What do you consider a best practice for retaining/releasing unnecessary domain names? In this case, specialized domains tied to marketing campaigns. While the expense is small and there is some possibility for a bad actor to acquire and use for malicious activity, I question keeping domains of this sort "forever." How do you handle this?
Sort by:
Cost for maintenance and retention should not come from the IT budget, but from the department who most benefits from the domain. This is usually marketing.
Often the reason they want to retain a domain is because they are not the ones paying for it. Transfer that cost (including the cost of keeping it secure) back on them and you'll very quickly get a view on what's priority and what's vanity.
Thanks for the response! Marketing already funds these, but the question was raised within my own team about a retention policy… I had not considered it fully.
We have a policy to keep such domain names for two years after they are no longer needed. If no additional use for them is identified and we are reasonably sure no reputational damage would occur if someone else registered and used them for malicious intent, we let them go. Otherwise, we retain them and review letting them go annually.
This is a great approach - thank you for sharing!
In my case, I tend to keep such domains for the long term (often 5+ years or more).
For me, the small and predictable cost of holding them feels easier to justify than:
1. the ongoing effort of deciding whether or not to release them, and
2. the risk of mistakenly letting one go and seeing it misused later.
I can see how others might weigh the trade-offs differently depending on the number of domains and risk tolerance.