Domains connect to email which connect to…all sorts of things.
Domain name investors know that domain names get all sorts of misdirected email. Your .com email address might get email intended for the matching .org domain. The expired domain you acquire might receive email intended for the previous owner.
Those email accounts might be connected to financial services, too.
The Register wrote this week about someone who acquired an expired domain that was attached to a PayPal account. For months, the domain owner received PayPal statements, password reset notices, and other alerts from the PayPal account. He was also able to get into the account by doing a password reset.
PayPal didn’t seem to care or know what to do about it until The Register wrote about the issue.
Even people who don’t own a domain name can face the plight of email intended for someone else. It happens to my Gmail address all of the time.
One particularly frustrating example is when someone signed up for the SAT using my email address. I received score alerts for the person and couldn’t figure out a way to let them know. More frustratingly, I have now received about 100 emails from various colleges inviting this person to apply or visit an open house.
I was able to notify the student’s mother by doing a password reset on the account and finding a parent email address listed in the account that I used to contact her. Still, my email address is registered with many of the universities.