Domain & email terms, in plain English.

The DNS record that maps a domain or hostname to a single IPv4 address.

The DNS record that maps a domain or hostname to an IPv6 address.

The 45-day window after a domain expires during which the original owner can still renew at the regular price.

A DNS record that restricts which Certificate Authorities can issue SSL certificates for your domain.

A DNS alias that says "this hostname points to that other hostname".

A file you generate on your server containing your public key + identity info, which a Certificate Authority signs to produce an SSL certificate.

A cryptographic signature on every outgoing email that proves the message hasn't been tampered with in transit.

A policy layer on top of SPF and DKIM that tells receivers what to do with messages that fail authentication.

The phone book of the internet — translates human-readable domain names into IP addresses computers route to.

The most common type of SSL certificate. Issued in minutes after proving you control the domain. Suitable for 90% of sites.

A short alphanumeric secret used to authorize transferring a domain from one registrar to another.

ICANN policy requiring registrars to send pre- and post-expiration renewal notifications to registrants.

The most rigorous SSL validation tier. Mostly relevant for banks and financial institutions; lost its visual browser distinction in 2019.

A TLD not tied to a country. Examples: .com, .org, .net, .io, .ai, .app, .shop.

An HTTP header that tells browsers to ONLY connect to this site over HTTPS, never plain HTTP, for the next N seconds.

The non-profit that coordinates the global domain name system and accredits registrars.

A domain name containing non-ASCII characters — like Cyrillic, Arabic, Chinese, or accented Latin.

A DNS record that says "here's where to deliver email addressed to anything @yourdomain.com".

A server that holds DNS records for one or more domains and answers DNS queries about them.

The DNS record that tells the internet which nameservers are authoritative for a domain.

An SSL certificate that includes verified organization information — the CA checks your company exists in business registries.

The time it takes for a DNS change to be visible to everyone on the internet — usually minutes to a few hours.

The encoding scheme that lets DNS handle Unicode characters by translating them to ASCII.

The modern HTTPS-based replacement for the legacy WHOIS protocol. JSON instead of plain text, with proper authentication.

A 30-day post-expiration window during which the original owner can recover an expired domain — for a hefty fee.

The legal owner of a registered domain — the person or company on file with the registry.

A company accredited by ICANN to sell domain registrations to end users on behalf of registries.

The organization that operates a specific TLD and maintains its master database of registered domains.

A TLS extension that lets a single server host multiple SSL certificates — one per domain — on the same IP address.

A DNS TXT record listing which mail servers are authorized to send email on behalf of your domain.

A DNS record that locates specific services on a domain — like which server to talk to for SIP, XMPP, or Microsoft 365 autodiscover.

How long DNS resolvers cache a record before re-asking the authoritative nameservers.

A DNS record that holds arbitrary text. Used by SPF, DKIM, DMARC, and domain-verification services.

The ICANN policy that lets trademark holders take a domain from a cybersquatter through arbitration instead of court.

A fast, cheap alternative to UDRP for clear-cut cybersquatting cases — suspends the domain rather than transferring it.

A public directory of who owns each registered domain. Often abbreviated as the protocol used to look it up.