Skip to content
Interview in
domains

It’s all about domains… | Craig Schwartz (fTLD Registry Services)

Craig Schwartz
time to read icon 6 Min

Can a TLD embrace a whole sector? Craig Schwartz, Managing Director at fTLD explains how dedicated assets in the DNS can boost the banking and insurance sectors and add security to what we love most: Domains!

Published by

Author

Simone Catania

Date

2022/07/28

New gTLDs have drastically increased the naming possibilities in the DNS and .bank and .insurance are perfect examples of this. They offer tremendously secure naming possibilities in their respective sectors, acting like a built-in stamp of trust. This is thanks to the thorough verification process and strict registry policies required to register and keep a domain name under these extensions. Visitors and users can be absolutely sure that the .bank or .insurance website they have landed on is trusted, verified and secure!

We met Craig Schwartz, Managing Director of fTLD Registry Services. Craig oversaw the process that resulted in his organization being awarded the two new gTLDs by ICANN and now leads the team at fTLD.

We invited him to talk about his job at the new gTLD registry, to explain the scope behind the two specific TLDs he is in charge of and to tell us more about their stringent security requirements. Don’t miss it.

Craig Schwartz (fTLD Registry)
Craig Schwartz (fTLD Registry)

Financial organizations are most frequently targeted for abuse, with most breaches originating from phishing emails. Implementing email authentication, i.e. DMARC and SPF, is the most effective way to combat phishing.

1. You can look back at more than 15 years in the domain industry. What path led you to run a new gTLD registry today?

I joined ICANN in 2006. This was my entrée to the domain name industry. At that time, I was responsible for the gTLD Registry Team and developing aspects of the New gTLD Program. In mid-2011, I felt that I was ready for a change. Leaders from the largest banking and financial services trade associations in the United States approached me and asked me to help them develop a strategy to participate in ICANN’s New gTLD Program. Everything worked out well for us in the end and I’m glad to be the Managing Director of the registry for .bank and .insurance today.

2. What is the story behind .bank and .insurance? How did they come about?

Given the broad range of online abuse that targets the financial services industry, far more than any other sector, it made sense for these industries to operate more secure channels.

In 2011, the American Bankers Association (ABA) and Bank Policy Institute (BPI), formerly known as the Financial Services Roundtable, along with several banks, insurance companies and financial services trade associations, established fTLD Registry Services. fTLD’s mission is to operate the community-based .bank and .insurance as gated, security enhanced domains in order to serve and protect these sectors.fTLD was awarded .bank in September 2014 and .insurance in January 2015. The TLDs were subsequently launched respectively in May 2015 and 2016.

3. What has been the response from the internet community?

fTLD currently has about 4,500 .bank domains under management and 750 for .insurance. The banking community has embraced the enhanced cybersecurity of .bank more enthusiastically than the insurance sector has taken aboard .insurance – perhaps due to the latter being quite long. For this reason, fTLD has focused on growing .bank over the last few years.

The ~4,500 domains are from ~2,300 unique entities and the breakdown is about 83% U.S. and 17% internationally, which makes sense since fTLD was formed by organizations based in the US. As of June 2022, about 715 .bank registrants have moved from their prior TLD (e.g., .com, .net, etc…) to their .bank domain to enhance the cybersecurity of their website and email communications. The current market adoption rate among registrants is ~30% and this number is increasing every month.

Find perfect domains

4. The two new gTLDs you operate target very specific industries. What are the eligibility criteria?

fTLD  is one of just a few TLDs that verify the eligibility of registrants before awarding the domain name. And we also do this annually. This makes our extensions the most secure and trustworthy TLDs on the internet.

.bank is available to retail banks, savings associations and their respective parent and holding companies, as well as banking trade associations and regulators. .insurance is available to insurance providers (i.e. companies) and distributors (e.g. agents, brokers, intermediaries) and their respective parent and holding companies as well as insurance provider and distributor trade associations and regulators.

6. fTLD has implemented a highly restrictive registration process. What are the reasons for this and what results have you achieved?

In addition to the eligibility requirements mentioned above, fTLD has a strict name selection policy and domain names must correspond to the legal name or branding of the registrant. The restrictive registration requirements aim to protect the integrity of the TLDs by ensuring domain names are only awarded to entities that have a right to them.

7. You enforce high requirements to safeguard registrants’ digital security. What security measures have you adopted over the years as technologies have evolved?

In addition to these strict eligibility and name selection requirements plus the mandatory verification of registrants for .bank and .insurance, our TLDs are subject to compulsory security requirements that are regularly monitored for compliance. This sets us apart from other registries on the internet.

For example, to appear in the DNS, a .bank or .insurance domain must have in-zone name servers, e.g., ns1.bankname.bank or ns2.insurancecompany.insurance. The domain must be signed with DNSSEC as well. For this reason, the .bank zone file appears to have less than 3,000 domains when it actually has closer to 4,500.

Additionally, fTLD has an email authentication requirement that outlines how to implement DMARC (Domain-based Messaging Authentication, Reporting and Conformance) and SPF (Sender Policy Framework) to protect against phishing. fTLD also mandates strong encryption practices, which are designed to protect the integrity of data in transition.

8. DMARC is an excellent tool for email authentication. Why is it important for .bank and .insurance registrants as well?

Financial organizations are most frequently targeted for abuse, with most breaches originating from phishing emails. Implementing email authentication, i.e. DMARC and SPF, is the most effective way to combat phishing.

DMARC improves deliverability by authenticating emails, enhances visibility through reporting mechanisms, and ensures brand protection and security by mitigating spoofing and phishing attacks.

The importance of DMARC is that it tells mail service providers like Google and Microsoft whether they should deliver email to a recipient’s inbox. For example, when DMARC has a policy set at “none,” all email is delivered and there is no protection for the recipient. In contrast, when DMARC is set at “reject”, the email is supposed to be rejected, thereby never making it into the recipient’s inbox and thus protecting them from phishing.

The other powerful aspect of email authentication is the SPF record. This record aims to define which IP addresses are authorized to send an email on behalf of the domain registrant. For example, if an email distribution service such as MailChimp is used to send emails purporting to be from the registrant, it must have the appropriate SPF record. Otherwise, the email validation will fail and the recipient will not receive it (provided the DMARC policy is set to “reject”).

Register domains in AutoDNS icon-arrow--right