Domain Renewal Scams vs Domain Slamming: How to Spot the Difference
Summary
✔️ Domain slamming tricks you into transferring your domain to a different registrar through deceptive authorization forms
✔️ These are two distinct threats requiring different verification steps and prevention measures
✔️ Check sender identity, log into your actual registrar, and verify transfer lock status before taking action
✔️ Whois privacy stops both threats; transfer lock only prevents slamming
Two Distinct Threats, Not One Scam
You just received an urgent notice about your domain name. Most articles will tell you it's a "domain scam" and move on. That's not good enough.
Domain renewal scams and domain slamming are tactically different threats requiring different responses. Conflating them creates dangerous confusion when you're holding a suspicious email or letter and need to verify its legitimacy in 60 seconds. One empties your wallet. The other breaks your website and kills your email by transferring registrar control without your knowledge.
Understanding the difference matters because misidentification has operational consequences.
What Domain Renewal Scams Actually Are
Domain renewal scams are fake invoices designed to extract payment without touching your domain registration. For example, the scammer could send official-looking bills claiming your domain needs renewal or "listing maintenance."
Your domain stays registered exactly where it is. You simply pay money for nothing. These operators rely on volume: blast thousands of fake invoices scraped from public Whois data, collect payments from busy office managers who don't verify sender identity, then move on.
The financial loss could be recoverable. The real damage is wasted time chasing refunds.
Related: Whois Privacy: The Essential Shield for Your Domain Security
What Domain Slamming Actually Is
Domain slamming is an unauthorized transfer of your domain registration to a different registrar through deceptive authorization forms disguised as renewal notices.
This could break your business infrastructure immediately. When your domain transfers to a new registrar, DNS configurations often fail to transfer cleanly, causing timing gaps and service disruptions. Your website goes offline. Email stops working. You're suddenly in recovery mode, contacting the new registrar to reclaim control while your customers see error messages.
Be aware of domain slamming because paying a fake invoice costs money. Losing registrar control costs uptime, email continuity, and customer trust. This is the threat that matters operationally.
Related: Domain Security Guide: Bulletproof Domain Protection
Side-by-Side: How to Tell Them Apart
| Element | Renewal Scam | Domain Slamming | Legitimate Renewal |
| Goal | Extract payment only | Steal registrar control | Maintain your registration |
| Mechanism | Fake invoice or bill | Hidden transfer authorization | Actual renewal at current registrar |
| Sender | Never your registrar | Pretends to be your registrar | Always your actual registrar |
| Fine print | "This is a solicitation" disclaimer | Transfer authorization language | Clear renewal terms |
| Domain impact | None (stays put) | Transferred to new registrar | Renewed at current registrar |
| Red flag | Arrives via unfamiliar email | Urgent language + authorization checkbox | Matches your renewal schedule |
Real-World Examples
As an ICANN-accredited registrar, Dynadot regularly educates customers about possible suspicious notices. Here are some real-world examples:
- Domain Networks "listing maintenance" invoice ($289) = Renewal scam. Fine print says "THIS IS NOT A BILL. THIS IS A SOLICITATION. YOU ARE UNDER NO OBLIGATION TO PAY THE AMOUNT STATED ABOVE UNLESS YOU ACCEPT THIS OFFER". They want your money, not your domain.
- Brandon Gray Internet Services / NameJuice operations = Hybrid threat. ICANN suspended Brandon Gray in 2014 for violations including both inflated fees and unauthorized transfers simultaneously.
60-Second Verification: What to Check Right Now
Here are the tips on how you can verify the sender and the offer:
- Identify the sender. Does the notice come from your actual domain registrar? If you don't know who that is, look it up via ICANN registrars search.
- Log into your registrar account directly. Never click links in the notice. Type your registrar's URL manually and check your account dashboard for renewal status and expiration date. You can also check the info about domain expiration in the Whois database. It will show your domain expiration date.
- Check for transfer lock. If the notice mentions "transfer" or "authorization," verify your domain has transfer lock enabled through your registrar's control panel. This prevents unauthorized moves between registrars.
- Read the fine print. Look for "solicitation" disclaimers or transfer authorization language. Legitimate renewal notices from your actual registrar won't hide behind legal disclaimers.
Prevention Measures by Threat Type
Stops both renewal scams and slamming:
- Enable Whois privacy to hide your contact information from public databases
- Enable auto-renewal so your domains renew automatically with your actual registrar: scammers can't create urgency around domains that renew themselves
- Set calendar reminders for actual renewal dates so you recognize fake urgency
Stops domain slamming only:
- Enable transfer lock (also called registrar lock) on all domains
- Portfolio managers: use bulk lock features to protect 20+ domains simultaneously
- Consider registry lock for high-value domains (adds registry-level verification beyond registrar lock)
Stops renewal scams only:
- Filter postal mail and unfamiliar emails claiming domain-related urgency
- Train anyone handling invoices to verify sender identity before paying domain-related bills
Transfer lock does nothing against fake invoices. Whois privacy won't stop transfers if your domain isn't locked. Layer your defenses by threat type.
The Hybrid Threat: When Operators Do Both
Some scammers don't choose between renewal scams and domain slamming: they execute both simultaneously. You could pay inflated fees and authorize an unauthorized transfer hidden in the fine print. You lose money and domain control at the same time.
These hybrid operations are harder to reverse because you've technically "authorized" the transfer by paying the invoice, even though the authorization was deceptively presented. Recovery requires contacting both the scammer's registrar and ICANN dispute processes.
The pattern to watch: any notice combining payment requests with transfer authorization language. Legitimate registrars separate renewal billing from transfer mechanics. Scammers intentionally blur them.
The safest response to any domain notice is logging into your registrar directly. At Dynadot, that’s where renewal dates and transfer locks actually live.
Frequently Asked Questions
How can I tell if a renewal notice is from my actual registrar?
Log into your registrar account directly (don't click links in the notice) and check your account dashboard. Your actual registrar will show upcoming renewals there.
What happens if I accidentally paid a fake invoice?
Contact your bank or credit card company immediately to dispute the charge. These fake invoice operators are real companies using predatory marketing, so chargebacks are often successful if filed quickly. Your domain remains safe and renewal scams don't actually touch your registration.
Can domain slamming happen even if I didn't respond to anything?
No. ICANN's Transfer Policy requires explicit authorization for inter-registrar transfers. If you didn't provide your authorization code (AuthInfo/EPP code) or approve a transfer request, the transfer cannot proceed. However, the scam works by tricking you into unknowingly providing this authorization when you think you're just renewing.
Is transfer lock the same thing as registry lock?
No. Transfer lock (registrar lock) is a standard security feature that prevents unauthorized transfers between registrars. Registry lock adds an additional layer at the registry level, requiring manual verification steps before any changes can be made. Most domain owners only need transfer lock; registry lock is typically used for high-value or mission-critical domains.
Do legitimate registrars ever send renewal notices by postal mail?
Legitimate registrars send renewal reminders electronically to the email address on file. Paper invoices are extremely rare in the domain industry due to volume and cost. If you receive a paper renewal notice, verify it very carefully: it's likely a scam attempt unless you specifically requested paper billing from your known registrar.