Nominet, the body that runs the .UK Registry, has announced the opening of a Consultation process relating to key issues such as reducing phishing attacks in the .UK domain space and the possible introduction of a publicly available drop list for expired .UK domains.
According to Nominet, the main aims of the Consultation are:
(i) Reducing the use of .UK domain names for phishing attacks;
(ii) Implementing law enforcement landing pages following suspensions for criminal activity;
(iii) Implementing a .UK drop list to provide a transparent and orderly process for the re-registration of expired domains.
In the accompanying .UK Policy Consultation 2019 paper it has released, Nominet advises that, according to its research and analysis, “by volume, phishing accounts for the vast majority of reported security threats in .UK”, well ahead of other threats such as malware, compromised domains and command and control incidents. Nominet notes that “it is therefore clearly a priority issue for us in terms of our commitment to providing a trusted and secure .UK namespace.”
In relation to what it is currently doing to prevent phishing, Nominet points to its Domain Watch programme that has been running since 2018. This initiative, which the Registry describes as being a “risk-based enhanced verification of registration data for all newly-registered domains”, involves a combination of technical algorithms and manual intervention to highlight suspicious domain names. When a domain name is identified as having a high risk of phishing, it is prevented from resolving until further checks are carried out.
Nominet states in the Consultation paper that, of the 3.6 million domain names newly registered in the 12-month period from July 2018 to July 2019, over 1,500 had their DNS (Domain Name Servers) blocked as a result of this process, primarily on the basis of identity verification, as Nominet points out that most registrants who register domain names for phishing are reluctant to provide additional contact information. However, the paper sets out to ascertain whether there is support among stakeholders for updating its policies in order to allow Nominet to prevent resolution solely on the basis of a high risk of phishing use. It also calls for additional input as to how phishing may be prevented and which other security threats it should prioritise.
The second part of the Consultation paper concerns the question of whether domain names suspended by Nominet on the basis of criminal behaviour should redirect to an information landing page and whether the current 12-month suspension term is sufficient.
The third part of the Consultation touches on the possible implementation of a .UK drop list whereby information regarding the date and time an expired domain name will become available for registration would be published upon suspension of the domain name (.UK domain names are suspended for 60 days before being cancelled).
This proposed change is being mooted by Nominet for a few reasons, the first being that currently “only those with technical expertise and industry insight can understand when a domain name will become available for registration.” The second motivating factor arises from the fact that “Nominet’s whole database is excessively queried for registration and renewal status of all domains” (presumably by backorder providers). Finally, Nominet states that not all dropping domain names are being registered and used, which, it states, is “reducing the vibrancy of .UK domains.”
Stakeholders are invited to provide feedback as to whether Nominet should officially publish lists of dropping domain names available to the general public and whether competition in the secondary domain name market should be encouraged.
The Consultation paper ends with a number of general questions, such as whether an inter-registrar transfer system should be introduced, whether the life cycle of .UK domain names should be standardised to match that of the gTLDs and whether the option for direct registration via Nominet should be eliminated. It also calls upon stakeholders to suggest other issues for consideration.
Stakeholders are invited to send written responses by 16 December 2019 via www.nominet.uk/policy and/or to attend a roundtable that consists of sessions on each of the various issues in London on 4 December 2019.