What Really Happens When a Domain Expires — and the Day Google Lost Google.com for $12

On the 29th of September 2015, a man bought Google. Not the company — the domain. Sanmay Ved, a former Google employee browsing Google's own Domains service late one night, idly searched for google.com and was startled to see it listed as available. He clicked buy. The price was twelve dollars. His credit card went through, the order confirmation arrived, and for about one minute Sanmay Ved was the registered owner of the most valuable address on the internet.

Google's systems caught the error and clawed it back within moments, but the incident is a perfect doorway into something most people never think about: a domain name isn't bought, it's rented. Every domain on earth has an expiry date ticking quietly in the background, and what happens around that date is a strange, brutal, fascinating process that has tripped up everyone from lone bloggers to billion-dollar corporations.

A domain is a lease, not a deed

Here's the mental shift. When you "buy" a domain, you're really leasing the exclusive right to use it for a fixed term — usually one to ten years — from a registry, through a registrar. Pay the renewal and the lease rolls on. Miss it, and a countdown begins that can end with your domain in a stranger's hands.

That ticking clock is why the very first thing worth knowing about any domain is when it expires and what state it's in right now. Both facts live in the public registration record, and you can pull them up for any domain in seconds with a WHOIS and domain lookup — the expiry date, the registration date, and a status flag that tells you exactly where in its life the domain currently sits. Those status flags aren't bureaucratic noise; they're the heartbeat monitor of a domain.

The afterlife of an expired domain, stage by stage

When a domain lapses, it doesn't vanish the instant the clock strikes midnight. It enters a carefully choreographed sequence of grace periods, each with its own name — and each shows up as a status code in the registration record.

The auto-renew grace period comes first. For up to about 45 days after expiry, most registrars keep the domain parked in limbo. The website usually stops working, which is the moment of panic for the owner, but the name itself is still recoverable with a simple late renewal. This is the "you forgot to pay, but it's fine, just pay now" window.

The redemption period is where it gets serious. If the owner still hasn't renewed, the domain enters a roughly 30-day redemption grace period — flagged as redemptionPeriod in the record. The domain is now effectively in cold storage. The owner can still get it back, but only by paying a steep restoration fee on top of the renewal, often $80 to $200 or more. Registrars price this deliberately high; it's the financial equivalent of a tow yard.

Pending delete is the point of no return. After redemption ends with no rescue, the domain spends about five days marked pendingDelete. Nothing can save it now — no payment, no plea. It is simply waiting to be released back into the wild.

And then it drops. At a precise, scheduled moment, the registry deletes the domain and it becomes available to register again — first come, first served. If you ever look up a domain and see redemptionPeriod or pendingDelete in its status, you're watching a name in its final days, and you're seeing exactly why those codes exist.

The millisecond gold rush

That word "drops" hides an entire shadow industry. Because valuable expired domains — ones with traffic, backlinks, or short memorable names — become available at a known instant, a whole business sprang up around grabbing them in the first fraction of a second they're free.

It's called drop-catching, and it is exactly as frantic as it sounds. Specialised services maintain banks of registrar connections and fire off registration requests in tightly synchronised bursts the moment a coveted domain is released, hoping to win the race against everyone else doing the same. Popular expiring domains are auctioned in advance by these catchers, sometimes for tens of thousands of dollars, to buyers betting that the name's existing reputation is worth inheriting. A domain you let slip on a Tuesday can be resold to a stranger by Tuesday afternoon.

This is the real reason the casual advice "just re-register it if you forget" is dangerous for anything valuable. For an obscure personal blog, sure — it'll quietly drop and probably sit unclaimed. For a business name with any pull, a dropped domain is chum in the water.

When giants forget to pay the bill

If this sounds like a problem only careless amateurs have, the history books disagree, and gloriously so.

In late 1999, Microsoft — then one of the most valuable companies on the planet — forgot to renew passport.com, the domain behind the authentication system that logged users into Hotmail and other Microsoft services. The renewal cost was a trivial sum. A developer named Michael Chaney noticed the lapse, and rather than seize it, quietly paid the renewal fee himself, out of his own pocket, to keep a chunk of Microsoft's login infrastructure from collapsing. Microsoft had been saved from itself by a Good Samaritan with a credit card.

It keeps happening. The marketing-software company Marketo watched its main domain expire in 2017, knocking out tracking scripts embedded across thousands of customer websites until — once again — a member of the community stepped in to renew it before lasting damage was done. Regions Bank, the Dallas Cowboys, and a long parade of others have suffered self-inflicted outages because a renewal email landed in the wrong inbox or a corporate card on file had quietly expired.

The lesson buried in these stories is almost comically simple: the single most important date in your digital life is sometimes the one nobody is assigned to watch. Checking a domain's remaining days now and then — its expiry sits right at the top of any domain lookup — is a thirty-second habit that has saved companies from very expensive, very public embarrassment.

How we got here: a short history of the rented name

Domains weren't always something you could lose by forgetting a bill, because for a while they were free. When the commercial internet was young, registering a domain through the body that managed them cost nothing. The first .com domain, symbolics.com, was registered all the way back in March 1985 by a computer manufacturer, and for years afterward names were handed out at no charge.

That changed in 1995, when charging for domains began and the modern lease model was born. The dot-com boom turned these strings of text into real estate. Short, generic names became astonishingly valuable: business.com famously sold for $7.5 million in 1999 and then, almost a decade later, again for a reported $345 million as part of a company sale. voice.com changed hands for $30 million in 2019. A good domain stopped being an address and became an asset.

That value, in turn, bred abuse. In the mid-2000s, speculators exploited a feature called the "add grace period" — a five-day window in which a freshly registered domain could be returned for a full refund. The scheme, nicknamed "domain tasting," involved registering millions of domains, parking ads on them for five days to see which ones drew accidental traffic, keeping the handful that did, and returning the rest for free. At its peak, tens of millions of domains were being tasted and dumped every month, clogging the system. The overseeing body eventually killed it off by adding a small non-refundable fee per registration — a tiny cost that made the bulk-tasting math collapse overnight.

What this means for you

Strip away the drama and a few practical truths remain, and they're worth holding onto.

A domain is only ever yours until its expiry date, so treat that date like a passport renewal: know it, and don't rely on a single auto-renew card you might forget to update. The status flags in a domain's record are an honest early-warning system — clientTransferProhibited is a healthy lock protecting an active name, while redemptionPeriod or pendingDelete mean a name is on its deathbed and, if it's one you want, you may need to wait for the drop or fight a drop-catcher for it. And if you're ever evaluating a domain — buying one, trusting a company behind one, or just curious how long a site has really been around — its registration date quietly tells you its true age, which is far harder to fake than a polished homepage.

The internet can feel permanent, a place where addresses simply exist. They don't. Every one of them is a lease with a meter running, kept alive by someone remembering to pay. Google found that out for one surreal minute in 2015. The good news is that the meter is public, readable, and easy to check — so the next domain caught off guard doesn't have to be yours.