Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

Big mail carriers insist on SPF, DKIM and DANE

Mail domain operators need to accelerate implementation of modern security standards

Hands operating a laptop, from which envelopes flutter up, as if emails were being sent.
  • Wednesday 25 October 2023

The world's biggest e-mail carriers are making more and more use of modern security standards to validate the authenticity of messages and senders.

Since late last year, Google has been checking the SPF records of randomly sampled inbound e-mail messages. Any that come from systems that aren't authorised for the sending domain are rejected. Google has also made known that additional measures for bulk mail senders will come into effect early next year.

Meanwhile, Microsoft has announced that, from next spring, its Exchange Online cloud service (part of Office 365) will support DANE for inbound mail. Support will initially be realised on an opt-in basis, but a growing number of new mail domains will be added to the DANE+DNSSEC infrastructure during the course of the year. The moves will make the transport of inbound mail more secure.

Authorised mail servers

SPF is a relatively straightforward way to secure a mail domain. It involves creating a special TXT record that states the names and/or addresses of all the servers (MTAs) that are allowed to send mail for your mail domain. Before an inbound e-mail from your domain is accepted for handling and delivery by an SPF-validating receiving mail server (MX gateway), the server checks whether the sending server is included on your SPF list. The use of SPF has two big advantages. First, it prevents mail spoofing (sending mail with a falsified sending address), because only messages from servers authorised in the SPF record are accepted.

Second, it reduces the risk of genuine mail being mistaken for spam, because the receiving host can see from the DNS that the mail is from an authorised server.

SPF, DKIM and Google

Google recommends the use of SPF or DKIM (another e-mail security standard, based on digital signatures) to ensure that messages to Gmail addresses arrive safely.

Later this month, Google is expected to publish specific requirements for bulk mail senders. Anyone sending more than 5,000 messages a day to Gmail addresses will have to satisfy a number of criteria:

  • SPF or DKIM validation

  • A one-click unsubscribe button backed up by processing of unsubscribe requests within 2 days [1]

  • No messages that exceed a spam score threshold [1]

All bulk mail senders will have to meet Google's requirements by February 2024 if they want their messages delivered to Gmail addresses. That will have implications that extend beyond the fate of individual messages. If a sender acquires a poor reputation on account of a high spam rate, the deliverability of all mail sent by or via that sender will be affected.

DANE and Microsoft

DANE is a generic standard for pinning a TLS certificate to an internet service (consisting of a host plus the associated protocol and port). The service provider creates a TLSA record containing the hash value of the server certificate or intermediate certificate. A client (for mail, that's an MTA tasked with message delivery) can then use the information in the TLSA record to check that the certificate offered by the receiving server (an MX gateway) is the correct one for the server in question.

Because the use of DNSSEC is mandatory with the DANE standard, DANE is also cryptographically secure. It therefore protects against downgrade attacks and man-in-the-middle (MITM) attacks by enabling the client to use the DNS to check a server's (START)TLS support status and certificate, instead of relying on information provided via the SMTP connection.

From March 2024, Microsoft will offer customers the opportunity to secure their mail domains using DANE. And, from July, the company will host an increasing number of new domains on its new infrastructure. Domain operators will then have to ensure that their MX records point to '<domainname>.mx.microsoft', instead of the current '<domainname>.mail.protection.outlook.com', because only the new DNS hierarchy supports DNSSEC.

DANE validation of outbound mail has been supported by Microsoft since early last year.

Prompt action needed

People and organisations with domain names that are also or only used for e-mail now need to implement modern e-mail security standards as a matter of urgency.

If you rely on an external e-mail service provider, you should ask them about support for SPF, DKIM, DMARC and DANE.

If you operate your own mail infrastructure, you'll need to implement or enable the standards yourself. To help you do that, we've produced 4 hands-on guides explaining how to configure Exim and Postfix, step by step: