Protective hold suspensions FAQs

What are protective hold suspensions? 

A protective hold is a suspension of a newly registered domain (registered within the last 30 days) that is at high risk of being used to endanger other internet users, Nominet infrastructure, or the wider domain name system. Often it refers to domains that exhibit string characteristics of a typical phishing domain. 

How does a registrant query a protective hold suspension? 

The registrant will have received an e-mail (with their registrar included) advising of the suspension and all necessary steps to reinstate the domain. This email will advise the registrant to undergo an identity verification check and to provide the context as to their planned use of the domain which each help to mitigate the risk posed by it. 

How long does a reinstatement of my domain take? 

Once the process is complete a registrant can expect their domain to be reinstated within 2 business days. 

Why change to protective holds’? 

As part of our ongoing efforts to standardise processes involved in abuse, we are looking at how best to differentiate parts of the pipeline for increased transparency at each stage. For this purpose, we are separating the methods of detection from the types of suspension we apply. Domain watch is a detection method while protective holds are a suspension method process. 

How do protective holds differ from Domain Watch? 

Domain Watch is a detection method for identifying domains that are a high risk of being used for phishing. It is used as an input for analysts to make decisions on whether to suspend the potentially malicious domains. If a suspension is then placed, it will then be a ‘Protective Hold Suspension’. It is one input to this process and focuses on phishing specifically. 

Do Nominet have an automated blocklist? 

No, there is no automated blocklist used by Nominet. Registrations are analysed for their likelihood to be used for abuse, and those which hit a threshold are then reviewed by analysts. These analysts then make a decision on suspending the domain under a protective hold or not based on the information available to them. When a review of a suspension is requested, analysts then review this case again. 

Who does Nominet contact when a domain is placed in a  protective hold suspension? 

The registrar and the registrant are both copied into the email notice that is sent on a suspension. 

What domains are valid for protective holds? 

All domains are valid within 30 days of being newly registered. 

What policy do these suspensions sit under? 

These domains are suspended in accordance with Nominet’s terms and conditions utilising clause 10.1.2: 

10.1. We may cancel or put a domain name into a special status by notifying you if: 

10.1.2. in our sole discretion we believe the domain name is being used, or has a high risk of being used, in a way that is likely to endanger any part of the domain name system, other internet users (including but not limited to the distribution of viruses and malware, phishing activity or facilitating distributed denial of service attacks), or our systems and internet connections; 

I run a phishing simulation service; how can I prevent my registrations being caught in protective holds? 

Knowing the frequency of this use case for being miscategorised due to the domains needing by purpose to exhibit high risk characteristics, Nominet is developing a specific process for registering as a known security services provider before registration of domains. Registering for this will exempt you from the protective hold suspension systems. In the meantime, please contact us at [email protected] if you have any questions.