There's a particular piece of mail that finds nearly every small business owner who registers a domain. It arrives in a windowed envelope, printed to look like a government notice or a utility bill. The letterhead says something weighty like "Domain Registry," "Domain Notification Services," or "Internet Domain Name Services." It lists your actual domain name, your actual expiration date, and a renewal price, usually somewhere between $45 and $90 per year, several times what a domain actually costs. There's a due date, a remittance slip, and language about avoiding "loss of your online identity."
It looks like a bill. It is not a bill. With rare exceptions it's one of two things: a solicitation dressed up as an invoice, or an attempt to trick you into transferring your domain to a different company entirely. Owners have been paying these for twenty-plus years, often for domains that were already on auto-renew with their real registrar, and sometimes the damage goes well beyond wasted money.
Here's how the scheme works, how to check your real domain situation in two minutes, and how to make your business permanently immune.
First, a 60-second refresher on how domains actually work
Your domain name (yourbusiness.com) is registered through a company called a registrar: GoDaddy, Namecheap, Cloudflare, Squarespace Domains, Google's former domain business now at Squarespace, and hundreds of others. You, or whoever set up your website, picked one, paid a yearly fee (typically $10 to $25 for a .com), and that registrar maintains your registration.
Two facts matter for this post:
- Only your registrar can renew your domain. A renewal payment sent to any other company does not renew anything. There is no central "domain registry" that bills domain owners directly.
- The registration data behind every domain is partially public. Anyone can look up a domain's expiration date and registrar. That's not a leak; it's how the system was designed. The whole ecosystem is coordinated under ICANN, the nonprofit that oversees domain name policy, and ICANN operates a public lookup tool for exactly this information.
That second fact is the scam's fuel. The letter senders don't have inside information about your account. They run automated lookups against millions of public records, harvest the domains expiring in the next few months along with the mailing addresses in the registration data, and mass-mail official-looking notices timed to land when "expiration" sounds plausible and urgent. The personalization that makes the letter feel legitimate, your real domain and real expiry date, is the least impressive thing about it.
The two flavors of the letter
Flavor one: the fake invoice
The simpler version is a solicitation engineered to be mistaken for a bill. Somewhere on the page, in compliance fine print, is a sentence like "this notice is not a bill" or "this is a solicitation for services." If you pay, you've bought either nothing at all or some worthless add-on, "search engine submission" is a favorite, while your actual domain renewal still sits with your actual registrar, unpaid by this payment. The Federal Trade Commission has pursued operations running exactly this play and lists bogus invoices and directory schemes among the classic small business cons in its guide Scams and Your Small Business.
The price is calibrated cunningly: high enough to profit, low enough that a busy owner or bookkeeper pays it the way they'd pay any sub-$100 vendor bill, without investigation. Multiply by hundreds of thousands of letters and a low single-digit response rate, and it's a lucrative business built entirely on people not reading fine print.
Flavor two: slamming, the transfer trick
The nastier version isn't asking you to pay a fake bill. It's asking you to sign something, and the something is an authorization to transfer your domain to the sender's registrar. Bury a transfer authorization inside what looks like a routine renewal form, and the "renewal payment" becomes the fee for moving your domain to a company you've never heard of, typically at three to five times your old price, forever, with worse support and a much harder exit.
This move has a name: slamming. The term comes from the telephone industry, where shady carriers used to switch customers' long-distance service without real consent; the FCC spent years fighting phone slamming, and the domain world inherited both the tactic and the word. Domain slamming is the same con with a different asset: get a signature or payment that doubles as switching authorization, then make leaving painful.
Why does it sort of work legally? Because domain transfers genuinely require owner authorization, and the form you signed... authorized it. The defense built into the system is real but modest: under ICANN's transfer policy, transfers require confirmation through your current registrar's process, and domains can be locked against transfer. Which is exactly why the letters work so hard to get you to interact before you talk to your real registrar.
The worst-case outcomes are not just overpaying. Owners mid-slam have ended up with domains in limbo during the transfer, email interrupted, websites resolving to nothing during their busy season, and a multi-week support fight to claw the domain back. For a business whose phone calls start on its website, that's not a $79 mistake; that's real revenue. We've watched this happen to companies in every trade we serve, from roofing companies to trucking companies, and the pattern is always the same: the letter got paid by whoever opens the mail.
How to check your real registrar and expiry in two minutes
You don't need to wonder whether the letter is legitimate. Check the facts directly:
- Look up your domain. ICANN operates a public lookup of registration data; you can reach it from icann.org. Enter your domain and you'll see the actual registrar of record and the actual expiration date. If the letter's sender doesn't match your registrar of record, you're holding a solicitation, full stop.
- Log into your registrar account. Your domain's expiry, auto-renew status, and lock status are all on the dashboard. If you don't know your login, or don't know which registrar you use, today is the day to fix that, not the day a scary letter arrives. Check old emails for "domain renewal" receipts; the sender is your registrar.
- Ask your web person. If someone manages your site, a one-line text, "got a domain renewal letter from Domain Registry something, real or junk?", gets you an answer in minutes. (It's junk. But ask anyway, because the habit is the protection.)
That's the entire verification. Notice what it never involves: calling the phone number on the letter, visiting the website on the letter, or mailing the slip in the letter. The letter is not a participant in determining whether the letter is real.
Make yourself permanently immune
A few one-time settings end this entire category of risk:
- Turn on auto-renew at your real registrar, with a current credit card. Most domain disasters aren't scams; they're expirations nobody noticed. Auto-renew converts your expiry date from a deadline into trivia, and it drains all urgency from every future scary letter.
- Keep the transfer lock on. Registrars enable a transfer lock by default; confirm yours is on. A locked domain can't be slammed, period, because the transfer process can't even start without you unlocking it from inside your account.
- Renew for multiple years if your registrar offers a fair rate. A domain paid through 2031 makes "URGENT: EXPIRATION NOTICE" letters genuinely funny.
- Know what you own. Keep a one-page record: domain name, registrar, login location, expiry, plus who hosts the website and email. Half the panic these letters cause comes from owners who aren't sure what their setup even is, usually because a long-gone web guy registered everything years ago, sometimes in his own name.
That last scenario, the domain registered to somebody else, is worth a hard look at your own setup. If your "web company" registered your domain under their account and you can't log in, you don't really own your online presence; you rent it from whoever holds the keys, and every one of these scams gets more dangerous. It's the reason our policy at Omnyra is blunt: you own your domain and your site, always, in accounts you control. A web vendor who resists that arrangement is telling you something. It's also why domain and DNS housekeeping is part of the standing checklist in our website and SEO service rather than an afterthought.
What to do with the letter itself
Recycle it. If you want to do a good deed first, report it: the FTC takes reports of deceptive mail solicitations through its fraud reporting site, and those reports feed real enforcement actions. Then warn whoever opens mail and pays bills at your company, because the letter was engineered for them, not for you. One sentence of training, "we never pay anything domain-related except to our registrar," is a complete defense.
And when the next letter arrives, and it will, you'll know exactly what you're holding: proof that your business is successful enough to be on somebody's list.
Want your domain and website owned by you, handled by us?
Omnyra builds done-with-you websites live on a call: first draft in 24 hours, live in 7 days guaranteed, tiers from $500, pay-in-4 and Klarna available. Your domain and your site stay in your name with us, always, so no letter, caller, or vendor can ever hold your online presence hostage. We're veteran-owned, based in Wilmington NC, and we've built 1,500+ small business sites in the last 90 days for companies like Air Support HVAC, Sano Steam, and Ramar Transportation.
Book a call or see pricing. Bring the weird letter, we'd love to see it.