When you let a domain expire, you probably picture it just… going away. In practice it gets thrown into a global auction where bots race to grab it the moment it drops. Some of those bidders are domain investors. Some are SEO opportunists. Some are running phishing kits and waiting for traffic to arrive on its own.
That's the dropcatching industry, and it's the reason every link you leave pointing to an old domain is a slow-burning liability.
What dropcatching actually is
Around 100,000 domains expire every day. Failed startups, defunct microsites, conference websites, sub-brands that got rolled into a parent, campaign landing pages nobody renewed. Most are worthless. A small slice carries something useful:
- Domain authority or SEO reputation
- A live backlink profile
- A name that's a typo away from a real brand
- Residual direct traffic from old bookmarks and stale links
Dropcatchers watch the expiry queue and pile on the second a name becomes available. Real auction platforms (DropCatch, NameJet, SnapNames, GoDaddy Auctions) front the polite half of the industry. Plenty of activity happens through colocated registrars and registry-level scripts you'll never see as a buyer.
When dropcatching turns malicious
A domain with even modest residual traffic is a useful chassis for:
- Phishing. Clone the old login page, harvest credentials.
- Malware distribution. Fake software updates, drive-by downloads, scripts injected into legitimate-looking pages.
- Ad arbitrage and spam. Junk landing pages that ride the domain's old SEO weight.
- Reputation hijacking. Your outbound link now points at an offshore betting site, and Google sees the trail.
The visitor doesn't know any of this. They followed a link from your blog, your docs, your help center — somewhere they already trust you — so they don't read the URL bar.
This isn't theoretical
Our research team has published peer-reviewed academic work on this. Two findings worth knowing:
- Roughly 10% of the domains that drop each day are scooped up by speculators within hours.
- If an attacker is selective and only grabs the domains with meaningful residual traffic, they can take over Internet radio stations, BitTorrent trackers, abandoned Android-app domains, and academic conference sites — all from a position of trust they didn't build.
The economics are obvious. The registration is $10. The audience comes pre-shipped.
What LinkSentry does about it
LinkSentry watches the outbound links on your site and tells you when one of them stops being what it was. Specifically, we flag a domain when:
- It re-registered after a recent expiry
- Its content has materially changed since the link first appeared
- A threat-intel feed has it on a phishing, malware, or parking list
You get a notification, not a 404. That's the gap the dropcatching industry counts on, and it's the one we're closing.