Default records like ftp, mail, webmail, www still set, we do not use them
Many registrars and hosting panels create default subdomains: ftp, mail, webmail, www, smtp, pop, imap. If you do not use them and they point at old IPs or vendor pages, they are weak spots for phishing and takeover.
Try this first
- 1Walk through all default subdomains: dig ftp/mail/webmail/smtp/pop/imap/cpanel.yourdomain.nl.
- 2For what you do not use: delete the record. www is usually still needed for redirect, ftp and pop/imap are not in modern setups.
- 3For what you do use under a different name (e.g. mail.yourdomain.nl): make sure old record names are gone and not pointing at expired IPs.
- 4Do not add a wildcard record as a 'fix'. It solves nothing and hands phishing attackers a free subdomain.
- 5For mail security, set a Null-MX (MX 0 .) on subdomains that should not receive mail, that cleans up mailbox spoofing.
When to bring us in
If you are unsure which defaults are safe to remove without breaking something live, we can audit the zone in 30 minutes.
See also
- Domain expires tomorrow and nobody saw the emailAn expired domain doesn't transfer instantly. There's a redemption window, but you pay extra.
- Unsure whether to enable auto-renewDisabling auto-renew only makes sense for domains you'll truly drop. For anything live, just keep it on.
- New registrar asks for auth code, can't find itEPP code or transfer code is the password to move a domain from registrar A to B.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.