Domain registries provide registrars with reports of domains which are set to expire, and if you’re not a registrar yourself, you can often purchase these lists on a secondary market or use APIs built upon serving this information.
But even if you don’t have that list, you can do a Whois search for any domain and know its expiration. You could build your own database!
Note that most domains have a grace period (eg, 30 days) where the original owner can renew even after it has expired. So it’s not like you’d be able to steal someone’s domain just because of a clerical error.
It turns out that grace periods (called a "redemption grace period") weren't proposed until 2003. I'm not actually sure when this process was approved by ICANN - sometime between 2003 and 2013.
The industry term for this business is called “drop catching” https://en.m.wikipedia.org/wiki/Domain_drop_catching
Domain registries provide registrars with reports of domains which are set to expire, and if you’re not a registrar yourself, you can often purchase these lists on a secondary market or use APIs built upon serving this information.
But even if you don’t have that list, you can do a Whois search for any domain and know its expiration. You could build your own database!
Note that most domains have a grace period (eg, 30 days) where the original owner can renew even after it has expired. So it’s not like you’d be able to steal someone’s domain just because of a clerical error.