Third-party providers have emerged whose business is built around helping .BANK or .INSURANCE Registrants meet the Security Requirements. fTLD has identified several third-party providers that can assist you in complying with the Requirements; see them here: .BANK and .INSURANCE.

Using a third-party provider does not obviate or transfer your responsibility for compliance with the Security Requirements. Any arrangement with a third-party provider supporting or hosting an fTLD Domain must be compliant with the relevant Requirements, and this may mean that the registrant needs to contractually bind its third-party providers to implement them.

For example, if you use a vendor to manage marketing mail-outs to your customers then you likely need to modify your DMARC, DKIM and SPF records to include your authorized third-party email senders.

It is your responsibility to ensure your third-party providers comply with the Requirements.

Ongoing expenditures will be necessary to maintain, monitor and demonstrate compliance with the Requirements. To illustrate, in a DNSSEC deployment, if you add a new name or level to your second-level domain. For example, if you create a new product or service and a new name to go along with it— www.newservice.yourbank.bank—you will need to re-sign the zone and re-publish it. If you change mail servers, or use third-party email senders, you will need to immediately update the DMARC record to reflect this. You may wish to investigate specialized DNS or email authentication providers that can meet the Requirements, and find new partners to facilitate your implementation. 


  • Third-party providers (e.g., hosted email, content delivery networks, security and fraud services)