Selling Subdomains: Risks & Precautions

TL;DR

Yes, selling subdomains carries risks. You’re essentially giving up control of a piece of your domain’s reputation and potential future use. This guide explains those risks and how to minimise them before you sell.

Risks of Selling Subdomains

1. Reputation Damage: If the buyer uses the subdomain for malicious activity (spam, phishing, malware), it can negatively impact your main domain’s reputation. Search engines and email providers may block emails from your entire domain.
2. Brand Association: Even if not directly illegal, a poorly-managed or offensive website on a former subdomain can damage your brand image.
3. Security Risks: A compromised subdomain can be a stepping stone to attacking your main domain.
4. Legal Issues: You could face legal challenges if the buyer uses the subdomain for illegal purposes, especially if you didn’t perform due diligence.
5. DNS Zone Confusion: Incorrect DNS changes by the buyer (or after the sale) can disrupt services on your main domain.

How to Mitigate Risks Before Selling

1. Due Diligence: Thoroughly research potential buyers.
   • Check their history and reputation online.
   • Understand their intended use of the subdomain.
   • Get a clear agreement outlining acceptable use (see step 6).
2. Remove Existing Content: Delete all files, databases, and configurations from the subdomain before selling.

   rm -rf /var/www/subdomain/*

   (This is a Linux example; adjust for your server environment.)

3. Revoke Access: Remove any user accounts or SSH keys associated with the subdomain.
4. DNS Control: Change the nameservers for the subdomain to point to temporary, non-resolving servers *before* transferring control. This prevents immediate use by the buyer until the transfer is complete and you’ve verified their setup.

   ns1.temporary-dns.com

   ns2.temporary-dns.com

5. Monitor DNS Records: After the sale, continue to monitor DNS records for the subdomain (using tools like What’s My DNS) to ensure they remain as expected.
6. Legal Agreement: Have a legally sound contract that includes:
   • Acceptable use policy (no illegal activities, spam, etc.).
   • Indemnification clause protecting you from the buyer’s actions.
   • Clear transfer of ownership details.
   • A process for reverting control if necessary.
7. Consider a Limited Transfer: Instead of full ownership, explore options like licensing the subdomain for a specific period and purpose.

Post-Sale Monitoring

1. Regular Checks: Periodically check the subdomain’s content to ensure it complies with your agreement.
2. Reputation Monitoring: Use tools like Google Safe Browsing (Google Safe Browsing) to monitor for any blacklisting issues.