That is a great and very transparent write-up, I'd say the best I've read in years. Usually companies don't disclose the final price.
My dream .com ___domain name is squatted by somebody in Korea owning 10.000s of domains. One year they forgot to pay their registration, 'whois' printed 'overdue' (can't remember the exact words). I tried to register, backorder, everything. Nothing worked sadly.
I was in a similar boat a couple of years ago with sunlocator.com
I created an app with that name, unfortunately the ___domain was already in possession of a turkish PV company that went out of business. I noticed that the ___domain will lapse in a couple of months, so I used Snapnames (if I remember correctly) to set up a ___domain drop catching service.
Meanwhile, I got an email from someone representing the Turkish company who independently asked me if I wanted to buy the ___domain for a couple of thousand USD. I was getting nervous, but decided to go radiosilent on that matter.
Well it worked, they must have thought I'm out of business as well, or whatever. A couple weeks later the ___domain dropped and got picked up by Snapnames in my name.
I've been looking at the ___domain lifecycle lately, and it can take a couple of months after the expiration date for it to actually become available for registration. I'd check with whois on the command line.
I've had my domains for decades now, and once or twice I've accidentally failed to renew in time. My registrar has a grace period during which they won't release the ___domain for others to register it, just to let people who accidentally let it lapse have a chance to renew it first.
In my case, I failed to notice the renewal notice and only realized that I missed it once the domains stopped resolving. The grace period let me avoid losing them.
I was trying to keep it short! I like grace periods and redemption periods, but they vary so widely by TLD and registrar, that I wanted to avoid that rabbit hole of conversation.
I've been working on going from calendar reminders to, at least, semi-automating checking a list of expiration dates, and then checking regularly. I'm still making mistakes, I'm just trying to avoid repeating them and instead make exciting new mistakes.
I acquired a desired ___domain this way. I kept silent about it on any service that might detect my interest in it and hold it hostage.
For about 3 months, I checked the whois weekly. Some company was holding it. I never visited the ___domain in any way, to help the ___domain feel dead to their analytics.
Then one day, the whois result matched what you get from whois-ing a bunch of random letters with .com. It was finally released. I registered it from a company like namesilo or porkbun for the standard .com price.
Based on the URL, and being completely unfamiliar with the author, I assumed this was about advaitruia.com, so I was surprised that anyone would be squatting on such an unusual name in the first place.
You might want to put the actual supertokens.com ___domain name in the title to avoid this confusion. HN is certainly not the only site that highlights the ___domain name of submitted URLs.
Honestly the key is to be patient. Put it a low-ball offer on a .com you want then wait. They'll reject initially, then they'll contact you again every couple months to see if you're still interested. Keep the low-ball offers going, maybe increasing by very small increments. Eventually you will catch them in a moment where the seller is desperate and then you strike a deal. I got a 6 letters .com ___domain for $3k down from $40k this way.
I got one of my personal domains back for $100 after years of various different squatters asking between $2k and $10k for it. "Literally no one else will ever buy this particular ___domain from you, take the win" finally worked.
I'd like [my last name].com but a ___domain squatter has it and wanted over $10,000.
I put in a low ball offer and they wouldn't budge. I told them they were crazy. I have an uncommon name that very few people would want so I may try your tactic.
You could try having a relative offer $40 and steadfastly refuse to negotiate any higher than $50. Might make your offer sound a lot better. Or it might backfire because now they think two people want it.
Yea expired card is what scares me the most, I think these days theoretically that shouldn’t be a problem because cc companies will proactively send out the new info to companies charging recurring payments (which can be good and bad).
Backup cards only work so long as the backup card doesn’t expire.
The bigger issue is that if your registrar sends a lot of spammy emails (ahem godaddy) you might miss the message reminding you to replace your expired cards.
A registrar I use for my local domains (I'm in Australia, and use a local registrar for .au domains) has my CC details on file including the expiry date. They send me an email out a couple of months before the expiry date reminding me to update my CC details, which is nice.
In this specific case the broker had a good counterargument: If the seller googled "SuperTokens" they'd find SuperTokens.io and realize the buyer had VC funding and an investment in the brand. The broker convincingly argued it wasn't worth quibbling over a few thousand dollars if it risked the seller realizing they could ask for tens of thousands more and have a decent chance of getting it.
I tried looking for myfirstname.com and it is completely inactive and private registration for the last 20 years.
I am not even sure how would I go about placing a bid.
It is an uncommon name not in English dictionary. Possibly my namesake bought it 20 years ago and has done absolutely nothing (not even placed parking on it).
I am the proud owner of my own firstnamelastname.com
When I first ventured into web hosting, the ___domain was dead, but still registered. I did a whois and got Firstname Lastname. Not sure what I expected, really.
After some years I randomly checked with my favorite registrar, and it was suddenly available for $15/yr. Immediately grabbed that, no regrets.
A couple of years ago, I got a series of emails from some broker offering me an increasing amount of money for the ___domain. I think they gave up at $5k, and I never responded. $5k would have been incredible at the time, but by then I was fully committed to my [email protected] email address.
I guess I never really put a website at that ___domain, it's just an email address. I keep telling myself I'll do it eventually, but it's been almost 10 years at this point...
Many years ago I got mylastname.com for a normal price (like $20 a year or whatever) and then forgot about it. It helps that I have a very unique surname.
A few years afterwards, I woke up one morning with the bright idea that I should probably secure mylastname.com in case some jerk off ___domain name squatter grabs it. I do a whois from the command line (I don't trust the online ___domain name search sites anymore) and saw that it was already taken! What the hell! My last name is so unique, how did anyone know, let alone a ___domain name squatter, to snap this ___domain name from under my nose!
I go to try and find more info about the ___domain outside of what was in the whois info (eg. who should I contact to try and negotiate a price for mylastname.com) but the ___domain didn't go anywhere when typed into my browser. Bummed out, I go into my usual ___domain name registrar dashboard to try and perhaps get the .net version or something, and there I saw in my list of currently owned ___domain names, the very mylastname.com ___domain I was looking at buying.
The squatter was me all along! </callWasComingFromInsideTheHouse>
Some ___domain companies will buy the domains you searched and try to resell them for a premium. Happened to me just a few months ago. I was using a GoDaddy search since it seemed like a useful way to bulk search some tlds for what I wanted. Looked up a few things that I'm almost 100% sure nobody else was looking for since they were very unique. Didn't buy them that day, but spent a while browsing them using the GoDaddy search tools.
One day later I decided I was ready and went to buy one, but everything I had searched was suddenly only available to buy jacked up with a huge "premium" fee and seemed to be owned by GoDaddy. Never again will I search using their console.
Some registrars have done something called "___domain tasting", where they will register a ___domain when they see interest via their web whois tool. Then they will offer it for a higher price. They were able to register it for five days without paying anything, and then cancel the registration if they didn't manage to sell it.
This has mostly stopped since about 2010 when registrars had to start paying a few cents per transaction. Since the overwhelming majority of those never converted to a sale, it's no longer really economically viable and I don't think it's much of a worry today.
I admire your decisiveness on the email branding. I own a few domains I could use for such a thing, but I'm still trying to figure out the best local-part.
Consider the possibilities! Sure, you could go classic and timeless, like yours, with FirstName@. But what about cool and terse, like [email protected]? Or something unique and artisanal (that will hopefully never get old), like [email protected]?
(I've even seen a few people do [email protected], though I could never bring myself to do such a thing.)
I wish I could get just lastna.me or lastname.com but I share the name with someone who's worked at icann, google and the white house at various points. I never had a shot.
For long names I'd suggest the [a-z][0-9][a-z].tld abbreviated form. Those three char domains with a digit tend to be readily available, don't command premium pricing, and are very convenient when you need to type an address in or verbally tell someone how to contact you.
that's been a big thinker for me as well; wth no real solution yet..
[email protected] seem rather redundant; like saying "John John Doe". I guess if it was a business it would make more sense; like "John, owner of John Doe Inc." and "Bob, assistant for John Doe Inc." but for a personal ___domain... eh.
Similarly mail@ email@ seem 'too obvious' since.. of course it's email? Directional local parts like talkto@ to@ only make sense for inbound-only or outbound-only.
I do like io@! hello@, contact@, note@, or communique@ also seem more neutral but at this point I'm getting dizzy lol.
[email protected] seems more simple in retrospect but also harder to get.
Funny enough, I'm also the owner of firstnamelastname.com: I bought it when I was first in college, and sold it for $300 or so to an actor of the same name when I was entirely broke. For some reason, he let the ___domain expire, and I bought it again a few years later at the registration price. $5k at this point wouldn't be nearly enough for me to change email addresses again, that's an absolute pain.
Finally got around to putting together my personal site this past weekend. Just a simple blog and centralized place to post updates and photos for family. I was dragging my feet for a while but finally made a big push.
Nostalgia for the simplicity of the GeoCity days made me apprehensive over the years.
If someone offered you $5000 to change the email address you've used on every website for a decade, would you? All of your banking and financial accounts, your phone and utility bills, your doctor. Could you even identify every place you've ever used it?
That sounds like an awful lot more than $5k worth of work to me
Great write up. I paid $3500 w/ broker fees (sedo.com) for my (lastname.com) about 11 years ago. Seemed super expensive at the time, but more and more "professional individuals" (lawyers, doctors, etc) that share my last name were appearing on the internet despite the rarity of it, so I knew I had to act fast.
No regrets! ...and the rest of my family loves having first@last email addresses :).
Curious for fellow founders with the .com, how many of you defensively buy the .net, .org names as well? I find it hard to resist getting at least those three if I'm settled on a name/brand.
I was trying to decide this a few years ago when I found the best .com I'll ever own. It's only 8 characters and I was able to get matching social media handles everywhere but Twitter.
My main concern was that someone with more money than me could come along, start using it, trademark it, and make it unusable for me. I've been thinking about trying to trademark it, but it's expensive and complicated, especially if I can't get a trademark personally and transfer it to a business in the future
In the meantime I decided it was worth the money to buy every decent TLD as a way of discouraging someone else from trying to use the same name. It's not cheap, but it's cheap in the context of what people like the OP pay for a decent .com.
I pay about $200 / year in total to renew about a dozen matching domains. I can hold onto those for 20 years and it'll still cost less than the asking price of a half decent .com.
Think of the .net and .org as a $3 month expense for brand protection. I'm from Canada where .com and .ca are used pretty equally. I remember about 10 years ago when a local computer store only registered one of them and ended up with an unhappy customer redirecting the other to a porn site. Would you pay $3 / month to avoid dealing with that?
> I've been thinking about trying to trademark it, but it's expensive and complicated, especially if I can't get a trademark personally and transfer it to a business in the future
Trademarks are a bit of a pain, but you totally can get the trademark registered to you personally and transfer it to a different entity later.
The main things people miss about trademarks is that they're category-specific (If I have trademark "Foo" for a food product, that doesn't prevent someone else from getting trademark "Foo" for sporting goods), and that you have to actively be doing business (in that category) using the trademark first. You can't register the trademark until after you've been engaging in commerce with it.
> You can't register the trademark until after you've been engaging in commerce with it.
Is that US? I'm in Canada. I think we can register before commercial use [1]:
> Another of your responsibilities as the owner of a trademark is to use the trademark in Canada. If you do not use it, the registration could be expunged from the Register of Trademarks by the Registrar. The Registrar could start summary expungement proceedings, after three years beginning on the day on which a trademark is registered
To me, that sounds like you have to use it within 3 years of registering and I didn't see anything requiring commercial use prior to registration in the linked info.
We also have a ~3 year backlog for applications and I don't know if the trademark ends up registered with the filing date or the issuance date. It's the kind of thing that's complicated enough that I wouldn't want to risk screwing it up, so I'm waiting until I can pay someone that knows what they're doing.
TLDR; It's complicated and expensive, especially compared to the simplicity of pulling out a credit card and registering a dozen TLDs. Lol.
You can register before commercial use in the US (filing status 1B). But there is a deadline before which you do have to start using the mark in commerce, and then update your application with the USPTO, otherwise it will expire.
Those specific additional domains are useful in their own ways. .net is good for network infrastructure, .org is good for organizational purposes like mapping your office/LAN endpoints into it, so that employees could connect to VPNs and internal services like SCM and build servers.
Other than that, additional domains also give leverage for diversification if you decide to make them publicly visitable one day.
I'd suggest to not use this technique as it gets quite confusing for others. You have to connect to something and you don't know whether it is .com, .org or what else. It is common to use different dummy names like githubusercontent.com and so. You can easily grab a random name like this and is way less confusing.
There is a benefit: you do not want to stress your .com ___domain too much when you provide some network services like discovery services, tunnels etc to your customers.
The reason is pragmatic: if a company provides such kind of services then it may fall under a (false) scrutiny one day after somebody uses one of its services for, say, planting a stealth DDoS attack. The whole ___domain may be yanked or denylisted, and the last ___domain you want to see under the fire is your .com ___domain.
The same goes to .org: you do not want to see outsiders messing with your organizational endpoints and internal operations, so you better move them to a separate ___domain for the sake of a) clarity and b) risk hedging.
There are two drawbacks though: 1) higher ___domain costs 2) if you are not careful enough in managing expectations, people may be confused about which one to use and when.
If you deploy a Windows Server AD ___domain (do people still deploy new AD domains?) it makes things a lot easier and simpler to be able to make it the authoritative DNS servers for a real ___domain name, and by default it will stomp all over the A/AAAA records for the top of that DNS zone.
I can’t really think of anything else that would really benefit from having its own ___domain though, especially if your DNS infrastructure supports nested zones.
I always do that. I also proactively register possible domains before the product/company name is even firmly decided on. If I'm certain of the name, I'll also register the common misspellings and typos.
I'm so surprised that squatting on tens of thousands of domains is still allowed, after decades of squatters being a problem. Have any proposals for dealing with this gotten any traction?
In our country we have a problem with exchanges giving horrendous rates to tourists (like 16 for 1 EUR instead of fair 24). Governor of central bank was asked why they don't stop it. He replied that they in theory could but seems like people are using such services and if they intervene then they are disrupting a free market. They are offering a service and they have customers. Should they stop them just because they have high margins?
What I want to say is that I don't like this practice either but should we cancel businesses just because we don't like them? They are not stealing or anything. I'd say they are in a light grey business but for sure not black.
And I guess there is a bright side to this all too. At least for large-ish businesses. If nissan.com was owned by ___domain squatter then they would sell it to Nisan for 1M or something and both sides would be happy.
I'd love a solution to this. If you aren't doing anything with it and someone wants to buy it, they should be forced to sell.
I've been trying to buy a ___domain for 15 years. I'm the only one interested in it. But still haven't been able to close the deal as it's too expensive.
The risk was that the seller would realize the buyer was a company with VC money and an investment in the name. The broker thought that the seller might ask for an order of magnitude more if they knew that.
>That’s exactly what we did. We had a brief discussion on broker fees, our ___domain broker had already proved himself and we liked him. The feeling was mutual, we got a great deal on his broker fees and paid $8,000 all said and done.
If you paid 8,000 for the ___domain and 1,000 or 1,500 for the broker, you paid 9,000 or 9,500, all said and done.
Ah, I have to say, I still didn't quite understand the price from how the article is written, particularly since I wasn't sure if the squatter sold for their listed price of $8,000 or if they had accepted the $3,500 and that was their "final" price.
I only now understand that it was $8000 + $1000 broker fee based on your replies here.
When I came up with the idea for finl, I was not entirely surprised that finl.com was squatted, and given that finl is unlikely to ever make money (since my business plan is to not be a business), the asking price of $53,000 is entirely out of line. I maybe will switch to a different tld than .xyz at some point in the future, but for now, barring a lottery win (which would require buying a lottery ticket, I suppose), I’ll never have the .com and that’s fine.
Worse: buying a ticket generally decreases your expected net lottery winnings, as the expected value of a lottery ticket is almost always lower than its purchase price.
The only likely exceptions I'm aware of that don't require either cheating or inside information are atypically large progressive jackpots without commensurate increases in ticket sales (unlikely exceptions include finding exploitable patterns in inadequately randomized draws before they're otherwise brought to the attention of lottery operators).
For the record, my own personal net lottery winnings total nearly $400, consisting almost entirely of gifts and winning scratch-offs I've picked up off the ground (slightly more than $400 in winnings less $5–10 I've spent buying three or four tickets in my life).
I buy one lottery ticket a year, on my birthday. A lotto quick-pick. Fantasizing about what I’d do with the jackpot for a couple days is worth the buck a year.
My total winnings in a lifetime is $2.
There was some group that determined that it was possible to get a return of slightly over 1.0 on lottery tickets (I forget all the parameters, although the one I remember was playing numbers only greater than 31 to reduce the odds of sharing the jackpot with people who play birthdays/anniversaries/etc) and the return time to get slightly over 1.0 was several thousand years (this is all based on memories that are 30ish years old, so I may have some details wrong).
Yeah, this. Some years ago we started a new product. We just kept plugging names into a name registrar until one we liked was com-available. We paid the princely sum of $15 or something.
So i guess if nothing else we saved a few bucks there :)
Names are like ideas, there are plenty of them and you can basically just keep discarding the bad ones until a hood one comes along.
The resale value of domains has fallen through the floor, especially .io. I assume because of the huge number of TLDs now available and the familiarity of them by the general populace. I tried selling, then auctioning my ___domain rb.io for months and finally accepted an offer of $2k. A few years ago a two letter ___domain like that would have gotten 5 to 10 times as much. I know because I was an early adopter of .io domains and sold karma, clever, flip, xs and maven for $8k to $10k over the years. I was shocked at the disinterest I got in my last one.
Thats a really interesting anecdote.. Most squatters sit on domains for 10+ years though. Both the 'good' .com domains I've bought were held unused by squatters for almost 20 years. Maybe thats what you need to do when you have a ___domain like that?
"100% of the top 20 YC companies by valuation have the .com of their name. 94% of the top 50 do. But only 66% of companies in the current batch have the .com of their name. Which suggests there are lessons ahead for most of the rest, one way or another"
Isn't it expected that when you make it to the top (being for example a top 20 YC company by valuation) you go out and buy the .com? What would be interesting to know is, how many of the top 20 or top 50 started with .com.
> There was no doubt that .com has a better brand than .io.
Ten years ago, there was still some merit to this. Given changes to browsers and search engines, I believe this has a "vanity license plate" level of importance today.
> There is no definite way of isolating the importance of the .com but it is likely to have played a part.
"We have no way of knowing if traffic would be as high or higher if we stuck with .io, but it definitely would not have been."
"One of the first things we noticed was that the traffic patterns between supertokens.io (our actual ___domain) and supertokens.com were nearly identical. Whenever our .io traffic had a big spike, so did the .com, even though there was nothing on it yet. More importantly, these spikes meant that a significant portion of potential users went to supertokens.com directly."
If they're driving traffic spikes to a ___domain squatter - probably reasonable to assume owning both those domains is helping.
That's interesting, and I wish the author would've dug into that more. The claim is that people were typing .com when searching for them, but a search would've resulted in a search page, not direct traffic.
As far as direct traffic, they migrated to .com on 1/15/23, at which point supertokens.com already had 1,473 referring domains and 16.6K backlinks. I think it's more likely that the traffic they saw was the result of that instead of people typing the exact ___domain name (which is relatively rare).
I'd also submit that this is the story as told by their agency, who probably also told them to write this content marketing piece based on that explanation.
The claim is that we saw traffic patterns on the .com mirror that of the .io even though nothing was on it yet and we had not migrated.
Our inference or best guess based on the above is that people were typing supertokens.com directly in the URL bar on the browser. Like you said - I would not have expected that (and still doubt it) but dont have any alternative explanations for why that would be the case.
Our agency doesnt know we've even written this. I still need to share it with them.
Slightly off-topic, but: Gandi was my registrar of choice, but I read some months ago that they've sold out. Who do people go to these days for registering ___domain names?
Even more off topic: A lot of very large companies (eg. Google, Reddit, Microsoft) use Mark Monitor as their registrar rather than either being their own registrar or using one of the providers everyone else does. Anyone know what they're getting that makes that particular company so appealing?
Domain security services. Autoregistration and/or identification of ___domain typo registration, alternate TLDs, etc...stuff that doesn't matter unless you have very deep pockets and are a juicy bait or target.
Don’t look to large, well-known registrars. I would suggest that you look for local registrars in your area. The TLD registry for your country/area usually has a list of the authorized registrars, so you can simply search that for entities with a local address.
Disclaimer: I work at such a small registrar, but you are not in our target market.
The why is answered in the first link, I'll copy paste it for the lazy:
> Pick them carefully, don’t skimp, and make sure they have good support. Because when things go pear-shaped, you really want to be able to actually talk to someone to change your web server or e-mail DNS records (or even DNS servers) to somewhere else.
> Big registrars can’t afford any support costs since they prefer to squeeze the price down as far as possible, and therefore they prefer to simply lose or outright drop any customer in case of any and all problems. Conversely, small registrars may charge more, but have better (i.e. actually existing, and sometimes even dedicated and personal) support for when things go wrong, and have a vested interest in keeping you as a customer.
> A small registrar might also be so small as to know you personally, which will help monumentally against any social engineering attacks.
Well for one I appreciated their free mailboxes, which are now gone (https://news.ycombinator.com/item?id=35080777), for another, I've seen reports of their customer service not being very good anymore (https://news.ycombinator.com/item?id=22001959). Just in general, I picked Gandi initially because of their reputation, which seems to have become worse and worse over the years.
> There is no definite way of isolating the importance of the .com but it is likely to have played a part. Our ___domain authority also increased meaningfully.
How is it possible to conclude that "it is likely" given there aren't any evidence to support that?
After reading the article my takeaways are that a) the agency you hired might have helped you with SEO much more than changing the ___domain and b) the success you had after the migration don't correlate with the ___domain change, but more with your distribution.
To be honest, I'm not really convinced that purchasing the .com has played a role in your success after reading this.
I have recently purchased the .com ___domain for my product. For the past 10 years I have only owned used the .net ___domain (although for not much more than a landing page as it's an App Store app).
Is there a best practice what to do in this situation today? I'm currently forwarding from .com to the .net ___domain. Should I forward from .net to the new .com ___domain instead? Or keep it as it is?
How much does SEO play a role in your customer acquisition? Do you have a lot of existing backlinks to the .net ___domain? Do you plan to continue building this product for a long time?
Depending on the answers to these questions, I would evaluate the tradeoffs of migrating. If SEO is not critical or if you already have a certain ___domain authority / backlinks or dont plan to continue for a long period of time - then it may not make sense to migrate.
For the last several years, bitcoin and crypto related ___domain names have been really hot and selling at high prices. supertokens.com would make a great crypto business name, this would have been in the seller's mind when he set the price. I'm surprised that your ___domain broker didn't mention it.
More people and companies (especially) should be willing to at least try to get the ___domain they want; I was surprised when I was able to get a work-related TLA on an original TLD for not much money at all, especially considering how much you spend to send even a single press release.
Wouldn't it have been easier if you had the trademark rights to get the ___domain name without forking over the $8k through legal means. I guess you'd still be looking at around $4k for the legal fees but wouldn't that be a better option?
There's a good chance it would be considered a "bad faith" complaint. It's called reverse ___domain name hijacking [1] and is specifically addressed in the UDRP.
If you lose the dispute, you'll never buy the ___domain for a reasonable price after that, so it's a really risky move.
Domain for a project I used to run was snapped up by a ___domain squatter, I've contacted a few times but they want 4 figures and I'm not prepared to pay that. Guess I'll just keep watching every few months to see if it's expired?
Check the ICANN WHOIS, find the expiration date, set a calendar event for it. If they renew it, change the calendar event for the following year, rinse and repeat.
Thanks for the detailed process and the cool project.
Do you have any plans to support Ping Federate? Since they took over Auth0 from Okta, they have raised prices like hell and a project like this really makes sense.
IMHO getting the ___domain you want is key, don't get a ___domain that will suffice with the idea you'll get the ___domain you want later. Because it's always hard to do things later.
I've got many domains I paid $5k+ for sitting in my portfolio unused because I wasn't going to settle on mediocre ___domain to save a few bucks for a business I expect to make that amount in MRR within a year.
They should learn what "___domain squatter" really means. Owning domains is not squatting. It's like owning land you don't use - it's your right if you pay property taxes, in this case, renewal fees.
My dream .com ___domain name is squatted by somebody in Korea owning 10.000s of domains. One year they forgot to pay their registration, 'whois' printed 'overdue' (can't remember the exact words). I tried to register, backorder, everything. Nothing worked sadly.