Using Expired Domains for OPSEC

A few years ago, after listening to the podcast by Michael Bazzell (which I really miss) I decided to explore using "expired domains" as a layer of operational security.

I visited the website expireddomains.net and began looking for a domain that had a reasonable reputation, and a name that sounded like it would be legit. I found a domain and bought it through CloudFlare for $9. The next step I took was to add that domain to my Proton email so that I could send and receive mail with Proton. Note: Adding a custom domain to a Proton account is only available through a paid subscription.

Adding a custom domain to your Proton account is fairly easy, although there are several steps required to verify and complete the setup. Documentation here

You will want to use your custom domain's "Catch-all" address. This allows you to share any email address, as long as it has the "@your_custom_domain.com" and it will be routed to your account.

When using the expireddomains.net website, you will want to create an account to utilize the filter options. You can also save your searches for future use. The filters page is very granular.

Expired domains can provide you with a layer of anonymity and virtually unlimited email addresses. You can also set up a website using your domain if that would benefit your OPSEC.

I am interested in hearing your feedback. Feel free to email me.