Ten Years of Domain Decisions, Untangled in Six Weeks

The Challenge

A regional management consulting firm had been in business for nearly 15 years. In that time, they had registered domains whenever it felt right: the main company site, a few practice-area microsites they had tried and abandoned, variations of their name to prevent squatters from grabbing them, and a handful they couldn't quite explain anymore.

What they knew:

• They had a main website
• They had email on their domain
• They were paying "something" for hosting, somewhere

What they didn't know:

• How many domains they actually owned
• Where most of them were registered
• Which hosting accounts were still active
• Why they were receiving four separate renewal invoices per year

The situation had accumulated quietly. An early web developer registered the company's primary domain through his personal GoDaddy account on the company credit card in the early years — and left. A VA set up landing pages on Bluehost for a campaign that ran for eight months, then left. A marketing agency they engaged later registered 12 domain variations as "brand protection" — similar spellings, common typos, additional extensions — renewed them annually, and billed the credit card directly. None of these had ever been transferred to accounts the owner controlled.

By the time they reached us, the owner could name three domains with confidence. He was pretty sure there were more.

The Audit

We started with what we could find: credit card statements, inbox searches for renewal notices, WHOIS lookups on every domain we could identify, and a review of DNS records at every registrar and nameserver that turned up.

What the audit found:

• 17 registered domains across five registrars: GoDaddy, Namecheap, Network Solutions, a reseller account that barely had a functioning portal anymore, and the 2020 marketing agency's own registrar account — which they had never mentioned and still technically controlled
• 3 domains the owner had never logged into — registered under the original developer's personal email, inherited by the reseller account when he left, and effectively orphaned since
• 12 "brand protection" domains from the marketing agency: all parked, generating no traffic, 4 expiring within 60 days, none pointing to anything useful
• 3 confirmed active hosting accounts plus one whose status was unclear because the credit card on file had expired and login credentials were unknown
• DNS managed in four places: some records sitting at registrars, the main site's DNS on Cloudflare (configured by the developer years earlier), two subdomains on an Azure DNS zone the owner had no knowledge of, and one staging subdomain still resolving to a server that had been decommissioned after a migration
• 6 email accounts on three different domains — most empty, but two had active forwarding rules pushing inbound messages into a CRM the company had been running on for over a decade. Nobody could say exactly which messages were being forwarded, or whether anyone was reading them

The CRM was its own problem: a self-hosted install running on outdated software, no vendor support, no clear backup process, and a handful of staff using it out of habit. That was outside the scope of this engagement. We flagged it and moved on.

The Solution

We worked through the environment in four parallel tracks over six weeks.

Domain recovery and consolidation Recovered access to all accounts through registrar support escalations, domain transfer procedures, and direct outreach to the marketing agency for the 12 protection domains. Consolidated 9 of 17 domains under a single registrar account in the owner's name. Recommended against renewing 5 of the protection domains — no traffic, no backlinks, no business rationale beyond a vendor's upsell pitch. Flagged 3 others for the owner to decide based on potential future use. Documented all 17 in a domain register with registrar, expiration date, renewal cost, DNS location, and current use.

DNS consolidation Audited every DNS record across every zone. Moved all active zones to a single Cloudflare account under the owner's direct control. Documented each record: what it does, what depends on it, and when it was last confirmed correct. Decommissioned the Azure DNS zone after verifying nothing active depended on it. Removed the stale subdomain still pointing at the decommissioned server.

Hosting cleanup Confirmed which hosting accounts had live, active sites (two did; two didn't). Cancelled the dormant accounts and recovered $62/month in charges for services that were no longer serving anything. Documented the remaining accounts — what's running on them, who owns the login, when they renew.

Email dependency mapping Traced every email account and forwarding rule across all domains. Found that one forwarding address on an obscure domain alias — a domain the owner had forgotten they owned — was the only path by which a specific partner's invoices were reaching the CRM. The domain was 18 days from expiration. We redirected the flow to a monitored inbox before it lapsed. Without that catch, invoices would have started disappearing silently and nobody would have known why.

The Result

At the end of six weeks, the owner had something he hadn't had in over a decade: a complete, accurate picture of what his company owned, where it lived, and what it was doing.

• 17 domains inventoried, all ownership recovered and documented
• 9 domains consolidated under a single registrar account the owner controls
• 5 flagged for non-renewal; 3 held pending a decision
• DNS for all active properties in one Cloudflare account, every record documented
• Two dormant hosting accounts cancelled, saving $62/month
• Azure DNS zone decommissioned, stale records removed
• Critical email forwarding dependency found and resolved 18 days before the domain lapsed — a near miss that would have silently broken an invoicing workflow with no obvious symptoms

The CRM is still running. That's a bigger project. But it's now on a documented roadmap instead of a ticking clock nobody knew was counting down.