Over 1000 unauthorised .au domains deleted as regulatory body doubles down

WPA2 KRACK

In a move protecting Australian SME owners online, over 1000 .au domains were deleted last Friday as part of a crackdown on domains registered with unauthorised business details.

The .au domain regulatory body .au Domain Administration (auDA) released a statement last week notifying the public of the deletion following a large number of complaints about the unauthorised use of Australian company and business details.

One thousand and twenty-five .au domains were registered under business details that had not been authorised by the business itself. This was done through one reseller, which had purchased the domain names through a domain registrar.

A registrar is the retail channel for purchasing domain names, which receive the domain from the Australian domain provider AusRegistry.

AuDA began the audit in late September, discovering one domain name that had used business details without authorisation. The summary released last Friday outlines some of the regulatory body’s work, but it states the audit will continue.

“The audit involved extracting detailed information about the domain names from the registry and taking screenshots of all the websites. Each domain name and associated screenshot was then manually checked to see if it satisfied our assessment criteria,” auDA said in the release.

Domains found to be matching the criteria were put on a list for deletion.

AuDA did not reveal the specific criteria for the deletion of the websites, but auDA member and cyber security expert at Sense of Security Michael McKinnon told SmartCompany the policies were “fairly clear”.

“Every “.com.au” or “.net.au” domain has to adhere to certain eligibility criteria, including a requirement for an ABN, ACN, or an international trademark. You also have to be an Australian,” McKinnon says.

“The domain name itself has to be a direct match to the business’s trading name or an acronym. They also accept names that are otherwise closely and substantially connected to the business.”

AuDA’s domain name policies were first outlined in 2002, and there are over three million .au domains registered.

AuDA revealed a number of the unauthorised registrations originated from China, with the possible intention of selling products to Australian buyers. Sources from Eastern Europe, North America and Central, Eastern and South-Eastern Asia were also identified.

McKinnon says these situations were somewhat common, especially when it comes to Chinese ecommerce.

“A number of these websites are trading off the fact that the .au domain has reached the pinnacle of trust for many people. A lot of Australians buying online will see a .au domain and believe they’re dealing with an Australian company,” he says.

“In reality it’s likely a Chinese company, and in the end they end up with something entirely different to what they ordered.”

McKinnon thinks auDA’s actions in this regard are beneficial for both consumers and business owners, who may not know their details are being used.

“This action is important as they’re protecting SMEs as well. Someone could be registering a domain under a business’s details, and the business would have had no idea,” McKinnon says.

“This sort of crackdown should deter resellers from trying something like this again.”

For users wanting to check if an .au domain is legitimate, McKinnon advises there are a number of tools available to check the identity of a domain owner.

“The best thing you can do is a ‘whois’ lookup, via the tool on the AusRegistry website. This will give you the ABN of the registrant and their contact email,” McKinnon says.

“You can then look up the ABN in the Australian Business Registry, and if the details don’t match, that’s when there’s a red flag.”

AuDA has ordered the registrar to delete the unauthorised domain names.

This article was first published on SmartCompany.

Follow StartupSmart on Facebook, TwitterLinkedIn.

COMMENTS