The .au is an important part of Australia’s internet ecosystem. In fact, the Federal Government has deemed the .au domain name system (DNS) part of Australia’s suite of critical infrastructure alongside other networks, assets and services upon which Australians rely for social and economic wellbeing, such as energy and financial services.
We are proud that the Federal Government has entrusted the management of the .au to .au Domain Administration (auDA) for more than 20 years and recognises the centrality of the DNS to Australia’s modern, digital economy and society.
With more than 4 million .au domain names under management, and 2.6 billion queries to the .au DNS each day in 2021-22, the DNS connects businesses to consumers, governments to constituents, people to services, and Australians to the world. Given its place at the centre of our digital economy and society, it is vital that the DNS is a stable, secure and reliable system that Australians can have confidence in.
We take great pride in our role of making .au one of the most secure domains in the world. The .au’s rate of DNS abuse (such as phishing, malware, botnets and associated spam) is at 0.03 per cent, well below the global average and down from 0.04 per cent in 2021.
Here’s how we keep the .au secure and trusted:
Our robust .au Licensing Rules ensure we reduce the risk of scams and DNS abuse in .au.
- We work closely with registrars to ensure everyone who registers a .au domain name has an Australian presence and meets our eligibility and allocation criteria. Registrars validate their registrant’s details to ensure compliance when they register, renew or transfer a domain name licence.
- We make selected domain name licence information publicly available through the WHOIS tool. The WHOIS allows the community to check who has registered a domain name. Understanding “who is” behind a domain name helps support the integrity of .au.
- Australians can report suspicious or ill-intentioned .au licences for review through our comprehensive complaints process. Where registrants do not meet the requirements of the .au Licensing Rules, their licence may be suspended or cancelled. Complaints should be lodged with the registrar of record in the first instance. Read more about the complaints process here.
- Our Compliance team undertakes regular audits of registered .au domain names to ensure compliance with our rules. In 2021-22, it carried out more than 3,500 audits, helping maintain a trusted .au. This includes audits of .au domain names licences using unauthorised business credentials. In these instances, a cybercriminal may use a legitimate organisation’s Australian Business Number (ABN) as the basis to register a domain name for malicious activity such as phishing. Thanks to our robust validation requirements, these cases are rare in .au.
Maintaining best practice security standards helps us protect .au data and mitigate against potential security threats.
- ISO 27001 is the international best practice standards for information security. We maintain our ISO27001 certification by passing annual surveillance audits and recertification every three years. auDA isn’t the only organisation responsible for the secure management of the .au, which is why our registry operator Identity Digital Australia and our accredited registrars must also be ISO27001 compliant, or have a plan in place to achieve compliance.
- We check .au domain names against daily threat intelligence feeds from security organisations, helping to ensure low rates of cybercrime in .au. Less than 0.002 per cent of .au domain names are subject to enquiries from Australian law enforcement bodies.
- We adhere to the Australian Signals Directorate’s Essential Eight, which are recommended security protocols for organisations. They are focussed on the prevention of cyberattacks, limitation of the damage of cyberattacks and increasing the availability of data and system recovery.
- We enable Domain Name System Security Extensions (DNSSEC) on the .au. DNSSEC is a security extension that adds a layer of encrypted protection for domain names, helping ensure the integrity and authenticity of transmitted data.
- We regularly test our recovery and continuity plans to check and improve our responses to technical disruptions. We also conduct security awareness training for all auDA staff and Board members, and specialist training for our technical staff to stay on top of emerging security trends and issues.