Tag Archives: nominet

Nominet Consults On Reducing Phishing, Reducing Criminal Activity and Drop List For .UK

Nominet has opened a consultation process that will see the .uk registry seek feedback on reducing phishing, law enforcement landing pages for domain names suspended for criminal activity and implementing a drop list for expired domains.

The 2019 consultation invites feedback on three important issues:

I. Reducing the use of .UK domain names for phishing attacks

II. Implementing law enforcement landing pages following suspensions for criminal activity

III. Implementing a .UK drop list to provide a transparent and orderly process for the re-registration of expired domains

On phishing, since 2018 Nominet has used Domain Watch, an anti-phishing initiative. The initiative operates as a risk-based enhanced verification of registration data for all newly-registered domains. It uses a combination of technical algorithms and manual intervention to highlight suspicious domains. Of the 3.6 million newly registered domains in the 12 month period July 2018 to July 2019, over 1,500 domains were blocked in the DNS as a result of our Domain Watch initiative.

Nominet are asking if they should update their policies to specifically allow them to prevent resolution in the DNS where they have identified a high risk of phishing use.

On implementing landing pages following suspensions for criminal activity, while Nominet does not have the means to remove content or alter websites, they can disrupt the impact of criminal behaviour by removing or suspending a domain name. So Nominet is now seeking views on what should happen following the suspension. One option proposed is an informational landing page.

And lastly, on a drop list, Nominet is consulting on implementing a .uk drop list to provide a transparent and orderly process for the re-registration of expired domains. They also want to know if there is support for the publishing of official information for registrars to clarify when expired domains will become available for general registration. They’re also asking if Nominet should encourage competition in the .uk secondary domains market?

Looking forward, in the consultation paper Nominet raises several other issues they are considering to improve the .uk namespace including:

  • Moving to an inter-registrar transfer system that is more widely adopted across the industry
  • Standardising domain name renewals, expiry and cancellations in line with generic Top Level Domains (gTLDs) by implementing RFC 3915 and a life cycle to match gTLDs
  • Removing the option for direct registration of domains with Nominet, without operating through a registrar.

“We are committed to running a world leading registry and are always looking for ways to improve,” said Eleanor Bradley, MD of Registry Solutions and Public Benefit at Nominet. “As the environment in which we operate evolves, we actively engage with a wide variety of UK stakeholders to ensure that the policies we maintain reflect emerging threats, changes in stakeholder expectations and new industry practices.”

“This consultation sets out ambitious ideas to ensure .UK maintains its position as a vibrant and trusted namespace and provides an important opportunity for the UK internet community to provide input. We believe open consultation creates better policy so I encourage all interested parties to engage and look forward to hearing from you.”

Since 1996 Nominet has operated .uk, developing policies that provide the framework of principles for the .uk namespace. They are developed in consultation with a wide variety of stakeholders and aim to ensure a connected, inclusive and secure space for the UK internet community.

The .UK Policy Consultation invites feedback from all interested stakeholders by 16 December 2019. A roundtable event towards the end of the consultation period will be held on 4 December 2019. Interested parties can find out more and submit responses here.

ICANN: EBERO Providers Selected: Continued Protections for Registrants

ICANN today [26 Aug] announced that it has selected China Internet Network Information Center (CNNIC), the Canadian Internet Registration Authority (CIRA), and Nominet as its Emergency Back-end Registry Operator (EBERO) providers.

An EBERO provider is temporarily activated if a generic Top-Level Domain (gTLD) operator is at risk of failing to sustain critical registry functions. Ensuring the availability of these functions protects registrants, also known as domain name holders, and provides an additional layer of protection to the Domain Name System (DNS), and industry ecosystem.

“CNNIC, CIRA, and Nominet all have the experience, staff, and systems required to execute an efficient transition should an EBERO event occur,” said Cyrus Namazi, Senior Vice President of ICANN‘s Global Domains Division. “Their geographic diversity is also a benefit, enabling nearly continuous coverage across multiple time zones, and the ability to provide services in multiple regions in case of local disasters.”

“We are honoured to be among this select group of trusted registry operators. In a short time period, the CIRA Registry Platform and DNS have been recognized as among the most advanced and robust platforms for managing a top-level domain,” said Dave Chiswell, vice president, product development, CIRA. “When we transitioned .CA to our new platform we incurred only eight hours of downtime. Our technology and know-how enable us to migrate a registry quickly and will be essential should our services ever be required in an emergency.”

EBEROs have demonstrated years of experience in operating domain name services, registration data directory services and extensible provisioning protocol services. Additional requirements for the EBERO service are noted in the Request for Proposal published here.

Click here for more information about the EBERO Program.

About ICANN

ICANN‘s mission is to help ensure a stable, secure, and unified global Internet. To reach another person on the Internet, you need to type an address – a name or a number – into your computer or other device. That address must be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation with a community of participants from all over the world.

This ICANN announcement was sourced from: https://www.icann.org/news/announcement-2019-08-26-en. It also includes an additional quote from CIRA’s Dave Chiswell.

Nominet Cybersecurity Technology Helps Drive Haas F1 Team

Starting with the Azerbaijan Grand Prix last weekend, the Rich Energy Haas F1 Team deployed Nominet’s cybersecurity technology NTXsecure, which enables proactive cybersecurity with both DNS analytics and a fully managed DNS resolver. The technology, Nominet explains, is capable of automatically categorising and applying policy to potentially billions of queries to eliminate malware, phishing and data theft from the network.

Nominet, the ccTLD manager for .uk as well as providing backend registry services for 36 new gTLDs, will see their NTX cybersecurity technology implemented to keep Haas’ data networks secure, benefitting from its ability to analyse DNS (Domain Name System) traffic to predict, detect and block threats from the network before they cause harm.

“Data security is imperative for us with offices in the United States, United Kingdom and Italy,” said Guenther Steiner, Team Principal of Rich Energy Haas F1 Team. “I’m pleased we’re now able to utilize the expertise of Nominet as we compete globally, and in a fast-moving business that depends heavily on protecting items such as intellectual property (IP) and performance data. We welcome Nominet to our partner portfolio and I look forward to working with them in our areas of mutual interest.”

Commenting on the benefits of the partnership Rich Energy Haas F1 Team Chief Information Officer Gary Foote said; “Cybercrime and data security are amongst the biggest threats facing both industry and sport right now. It represents a huge challenge to technology professionals tasked with securing their businesses data and IP – both of which are critical assets. Given I’m responsible for ensuring adequate protection for our brand, and on a global scale, I must deploy all necessary systems and tools required to ensure we are continuously at the cutting edge of security technology. Deploying NTXsecure from Nominet is the next phase of our strategy. I’ve been hugely impressed by the embedded deep packet inspection and machine learning technology that’s been developed – which now underpins our proactive approach to data security. This ensures threats are continuously stopped at the boundaries of our network, even as new threats emerge.”

Chief Executive Officer at Nominet, Russell Haworth remarked; “Our partnership with Rich Energy Haas F1 Team has natural synergies. Both organizations are highly innovative in their approach and we are delighted to be chosen to drive their cyber security strategy by utilising DNS to remove network threats and protect their intellectual property. With NTXsecure, the team now has an innovative security solution at the DNS level, and it gives us the opportunity, at a global level, to help spread the word about how important this element of cyber security is. The back door to data for cyber criminals is via the DNS, so it needs to be protected – Nominet NTX can do this.”

“Our fully managed DNS resolver solution, NTXsecure, will enable us to detect and quickly respond to threats in real time to continuously improve Rich Energy Haas F1 Team’s resilience to the ever-changing threat landscape faced today,” said Simon Whitburn, Managing Director of Cyber Solutions at Nominet. Designed to be flexible to suit the demands of all modern enterprise today, Nominet NTX removes the known bad by using threat intelligence, and, crucially by applying our unique algorithms, eliminates the unknown bad. This is of critical importance in the CISO’s battle to remove cyber threats and our approach significantly reduces the window of compromise through proactive cyber security at the DNS level.”

Nominet Spreads Its Wings Westward to North America With Security Services Offering


Nominet, best known as the .uk ccTLD registry operator, has spread its wings to North America, opening an office in Washington D.C. But the new office isn’t to sell its registry services, but to sell their security services.

Announcing their office opening, Nominet tout themselves as a “security specialist enabling threat monitoring and detection, prevention and analytics at the DNS level, today made its official launch into the North American market.”

This security service “supports organisations wanting deeper visibility and the ability to pinpoint threats through massive data noise, and stop them instantly. The new capabilities are differentiated from competitive offerings that don’t operate at the DNS level, with deep inspection technology uniquely suited to identify and block threats such as targeted malware, ransomware, phishing, Zero Days, APTs, and data exfiltration attempts.”

Nominet has been diversifying in recent years. From its origins as the .uk country code top level domain registry, it’s now using that expertise to provide registry services to the .wales and .cymru new generic top level domains, which together have 20,260 registrations, as well as backend registry services for another 34 new gTLDs making them the fifth largest by domains under management with 1.873 million domain names and eighth largest by new gTLDs with 36. And now Nominet is using its expertise on the security front, providing security services to companies that want them. They’re one of a number of TLD registries diversifying and providing their expertise to both other registries and other sectors. Some examples are DENIC, SIDN, nic.at and CIRA.

“We feel like a new company despite a 22-year history in infrastructure security, and we’re excited to enter the North American market with a distinctive and proven set of skills and offerings,” said Russell Haworth, CEO of Nominet. “We’re proud of our expertise and experience in critical infrastructure—in 2017 alone, Nominet analysed over 3TB of data across the U.K. public sector and blocked 2.5 million malicious requests—and we look forward to working with U.S. organisations to enhance their security strategies and implementations.”

In announcing their new office, Nominet promote their new security service, Nominet NTX, by saying:

Whilst enterprises typically have numerous security layers, Nominet operates at a vital nexus: All networks rely on DNS traffic, which makes it a critical source of information for specific threats to the network. This area often gets overlooked in the security stack. Meanwhile, leveraging its long experience analysing data for threats, Nominet’s security researchers can identify malicious domains even before they register on standard threat feeds.

There is certainly broad-scale awareness of this critical issue: In a new study conducted by Nominet in partnership with Osterman Research, CISOs at over 30 large enterprises, a full 97% of respondents, say they see the value in monitoring, threat detection, attack blocking and analytics at the DNS level to enhance security; the few others didn’t know or were unsure. The fact is, many large organisations are, or believe they are, monitoring at that level already, yet the reality is less definitive: Even enterprises with significant resources dedicated to security may lack the technologies needed to analyse billions of DNS data packets in real time, as optimal to identify today’s threats.

Nominet Suspends 33,000 .UK Domains Following Law Enforcement Notifications

Almost 33,000 .uk domain names were suspended in the 12 months to the end of October 2018 following notification from the police or other law enforcement agencies that the domain name was being used for criminal activity. Continue reading Nominet Suspends 33,000 .UK Domains Following Law Enforcement Notifications

Nominet Donating Minimum of £200k To BBC’s Children in Need

Nominet, best known for managing .uk, is donating £1 for every new .uk domain name registered to BBC Children in Need until Monday 19th November. With a minimum commitment of £200k from new domain registrations, funds raised will go towards projects that use digital or new technology to support disadvantaged children and young people across the UK.

Money raised through new domain registrations, including those ending in .co.uk, .uk, me.uk and org.uk, will go on to support projects using digital to produce strong outcomes for children and young people. For example, clubs which provide technology sessions for children and young people affected by poverty and social exclusion, with the aim of helping them develop and gain new digital skills, whilst learning about new software technology, coding, robotics and digital arts.

“We’re focused on delivering public benefit initiatives that support a vibrant digital future, so it makes perfect sense for us to partner with BBC Children in Need to fund projects that engage and develop the skills of children and young people who might otherwise be excluded from the opportunity that new advancements in tech, digital skills and online inclusion can provide,” said Russell Haworth, CEO, Nominet. “We need to stamp out the growing digital divide, so the more young people who are able to make the most of being online and derive benefits from tech, the better. We hope our donation from domain registrations will go some way to help enable this.”

“It’s great that the funding raised by Nominet will support projects which utilise technology to support disadvantaged children and young people,” said Simon Antrobus, Chief Executive at BBC Children in Need. “We are excited about the benefits this funding will bring and are delighted to have Nominet on board as new partner for 2018.”

BBC Children in Need is currently supporting over 2,700 projects in communities across the UK that are helping children and young people facing a range of disadvantages such as living in poverty, being disabled or ill, or experiencing distress, neglect or trauma. Further information on BBC Children in Need can be found at bbc.co.uk/Pudsey.

With the proceeds of its successful registry business and cyber security services, Nominet has donated over £45m to tech for good initiatives helping over 10 million people. Its aim is to achieve lasting social impact focusing on enabling positive change on a range of emerging issues born out of our digital age such as online safety and digital inclusion, to existing social challenges where technology can play a pivotal role, and is committed to improving the lives of one million people a year. Find out more about Nominet public benefit initiatives here – https://www.nominet.uk/about/public-benefit/

Under this initiative Nominet will donate £1 to Children in Need for each new, paid for domain registration for the country code top level domain (ccTLD) ending in .co.uk, .uk, .org.uk, .me.uk, .ltd.uk, .plc.uk and .net.uk.

CIRA Explains Why Registering ccTLD Domains Benefits the Local Internet Community

Registering domain names in a country code top level domain often has benefits to that country’s local internet community. In the case of Canada’s ccTLD, Byron Holland, President and CEO of CIRA who manages .ca, recently explained how in a post on the company blog. Continue reading CIRA Explains Why Registering ccTLD Domains Benefits the Local Internet Community

Complaints Made About 0.0065% Of .UK Domain Names in 2017

A total of 712 complaints relating to 783 domains, representing just 0.0065% of the domain names on the .uk register, were made in 2017 according to Nominet’s annual summary of domain name disputes brought before its Dispute Resolution Service (DRS).

Over half of the complaints (55%) in 2017 in the .uk country code top level domain (ccTLD) resulted in a domain transfer. By comparison, there were 703 complaints in 2016, 53% of which resulted in a domain transfer.

The year also saw an increase to 15% in the number of disputes resolved with the domain name being voluntarily transferred to the Complainant by the Respondent upon receipt of the complaint. In 2016, 10% of complaints were resolved in this way.

“Thanks to the efficient DRS processes in place and the many Experts who generously offer their time and expertise, we can see in the numbers that the DRS is continuing to prove a useful tool for .UK customers,” said Russell Haworth, Nominet’s Chief Executive. “A steady increase in the number of .uk second level domain names being disputed year on year – almost doubling since 2015 – also reflects how the shorter domain is increasing in popularity and importance for individuals and businesses.”

Brands such as Jaguar Land Rover, Clydesdale Bank Plc, Virgin Enterprises Limited, Moncler S.p.A., “Dr. Martens” International Trading GmbH and the Sony Corporation used the DRS in 2017.

Other users of the service included St Neots Town Council, the fashion designer Philipp Plein, The Commissioners For HM Revenue And Customs, The Secretary Of State For Health and Puddy Cats Cattery in Maplethorpe.

“The increase in disputes relating to .uk second level domains is an interesting point. The Right of Registration that some .co.uk Registrants hold over the corresponding .uk domain name comes to an end on 10 June 2019,” said Nick Wenban-Smith, General Counsel at Nominet. “In the next two years this could lead to a further increase in the number of .uk domain names being subject to disputes as more and more potentially desirable names are made available to be registered on a first-come first-served basis. To avoid such a dispute, it’s important for .co.uk owners to review their options and act sooner rather than later.”

In their announcement, Nominet highlighted the following cases resolved through what they describe as their award-winning Dispute Resolution Service (DRS):

  • guntree.org.uk

The Complainant, Gumtree.com Limited, is  a wholly owned subsidiary of eBay Inc. It operates an online classified advertisement website, and has registered the trade mark “GUMTREE”.  The Respondent argued that GUNTREE has been derived from the artistic concept of a tree made of guns or an artistic gun made from wood.  GUNTREE advertises weapons to a specific market and therefore, does not offer the same services as the Complainant.  The independent Expert agreed with the Complainant’s claim that there is an overlap between the two sites which is likely to confuse Internet users.  Domain transferred.

  • victoriasecretbeauty.co.uk

The Complainant was Victoria’s Secret, an American designer and manufacturer of women’s lingerie and beauty products. The Respondent was a beauty therapist, operating a salon in Mayfair, London.  The Respondent claimed not to have known about the Victoria’s Secret brand at the time when the Domain Name was registered. In the view of the Expert, “this is not a credible claim, particularly taking into account that the Respondent operates in field of beauty services”.  Domain Transferred.

  • cybfx.co.uk

The complaint was brought by Clydesdale Bank PLC (Clydesdale and Yorkshire Bank), after they found that the domain name had been registered by someone who was asking for almost £100,000 in return for transferring the registration. The Expert agreed with the Complainant: that on the balance of probabilities the Respondent noted the Complainant’s trade mark application and purposefully registered the domain name in order to then sell it specifically to the Complainant at a later date.  Domain Transferred.

  • dignity.co.uk

The Complainant was Dignity Funerals Ltd, and the Respondent was an individual who had previously entered into a coexistence agreement with the Complainant’s predecessors in title, providing financial and insurance services through his companies.  The Expert stated “it does not appear the Respondent is doing anything that is confusing Internet users”, and that “dignity.co.uk shall remain with the Respondent”.  The Complainant appealed against this decision, but a panel of three members of the DRS Experts’ Review Group dismissed the appeal, whilst upholding a finding of ‘Reverse Domain Name Hijacking’ – using the DRS in bad faith.

Nominet also highlighted the following additional statistics:

  • In 2017 there were three appeals. Two appeals upheld original No Action findings. In the third Appeal case, the Appeal Panel agreed to combined two cases together for a review and two domain names were returned to the original Registrant.
  • The most common industries were Automotive (9) Electronics and Fashion (8 respectively), Retail (7) and Banking & Finance (6)
  • The year saw cases bought by complainants from 29 different countries, led by the UK (553) followed by the US (42), Germany (27) and France (20). Respondents came from 34 different countries. Again, the UK leads with 598 respondents, with the US second (17) and China third with 15
  • The overall average length of time DRS cases take from being filed to being closed was 57 days
  • Mediated cases took an average of 56 days to resolve in 2017 compared with 47 days in 2016. Cases being resolved by a Summary Expert decision took the same time that they did in 2016 (62 days), whilst Full Decision cases took on average 4 days less.
  • The majority of cases (87.5%) involved .co.uk domains, 6% were .org.uk or .uk domains and 0.5% were .me.uk
  • Court costs avoided in 2017 were almost £7 million – assuming court and legal fee savings of £15k per complaint that progresses into formal dispute resolution

Public Interest Registry joins the Internet Watch Foundation

Public Interest Registry has joined the Internet Watch Foundation as a Member, in a move which reinforces its commitment to protecting billions of internet users and the child victims of disturbing sexual abuse images and videos.

As the operator of .org, .ngo and .ong domain names, Public Interest Registry has over 10 million domains under management globally. By joining the IWF, Public Interest Registry is helping to further prevent the spread of child sexual abuse content.

PIR joins other registry operators such as Nominet, Afilias, Donuts (along with Rightside who they took over in 2017), ICM Registry (recently taken over by Minds + Machines), Dot London, webhost and registrar Names.co.uk as well as DNS Filter and Linx – the London Internet Exchange, who are all among the 130 members of the organisation that works internationally to make the internet safer by removing images of child sexual abuse.

Though a small organisation, Public Interest Registry, which is based in Reston, Virginia, operates popular domains that the world counts on to be platforms for the public interest. Its values have been echoed in this important move to join the IWF.

“The IWF represents the companies that are defining how the world tackles online child sexual abuse,” said Susie Hargreaves OBE, IWF CEO.

“With 137 organisations joined up as Members of the IWF, we now have more Members than ever before. These companies include some of the giants of the internet world, through to smaller filtering companies. What unites them, is their commitment to do the right thing.

“We can’t thank Public Interest Registry enough for joining us as a Member. It means that so many more domain names are now protected from child sexual abuse content. In turn, this is protecting billions of users of websites on these domains, as well as the victims themselves.”

“IWF’s global mission to eliminate online child sexual abuse imagery is among the most important work being done on the internet,” said Elizabeth Behsudi, Vice President and General Counsel at Public Interest Registry.

“Public Interest Registry is committed to making the .org domain space a safe and trusted environment for everyone. We are proud to work with the IWF and support the incredibly important services they provide.”

.IS, .NO and .UK Announce How They’ll Comply With the EU’s GDPR

The GDPR is coming and a number of ccTLD registries are giving registrars heart palpitations. It’s a month till the European Union’s General Data Protection Regulation comes into play and the Icelandic, Norwegian, Slovakian and United Kingdom ccTLD operators are only just announcing how they’ll deal with it.

For Iceland’s .is they will stop publishing names, addresses and telephone numbers of personal contacts by default from the ISNIC WHOIS database. For individuals who wish to continue to publish their information, they must log in, go to “My Settings” and select “Name and Address Published”.

ISNIC will however, at least for the time being, continue to publish email addresses, country and techincal information of all NIC-handles associated with .is domains. Those customers (individuals) who have recorded a personally identifiable email address, and do not want it published, will need to change their .is WHOIS email address to something impersonal. However the Icelandic country code top level domain isn’t happy with the new regulation. They note the GDPR “will neither lead to better privacy nor a safer network environment.”

For the sake of the internet community, e.g. Individual users, Service Providers, Hosting Companies, and many other stake holders, ISNIC will continue to publish email addresses and the country name of all contact types until further notice.

For NORID, the registry for Norway’s .no, they have made a few changes to their policies that come into effect on 5 May. NORID state they will “only collect data that we need, and that the domain holder shall be informed about which data is being processed by Norid. Starting on 5 May, we will collect less data about the holder than what we currently do.” Following consultation with the with the Norwegian Data Protection Authority, NORID will launch a new version of WHOIS on 22 May.

And Nominet, the .uk registry, has announced their changes. Following a consultation period that outlined their proposed changes that were published for comment between 1 March and 4 April, Nominet have announced that:

  • Registrant data will be redacted from the WHOIS from 22 May 2018, unless explicit consent has been given.
  • Law enforcement agencies will nonetheless be able to access all registry data via an enhanced Searchable WHOIS service available free of charge.
  • Other interested parties requiring unpublished information will be able to request access to this data via our data disclosure policy, operating to a 1 working day turnaround.
  • The registration policy for all .UK domains will be standardised – replacing the separate arrangements currently in operation for second and third-level domains.
  • The .UK Registrar Agreement will be updated, renamed the .UK Registry-Registrar Agreement, and will include a new data processing annex.
  • The existing Privacy Services framework will cease to apply.

“We have taken a conservative approach to publishing data, to ensure that we do not fall foul of the new legislation,” said Nominet COO Ellie Bradley. “While, as a result, we will be publishing less data on the WHOIS – we have comprehensive procedures already in place that ensure that we will continue to respond swiftly to requests for information to pursue legitimate interests.”

The proposals also outlined an approach to replacing the existing privacy services framework with recognition of a Proxy Service offered by registrars. In response to the feedback, Nominet has decoupled this proposal from the bulk of the GDPR-related changes and will consult further on this topic in June 2018.