March 30, 2020

Nominet, the organisation responsible for the UK’s domain registry, has announced plans to introduce law enforcement landing pages for domains suspended due to criminal activity.

Working initially in collaboration with the Medicines and Healthcare Products Regulatory Agency (MHRA) and the City of London’s Police Intellectual Property Crime Unit (PIPCU), Nominet will redirect web users to a secure site providing consumer advice and education for potential victims of sales of counterfeit medicines and other branded goods.

Nominet says that this is the first time a national registry will facilitate the provision of trusted information and guidance from law enforcement agencies following the suspension of domain names for criminal activity. Landing pages are sometimes utilised by law enforcement globally but only in circumstances where the agency in question, for example the US Federal Bureau of Investigation, has seized control of a domain name. This is the first registry-led initiative to provide informative landing pages.

The change follows a policy consultation with industry experts, law enforcement agencies and consumer advice bodies. The consultation ran from 9 October to 16 December 2019 and focused on three issues:

• reducing the use of .UK domain names for phishing attacks;
• implementing law enforcement landing pages following suspensions for criminal activity (see item above); and
• implementing a .UK drop list to provide a transparent and orderly process for the re-registration of expired domains.

To prevent and address phishing, Nominet said that it will update its terms and conditions to give it the powers to pre-emptively block domains that appear to indicate a high risk of phishing.

Nominet recognises that preventing and addressing phishing requires collaboration with registrars, law enforcement and the global domain industry. It says that it will therefore undertake research and test ideas in collaboration with UK law enforcement and other Top Level Domain registries to determine the most effective ways to prevent and address phishing in .uk without disrupting the vast majority of legitimate registrants, some of whom may have their domains compromised by malicious third parties.

As for drop lists, Nominet said this is a complex area of behaviour with related operational and technical implications. Therefore, the approach should be cautious. It said that further consideration is required before making a decision on whether to implement .uk drop lists. To read Nominet’s press release in full and to access its full response, click here.