.com vs .ai vs .dev vs .io: How to Pick a TLD Without Regret

TLDs are not interchangeable. June 2026 renewal pricing, the .io and .ai gotchas, WHOIS check commands, and a registrar lock-down checklist.

When .com is taken, panic sets in. Should you grab .io, .ai, .dev, .app, .co, or .xyz? Each carries baggage: a renewal price that compounds, audience expectations, spam reputation, and registration restrictions. The headline first-year deal almost never reflects what you actually pay in year three. This walks through the decision honestly with current (June 2026) numbers so you spend the money once and do not regret it.

TL;DR

  • Default to .com. It renews around $10-12/year and nobody questions it. Cloudflare Registrar sells it at cost (~$10.44 as of June 2026), Porkbun at ~$11.
  • If .com is taken: .app and .dev are the best value tech alternatives (~$13-15/year, flat renewal, HTTPS enforced).
  • .ai is the expensive one. $83/year retail, sold on a 2-year minimum registration ($140-160 up front), and the registry raised wholesale prices again in early 2026. Only worth it if your product literally is AI.
  • .io carries a slow-burn risk from the UK-Mauritius Chagos handover, but it is not disappearing soon (any retirement is a 5-year-plus process). It renews around $52/year.
  • Avoid .xyz, .online, .site, .top for anything that needs trust. The $1 first-year is bait; renewal and the spam reputation are not worth it.

Why TLD choice actually matters

There are over 1,500 TLDs now, and browsers, email clients, and search engines treat almost all of them equally. Google has stated repeatedly that there is no ranking penalty for a non-.com generic TLD. So the decision is not technical, it is about three things that bite later:

  1. Renewal price compounds. First-year promos hide the real cost. A .ai at ~$83/year over 10 years is roughly $830; a .com is closer to $110.
  2. Human trust and spam reputation. Some TLDs are so abused by spammers that filters and people distrust them on sight.
  3. Hard restrictions. .dev and .app are on the browser HSTS preload list, so HTTPS is mandatory, not optional. Some country TLDs require local presence.

Pricing snapshot (June 2026)

Prices below are typical retail at value registrars (Porkbun / Cloudflare), all-in. First-year figures are common promo prices; the renewal column is what you actually live with.

TLDFirst yearRenewalNotes
.com~$10-11~$11Default, safest. Wholesale rising ~7%/yr through 2030
.dev~$11~$13HTTPS-only (HSTS preload), run by Google Registry
.app~$11~$15HTTPS-only (HSTS preload), run by Google Registry
.net~$13~$13Older, neutral, fine fallback
.org~$8~$12Reads non-profit; fine for projects/communities
.co~$10~$27Renews 2-3x; easily mistyped as .com
.io~$28~$52Dev-popular; slow-burn geopolitical risk
.ai~$140-160 (2 yr)~$832-year minimum; registry raised prices early 2026
.xyz~$1~$13Cheap bait; spam reputation
.online~$2~$29Trial price, renews ~15x higher

Two numbers move the most between registries: .com wholesale climbs about 7% per year through 2030 (Verisign’s ICANN agreement), and .ai went up again in early 2026 after Identity Digital took over the registry. Check the renewal column, never the headline promo.

The two TLDs people get wrong

.ai — premium price, 2-year lock-in

.ai is run for Anguilla and, since Identity Digital took over the registry in 2025, it is sold on a 2-year minimum registration. Combined with the early-2026 wholesale increase, you are committing ~$140-160 up front and ~$83/year after. It is genuinely worth it when your product is AI and the exact name matches. For a side project or a brand where “AI” is incidental, that renewal is hard to justify versus a .com or .app.

.io — fine today, watch the headlines

.io is the ISO country code for the British Indian Ocean Territory. In October 2024 the UK agreed to hand the Chagos Islands to Mauritius, which raised the question of whether IO stays a valid ISO code. The practical reality as of June 2026: nothing has been retired, the registry runs normally under Identity Digital, and even in the worst case ICANN’s retirement policy gives a 5-year migration window. .io could also be kept on the “exceptionally reserved” list the way .su (former USSR) and .uk were. Translation: it is fine for a project you will revisit, but if you hate uncertainty, pick something else and save yourself the recurring “is .io okay?” anxiety.

How to decide in 60 seconds

  • .com is available at a sane price -> take it, stop reading.
  • Audience is highly technical -> .dev, .app, .io, or .ai all read as “we build things.”
  • Audience is general public -> stay on .com, .co, or .app; avoid TLDs they have never seen.
  • Budget-conscious for the long haul -> .com, .app, .dev. Avoid .ai, .io, .co renewals.
  • Email-heavy outreach -> established TLDs (.com, .org, .net) land in inboxes slightly more reliably.

Step by step

  1. Check yoursite.com first. Availability and ownership via CLI:
# Availability + WHOIS check
whois yoursite.com | head -20
# Domain Name: YOURSITE.COM
# Registrar: ...
# Creation Date: ...
# Registrant Email: Redacted for Privacy
#
# No "No match"/"NOT FOUND" line => the domain is registered.
  1. If it is taken, gauge whether it is for sale. Parked pages can sometimes be acquired through the registrar’s broker for $500-5,000. Only worth it if the exact name is mission-critical.

  2. Generate alternatives fast. This loops your name across TLDs and common prefixes:

NAME="yoursite"
for tld in com app dev co io ai; do
  for prefix in "" "use" "get" "go"; do
    cand="${prefix}${NAME}.${tld}"
    avail=$(whois "$cand" 2>/dev/null | grep -ci 'no match\|not found')
    echo "$cand  $([ "$avail" -gt 0 ] && echo AVAIL || echo TAKEN)"
  done
done
  1. Rank survivors by trust and renewal cost, not first-year price. Look at the registrar’s renewal column for each candidate; some renew at 2-7x the promo.

  2. Say it out loud. Phone, podcast, conference. If you have to spell the TLD every time, that friction is real and permanent.

  3. Register at a value registrar and lock it down immediately. Cloudflare Registrar sells at cost with free WHOIS privacy and DNSSEC; Porkbun and Namecheap are solid alternatives. Apply these on day one:

Registrar settings (apply once)
───────────────────────────────
 [x] Auto-renew                 <- never let it lapse
 [x] WHOIS privacy              <- block harvesters (free at Cloudflare/Porkbun)
 [x] Registrar/transfer lock    <- prevent unauthorized transfers
 [x] Two-factor on the account
 [x] Backup contact email NOT on this same domain
  1. For .dev and .app, ship HTTPS before you point anyone at it. They are HSTS preloaded, so browsers refuse plain HTTP. Confirm preload status:
curl -s "https://hstspreload.org/api/v2/status?domain=yoursite.dev"

Verify after launch

  • whois yourdomain.tld | grep -i expir shows an expiration date more than a year out.
  • dig +short A yourdomain.tld returns your host’s IP.
  • curl -vI https://yourdomain.tld returns a valid certificate and an HTTP/2 200.

Common pitfalls

  • Picking .xyz for a serious project to save a few dollars. The spam association follows you for years.
  • Reading the first-year promo as the price. .co, .online, and .io all renew far higher.
  • Buying a hard-to-spell .com variant instead of a clean .app. Pronounceability beats TLD prestige every time.
  • Choosing a restricted TLD you do not qualify for (.us needs US presence; some country TLDs require a local entity).
  • Forgetting auto-renew and losing the domain to a squatter who relists it for 50x.

FAQ

  • Does Google rank .com higher than .io or .dev?: No. Google has stated repeatedly that generic TLD has no effect on ranking. Trust and click-through can differ, but the ranking algorithm does not care.
  • Is .ai worth ~$83/year and a 2-year minimum?: For an AI product where the name fits, yes. For anything else, that renewal plus the up-front 2-year commitment is hard to justify over a .com or .app.
  • Is .io safe to build on given the Chagos handover?: For now, yes. Nothing has been retired as of June 2026, and any retirement would come with a multi-year migration window. If recurring uncertainty bothers you, pick a TLD without geopolitical strings.
  • What about country TLDs like .de or .co.uk?: Excellent if you target one country (Google treats them as geo-specific) and a poor fit for global ambition.
  • Should I buy multiple TLDs of the same name?: Only when you have a real brand to defend. Most indies are fine with one TLD until the project has traction.
  • What is HSTS preload and why does it matter for .dev/.app?: Browsers ship a built-in list of domains that must use HTTPS, and all of .dev/.app is on it. Without valid SSL on day one, visitors get a hard error page, not a warning.

Tags: #Indie dev #Domain #Website planning #Comparison