couple discussing

Part of our work in the compliance space includes contributing to InternetNZ’s .nz policy-making work and ensuring our regulated parties know and understand their obligations. We also intervene when rules are broken.

110

notification emails sent to registrars about minor compliance issues which were remedied following notification of the issues.

17

voluntary de-authorisations of registrars exiting the .nz domain name market.

532

domain records with glue record problems were found resulting in 5 delegation loops. Authorised .nz registrars were asked to fix this problem. 

icon a hacker wearing a hoodie in front of a laptop

We increased the number of threat feeds received ranging from infrastructure abuse prevention to identifying child sexual abuse material (CSAM) associated with a .nz domain name.

Three heads surrounding a tick with lines to connect them.

Networks, memberships and partnerships — for example, participation in the CSAM Referral Discussion Group at ICANN, the Cyber Threat Coalition and liaison with the DNS Abuse Institute. 

Computer screen with hand holding a wrench

Custom tool improvements — enhancements to our fake webshop algorithm and updates to our clean DNS system to give us early warning signs of issues for compliance action.

Due process and transparency:

The Commission is dedicated to natural justice and procedural fairness principles. Due process means notice and an opportunity to be heard regarding the undelegation of a domain name. Each year the Commission produces an annual transparency report with key metrics related to suspensions and privacy.

There were 813 .nz domain name suspensions in 2020/2021 compared to 445 in the previous financial year.

Two people shaking hands

There are four organisations that regularly report fake registrant details for the Commission to validate.

Phone and empty speech bubble

The number of domain name suspension requests that didn’t result in a suspension was 413 — up from 325 in the previous year. Reasons for domains not resulting in suspension included the registrant was contactable, the registrant validated their identity, or the registrar had already suspended the domain name.

Person sitting at laptop with headset.

Of the 813 suspensions, 75 were reversed following successful validation. A suspension is reversed if the registrant can confirm their identity and contact details.

Computer screen

The Commission in November 2020 introduced another layer of identity validation through our independent service provider validate.com. Of the 88 domains put through validate.com between November 2020 and March 2021, only 24 successfully passed our additional due diligence, a 27% success rate.

Computer screen with a magnifying glass over the top

2,503 URLs, as distinct from domain names (the majority of which related to a single .nz domain name), were reported to us by our partner Internet Watch Foundation for CSAM. These reports were forwarded to our MOU partner DIA as candidates for investigation and any necessary regulatory and criminal action.

Abuse Reports Graph - DNC Report Activity
people

Case Study: COVID-19 pandemic response 

We closely tracked new domain registrations over the course of the COVID-19 outbreak to identify and disrupt those seeking to use fake registration details to take advantage of people during this pandemic.

 

We also worked closely with our existing partners CERT NZ and the Digital Safety Office at the Department of Internal Affairs, to keep informed of threats to the .nz domain namespace. 

 

Using our existing tools, we suspended any domains we identified as suspicious — via a combination of manual and automated checks — at the point of registration before seeking assurances from the registrant. 

 

We greatly appreciated the patience and understanding with which the registrar and wider registrant community greeted this more active monitoring. For more information about the way we handled COVID-19 related domain names, see our COVID-19 hub pages.

hands

Case Study: fake webshops 

A fake webshop is an online shop that claims to sell products, but either doesn't deliver or delivers counterfeit goods while taking a user’s money. They are hosted to capture the user's payment information and even directly take payment from the user.

 

Fake webshop reports to us increased from 222 in 2019/20 to 411 in 2020/21. This increase was driven primarily by one external reporting provider. They reported over 130 .nz domain names and had a 95% cancellation success rate for fake registration details. They have become our most frequent partner, and we value that they also include a full report as to why they are referring a domain name to us, including evidence like screenshots.



DNC news