Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

US security services warn about problematic DMARC configurations

Your DMARC policy should be set to 'quarantine' or 'reject'

Red colored virtual envelope in digital environment
  • Friday 23 August 2024

North Korean hackers have apparently been taking advantage of badly configured and neglected DMARC policies to send spoofed mail. In particular, they've been posing as journalists, academics and experts in Korean and wider East Asian affairs to send spear phishing messages. All with the aim of gathering information about geopolitical developments, the national security strategies of enemy powers, and other things that could impact North Korean interests.

America's FBI and NSA have therefore published a joint advisory on configuring DMARC securely. And the 2 organisations' advice is just as valid in the Netherlands as it is in the US.

The Netherlands is a geo-economic target for state actors because of its semiconductor manufacturing capability and knowhow, its quantum technology and post-quantum cryptography, and its industrial strength in the defence, aerospace and maritime sectors. The country is also of geopolitical interest because it hosts various international organisations, it's used as a transit port for military equipment en route to Ukraine and NATO's eastern border, and it serves as the landing point for many undersea cables and pipelines.

Old and neglected

The problem that the FBI and NSA flag up is that it's common for DMARC to be enabled, but with the policy set to 'none'. If you configure DMARC that way, you're saying that all mail that claims to come from your domain should be allowed through, even if it fails the DMARC validation check. DMARC-enabled domains with their policy set to 'none' are typically a hangover from when the SPF, DKIM and DMARC security standards were implemented: the advice is to initially set the policy to 'none' so that mail doesn't go astray if you've made a configuration error.

However, the idea is, of course, that once you're sure that DMARC is working properly, you change the policy to 'quarantine' or 'reject', so that unvalidated mail is either quarantined (e.g. sent to a spam box) or discarded. In practice, a lot of people forget to make the policy change. They leave the policy as 'none', thus explicitly telling recipients to let mail through, even if validation has failed. There are also domains that have SPF and DKIM configured, but don't have a DMARC policy at all, even though configuring a policy is just a question of publishing a special DNS record.

Testing and implementation

The FBI and NSA therefore recommend checking your domain's DMARC policy to make sure that it's correctly configured. You can easily do that yourself using the mail test on the Internet.nl portal.

If you haven't yet enabled SPF, DKIM and DMARC on your domain, we advise taking a look at our page about e-mail security. You'll find lots of helpful information and resources there, including detailed guides to implementation in Exim and Postfix.