IT.COM

discuss What is your "Dot Com Leak" story?

NameSilo
Watch
Impact
541
I called it "dot com leak" when users typed a dot com domain names instead of the intended extensions.

As I develop my projects, I setup catchall email service for some of my .com domain names . unbeknownst to me, I started to receive emails to these email boxes.

At first I thought they were just random spams, but soon I realized people habitually typed in the .com domain name instead of .net, .io, .ai, .co, and even typo .com's.

Some of the emails I received were harmless, for example, signup for newsletters, promotions from Sears. But then I started to get confidential pricing spreadsheets, password reset requests, 2FA codes,

The oddest one was from Nike China, a private sale notification, which can only be describe as someone was trying to goose the signup numbers as I keep receiving new member welcome emails with different email addresses.

Do you have a similar experience with your catchall email?
 
3
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
absolutely. catchall email it turns out is essential. It has happened to me at least twice this year that I will first get emails from customers for a particular business and then that domain name will sell for a sizeable amount to the *frantic* owner not much later.
which some domainers might not know since most of the biggest registrars (i.e., godaddy, porkbun, name.com, etc.) don't make it easy or possible to set up catch all forwarding. You can only do it at namecheap, namesilo, epik and some lesser known registrars.. not really dynadot.. maybe enom
 
Last edited:
2
•••
I guess especially .co extension will leaks infos to .com holders.
 
2
•••
I use ImprovMX to forward some of my domain emails. It has a free tier.

Only if some companies could see what I've seen coming through the catchall .com emails.
 
1
•••
Yes, before I transferred one of my oldest domains to Epik, I used to get tons of typo customer support and employee emails from a fairly large furniture site.

My domain ends with 'ies' and the other ends with 'is'. I think my domain is spelled correctly which is why I got so many typo emails. :)

I even received several sensitive emails regarding bank and inventory records including login credentials. I let the bank know about that. They really appreciated letting them know about the security risk and said they would make note of this in the file.

Most of the time when I got customer support emails, I'd reply back to the customer and nicely explain their mistake. They seemed to appreciate that.

A couple times I did contact the furniture site to see if they were interested in acquiring the domain but I never received any reply - oh well.
 
1
•••
Back