fTLD LLC, the Registry that manages domains such as .bank and .insurance, periodically reviews the Registrant Security Requirements to ensure they are in-line with best practices for the financial services sector and continue to protect against evolving security threats.
This year, there are two changes that impact registrants of .bank:
- DNSSEC: Registrants who have implemented DNSSEC for their .bank/.insurance domain(s) should ensure they use strong cryptographic algorithms.
- Email Authentication: fTLD is clarifying that while publishing a DomainKeys Identified Mail (DKIM) record is not required, publishing both SPF (Sender Policy Framework) and DKIM creates additional security for email channels. For registrants who have published DMARC and only DKIM, but not SPF, they will need to add an SPF policy for their .bank/.insurance domain(s).
fTLD will automatically notify registrants impacted by these changes. Registrants must make any necessary modifications to comply with the requirements no later than February 12, 2021.
Lastly, beginning February 15, 2021 the registry provider will turn on automated, direct notifications to registrants via a monthly email containing a .CSV attachment with findings from the compliance security monitoring for their .bank/.insurance domain(s) and a warning report (if applicable); they will only provide a notification if there are any compliance and/or warning items.
Brandsec is a corporate domain name management and brand protection company that look after many of Australia, New Zealand and Asia’s top publicly listed brands. We provide monitoring and enforcement services, DNS, domain name brokerage and dispute management and brand security consultation services.