According to an analysis of the Netherlands’ 50 biggest brand names, the number of .nl domain names suspected of being used or intended for use in phishing has been increasing, but monitoring and intervention appears to be suppressing visible abuse such as phishing.
The Dutch ccTLD .nl passed the six million registered domain names last week, a milestone that was reached somewhat earlier as a result of around a quarter of a million new registrations following the COVID-19 pandemic and lockdown.
People are staying at home more now in many countries including the Netherlands, and as a result Dutch people and businesses have registered just over 85,000 .nl domain names since the restrictions came into force. According to the .nl registry, SIDN, that’s ten thousand up on the same period in 2019.Continue reading SIDN Sees Unexpected Jump In .NL Registrations Due To COVID-19
The internet is increasingly playing a part in the lives of Belgians with growing numbers enjoying the freedom it gives them, go online for entertainment and feel the internet is an essential part of their daily lives. But only 1 in 20 Belgians have ever registered a domain name.
This is all part of research conducted by InSites Consulting on behalf of DNS Belgium, the .be ccTLD registry, at the end of 2018. The research found trust is important for Belgian internet users, and .be domain names score high on that front.
When asked what were the most important factors when it comes to trusting a domain name, Belgians responded:
- Language of the domain name
- Extension of the domain name
- The brand of the domain name
- Length of the domain name.
When it came to trusting a website, an encrypted connection (https) was considered the most important, a .be domain name second and a company logo third.
When asked if theyâve ever registered at least one domain name, 5% of Belgians said they had while 95% said not. 60% understood the concept of domain names while one third (35%) said theyâd consider registering a domain name in the future, the remainder said they wouldnât.
For the top level domains Belgians register domain names in, 77% said their own country code top level domain .be, 30% said .com, 16% said .net and 13% said .eu. Following was their neighbour .nl (Netherlands – 8%), .org (7%), .fr (France – 4%), .brussels (2%), .london (1%) and others accounted for 9%.
When it comes to the reasons for registering a domain name, 43% of Belgians said for a website, 40% for website and email and 6% just email.
It also appears Belgians are registering domain names sooner in the process of developing a business or idea with 42% saying they registered a domain name âdirectly at the time of the ideaâ compared to 23% in 2017, 11% âwhen the business is launchedâ (11% in 2017) and 23% after the start (30% in 2017).
Awareness was highest with .be and .com, with both scoring awareness among over 90% of Belgians (94% and 92% respectively) while .vlaanderen and .brussels scored 27% and 19% respectively.
Belgians said they valued the freedom and entertainment the internet offered them with 70% saying they loved the freedom the internet gives them (up from 59% in 2017), 68% said they go online at home for entertainment (57% in 2017) and 67% said they âfeel the internet is an essential part of their daily livesâ (47% in 2017).
Belgians say they surf safely online with almost two thirds (64%) saying they ânever surf to untrustworthy sitesâ while half (50%) âare concerned with safe internet useâ and a quarter (25%) âare aware of the latest online security toolsâ.
To assist their registrars comply with the European Unionâs General Data Protection Regulation, SIDN, the .nl ccTLD manager, has set up a Privacy Portal and a Legal Help Desk. SIDN acknowledges that for registrars, bringing their operations into line with the GDPR — and making sure they stay that way — can be a challenge.
In a blog post on the SIDN website by RA CEO Margreth Verhulst and SIDN’s Key Account Manager Sebastiaan Assink discuss the Privacy Portal and Legal Help Desk now available to registrars.
âAt the start of the year, SIDN organised a webinar on the implications of the GDPR for domain name registration. Participants were asked whether they had set up a data processing register, as required under the new legislation. And no fewer than 66 per cent of the registrars responded by saying that they hadn’t yet set one up. A broadly similar picture emerged when the RA surveyed its members to find out how many were GDPR-compliant. From the survey feedback, it was also clear that registrars would welcome support bringing their activities into line with the directive. The RA and SIDN therefore linked up with the ICTRecht legal consultancy to create the Privacy Portal, which opened for business on 27 September 2018. The Portal is intended to advise registrars on recording and protecting sensitive information and other privacy-related issues. “The Privacy Portal offers registrars free guidance on all aspects of privacy management,” explains Sebastiaan. “You can get answers to legal questions, or help with data processing agreements and other documents.” Dozens of registrars have already turned to the Portal for assistance.
A registrarâs first contact the Privacy Portal sees them being asked a few general questions. Answers are used to build up a profile and then a customised account can be established. Through the account, tailored advice is made available and appropriate measures are suggested. Facilities are also available for organising your enquiries and documents. “The intake privacy scan provides an immediate impression of what you’ve got under control and what still needs attention,” adds Margreth.
âThe Portal also features a tool that can be used to set up and maintain a data processing register, another of the GDPR’s new requirements. There’s a privacy statement generator as well, and a utility for checking the adequacy of your technical data protection measures. Another feature of the Privacy Portal is its data breach registration functionality, which you can use to comply with the GDPR’s requirement that details of all breaches must be recorded. Finally, there’s a tool for generating appropriate data processing agreements to regulate your relationships with any data processors that handle data on your behalf. In other words, the Privacy Portal offers all kinds of assistance with GDPR-compliance.â
“Registrars process a great deal of personal data and cooperate with other actors, including suppliers and partners. They collect registrants’ personal details, for example, and forward the information to us on the registrants’ behalf. That’s how a domain name is registered. Naturally, it’s primarily the registrars’ responsibility to make sure that their data processing complies with the law. However, it’s also very much in our interests to see that registration data is processed and exchanged securely,” continues Sebastiaan. As Margreth points out, registrars have a lot on their plates, even without the GDPR. “Their core business is domain name registration, and compliance with the many rules and regulations that apply to the industry sometimes gets sidelined. So the Portal has been created with the aim of relieving some of the burden and making compliance easier for registrars. For any registrar who sees GDPR compliance as a dauntingly high mountain, the Privacy Portal will act like a Sherpa. You’ve still got to get up the mountain yourself, but the Portal is there to shoulder some of the load.”
âThe Privacy Portal is just one of the ways that the RA and SIDN are working together to support and invest in the registrar community. It is a spin-off from the Legal Help Desk opened earlier in the year. Via the Help Desk, all 1250 or so .nl registrars can get free legal advice regarding issues involving contracts, ICT, terms and conditions and the like. Questions are simply submitted to the Help Desk using a standard form. Another product of cooperation between SIDN and the RA is the SIDN Academy.â
“So far, we’ve run three SIDN Academy sessions for registrars. The one-day sessions are intended for sharing knowledge on particular topics,â said Assink. âThe first round of sessions was devoted to e-mail security, for example.”
Looking forward, the post notes Margreth and Sebastiaan have no preconceptions about how the Help Desk and Portal should develop from here. Both are really still pilot services. “We’ll evaluate the situation after twelve months,” says Margreth. “The future direction of the projects will depend on how registrars use these facilities in practice. A positive response and high levels of use will encourage us to continue and extend the services.”
The full version of this post originally appeared on the SIDN website here. SIDN is the country code top level domain (ccTLD) manager for .nl (Netherlands).
Registering domain names in a country code top level domain often has benefits to that country’s local internet community. In the case of Canada’s ccTLD, Byron Holland, President and CEO of CIRA who manages .ca, recently explained how in a post on the company blog. Continue reading CIRA Explains Why Registering ccTLD Domains Benefits the Local Internet Community
Brazilâs ccTLD manager, NIC.br, announced [Portuguese only] Monday theyâve reached the 4 million registrations mark after âmore than 25 years of flawless operationâ.
There are over 120 second level domains under which .br domain names can be registered from blog.br and wiki.br for individuals to eng.br and adv.br for liberal professionals, tv.br and tur.br for legal persons, rio.br, sampa.br and curitiba.br for cities those reserved for specific purposes such as gov.br, jus.br, b.br and org.br among others. Some of these have as few as 10 registrations, while the largest, com.br has 3,645,125 accounting for 91.2% of all registrations.
According to the latest Verisign Domain Name Industry Brief, .br is the seventh largest country code top level domain (ccTLD). Verisign already had .br at 4 million domain name registrations at the end of 30 June, probably through rounding, up in this case, to the nearest hundred thousand. Chinaâs ccTLD was the largest with 22.7 million followed by Tokelauâs free .tk (21.5m), Germanyâs .de (16.3m), the United Kingdomâs .uk (12.0m), Russiaâs .ru (5.9m), the Netherlandsâ .nl (5.8m). Following .br is the European Unionâs .eu (3.8m), Franceâs .fr (3.2m) and rounding out the top 10 is Italyâs .it (3.1m).
Revenues from .br registrations allow NIC.br to, in addition to providing and maintaining the infrastructure behind .br, invest in a series of actions and projects that generate benefits and improvements to the internet infrastructure in Brazil. These include the operation of internet traffic exchange points, which promote the interconnection of networks that form the Internet in Brazil, reducing distances and costs; the handling security incidents and tracking internet statistics.
Nic.br notes that other advantages of registering .br domain names include additional security features, such as token and encryption, that strengthen both the accounts of Registro.br users, and their respective domains. There is another recent feature: a redirection feature that lets you point a .br domain to any URL, whether it’s on a website or the preferred channel on social networks, keeping identities and active tags on the Internet permanently. Servers distributed by Brazil and other regions of the world guarantee speed and reliability in the resolution of .br and a team exclusively dedicated to meet and assist users in their doubts complete the description.
Slow adoption of IPv6 in the Netherlands is liable to harm the nation’s innovation climate. That’s the conclusion of research carried out for SIDN, the .nl ccTLD registry.
According to monitoring by Google, the Netherlands has been slow to adopt the newer protocol. As a result, SIDN believes that the Netherland’s competitiveness as an innovation centre is being undermined. Tech companies are likely to see countries with good IPv6 support as more desirable bases. The Netherlands lags behind with IPv6 largely because of the policies of the two biggest access providers, the report concludes. Neither KPN nor Ziggo offers internet users a proper dual-stack IPv6 connection.
According Google’s data, Belgium heads the European ranking for IPv6 adoption, with more than 54 per cent of all visits to Google pages made from IPv6 addresses. In the Netherlands, the figure is just 13.2 per cent. The reluctance to embrace IPv6 does not bode well for the Dutch internet’s future-readiness. Nor, indeed, for the competitiveness of the country’s business community, since it makes the Netherlands less attractive as a place for innovation and investment in the Internet of Things (IoT).
Digitale Infrastructuur Nederland (DINL), which speaks for the companies and organisations that supply the facilities on which the digital economy is based, remains unconvinced of the case for IPv6, the study found. DINL argues that there is no pressing shortage of IPv4 addresses, and therefore no clear economic incentive to switch to IPv6. Nevertheless, DINL advocates research into the risks associated with slow adoption, since it doesn’t want to see the sector caught out by developments that it can’t respond to quickly.
According to the study findings, big companies and small businesses are embracing the new protocol more than medium-sized enterprises. Of the various sectors analysed, universities are easily the biggest IPv6 supporters, with an adoption rate of 43 per cent. And the private sector is using IPv6 more than the public sector. Nevertheless, the overall percentages are generally disappointing.
“Slow adoption of IPv6 is liable to harm our country’s international standing,” fears Roelof Meijer, SIDN’s CEO. “It detracts from the Netherlands’ image as a leading innovator. And that increases the danger of startups and innovative tech companies seeing other countries that do have good IPv6 support as more desirable bases. The services of global technology companies, such as Netflix, Google and Facebook, have been using IPv6 for a long time. That tells you which way the world is heading.”
Meijer also highlights the growing demand for IP addresses linked to the rise of the IoT: “Hubs and gateways that enable communication with IoT devices and domotics need IP addresses. If the Netherlands is going to continue to feature in development of the IoT, further implementation of IPv6 is essential.”
SIDN’s Chief Exec is therefore calling on everyone involved to finally commit to IPv6: “We all have a responsibility here. What we’re talking about is our country’s readiness for the future.”
IPv6 is the successor to IPv4, the protocol that underpins the internet’s addressing system. It’s needed because the world has run out of IPv4 addresses and the technical workarounds used to keep the system going have implications for the stability of the internet. With IPv6, addresses are structured in a completely different way, enabling far more of them to be created.
IPv4 is now nearly forty years old, but is still used for the bulk of internet traffic. Because the internet has developed in ways that were unimaginable four decades ago, with countless internet-connected devices and appliances, the demand for addresses has long since outstripped the scope for creating them on the basis of IPv4. IPv6 uses a different addressing technology, and therefore has a much bigger ‘address space’. Whereas IPv4 has space for 4 billion addresses, IPv6 has space for 340 undecillion (34 followed by 37 zeros).
The research report from the Dutch country code top level domain manager is currently available only in Dutch. An English translation will be available shortly SIDN advises.
The Dutch and Austrian ccTLD managers, SIDN and nic.at, have signed a cooperation agreement under which all domains managed by SIDN will additionally be hosted on the nic.at anycast network RcodeZero DNS. The agreement was announced by SIDN’s CEO Roelof Meijer and nic.at CEO Richard Wein on the sidelines of the ICANN meeting in San Juan, Puerto Rico.
“We are very happy and proud to offer our technical services to the third largest European ccTLD,” says Richard Wein, CEO of nic.at. The agreement covers the almost 6 million domains registered under .nl, .amsterdam, .aw and .politie and sees SIDN becoming the biggest customer of the RcodeZero TLD DNS network. A network which already hosts twelve different TLDs at thirteen highly available redundant locations all over the world.
Roelof Meijer, SIDN’s CEO, explains the reasons why they decided for RcodeZero DNS: “First of all, it was important for us to have a partner under EU jurisdiction and data protection law. Secondly, we were impressed by nic.at’s technical know-how and flexibility, as well as their readiness to develop their product further based on our needs.” In recent years, SIDN has constantly been improving and optimising its DNS infrastructure with anycast partners to guarantee the best possible availability of .nl domains.
RcodeZero DNS will soon be expanded with additional nodes in Australia and South America to provide better performance and lower latency for customers in those areas, too. However, RcodeZero DNS, had other attractions for a technician, as confirmed by Marc Groeneweg, Coordinator of DNS Ops Team at SIDN: “It’s important for us to have comprehensive statistics and real-time DNS traffic information to further analyse our infrastructure, as a basis for continued improvement of our infrastructure.“
The technical work of integrating all Dutch domains into the network has just been completed and the set-up is now ready for public production.
The agreement is a sign of further consolidation and expansion within the top level domain registry industry, using their experiences in areas such as security among others. In the security area, a big issue for business worldwide, the domain name business is one of the leading providers of online security solutions. Some registries, such as nic.at and SWITCH, the Swiss registry operator, also run CERTs.
Others, such as CIRA, the Canadian ccTLD manager, has been active in recent months signing agreements with Uniregistry, DNS.PT (Portugal’s .pt) and InternetNZ (New Zealand’s .nz) to provide global domain name system services. SIDN itself has acquired a controlling stake in Connectis, one of the Netherlands' leading suppliers of secure log-in solutions and redesigned SPIN, their open-source system for protecting the internet and end-users against insecure IoT devices in home networks. And DENIC, the German (.de) ccTLD manager, has been approved as an authorised New gTLD Data Escrow Agent to offer both to ICANN-accredited registrars and registries an escrow service which fully complies with the European legal framework.
Registries universally said they’re not content police in a discussion on domain name take down processes involving legal counsels from the operators of 6 European registries, both generic and country code TLDs. However processes vary among the registries.
The discussion involved representatives from dotSaarland, DENIC (.de), SWITCH (.ch), SIDN (.nl), DNS Belgium (.be) and Nominet (.uk) at the Domain Pulse conference in Munich Friday, the annual event that rotates between Germany, Switzerland and Austria.
One registry that does make decisions on takedowns, or suspensions as they’re often called, and the content on the sites using the domain names, is SWITCH. Anna Kuhn explained how SWITCH was rather unusual in that they were both a registry and operated a national Computer Emergency Response Team (CERT), which gave them some additional expertise. However SWITCH still doesn’t make decisions on content, only on domain names involved in the hosting malware and phishing Combatting cybercrime, Kuhn explained, is one of the roles of the registry operator.
Volker Greimann from dotSaarland, the only new gTLD operator in the panel discussion, said .saarland is in a different position to the country code top level domain (ccTLD) registries as they have a direct contract with ICANN. Additionally, the Saarland regional government said they don’t want their new generic top level domain (new gTLD) to be a haven for crime. The gTLD for the German state has an anti-abuse rule in their terms and conditions that requires domain names to not ruin the reputation of the Saar region.
Horst explained the German registry's position of the German registry in this respect: “DENIC is not the right point of contact to which to turn when it comes to content. If DENIC were to evaluate content and delete, at its own discretion, domains through which websites with questionable content can be accessed, this would be equivalent to censorship. In a democracy based on the separation of powers, no one can seriously support law enforcement by the private sector. This philosophy of DENIC's is, by the way, also reflected by the unanimous opinion of the German courts.”
The courts, Horst explained, have always sided with DENIC’s view that they also aren’t in a position to judge on what is illegal content and that complaints should always go to the registrant if they can be contacted.
SIDN’s Maarten Simon said SIDN will never just take down a domain name and that contacting the registry should be a last resort. However Simon also noted .nl domain names are much more trusted by Dutch people than any other TLD. And that this trust is both in SIDN’s interest to protect so that internet users continue to want to visit sites using the Dutch ccTLD and businesses want to register .nl domain names. Building trust benefits SIDN’s bottom line as more .nl domain names are registered. For complaints regarding .nl domain names, there is an independent appeals board with a number of judges and professors with the expertise to deal with complaints.
Peter Vergote from DNS Belgium also noted how .be has nothing to do with judging content hosted using a .be domain name, so to get a domain name suspended a complaint has to give necessary evidence such as a court order to have a domain name taken down.
Vergote echoed Simon’s views on .nl in that DNS Belgium deeply cares about the quality of the .be zone and it’s their sincere duty to do what they can without taking unnecessary risks. While they are more active than in the past on dealing with complaints, they will never evaluate content on a website. This position has been backed by a court order from a Belgian court that states deciding illegal content is up to the courts and can’t be done by DNS Belgium. When it comes to phishing though, DNS Belgium treats this differently and will take action without a court order if they are advised from a competent body that a domain name is used for phishing.
But DNS Belgium will never take it upon themselves to suspend a domain name that’s suspected of being used for phishing because that’s a content evaluation. Additionally Vergote said a phisher is unlikely to put their correct identity in Whois. DNS Belgium suspends around a dozen domain names per month with complaints largely driven by government agencies and rarely from private individuals or organisations.
So what about the domain names that are required to be taken down, or suspended? For SIDN, Simon explained the procedure starts with a form to be completed on the SIDN website where the complainant explains why the domain name should be taken and what they’ve done to date to complain. If the complaint is clear cut SIDN will go to the registrar and get the domain name taken down. SIDN receives about 20 requests per year and take down one, maybe 2, each year out of the 5.8 million .nl registrations.
Nominet’s Wenban-Smith commented on the futility of removing or suspending a domain name because even if they do, the content still exists. Nominet doesn’t allow child abuse or content that promotes criminal activity on .uk domain names. But Nominet doesn’t make decisions on what is illegal content but does cooperate with those who can such as law enforcement. For those wishing to make complaints, Nominet doesn’t take requests from those outside the UK. In 2017 Wenban-Smith said Nominet suspended 16,000 .uk domain names in 2017.