1) If there have been many notifications via email, phone or letter at least 60 days IN ADVANCE, then it's fine to shut down port 80 on expiration
In my experience there's two reasons that domains accidentally expire. One is that the registrant's contact info goes stale, the other is that the domain was registered through an intermediary that's gone out of business. For example, one of our local churches registered its domain ten years ago through a Tucows reseller. Earlier this year (two weeks before Easter), it expired. The contact was the secretary at the time it was registered, who hasn't worked there for years, and the reseller disappeared with neither the church nor Tucows able to find him. They'd probably been emailing contact validation notices for years, all of which bounced, but nobody at the church knew to look for them. Since Tucows' managers happen to know me personally, they were willing to move the church's domain to my reseller account so I could renew it, but otherwise they'd have been out of luck. If you want your domains to be stable, you need stable contact info including a stable e-mail address, but I don't know any way to make that happen for people who aren't inclined to do it anyway. Requiring multiple email addresses doesn't help, since they'll just use a throwaway free address. Requiring the address be at a domain other then the registered one doesn't really help; I've had my iecc.com domain since 1993, the contact address is hostmaster@iecc.com, which is more stable than any other domain I might use. Other than ensuring that the renewal rules are straightforward and consistent, I'm not sure this is a problem we can or should try to solve. If people use a low-cost low-service registrar, it's not reasonable to expect them to go to great effort to verify that contact info still works, or to track down someone who's mail is bouncing. R's, John