Dropped Domains Policy

Catch links that point to nothing

The Dropped Domains Policy flags outbound links whose target domain has expired and dropped out of the DNS root — the domain has no owner today, and the next person to register it controls what your visitors see.

What It Does

This policy resolves each outbound link's domain against the public registration data and surfaces ones that are no longer registered.

Unregistered targets

The destination domain has no current owner — anyone can pick it up, including bad actors who look specifically for expired domains with existing inbound link equity

Recently expired

A grace-window flag for domains that lapsed inside the last 30 days and are at high risk of being snapped up

Whois lookup failures

Domains where the registry returns no record at all — a strong signal the registration was abandoned

Why You Need This

Expired-domain hijacking is the cheapest form of supply-chain attack. An attacker scans the public link graph for high-traffic sites with outbound references to domains that are about to drop, waits for the expiration window, registers the domain, and now controls the page your visitors land on. The original site keeps shipping the link. Nobody notices for weeks.

This policy makes that window visible: as soon as a referenced domain drops, you see it and can rewrite the link before it gets picked up.