Compliance, enforcement, and .nz Rules(2022-2023)
Part of our compliance work includes contributing to InternetNZ’s .nz policy-making work and ensuring our regulated parties know and understand their obligations. We also intervene when rules are broken.
We are observing more registrants contacting the DNC to step in and help with getting authorisation codes (previously known as UDAI.) The DNC is usually contacted after the registrant has reached out to their registrar.
The reasons why the registrar hasn’t helped include the registrant using different details, for example, a new email address or that the registered registrant is a retired employee and the entity was never registered as the domain name holder.
Domain name suspensions and cancellations
DNC regularly receives reports of suspicious domains from CERT, Netcraft, New Zealand banks, other organisations and the general public. The majority of these domains will be put through our data validation process. DNC can suspend domains after first attempting to validate a registrant’s contact details.
Partnership work is critical to our online safety measures. We work closely with the online safety and law enforcement community to disrupt bad actors who try to operate in the .nz domain space.
283 domain names were entered into the data validation process.
The Commission suspended 199 domain names in 2022-2023, compared to 309 in the previous year.
The DNC used another layer of identity validation through our independent service provider, validate.com. Of the 18 domains put through validate.com, 11 successfully passed our additional due diligence.
Reasons for domains not resulting in suspension include that the registrant was contactable, the registrant validated their identity, or the registrar had already suspended the domain name.
Domain Name System (DNS) abuse monitoring
The DNC has an abuse monitoring approach that currently includes three streams:
- Daily creates monitoring
The DNC actively monitors daily registrations of .nz domain names for any domains that may be used for phishing purposes, particularly in relation to the banking and financial services industry. Any domains that are flagged are put through our data verification process. Failure to pass this process will result in the domain name being suspended.
- Clean DNS anti-abuse tool
We run Clean DNS dashboard to streamline our abuse monitoring. We also continually review and refine monitoring strings to the platform to identify suspicious domain names, which we will run through our data validation process.
- Internet Watch Foundation membership
We partner with the IWF to identify CSAM content on .nz domain names. The IWF’s mission is to stop the repeated victimisation of people abused in childhood and make the Internet safer by identifying and removing global online child sexual abuse imagery.
The reports we receive are forwarded to our MoU partner DIA for investigation, any necessary take-down orders, and regulatory and criminal action.
We are continuing to evolve our approach to combat domain name abuse which will include working more closely with registrars and other reporting agencies.