← Back to blog

Buying a premium domain: the 7-item pre-purchase checklist

May 3, 2026 · buyers process transfer

A premium domain is rarely a refundable purchase. Once the transfer initiates, your money has cleared and the registrar gears are turning. Five minutes of pre-purchase due diligence avoids most of the unpleasant surprises.

This is the checklist we’d run through if we were buying instead of selling.

1. Confirm the seller controls the domain right now

Open the domain in a browser. If it parks to a sales page (Dan.com, Afternic, Sedo, or the seller’s own marketplace like SurfName.com), that’s good — it means the seller has DNS control. If it returns an error or shows third-party content, ask the seller for proof of control: a TXT record they add at your request, or a screenshot of the registrar dashboard. Don’t skip this even with reputable sellers; we’ve seen cases where a domain was sold twice in 24 hours by an outright fraudster.

2. WHOIS the domain

Run whois <domain> from a terminal, or use any free WHOIS lookup site. Confirm:

  • Registrar is a known one (Namecheap, GoDaddy, Cloudflare, Gandi, Sav, Dynadot, etc.)
  • Domain status doesn’t include clientHold or serverHold — those mean the domain is suspended and can’t transfer
  • Domain status doesn’t include clientTransferProhibited if you’re using authcode transfer (it must be removed before transfer can begin; the seller does this from their registrar)
  • Expiration date is at least 30 days away — transfers extend the registration by 1 year, but registries refuse transfers in the last few days of the term

3. Check for ICANN’s 60-day transfer lock

ICANN requires a 60-day lock on outbound transfers after any of these events: registrant change, registrar change, or new registration. If the seller’s WHOIS shows the registrant changed within the last 60 days, the domain cannot be transferred to your registrar yet. You can still proceed via push (intra-registrar transfer at the seller’s registrar) or wait out the lock.

A reputable seller knows this and tells you up front. If they don’t, ask: “When did you acquire this domain, and is it past the 60-day ICANN lock?“

4. Trademark sanity-check

Run the exact domain name through:

  • USPTO TESS (US trademarks)
  • EUIPO TMview (EU trademarks)

You’re looking for live (not abandoned/dead) marks in a class that overlaps with how you intend to use the domain. A widgetcorp.com purchase by a software startup is fine even if a paint manufacturer has the trademark in Class 2; same domain bought by another paint company is risky.

If you find a live mark in your class, you have two options: pick a different name, or talk to a trademark attorney before buying. Don’t ignore it.

5. Decide your transfer method ahead of time

There are three common methods, in rough order of speed:

  • Account push at the same registrar: 5–30 minutes. Requires you to have an account at the seller’s registrar (free to create). The fastest path.
  • Authcode (EPP) transfer to a different registrar: 1–7 days, depending on registries. Seller gives you an authcode, you redeem it at your target registrar.
  • Escrow.com: 3–14 days end-to-end. Adds escrow fees but provides third-party guarantee. Worth it for purchases above ~$10,000 if you don’t already trust the seller.

Tell the seller your method before paying so they can prepare. Authcode transfers in particular need a few minutes of seller prep (unlocking the domain, generating the code).

6. Set up the receiving registrar account

If you’re doing an authcode transfer, create your account at the destination registrar before you initiate the transfer. The transfer authorization email goes to the registrant contact email on the domain, so make sure that’s an inbox you can read — public-WHOIS-redacted contacts are common, and the email may bounce.

For premium domains, we strongly recommend Cloudflare, Namecheap, or Porkbun as receiving registrars: they don’t upsell aggressively, support 2FA cleanly, and have transparent renewal pricing.

7. Confirm post-transfer steps with the seller

After the transfer completes, you’ll typically need to:

  • Update the WHOIS contact info to your details (do this within 24 hours)
  • Re-set DNS records (the seller’s parking nameservers go away)
  • Configure your registrar’s lock and 2FA on the new account

Ask the seller to confirm in writing — by email — that they’ve handed over all auth codes, removed any auto-renewal settings on their end, and won’t initiate a chargeback. Five minutes of paperwork that has saved us several headaches.

What can still go wrong

Even with all of the above, occasionally:

  • Receiving registrar takes 48 hours to process the inbound transfer (rare but happens)
  • The transfer authorization email is filtered to spam
  • A registrar’s API is briefly down during your transfer window

These resolve themselves with patience. The actually-bad outcomes (seller disappears with money, domain gets clawed back via chargeback, transfer is blocked by a lock the seller didn’t disclose) are all preventable with the seven items above.

If you’ve ticked through this list, you’re in the 95th percentile of buyer preparation. The transfer itself is usually the easy part.