A recent blog post by the manager of the Netherlands country code Top Level Domain (ccTLD) .NL, SIDN, indicated that only 150 of the 5.8 million .NL domain names are secured with .NL Control, SIDN’s Registry Lock Service.

SIDN is, of course, not the only Registry to offer some form of Registry Lock service. Among the extensions for which a Registry Lock is available are .COM, .NET, .INFO, .TV, .CC, .FR, .EU, .CA, .CO.UK and .UK, .CN and .中国, and .ME. The Registry Lock procedure itself is specific to each particular Registry, but it generally involves the need to provide a specific passphrase - usually by telephone - in order for any changes, including domain name server re-delegations and registrar transfers, to be effected. Each Registry sets its fees for the service, which can vary enormously.

The Registry Lock is the most effective weapon currently available against domain name hijacking as it involves some kind of human interaction that automated systems cannot easily bypass. Although there is a cost involved, SIDN points out that this should be weighed against the consequences of the domain name being hijacked by criminals and the subsequent loss of reputation and sales if the domain name is an integral part of a registrant’s business activities.

Despite the benefits of the Registry Lock, SIDN notes in its post that, to date, it has not proven popular or been particularly embraced or promoted by registrars. In this regard SIDN observes that by “offering registry locks to customers, a registrar is effectively implying that its own systems are not entirely secure against hacking”.

SIDN also points to another hindrance to uptake of the service, namely: “the lack of good (international) e-IDs.” SIDN uses the “eHerkenning”, an e-ID in the Netherlands, but they note that this is “only just starting to gather momentum as a business e-ID. And, without an e-ID system that everyone’s at home with, old-fashioned paperwork is the only way of verifying a customer’s identify in order to set up a registry lock.

On top of that, there is also a lack of standardisation among Registry Locks across the various TLDs. A .COM lock does not work the same as a .NL lock, so things can get complex for an international company with multiple domain names. Standardisation, SIDN notes, was an issue for discussion between Registries and registrars at the recent CENTR Registrar Day.

SIDN goes on to summarise the situation as follows:

As cybersecurity awareness grows and the value of a domain name is recognised more widely, the business community is coming to see an unprotected name as a vulnerability. It’s also increasingly common for a domain name to be pledged as collateral for a business loan. And the desire to make sure that a pledged domain name is completely secure is understandably strong. The rise of electronic IDs, such as eHerkenning, is also significant. By reducing the administrative burden associated with a registry lock, e-IDs are lowering the threshold to getting a name locked. It comes as no surprise, therefore, that various national registries represented in Brussels announced plans to introduce locks or to expand their existing services.