Use a spare domain to simulate renewal failure and nameserver loss. Follow the lifecycle, restore a saved zone, rotate a provider verification, and publish status elsewhere.
Contact registrar and registry through official channels immediately; use domain counsel for unauthorized transfer, trademark abuse, or ownership disputes.
What this means
A domain can stop working because the registration expired, the registrar suspended it, an account was compromised, or the domain was transferred or registered by someone else. Website and email failure may be the first sign. The recovery path depends on the domain’s current registry status, so establish that before changing DNS or paying anyone.
ICANN rules described here mainly apply to generic top-level domains such as .com; country-code domains can have different life cycles and dispute processes.
Warning signs
- The website and domain-based email stop working together.
- The domain shows a registrar parking, expiration, auction, or sales page.
- Registrar notices mention expiration, changed contacts, nameservers, transfer, or deletion.
- ICANN Lookup or RDAP shows unexpected nameservers, registrar, status, or expiration date.
- The domain is missing from your registrar account or your login no longer works.
Recover now
First 15 minutes
- Use ICANN Lookup or RDAP to identify the current registrar and status. Record the registrar, expiry date, nameservers, and status codes. Take screenshots and save recent registrar emails and invoices.
- Secure the registrar account and its recovery email. From a trusted device, change passwords, enable strong 2FA, remove unknown sessions and recovery methods, and check email forwarding rules. Do not use links in unexpected renewal emails; navigate to the registrar directly.
- If the domain is still in your account, renew it immediately. Use the registrar’s normal renewal or restore action. Do not change nameservers or DNS records while the existing configuration is unknown.
- Open an urgent registrar support case. State the exact domain, registry status, account ID, last known renewal, and whether you suspect expiration or unauthorized transfer. Ask for the case number and the final time at which recovery remains possible.
- Protect customers while DNS is unavailable. Use verified social or status channels to warn that the website or domain email is unavailable. Tell customers not to trust new payment instructions or password-reset messages from the domain until recovery is confirmed.
Today
Choose the path matching the recorded status:
- Expired but renewable: Pay the renewal through the current registrar. A registrar may offer an auto-renew grace period, but its duration and fees vary; do not assume you have 45 days.
- Redemption grace period: Ask the sponsoring registrar to restore the domain and pay the disclosed redemption fee. Generic top-level domains in redemption normally have a 30-day restoration window.
- Pending delete: The registrar generally can no longer restore it. Confirm the exact release process and time with the registrar; prepare to attempt a new registration, but do not trust services promising a guaranteed capture.
- Unauthorized transfer: Contact the previous registrar immediately and ask it to start its unauthorized-transfer process. Preserve invoices, account notices, identity records, transfer messages, and evidence of control. Secure the associated email account.
- Registered to someone else: Confirm that the new registration is real. If the name incorporates a trademark or was obtained unlawfully, get qualified domain-name legal advice about negotiation, UDRP/URS, or court options. ICANN cannot simply order a domain returned.
- Suspended for contact verification or abuse: Follow the registrar’s verification or appeal process and correct the underlying contact or abuse issue.
After control returns, compare nameservers and every DNS record with a trusted export. Restore web, email, verification, and certificate records deliberately. Shorten DNS TTL only if you still control the zone and understand the effect.
Verify recovery
- ICANN Lookup or RDAP shows the expected registrar, expiry date, and non-expired status.
- The registrar account shows the correct registrant contacts, strong 2FA, registrar lock, and expected nameservers.
- DNS resolution from more than one network returns the intended records.
- The website presents a valid certificate and the expected content without redirects.
- Inbound and outbound domain email pass a real test, including SPF, DKIM, and DMARC alignment where configured.
- No unrecognized mailbox forwarding, DNS records, API tokens, delegates, or account sessions remain.
After recovery
Record the cause, the last safe recovery date, fees paid, support case, DNS changes, downtime, missed email, and any fraudulent messages sent during the outage. Treat password resets and payment instructions delivered during the loss-of-control window as suspect.
Prepare now
Access
- The registrar account uses a unique password and phishing-resistant 2FA where available.
- Registrar lock is enabled; registry lock is considered for a high-value domain.
- At least two trusted people can reach the registrar without sharing one login.
- Registrar recovery does not depend only on an email address hosted on the same domain.
Backups and evidence
- The DNS zone, nameservers, registrar, account ID, renewal date, and invoices are stored outside the registrar.
- Current website and email DNS records are exported after every material change.
- The business can publish an emergency notice on a channel that does not use this domain.
Contacts and ownership
- Auto-renew is enabled with a current primary payment method and a calendar reminder at least 60 days before expiry.
- Registrant, administrative, billing, and recovery contact details are current.
- The registrar’s urgent support route and the registry policy for this top-level domain are documented.
- The legal registrant is the business or founder, not a contractor, agency, or former employee.
Practice
- A second person can identify the registrar with ICANN Lookup, access the account, find the renewal control, export DNS, and open an urgent support case.
Common mistakes
- Assuming every domain has the same grace period. Registrar and top-level-domain policies differ, and auctions may begin before you expect.
- Paying a renewal link from email. Expiration creates ideal phishing conditions; sign in through the registrar’s known website.
- Changing DNS while renewing. Renewal often restores existing DNS; unnecessary changes can extend the outage.
- Waiting for propagation without checking ownership. DNS delay does not explain a changed registrar or registrant.
- Threatening a new registrant immediately. An impulsive message can weaken negotiation or increase the asking price; preserve evidence and get advice first.
Sources
- ICANN: What registrants should know about expired registration recovery
- ICANN: Domain renewal and expiration FAQs
- ICANN: About lost domain names
- ICANN Lookup
- ICANN Transfer Policy