Ensuring the quality of the data we have for registrants and that we publish in our WHOIS database has been a key objective for EURid since the early days of the .eu top-level domain.
The provision of accurate and up-to-date data is an increasingly important tool in combatting fraudulent domain name use.
We believe that the actions and projects described below can be successful with the full support of our registrars and registrants. By working together with them, we will continue to improve our data quality and make the .eu namespace trusted and safe.
At a glance
EURid continues to improve the quality of web-based WHOIS data, and strives to promote the registrar compliance with their contractual obligations. That is why we have started our WHOIS Quality project: to check our WHOIS lookup facility and fix any possible inaccuracies.
Web-based WHOIS data (which includes information about the domain name holder and name servers associated with each domain name) is useful and mandatory for a variety of purposes. These include carrying out inquiries by consumer protection and other law enforcement authorities, identifying the source of spam email, developing actions to safeguard intellectual property rights, and addressing cyberattacks, as well as resolving technical network issues.
The Abuse Prevention and Early Warning System (APEWS) is an innovative and award-winning methodology based on evaluating patterns of domain name registration. It predicts whether a domain name may potentially be used in an abusive manner.
If the system identifies a registered domain name as being potentially linked to abuse, its delegation to the .eu zone file is delayed and its status in the web-based WHOIS shows as “Server Hold”. The domain name is registered; however, any service linked to it (such as a website, email, or any other service) will not function until our verification procedure is completed.
EURid manually reviews all domain names whose delegation is delayed as a result of the APEWS system. In that case, the domain name holder is required to confirm their registration data and to submit evidence thereof via the secured https://my.eurid.eu portal, which EURid created for its domain name holders. The review process may lead to the delegation of the domain name to the .eu zone file or to its suspension. Should the domain name be delegated, it becomes active and functional. Should the domain name be suspended (and subsequently withdrawn), it will not become active or functional. The domain name will be made available for registration again in a timely manner thereafter.
To find out more about APEWS, please consult the following scientific publications (available in English only):
- Detection of Algorithmically Generated Domain Names used by Botnets: A Dual Arms Race.
- Exploring the Ecosystem of Malicious Domain Registrations in the .eu TLD
- Assessing the Effectiveness of Domain Blacklisting Against Malicious DNS Registrations.
- An Operational Solution for DNS Registries to Prevent Malicious Domain Registrations
In order to protect end-users from possible misuses of domain names associated with the current COVID-19 pandemic, EURid has updated the APEWS system to perform additional checks on newly registered domain names that contain keywords relating to the pandemic. As agreed with the European Commission, these checks will be performed until 1 September 2021.
Domain name holders of .eu, .ею, or .ευ domain names containing these keywords will be required to confirm their registration data and submit a statement confirming that their domain name was registered in good faith. This must be done within seven (7) calendar days via the secured https://my.eurid.eu portal. More detailed information on COVID-19 checks can be found here
The purpose of our implementation of the Know Your Customer project is to enable domain name holders from the European Union and the European Economic Area to confirm their registration data in an automated manner using one of the available methods at their disposal in EURid’s https://my.eurid.eu portal. The methods that are currently available are described in more detail below. This service expedites the verification process of registration data and lightens the administrative burden for domain name holders.
Verification via electronic identity card (eID)
(Currently only for domain name holders with a Belgian electronic identity card)
Electronic identity documents are quickly becoming the standard within the European Union thanks to the eIDAS scheme, which ensures that people and businesses can use their own national electronic identification (eIDs) to access online public services from other EU Member States.
This verification method uses the chip on the Belgian identity document and a card reader to read name and address information. The domain name holder digitally signs their data to confirm their registration data securely and instantaneously.
EURid plans to roll out this electronic identification service to other EU Member States in a cost-efficient manner.
Verification via MRZ scan and SMS
For domain name holders with a mobile phone and an identity document with a Machine-Readable Zone from one of the European Union Member States, Iceland, Liechtenstein, or Norway.
Most official identity or travel documents contain a Machine-Readable Zone (MRZ) with encoded information relating to personal data (such as full name, country of citizenship, and document number). The domain name holder first enters their mobile phone number and receives a text message containing a unique link. This link opens a newly developed application that guides the domain name holder through the process of scanning the Machine-Readable Zone of their identity document. No data leaves the mobile phone until the user has confirmed it. This verification method is supported in all 24 official languages of the European Union.
Domain name holders who are required to verify their registration data via the methods set out above have 3, 7, or 14 days to do so, depending on the circumstances of the verification request.
1. First, domain name holders will be asked via e-mail to confirm the registration data linked to their domain name(s). They can do so in their My.eu account by requesting an access link on https://my.eurid.eu which is valid for 24 hours. Private individuals can also complete the verification process as representatives of a company or association.
2. Once logged in to https://my.eurid.eu portal, the domain name holder can choose from the available methods to verify their registration data.
3. If the evidence submitted by the domain name holder is identical to the registration data, the domain name will be activated. If the evidence does not match the registration data, EURid will perform a manual verification.