With the speed of global internet penetration, the content and importance of online content is growing exponentially. That also implies the growth of abuse both in terms of quantity and its variations. At .ME we think that it is our obligation to take online scams seriously and do our best to protect .ME domain name owners as much as we can. In this post we will speak about:
- The reasoning behind putting the security and safety of .ME domain space first
- How does spam monitoring of .ME domain work
- How does phishing and malware monitoring of .ME domains work
- The additional measures to ensure the security of your .ME domain
- The proactive measures we take to help protect the .ME Neighborhood
Putting the Security and Safety of .ME Domain Space First
While our policies were always anti-abuse oriented, in 2016 we decided to establish an anti-abuse team, together with our back-end provider and partner Afilias and start to act proactively to ensure the safety and security of .ME neighborhood! This includes daily monitoring for spam, phishing, malware, pharming, fast flux hosting, illegal access to other computers or networks, distribution of child pornography, gathering domains by misuse of WHOIS information, but also sinkholing domains found to be a threat as botnets, and other forms of abuse. For detailed explanations and definitions of each of these terms please check our policies page.
Since April 2014, up until the publication of this article, we have suspended more than 56,000 .ME domains that attempted abuse. Most of them have been confirmed as engaging in or associated with phishing, and/or spam activity.
Of course, per the options available under the .ME Anti-Abuse Policy and our agreement with the registrars, we are ready to listen to our users and receive information about the domain owners with evidence that convinces us of their good intentions and compliance with the .ME anti-abuse policy. Feel free at any time to report any abusive activity you may find.
In practice, this was a trade-off of sorts. Deciding to do this meant that we would surely lose on the quantity of the domain names in our portfolio, but at the same time it meant that the quality of the content associated with .ME domains will rise. And that is what we strive for.
How Does Spam Monitoring of .ME Domains Work?
When monitoring for spam, a mail server usually has an algorithm that checks if the email is spam or not. A part of that algorithm is checking publicly available databases of blacklisted domains. If your domain name gets on that list, every email will go to spam. The more these blacklisted domain names have the same domain extension (TLD), the more chance that the domains with that extension will be marked as spammy too.
But it’s not only software you have to think about. If you, as a human, see many spam emails coming from the same domain name extension you will certainly start to associate that extension with spammy behavior. You will start to avoid that domain name extension by default.
At a certain point the number of blacklisted .ME domains started to grow and we decided it was time to do something about it. For us, the rating and truthfulness of our .ME users, are the most important part of our business. That’s why we started to work with blacklist services to suspend domains that are connected to spam and therefore discourage spam farms from registering .ME in the first place. Why invest money in a spam farm if you know you are going to get caught, right?
It’s also important to know that if your domain ever accidentally gets on a blacklist, there is a way to get it back. Check this blogpost on how to get your domain name un-suspended or let us know about it directly so our anti-abuse team can check. What we recommend to you though is to be proactive and make sure your domain is correctly configured.
How Does Phishing and Malware Monitoring of .ME Domains Work?
How many times have you read about people losing their money due to a cybercrime attack? How many times have you read a high-profile incident and felt honest empathy for the unfortunate victims? Chances are these stories made you feel unsettled and triggered you to think about how safe you are in the cyberspace.
The act of phishing makes people voluntarily give out their personal info without knowing what hit them, making it one of the sneakiest crimes out there. Read more about How to Recognize a Phishing Attack.
This is why we started working with Netcraft, a company that is positioned at the epicentre of the battle against phishing, malware & online fraud. Through its anti-phishing community, Netcraft has detected and blocked over 53.6 million unique phishing sites to date [November 2018].
Taking a proactive stance against these attacks is vital, demonstrating to fraudsters that they are unwelcome, and thus ensuring that the reputation of .ME is not tarnished.
This detection and countermeasures service provides continual real-time alerts of newly identified phishing & malware threats, immediate countermeasures, ongoing monitoring, and statistical reporting of the health of .ME domains.
The Additional Measures to Ensure the Security of Your .ME Domain
Domain owners, on the other side, have to be prepared for many problems that can arise in terms of safety and security of their own domains. In 2009, ICANN released its set of recommended measures of protecting one’s domain from misuse, specifically because of the difficulties in defining a framework in which cyber criminals operate and the fact that the field of cyber crime is constantly evolving. Sometimes, it’s just a small overlooked detail regarding security that turns you into an easy target.
We have prepared a safety checklist for you so that you can make sure you have done everything you can to make sure your account doesn’t get compromised.
However, there are also services that we offer that can be of great help if you feel like being super-protected:
- DNSSEC or DNS security extensions is a system that helps you protect visitors of your site from attacks on the Domain Name System (DNS), through which users are redirected to a fraudulent site usually connected with “phishing” or collecting private information.
- Registry Lock keeps the domain secure, and prevents the theft of your domain name by “locking” a domain name at the registry level. This domain cannot be transferred, deleted or modified by any third party.
How DNSSEC Works
One of the biggest problems that was discovered in the Domain Name System, a central and very old part of the Internet, is that, when you type a domain name in your browser, your computer doesn’t know where the answer is coming from and is not able to verify who sent the answer. This means that if your signal was intercepted on the way, or the response was intercepted, somebody else can send you a response, while you still believe you are dealing with a trusted source. One of the offered solutions, was to add an additional layer of security steps in form of Domain Name System Security Extensions (DNSSEC).
So, DNSSEC, as we already established, is a technology-developed set of checks to protect us and the Domain Name System against malicious attacks, by digitally signing data so users are sure the answer they get from the DNS is valid. But how does it actually work?
DNSSEC protects the Internet community by using a public key cryptography for digitally signing authoritative zone data and validating its destination. It means that, if we take our own example – www.domain.izrada.me, the response that comes to the user’s computer from the root name server on the question (where .ME name server is) includes a signature key from the .ME name server, verifying it’s authoritative. In case you are not confused by this and want to get even more technical, this is how DNSSEC works – in details. 🙂
How to Setup DNSSEC on your .ME Domain
Implementing DNSSEC requires several sides cooperating, as it has to be deployed through the chain of DNS servers. Managing the process on the authoritative side bears more difficulties, as zone signing procedure isn’t that simple.
Luckily, because we are not all equally tech-savvy, domain registrars offer a simple process of deploying DNSSEC. Usually, it requires just switching DNSSEC ON on your DNS Management Page. If that is not the case, registrars offer DNSSEC support, so you can activate DNSSEC somewhere else and connect it to your domain using this DNSSEC support functionality with your registrar of choice. Read more about it here: How to Setup DNSSEC!
How Important is DNSSEC?
Chances are that DNSSEC will become a mandatory security measure for domains and zones operating with sensitive information, just like HTTPS gradually did. It is expected that browsers (Chrome and Firefox) will have built-in DNSSEC validators so that over the time it becomes a security norm. The technology actually complements the results that SSL certificate brings, providing better safety for internet users.
Of course, it does not solve all online security issues, but its contribution deserves the attention of webmasters and all those who are working towards making the internet a safer place.
How Registry Lock Works
One additional measure, that we have seen big companies are using, is Registry Lock. Our company has been offering this service for 10 years already and it has shown to be of crucial importance for some brands.
It boils down a manual process, and phone calls confirming changes on your domain’s DNS. In other words: when all other security measures fail, your domain gets protected by actual humans.
Here’s how it works:
Registry Lock is a security feature that prevents unauthorized updates, transfers and deletions of the domain name. In addition to “ClientProhibited” statuses that are set by the registrar, the domain with the activated Registry Lock has “ServerProhibited” statuses set by the registry.
This means that updates to the domain can be made only after the registry, the highest authority for a respective domain extension, has been notified about the requested change by both parties the (registrant and the registrar) via secure communication channels. All the statuses are displayed in WHOIS database (online repository of information associated with registered domain names) and represent the highest degree of protection against domain hijacking. In the picture below, you can see the examples of such WHOIS database, in this case for Yahoo.ME domain name.
To learn more about .ME Registry Lock and how you can activate it on your domain please see the .ME Registry Lock Procedure.
Proactive Protection of the .ME Neighborhood
We at .ME fight malware and crime proactively too, by acting preventively – by registering, suspending and sinkholing (the practice of facilitating finding malicious actors by redirecting compromised domains to servers controlled by law enforcement) the domains used by organized crime and botnets (network/s of infected computers).
.ME Registry cooperated with the likes of the US and German authorities, FBI, Europol, Eurojust, Microsoft, and Facebook and has been involved in some of the largest cyber crime fighting operations such as:
- Avalanche – largest-ever sinkholing of botnet domains.
- PhantomSecure – Dismantling of criminal enterprise that provided secure communications to criminals and extensively used a few .ME domains.
- FancyBear – sinkholing of botnet/APT domain responsible for attacks on Microsoft Windows
One of our core company values is ensuring the protection of .ME domains. We offer service that will provide an additional level of security for .ME domain holders. We try to keep our domain space free from abuse in order to make the visitors of websites with a .ME domain extension feel safe engaging with the site. We want you to know that the value of .ME is in more than its brandability and personal meaning; it’s the quality of the neighborhood you are joining.