The cat is out of the bag because they've allowed general registrations at the second level (example.nz), and have allowed general registration for many of the third level (example.x.nz) options for too long to start imposing restrictions.

When they opened the second level up they made it clear that any valid third level registration would count towards conflicted status, there was no hierarchy.  i.e. if someone had owned countdown.geek.nz before the date they'd set, they could've prevented Countdown from registering the second level if they wanted it at the time.

snj: When they opened the second level up they made it clear that any valid third level registration would count towards conflicted status, there was no hierarchy.  i.e. if someone had owned countdown.geek.nz before the date they'd set, they could've prevented Countdown from registering the second level if they wanted it at the time.

The only real answer here is for ALL mail administrators to improve the security and hygenie of their email records. If all email was deleted when the SPF, DKIM and DMARC records didn't match, spoofing goes away. Doesn't stop people registering a domain and sending spam from it, but they can't pretend to be someone they aren't and the majority of those problems go away. 

As long as there is money to be made in crime, crime will exist.  Email scamming is a wldly profitable enterprise. 

Horse has bolted, I fear.

I'd settle for registrar's actually just verifying the identity details of registrants a little firmer!

The concept is sound using a valid NZBN with a cross check to the domain's proposed registrant or similar but suspect we're past the point of no return to implement it.  If it's not on the horizon I suspect will also trigger another wholesale price rise to cover the costs of implementation having recently been through a big hike.

In hindsight having .bank.nz available to only registered banks/financial institutions would have massively reduced banking phishing/scams.  With a bit of user education of checking the URL before logging in - no .bank.nz in the domain should be the red flag to walk away.  Appreciate there'd be resistance from the banks as it'll be a major issue to retrofit into their legacy systems.

Yes, I'd support the requirement for an active NZBN to register or retain the rights to use a .co.nz domain, ad would extend this to:

• co.nz
• school.nz
• ac.nz
• govt.nz

Introducing bank.nz and having all financial institutions migrate to it within a 2 year period makes some sense to me.  I check URLs regularly because I'm more security conscious than most.  Whether 80% of internet users would learn this behaviour, idk.

This still doesn't solve the issue of having just 'nz' in the domain. For example something like sonyofficialnz dot com

turtleattacks:

 

This still doesn't solve the issue of having just 'nz' in the domain. For example something like sonyofficialnz dot com

 

Clearly not. And nor is that the point.

Dynamic:

 

Yes, I'd support the requirement for an active NZBN to register or retain the rights to use a .co.nz domain, ad would extend this to:

 

• co.nz
• school.nz
• ac.nz
• govt.nz

Introducing bank.nz and having all financial institutions migrate to it within a 2 year period makes some sense to me.  I check URLs regularly because I'm more security conscious than most.  Whether 80% of internet users would learn this behaviour, idk.

 

govt.nz is moderated. Why is that in your list?

BlakJak:

 

govt.nz is moderated. Why is that in your list?

 

I should have taken it off my list.

I think there needs to be much stricter governance from Internet NZ regarding local domains, and a fast track to shutdown scam domains and other misuse.

Personally I'd like to see a much higher degree of control around .NZ traffic.

 

1. .NZ domains should only be hosted on an NZ Registrar
2. .NZ domains should terminate on an IP address and equipment hosted in New Zealand.
3. All traffic to a .NZ domain should be routed within NZ and at no point loop back via an overseas node.

I'd actually like to see further restrictions around hosting rules, but these 3 items would be a good start

openmedia:

 

Personally I'd like to see a much higher degree of control around .NZ traffic.

 

 

1. .NZ domains should only be hosted on an NZ Registrar
2. .NZ domains should terminate on an IP address and equipment hosted in New Zealand.
3. All traffic to a .NZ domain should be routed within NZ and at no point loop back via an overseas node.

 

I can see the logic especially supporting NZ-based vendors but can't see how this would be practical.  Crazy Domains to name one has vacuumed up numerous established NZ vendors in recent years so have a fairly significant market share of .nz domains and hosting now offshore.  Likewise those who have built a proprietary site on Squarespace or Wix.

Having overseas registrars follow InternetNZ's rules would be nice.  Have a client who stupidly allowed a colleague to move their parked .nz domain to some AI powered site builder.  Didn't work out so engaged me to move his domain back to his actual (also overseas - don't start me) registrar.  It continually failed with them saying the auth-code was invalid.  After several attempts with fresh codes and asking a few more pointed questions their support volunteered they enforce the ICANN rule of a 60-day cooling off period after a domain has been transferred.  Problem is the cooling off period for NZ domains is only five days!  This resulted in the client's domain being locked up and having to launch a time sensitive new site built in the interim using a different domain.

Dynamic:

 

Yes, I'd support the requirement for an active NZBN to register or retain the rights to use a .co.nz domain, ad would extend this to:

 

• co.nz
• school.nz
• ac.nz
• govt.nz

Introducing bank.nz and having all financial institutions migrate to it within a 2 year period makes some sense to me.  I check URLs regularly because I'm more security conscious than most.  Whether 80% of internet users would learn this behaviour, idk.

 

The moderated .nz domains are .govt.nz, .mil.nz, .cri.nz and .iwi.nz:

The New Zealand Internet sector has 11 second-level domains or namespaces (2LD’s). Four of these (.govt, .mil, .cri and .iwi) have strict requirements for registering 3LDs, or third Level Domain names (e.g. dia.govt.nz or wcc.govt.nz). These are called “moderated domains”.

I think it was a mistake that neither .school.nz nor .ac.nz were moderated domains from the beginning, but that horse has long bolted.

As I remember, the Ministry of Education at the time was very unkeen on taking on the burden of moderating .school.nz and .ac.nz, and there wasn't any other body that was obviously suitable to exercise the responsibility.

openmedia:

 

I think there needs to be much stricter governance from Internet NZ regarding local domains, and a fast track to shutdown scam domains and other misuse.

 

Personally I'd like to see a much higher degree of control around .NZ traffic.

 

 

1. .NZ domains should only be hosted on an NZ Registrar
2. .NZ domains should terminate on an IP address and equipment hosted in New Zealand.
3. All traffic to a .NZ domain should be routed within NZ and at no point loop back via an overseas node.

 

I'd actually like to see further restrictions around hosting rules, but these 3 items would be a good start

 

So my personal offshore VPS would be ineligible?  Gee thanks.