The best I can come up with is that domains used like this should really have TLD level protection from resale. With email so often being the key to a whole account, letting the access to that be put at risk by an IT admin letting a domain expire or an organisation simply forgetting about an old domain is kind of insane.