Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

How DKIM and DMARC can help prevent phishing

Fake emails that looks like your own e-mail?

Phishing often goes through an official-looking email. This is how they try to steal valuable login data.

Real-looking?

When scammers come angling for your data Hands-on: implementing SPF, DKIM and DMARC in Postfix Hands-on: implementing SPF, DKIM and DMARC in Exim
example sidn phishingmail

Some of the forgeries purported to come from a real-sounding SIDN e-mail address (e.g. clients.mail@sidn.nl). Although the address on its own wouldn't be enough to fool a knowledgeable recipient, the plausible 'from' line will have increased the likelihood of readers taking the message's contents seriously. Clicking the link in the message took the reader to a spoof log-in page like the one on our website, where confidential information was requested. A familiar ruse, but one that's sure to induce discomfort when it's your own organisation whose name and logo are being abused. Various clues suggested that it wasn't the first time that the phisher had played the trick. It looked as if a 'fraud template' was being used, which had repeatedly been employed to harvest corporate and personal data. Naturally our CSIRT carried out a thorough investigation and the matter was reported to the police.

SMTP – an aging and non-secure protocol

The e-mail protocol (SMTP, RFC5321) is one of the older internet protocols and lacks built-in security. One of the shortcomings of SMTP is that falsifying a 'from' address is child's play. And, to an ordinary user, a falsified address looks just like a real one. Needless to say, therefore, spammers and phishers forge 'from' addresses all the time, as in this case. With an address ending '@sidn.nl' in the 'from' field, the forged e-mails looked more trustworthy.

What's the answer?

On its own, ordinary spam filtering isn't enough to ensure that all undesirable mail is promptly identified and flagged up to alert the user.Over the years, however, a number of solutions have been developed, which can help to minimise the problem of forged mail. They are the (proposed) internet standards DKIM (RFC6376), SPF (RFC7208) and DMARC (RFC7489).ISPs are well advised to implement all those solutions in their mail environments (where possible, because it isn't easy in some cases). Fortunately, that is what many ISPs already do, particularly the bigger ones. How do they work and why is it important to implement the three standards? Those questions are briefly considered below.

SPF, DKIM, DMARC

All three techniques are based on the Domain Name System (DNS). With SPF, a DNS record is created, specifying (amongst other things) which systems are allowed to send mail for the domain in question. Let's consider a simple example involving the domain 'example.nl'. Suppose that an SPF record (which is actually just a TXT record) is created for the domain, as follows: example.nl.  IN TXT "v=spf1 ip4:203.0.113.0/24 ip6:2001:db8::/32 ~all"

That SPF record means that only servers with IP addresses in the specified series are allowed to send mail for example.nl. Any mail that claims to be from example.nl, but isn't sent from a valid IP address, will immediately be identified as suspect by the recipient's mail system. In other words, SPF helps the recipient to tell whether incoming mail is legitimate. SPF isn't entirely straightforward, though. Before enabling SPF for outgoing mail or filtering incoming mail on the basis of SPF, you need to consider the configuration carefully. However, once set up correctly (see also RFC7001), SPF is a useful tool for identifying fraudulent mail. With DKIM, the sending server (MTA) uses a 'private key' to generate a cryptographic signature, which is added to the message in the form of a DKIM header. It is a sort of validation stamp, if you like.On receipt of a signed message, the recipient's mail system validates the signature (and thus the message) using the matching public key, which is available via the DNS. If the digital signature is valid, the recipient knows where the message came from and can be sure it hasn't been tampered with in transit. The system is secure because, without the sender's private key, a fraudster can't generate DKIM-protected mail. In addition, the detection of falsified messages will be noted by the increasingly popular e-mail reputation systems, making it harder still for fraudsters to get their messages through.DKIM offers other useful functionality. Your DKIM record can indicate that your system is in test mode, for example. By enabling test mode while DKIM is being configured, you can ensure that mail isn't rejected while the settings are still being perfected. Unfortunately, as with SPF, the forwarding of e-mail can cause problems, because forwarding sometimes involves alterations to the forwarded message (e.g. the insertion of additional headers). An alteration is liable to invalidate the original DKIM signature, resulting in rejection of the message. With DKIM too, therefore, it's important to think through the implications before implementing the protocol in your mail environment.All the mail giants, including Yahoo!, Gmail and Live, have been using DKIM for some years. DKIM is also on the Dutch government's use-or-justify-list. It is therefore a proven technology, which is increasingly relevant for anyone who wants to be sure of problem-free e-mail delivery.Finally, a DMARC record can be used to record mail handling rules in the DNS. So, for example, you might include a record that effectively says 'if the DKIM signature is invalid, or if a message fails the SPF check, treat it as spam'.That is what the following DMARC record does: _dmarc.example.nl.    IN TXT 'v=DMARC1; p=quarantine' A receiving MTA looks up the sending domain's DMARC record to see what should be done with a suspect message.Naturally, the value of DKIM, DMARC and SPF records in the DNS is enhanced when the domain is protected with DNSSEC.

Summary

Naturally, SIDN uses SPF, DKIM and DMARC. It's therefore very easy for a receiving system that supports those technologies to filter out fraudulent e-mails claiming to come from SIDN and with a 'from' address that ends '@sidn.nl'. Via the DMARC mechanism, we also request feedback reports. Feedback reporting is a useful feature of DMARC: it enables receiving systems to alert a domain's administrator to the fact that someone is spoofing addresses under that domain. Incoming feedback reports helped to alert us to the phishing scam referred to at the start of this blog. Anyone who wants to do something about the problems of spam and phishing mails should therefore seriously consider implementing the three security standards described.A good way to check a domain's mail security status is to look it up on Internet.nl. The site provides a quick and easy way of seeing whether a domain meets more secure modern standards.

More revelant information about SPF, DKIM, DMARC

Article by:

Marco Davids

Marco Davids

Research engineer