.au Direct Domain names are a new option for Australian internet users

From 24 March 2022, the Australian Domain Administration (auDA) will be introducing a new option for Australian internet users with the availability of .au direct domain names.

The shorter and simpler domain names (such as pavlova.au, station.au and so on) will be open to individuals and organisations that wish to have an online presence, new or existing, with the proviso that they have a verified connection to Australia.

Whilst offering convenience for businesses and individuals, it also presents an opportunity for cybercriminals to create malicious domains.

At AUSCERT, it’s our purpose to understand just what those threats might be to provide our members with an analysis of the situation.

While it is impossible to completely prevent all kinds of domain name abuse, the requirements auDA has in place (such as registrants needing to have an ‘Australian presence’) certainly help mitigate against widespread and easy abuse (as is prevalent in many other jurisdictions).

auDA has extensive resources available should you wish to learn more, including detailed information regarding registering domain names in .au direct, timelines, domain conflict resolution and so on. In addition, you can contact your preferred domain retailer.

However, in brief, some points of note are:

1. auDA continues with its strict rules against .au domains being used in any malicious or illegal activities and will take action against recognised offenders.
2. auDA will provide priority registration to those organisations with existing registered domains to the same name in ‘.au’. For example, here at AUSCERT, we have ‘auscert.org.au’ which gives us priority to register and use ‘auscert.au’. This priority period is for six months from the launch date (24 March 2022) to register the ‘.au’ domain after which, it becomes available to anyone. Essentially, this means you have until 20 September 2022 to register any existing domain names you wish to have the new ‘.au’ version of.
3. An “Australian presence” will be required to register a .au direct domain and essentially requires one of:

• An ABN
• A Trademark number
• Australian identification document (passport, driver’s license, etc.)

So, what does this mean for you?

1. Be aware that the .au direct domains are being launched on 24 March 2022.
2. Consider which of your existing domains you may wish to register in .au direct. We encourage all members wishing to undertake this process, to do so within six months to avoid any potential issues arising later.
3. Determine whether there may be any potential conflicts with other domain name registrants and understand the auDA process for resolving the conflicts. Check the auDA website for complete details.
4. Contact your preferred domain retailer to register your new domains.
5. Consider which new (rather than existing) domain names you may wish to register.
6. Be aware that the opening up of a new domain space always provides a potential for the resurgence of domain abuse (such as domain squatting, phishing, etc) and take pre-emptive measures such as domain registration in the new domain space.

Please contact the team at AUSCERT if you have any security-related questions relating to the introduction of .au direct domains you believe we can assist with. All other questions concerning, for example, domain registration, conflict resolution and so on are best dealt with by reviewing auDA’s or your retailer’s .au direct resources.