Assign this task

 


 

WHY THIS IS IMPORTANT

Services provided by vendors to a .BANK or .INSURANCE domain will be more secure as they are held to the same security requirements as your organization.

GET HELP

  • Third-party providers (e.g., hosted email, content delivery networks, security and fraud services)

ASK fTLD  CHAT  |  EMAIL


 
ADDITIONAL REQUIREMENT DETAIL

If you are planning to alias your .BANK or .INSURANCE domain to your legacy domain (e.g., .com) with a CNAME, your legacy domain must have TLS and DNSSEC to comply with this Requirement. For MX records, you must have TLS in place to be in compliance; DNSSEC is not required.

Implement DNSSEC (Domain Name System Security Extensions)

Ensure TLS (Transport Layer Security) has been implemented using v1.1 or greater where possible

 


 

CHECK YOUR WORK

TLS:

To test your email server (i.e., MX record domain), the following tools will provide information about the configuration of your host's email server and whether it is using strong encryption practices:

DNSSEC:


Mark Requirement Complete and Submit to fTLD for Review

 

IMPLEMENTATION HUB