Live Direct Marketing logo
Inbox Placement Test
Warm-up10 min read

Buying a used domain for cold email: check reputation first

Used domains can be a shortcut past months of warmup — or a one-way ticket to Spamhaus. The same five-year-old domain can carry a clean engagement history or be a former phishing site. Here is the actual due-diligence checklist before you spend a dollar.

The pitch for buying an aged domain is seductive: skip the warmup, walk into Gmail with built-in trust, send 1,000 cold emails on day one. The reality is that the same auction listing for "premium 5-year-old domain, perfect for outreach" could be a domain that hosted a legitimate small business until 2024 and went dormant — or a domain that ran a phishing operation for 18 months before being seized and resold. The difference between those two outcomes determines whether the purchase is a bargain or a disaster.

TL;DR

Used domains carry their old reputation. Before buying, check WHOIS history, Wayback Machine, SecurityTrails DNS history, and current blacklist status. Then send a probe email through the domain to a multi-provider seed set as a control before paying. Negotiate a refund clause. Most aged domains for sale aren't worth their price.

What transfers when you buy a used domain

Buying a domain transfers exactly one thing in legal terms: the registration. It does not transfer the trademark, the website, the email accounts, or any business-side assets. But for deliverability purposes, it transfers a great deal more in practice:

  • Mailbox provider reputation history. Gmail, Outlook, Yahoo all retain per-domain reputation records for 12+ months even after sending stops. Buy a domain that was used for spam in 2025, and Gmail still flags it in 2026.
  • Blacklist memberships. Spamhaus DBL, SURBL, URIBL — if the domain was listed and never delisted, you inherit the listing.
  • DNS history. Old MX records, old SPF records, old DKIM keys all live in DNS history archives that filters consult.
  • WHOIS reputation. Some filters consider the registrar reputation and the domain's registration history (rapid re-registrations are suspicious).
  • Backlink profile. If the domain was linked from spam forums and adversarial-content sites, those links remain and influence content reputation systems.

Step 1: WHOIS history

Pull the full WHOIS history. Tools: WhoisXMLAPI, DomainTools, WhoisFreaks. What to look for:

  • Continuous registration vs. drops. A domain registered continuously for 5 years is healthier than one registered, let expire, re-registered. Each drop is a signal of changed ownership intent.
  • Registrar pattern. Domains that bounce between bulk registrars known for cheap-throwaway use (some Eastern European and Caribbean registrars) are a warning sign.
  • Registrant changes. Frequent ownership changes suggest the domain has been resold multiple times, possibly because successive buyers found it unusable.
  • Privacy-shielded throughout. Not necessarily bad, but it makes provenance harder to verify.

Step 2: Wayback Machine

Search the domain on web.archive.org. You're looking for:

  1. What was the site about? A legitimate small business is good news; a casino, pharma, or pirated-content site is poisoned.
  2. Was there ever a phishing-style page? "Verify your bank account", fake login pages, or anything that looks adversarial.
  3. What languages did it operate in? Sudden shifts in language (English to Russian to Chinese) suggest serial reuse.
  4. When did the legitimate use stop? A clean business that ran until 12 months ago is a different signal from one that went dark in 2018.
  5. What ad networks or third-party scripts were embedded? Some carry bad-neighborhood reputation.

If Wayback shows nothing, that's suspicious in itself. Domains older than 2 years almost always have at least some archive presence unless they were specifically excluded — and exclusion typically requires the owner to ask for it, which is in itself a signal.

Step 3: DNS history with SecurityTrails

SecurityTrails (paid) and DNSTrails offer historical DNS snapshots showing what MX, A, SPF, DKIM, and TXT records the domain has had over time. Critical checks:

  • MX history. Did it use Google Workspace, Microsoft 365, a proper ESP? Or did it route through bulk-mail providers known for tolerating spam (some unnamed but recognisable patterns)?
  • SPF history. A domain with a long-standing, narrow SPF record (one or two authorised senders) is healthier than one that has had 15 different SPF includes over 3 years.
  • DKIM selectors. Multiple selectors over time can indicate ESP churn — not necessarily bad, but a stable single selector is a better signal.
  • A record history. Did the IP host one site continuously, or was it parked across many shared-hosting IPs? Parking IPs are often shared with low-quality content.
The poison signal

If DNS history shows MX records pointing at known spam-friendly mail providers, or an SPF record that authorised 50+ senders, walk away. That domain has been used for bulk unsolicited email and Gmail will still remember.

Step 4: Current blacklist status

Check the domain (not just the IP — they're different) against:

  • Spamhaus DBL — domain blacklist.
  • SURBL — surveillance and reputation list.
  • URIBL — URI blacklist (used by SpamAssassin).
  • Invaluement — paid but comprehensive.
  • SORBS — older but still consulted by some filters.

Any current listing means the domain is unusable until delisted. Some lists allow self-removal; others require a track record of clean sending. A current Spamhaus DBL listing on a domain you're considering buying is an absolute deal-breaker — delisting can take weeks, and Gmail's internal lists almost certainly mirror the DBL signal.

Step 5: Send a probe before paying

Before you wire money, ask the seller to let you send one test email through the domain to a multi-provider seed set. This is the single most valuable diagnostic. Either:

  1. Seller-cooperative. Seller adds your sending account to their existing email setup, or sets up a fresh DKIM you can send through. You send one campaign-shaped message to your seed set and see what happens.
  2. Escrow with refund. Buy through an escrow service with a contractual clause: if seed test inbox rate at Gmail or Outlook is below a defined threshold, the sale is unwound.

If the seller refuses both, walk away. There is no good reason for a legitimate seller to block due diligence on the asset you're buying.

Run a control alongside the probe

Send the same probe message from a known-clean reference domain (your existing well-warmed domain) to the same seed set, on the same day, ideally within the same hour. The control gives you a baseline against which to evaluate the test domain's result.

If the control hits 90% inbox and the test domain hits 30%, the test domain is poisoned and not worth the asking price. If control hits 90% and test hits 88%, the test domain is roughly as healthy as your reference — that's a buyable signal.

Refund clauses to demand

Domain marketplaces (Sedo, GoDaddy Auctions, Afternic) generally sell as-is and offer no recourse. Private sales let you negotiate. Reasonable clauses:

  • Refund if the domain is found on Spamhaus DBL within 30 days of transfer.
  • Refund if seed test inbox rate at Gmail and Outlook is below a defined threshold (e.g., 60%) within 7 days of transfer.
  • Refund if Postmaster Tools shows Bad reputation within 30 days of starting clean sending.
  • Seller representations that the domain has not been used for phishing, spam, or any unlawful activity.

When the cost-benefit actually works

Most aged domains advertised for cold outreach aren't worth the price. The premium charged for "5-year-old aged domain" is typically $200–$2,000, and at the top end you're paying for time savings of about 30 days of warmup — which a clean fresh domain plus a real warmup curve will match anyway.

The cases where used domains do make sense:

  • A genuine business asset acquisition (the domain comes with a known-clean history and verifiable reputation).
  • A previously-owned domain you know personally because you ran the original business.
  • A defensive purchase — buying back a former corporate domain before someone else does.

Outside those cases, a fresh domain with a proper warmup is almost always the safer bet.

Frequently asked questions

Where can I check WHOIS history for free?

Free options are limited and often outdated. WhoisXMLAPI and DomainTools have free trials. For serious due diligence, spend the $20 on a one-month subscription. The cost is trivial against a domain purchase.

What if Wayback Machine has no record at all?

Treat it as a yellow flag. Either the domain was never publicly indexed (rare for genuine business use) or the previous owner asked for removal (which itself implies they had reason to hide history). Combine with WHOIS and DNS checks before deciding.

Can I clean a poisoned domain after buying?

Spamhaus delisting is sometimes possible after a clean record establishes itself, but Gmail's internal reputation memory persists much longer than any public list. A poisoned domain typically takes 6+ months of clean sending to recover, which is longer than a fresh warmup.

Is a domain that's been parked safer than one that hosted a site?

Marginally. Parked domains usually accumulated no engagement signals but also no specific bad signals — they sit at neutral. A clean small-business domain with positive history is better; a phishing domain is much worse.
Related reading

Check your deliverability across 20+ providers

Gmail, Outlook, Yahoo, Mail.ru, Yandex, GMX, ProtonMail and more. Real inbox screenshots, SPF/DKIM/DMARC, spam engine verdicts. Free, no signup.

Run Free Test →

Unlimited tests · 20+ seed mailboxes · Live results · No account required