Before you buy a domain name, first check to see if it's haunted

Original Article ↗ Hacker News Discussion ↗

Scope of “Haunted” Domains

  • Many commenters agree domains can carry long-lived negative reputation from past use (spam, porn, scams, hacked link farms, Tor nodes, etc.).
  • Some like the “haunted” metaphor; others argue it obscures that the real power lies with opaque blacklists and filters (search engines, AV vendors, ISPs, corporate firewalls, social networks).
  • Debate over whether this is primarily a technical problem (reputation systems, caching) or a social/power problem (no recourse, no transparency).

Real-World Examples

  • Domains formerly used for adult content later repurposed for art or legitimate sites but remained blocked by work firewalls, ISP porn filters, social networks, or search engines.
  • Reports of domains blocked as “malware” or “spam” on Twitter/Facebook, or simply not indexed by Bing/DDG despite being technically clean.
  • Cases where buying an old domain brought positive SEO via historic links, including Wikipedia references: an “enchanted” rather than haunted domain.
  • Similar “haunting” noted for IP addresses (previous spam, Tor bridges) and even phone numbers (robocall reputation).

Detection and Due Diligence

  • Suggested checks:
    • Wayback Machine / web archives for prior content.
    • DNSBL / blacklist aggregators and antivirus reputation tools.
    • IP reputation services and reverse DNS for VPS/cloud IPs.
    • Social media sharing tests to see if domains are blocked.
    • Catch-all email on new domains to see misdirected mail and legacy accounts (with ethical concerns).
  • Some propose a “Carfax for domains” product (“Namefax”-style) and argue registrars should disclose domain history.

Search, Blacklists, and Fairness

  • Ideas floated: time-limited blacklists (e.g., 12 months), automatic reset after long clean periods, or resets when content/complaints disappear.
  • Counterarguments: resets can be gamed by abusers via ownership churn, domain parking, or fake clean periods.
  • Tension between reducing friction for legitimate buyers vs. maintaining friction for spammers; disagreement on whether current systems meaningfully deter abuse.

Operational Advice

  • Avoid changing your canonical domain unless necessary; safer to redirect new → old.
  • When dropping a domain, explicitly shut down email/DNS verifications to avoid unintended access and reputation issues.
  • Be aware of cached security policies (HSTS, MTA-STS) and Cloudflare auto-imported configs that can “double-haunt” domains.