Keeping the .UK Internet Secure For All

Written by

There are over 12 million domains registered in the .UK namespace, demonstrating the enduring demand for domain names that are trusted and that can communicate a website’s British credentials to visitors instantly. These consist of what are known in the business as second-level (companyname.uk) domains and third-level (companyname.co.uk, for example) domains. A key milestone that third-level domain registrants should be aware of this year is the end of a five year Right of Registration period for second-level domains.

The shorter second-level domains were made available for the first time in 2014. As well as giving registrants a shorter, more memorable alternative for their online home, the move brought the UK namespace into line with almost all other country code top level domains (ccTLDs) around the world. Only a handful of ccTLD registries chose to allow domains at the third level initially, before opening the second level. 

That said, making the change after so many years during which only third-level .UK registrations were possible was and is significant. To make the transition easier, existing .UK registrants were given five years to decide if they want to take up the second-level equivalent of their domains. During that time, the rights to the registrations have been reserved to prevent anyone else from taking them up. On 25 June 2019, that period will end, and all second-level domains that haven’t yet been registered will become available to the general public.

Brand protection concerns are one reason why registrants might want to take up their Right of Registration. With issues such as cyber-attacks, data breaches and counterfeiting becoming key parts of any brand’s online protection strategy, preventing anyone else from registering a shorter version of the same name is a simple way to close off a potential security or brand reputation headache.

As the registry operator, Nominet has been working to identify which unreserved domains might be at greatest risk from opportunistic cyber-criminals. This has included looking at a range of data including cross checking the list of unreserved names with ICANN’s Trademark Clearing House. That’s just one factor that’s helping to keep the namespace safe: given that the .UK domain space plays such an important role in the UK and global economy, maintaining its security and integrity is critical. Here’s a rundown of what else takes place behind the scenes at the .UK registry.

Diagnosing unhealthy domains 
All .UK registrars get help to combat spam, phishing, malware or botnet activity that might be taking place on their domains with a service called Domain Health. Infected domains are identified proactively, with the relevant registrars alerted automatically so they can take action.

AI-based anti-phishing techniques
A recent development in the efforts to keep .UK safe is an anti-phishing initiative called Domain Watch. We’re all familiar with domains that try to con users with recognizable names or deliberate mis-spelling – such as ‘barc1ays’. Domain Watch uses technical algorithms and manual intervention to quickly identify and suspend newly registered domains that are obvious phishing attempts. Following suspension, registrars receive a message with a notification reason and registrants receive a direct email containing next steps. Suspensions can be lifted if the registrant is able to confirm legitimate use.

Anti-hijacking
Over the years, there have been a few high-profile instances of legitimate domains being hijacked by criminals. This involves gaining unauthorized access to the DNS system and changing the registration – leaving them to redirect traffic to a different site, display offensive material or attempt phishing. It’s often the sites with a particularly high profile or high level of traffic that get targeted in this way. A tool called Domain Lock allows registrars to lock domains at the Registry level, and only unlock them again with a pre-authorized representative through Two-Factor Authentication (2FA).

Resolving domain disputes
With thousands of domain names registered each week, it’s inevitable that some might cause disagreements. In some cases, these are malicious attempts to confuse consumers or take advantage of another brand or product’s popularity. The award winning .UK Dispute Resolution Service aims to resolve these disagreements fairly, and without incurring huge legal costs, through a panel of trained and accredited mediators.

Criminal domains policy
As the trusted guardian of the .UK namespace, Nominet endeavors to make sure that the domain services are only used for the right reasons. Working in collaboration and at the request of the police and other law enforcement agencies, every year Nominet suspends thousands of domains due to criminal activity in order to help protect .UK internet users. In 2018 alone, Nominet suspended a record 32,813 domains – close to double the amount suspended in 2017.

Keeping the UK’s namespace secure in these times of evolving threats and technological advancements is an endless challenge. By hiring the brightest cyber experts and proactively monitoring, reviewing and developing new approaches and tools, we can keep .UK the safest place to be online, whether for business or pleasure.

What’s hot on Infosecurity Magazine?