Domain Expiry: The Single Point of Failure Under Everything
A domain that lapses takes everything with it — email, website, DNS records, authentication. This guide covers the expiry timeline from grace period through deletion, why auto-renewal is not foolproof, and how to monitor domain registration proactively.
Why Domain Expiry Matters
Every DNS record, every email authentication policy, every certificate, every service associated with your domain depends on one thing: an active domain registration. SPF, DKIM, DMARC, MX records, A records, CNAME records — all of them live in a zone that only exists because the domain is registered. When the registration lapses, the zone disappears. Everything fails at once.
This is not a gradual degradation. A domain expiry is a cliff. One day your email delivers, your website loads, your SPF passes. The next day — nothing. No email delivery (MX records gone), no website (A records gone), no authentication (SPF, DKIM, DMARC records gone), no SSL certificates (validation fails without DNS). And depending on the domain, someone else could register it and receive your email.
Domain expiry is the single point of failure that sits underneath every other check in your email infrastructure. You can have perfect SPF, strict DMARC, valid DKIM, monitored MX hosts — and lose all of it because a credit card expired.
What Happens When a Domain Expires
Domain expiry is not instant deletion. Registries follow a multi-phase timeline defined by ICANN policy. The exact durations vary by registrar and TLD, but the general sequence is consistent.
Expiry Date
The domain registration reaches its expiration date. The registrar may immediately suspend DNS resolution (removing your nameserver delegation from the registry) or may keep it active for a short grace period. Behavior varies by registrar — some are generous, some cut service immediately.
Auto-Renew Grace Period (0-45 Days)
Most registrars provide a grace period after expiry during which you can renew at the standard price. For gTLDs (.com, .net, .org), ICANN requires a minimum auto-renew grace period. During this window:
- DNS may or may not continue resolving (registrar-dependent)
- The registrar may replace your DNS with a parking page
- Renewal is still at the normal registration price
- Some registrars auto-renew during this period if payment succeeds
This is the "you can still fix this cheaply" window.
Redemption Grace Period (30 Days)
After the auto-renew grace period, the domain enters redemption. The registry holds the domain, but it is no longer active. DNS resolution stops completely. Recovering a domain in redemption is possible but expensive — registrars typically charge a redemption fee of $80-200 or more on top of the renewal price.
Pending Delete (5 Days)
After redemption, the domain enters a five-day pending delete phase. It cannot be renewed or redeemed. At the end of this period, the domain is released back to the general pool and anyone can register it.
The Timeline in Practice
For a typical .com domain:
| Phase | Duration | DNS Active | Recovery Cost |
|---|---|---|---|
| Active registration | Until expiry date | Yes | N/A |
| Auto-renew grace | ~30-45 days | Maybe | Standard renewal price |
| Redemption | ~30 days | No | $80-200+ redemption fee |
| Pending delete | 5 days | No | Cannot recover |
| Released | — | No | Available to anyone |
The total window from expiry to release is roughly 65-80 days for most gTLDs. Country-code TLDs (.uk, .de, .au) follow their own policies and may have shorter or longer windows.
Why Auto-Renewal Is Not Enough
"We have auto-renew enabled" is not a domain management strategy. Auto-renewal is a convenience feature that depends on a chain of other things working correctly. When any link in that chain breaks, auto-renewal fails silently.
Expired or declined credit card. The most common cause. The card on file expires, gets reissued with a new number, or the bank declines the charge. The registrar attempts payment, it fails, and the domain drifts toward expiry. Some registrars retry for a few days. Some do not.
Bounced admin contact email. Registrars send renewal notices and payment failure alerts to the administrative contact email on the account. If that email address is a former employee's mailbox, a full inbox, or an alias that nobody monitors, the warnings go unread.
Registrar account access lost. The person who set up the domain registration left the company. The email on the account is theirs. The password is unknown. Two-factor authentication is tied to their phone. The domain is registered, auto-renew is on, and nobody in the organization can access the account to update payment details when the card expires.
Payment processing failure. International cards, corporate procurement cards with spending limits, cards flagged for unusual activity — registrar billing systems are not immune to payment processing edge cases.
Registrar issues. Registrar acquisitions, platform migrations, and (rarely) registrar failures can disrupt auto-renewal processing. Your domain's fate is tied to the operational health of a company you may not think about from one year to the next.
Multi-year registration gap. You registered the domain for five years. Five years later, the credit card is long expired, the admin contact has changed roles twice, and nobody remembers the registrar login. Multi-year registration defers the problem; it does not solve it.
RDAP: The Modern WHOIS
Historically, domain registration data was queried via the WHOIS protocol — a decades-old text-based system with no standardized output format, no authentication, and no structured data. Parsing WHOIS responses reliably across thousands of registrars and TLDs was a brittle exercise in string matching.
RDAP (Registration Data Access Protocol), defined in RFC 9082 and RFC 9083, is the modern replacement. It is a RESTful protocol that returns structured JSON responses with consistent field names across registries. ICANN requires all gTLD registries and registrars to support RDAP.
RDAP provides:
- Registration expiry date — When the domain registration expires
- Registrar information — Which registrar manages the domain
- Nameservers — The authoritative nameservers on file
- Domain status codes — Registration status flags (clientTransferProhibited, serverHold, redemptionPeriod, etc.)
- Last update timestamps — When the registration was last modified
The status codes are particularly useful for understanding where a domain sits in the expiry lifecycle. A domain in redemptionPeriod status is in trouble. A domain with clientTransferProhibited is locked against unauthorized transfers.
Checking Your Domain's Expiry
Use the mxio Domain Expiry Checker to query your domain's registration data. The tool queries RDAP endpoints for the domain's TLD and returns:
- Registration and expiry dates
- Days until expiry
- Registrar name
- Nameservers on file
- Domain status codes with explanations
If the expiry date is approaching, the tool flags it. If the domain is already in a grace or redemption period, the status codes will indicate it.
This is a point-in-time check. For ongoing protection, add the domain to monitoring.
Setting Up Expiry Monitoring
Add your domains to mxio monitoring for continuous expiry tracking. Monitoring checks registration data daily and alerts at escalating thresholds:
- 90 days before expiry — Early notice. Time to verify payment details and registrar access.
- 30 days before expiry — Renewal should be happening. Confirm auto-renewal processed or renew manually.
- 14 days before expiry — Urgent. If renewal has not happened, something is wrong with payment or account access.
- 7 days before expiry — Critical. Immediate action required to prevent service disruption.
If you manage domains for clients or across multiple registrars, centralized expiry monitoring catches the domains that fall through the cracks — the one registered at a different registrar, the one on a former employee's account, the one nobody remembers registering.
Best Practices for Domain Renewal
Register for multiple years. Multi-year registration does not solve the renewal problem permanently, but it reduces the frequency of payment events and gives you more buffer. For business-critical domains, 5-10 year registrations are worth the upfront cost.
Keep a valid payment method on file. Set a calendar reminder to verify the payment method at your registrar every 6-12 months. When corporate cards are reissued, update the registrar immediately.
Use a monitored admin contact email. The administrative contact on the registrar account should be a team distribution list or shared mailbox, not an individual's email. Renewal notices and payment failure alerts need to reach someone who will act on them.
Enable registrar lock. Most registrars offer a domain lock (clientTransferProhibited) that prevents unauthorized transfers. This does not prevent expiry, but it prevents a different class of domain loss — unauthorized transfer to another registrar.
Document your registrar accounts. Maintain an internal record of which domains are registered where, which account holds them, and who has access. When the person who registered the domain leaves, this documentation is the difference between a smooth handoff and a crisis.
Monitor even with auto-renewal enabled. Auto-renewal is the first line of defense. Monitoring is the second. When auto-renewal fails silently, monitoring catches it before the grace period runs out.
Do not rely solely on registrar emails. Registrar renewal notices go to the admin contact on the account. If that contact is stale, you get no warning. External monitoring (like mxio) alerts through your active notification channels regardless of what email address is on the registrar account.
Related Articles
When a domain expires, its DNS records stop resolving. MX records vanish, email bounces, websites go offline, and authentication breaks. Recovery is possible during the grace and redemption periods, but fees increase and time is limited. This guide covers how to diagnose, recover, and prevent domain expiry.
A domain expiry warning means your domain's registration period is ending soon. While auto-renewal handles most cases, failed payments, locked accounts, and bounced billing emails cause domains to lapse every day. This guide covers what to check at each urgency level — from 90 days out to 7 days before expiry.
When the domain expiry check cannot retrieve registration data, automated expiry monitoring is not possible for that domain. This is usually caused by RDAP service limitations, unsupported TLDs, privacy redaction, or temporary server issues. The domain itself may be perfectly healthy — we just cannot confirm its expiry date programmatically.
Check DNS delegation chain integrity, nameserver consistency, SOA records, and DNSSEC configuration. Diagnose why DNS changes might not be propagating.
Understand what the mxio Domain Health Check measures across SPF, DKIM, DMARC, MX, and DNS delegation — and how to interpret your health score.