Compliance and enforcement (2021-2022)
Part of our work in the compliance space includes contributing to InternetNZ’s .nz policy-making work and ensuring our regulated parties know and understand their obligations. We also intervene when rules are broken.
We are observing more registrants contacting the DNC to step in and help with getting their domain names out of pending release. The DNC is usually contacted after the registrant has reached out to their registrar.
The reasons as to why the registrar hasn’t helped include that the registrant is using different details, for example, a new email address or that the named registrant is a retired employee and the entity was never registered as the domain name holder.
When a provider becomes unavailable (deceased or absent)
Sometimes domain name providers name themselves as the registrant, rather than their customer, which is a breach of .nz policy.
Last year we were advised that a provider of domain names had sadly passed away. The provider had a large number of domains registered in their company name instead of their customers’ names, and many of those domain names’ billing dates were coming up.
DNCL undertook a compliance project which resulted in most of those customers’ domain name’s being claimed by the user of the domain name. As many of the domain names were integral to the operation of small businesses, this was a particularly rewarding project.
The COVID-19 pandemic and the vaccine rollout saw the creation of many COVID-19 related websites. DNCL monitored the daily list of newly created domains for COVID-19 related domain names. These names were considered high risk for scam and phishing content.
COVID-19 domains that were reported to us from CERT or another party were considered for Data Validation Process to verify the registrant contact information. Failure to pass this process resulted in the domain name being suspended.
DNCL also monitored the daily creates for any banking phishing domains. Scammers will quite often create domain names that are similar to major NZ banks. Any suspected domains would then also be put through our Data Validation Process.
Domain name suspensions and cancellations
DNCL can suspend domains following notification from CERT NZ, law enforcement agencies, and members of the public after first attempting to validate a registrant’s contact details.
Partnership work is critical to our online safety measures. We work closely with the online safety and the law enforcement community to disrupt individuals and companies who try to operate in the .nz domain space.
There were 288 domain name suspensions in 2021/2022 compared to 813 and 445 in the previous two financial years.
There are four organisations that regularly report fake registrant details for the Commission to validate.
The number of domain name suspension requests that didn’t result in a suspension was 137. Reasons for domains not resulting in suspension included the registrant being contactable, the registrant validated their identity, or the registrar had already suspended the domain name.
Of the 288 suspensions, 10 were reversed following successful validation (75 were reversed the year before). A suspension is reversed if the registrant can confirm their identity and contact details.
The Commission uses another layer of identity validation through our independent service provider validate.com. Of the 32 domains put through validate.com, 24 successfully passed our additional due diligence.
1,007 URLs, as distinct from domain names (the majority of which related to a single .nz domain name), were reported to us by our partner, Internet Watch Foundation for CSAM (Child Sexual Abuse material). These reports were forwarded to our MoU partner DIA as candidates for investigation and any necessary regulatory and criminal action. This is a significant reduction from 2,503 the year before, indicating that .nz is moving to be a safer place.
Clean DNS anti-abuse program
We run Clean DNS dashboard to streamline our abuse monitoring.
There were 1468 newly reported .nz domain names and 180 existing .nz domain names from last year that reported new abusive activity. These were captured and analysed by DNCL staff.
We continue to look at the volume and lifetime of domains to understand patterns and trends. In the 2022 -2023 reporting year, we will demonstrate our clean DNS system to .nz authorised registrars and build on our approaches to combat domain name abuse. We will also collaborate with the Domain Name Abuse Institute over their centralised DNS Abuse Reporting Service.
Clean DNS - NZDNC Abuse Reports
Newly reported .nz domain abuse reports come into the CleanDNS platform as open reports. CleanDNS has a robust intake of DNS abuse sources that identifies abuse almost immediately. CleanDNS automatically closes abuse reports when the abuse sources deem the abuse as no longer active. We monitor domain names reported on CleanDNS to observe the current and historic abuse reports to understand abuse patterns, abuse duration, and analyse other attributes over time.
(*The spike in closed reports in December 2021 appears to be due to an administrative issue regarding timing of closures.)