IT.COM

Expired domains security warning - Facebook/Gmail

Spaceship Spaceship
Watch
MTB

MTB

Established Member
Impact
561
I recently registered an expired .com domain and set up a generic e-mail address. Within a few hours I was receiving emails intended for the previous registrant. One of the emails was from Facebook, and included a direct log-in link, which I clicked on (for curiosity, probably illegal) just to see if Facebook security was working. Unbelievably the link sent me direct to the previous user's Facebook account without asking for a password! I immediately logged out and contacted the previous registrant.Turns out they lost access to their e-mail account after changing telephone number, changed e-mail address and didn't receive the domain renewal e-mails.

The registrant later told me that they had previously set-up email forwarding on several generic e-mail addresses on the domain I registered, which all directed to a Gmail account - and the old registrant was receiving e-mails intended for me!
 
Click to expand...
Reply
0
0 Like
0 Thanks
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Sort by date Sort by points
MTB said:
Turns out they lost access to their e-mail account after changing telephone number, changed e-mail address and didn't receive the domain renewal e-mails.
Click to expand...

2FA is 2x risky. You can't login if you lose one of the factors.
 
Click to expand...
Reply
0
0 Like
0 Thanks
•••
MTB said:
the old registrant was receiving e-mails intended for me!
Click to expand...
How's that? The MX records are on your server, not theirs. How?
 
Click to expand...
Reply
0
0 Like
0 Thanks
•••
Not sure. I set up a [email protected] email address after I registered the domain and they were getting my emails into their Gmail account. They'd previously set up the same email address and we were both with the same registrar. I emailed the registrar and they fixed it.
 
Click to expand...
Reply
0
0 Like
0 Thanks
•••
It may be possible if
1 You use the registrar's MX server which was used by the old owner. Most likely registrar manually deleted the old email forward rule that was set by the old owner.
2- You use the same broken nameservers of the registrar.
"broken" because nameservers didn't update MX record with your new MX record. This is very unlikely but may be possible. If this is the case, most likely registrar has reloaded the DNS zone manually to resolve the issue.
 
Click to expand...
Reply
2
2 Like
0 Thanks
•••
Log in or sign up to reply here.

Similar threads

DomainCherry
  • Question
question How to sell domains directly to on-and-offline businesses?
2 replies
455 views
DomainCherry
DomainCherry
J
Dynadots Unprofessionalism about 'Security PIN'
4 replies
782 views
Caleb Tweed
Caleb Tweed
A
My Nightmarish Experience with Mitsu Inc - The Great Indian Domain Heist
11 replies
4K views
aliterateman
A
goma
Domain Namebright expired?
2 replies
502 views
draco
draco
WORDSWORTH
  • Locked
priced -
11 replies
1K views
WORDSWORTH
WORDSWORTH

We're social

Escrow.com

New posts

Auction activity

Domain Recover

What non .com extensions have you sold in 2024?

Polls of interest

Popular this week

Community favorite

Popular this month

Blog favorites

  • The sidebar remains visible by scrolling at a speed relative to the page’s height.
Back