This is a bit of a sob story, and I’m mainly posting hoping for some advice or assistance, but even if my situation is hopeless, maybe sharing the experience can prevent something similar from happening to someone else: Some months ago I let a long unused domain name of mine expire(williamsfamilyfungi.com). I used it for an email address for a number of years, but over time I moved everything to another domain which also hosted my website(michiganmushrooms.net). Unfortunately I neglected to change the contact information for a few critical accounts away from williamsfamilyfungi.com… and wouldn’t you know it; as soon as it expired someone grabbed it up and started a new email with my old address(christopher@williamsfamilyfungi.com). Then the real trouble started: they used my old email to change the password on my michiganmushrooms.net domain, locking me out of my email and GoDaddy account. Unfortunately they did this just before that domain was set to expire and by the time GoDaddy was able to confirm I’d been hacked and get me back into my account(this took several months for some reason): the domain was gone. Now it would seem they started a new email again with my old address(christopher@michiganmushrooms.net) and unfortunately that email is connected to many important accounts that I am now totally locked out of… I realize in both cases the domains were expired and re-purchased legitimately enough, but to re-start an email address to impersonate someone is pretty shady. GoDaddy said I’m out of luck to get back since it wasn’t technically ‘stolen’, but it sure feels like I’ve been robbed. My main concern now is what kind of havoc they might be able to do impersonating me; I have no way of knowing what kind of accounts they could be opening up… TLDR: be thoughtful about retiring old domains. Any advice appreciated!