I receive spam on a daily basis from various Banks… as well as mine. None are legitimate but actually, that is not what is catching my attention receiving spam. There is something else and it deals with stealing information from me.

Creating a personalized “.brand” domain name extension allows avoiding all that.

Bank Emails

Many are familiar with receiving spam through phishing attempts to have you answering an email and providing personal information such as login and passwords: most of the time receivers know that they should not answer emails from any Banks since most offer to communicate with them from their online portal. This one is easy to avoid.

Another standard is to receive an email asking you to click on a link. Such spams are also standard phishing attempts trying to steal login and password from you on a fake website looking like the one from your Bank.

Answering the email to a person using a personalized domain name extension such as the one from your Bank CANNOT be faked.

When answering the email, the domain name extension to appear in the “To” field” cannot be faked using a homoglyph or a letter looking similar to a standard domain name extension such as a country code top-level domain or a generic one. The reason for this is simple:

1. the owner of the domain name extension decides about his domain name extension and this one will be unique: most of the time the final domain name extension is his Trademark. On the opposite side, anyone can create a domain name using your Trademark and ending in “.com”.
2. the owner controls who creates domain names so when the email a clients answers to does not have the name of the “.brand” in the end, it means that he won’t answer to the right person.

Emails ending with a “.brand” are seals, certifying that the answer will go to the right initial sender. When using a country code extension of a generic one such as a “.com”, anyone can create what comes before the extension and, for example, change a letter from one to another: do you think that WhateverTrademark.com is very different from WhateverTradenark.com? Who will notice when answering an email ending in [email protected]?

Bank surveys

Banks surveys are a new problem that I have identified. These are often legitimate and my Bank sends me surveys to check if I am satisfied with their service. The problem with such surveys is that they use the email and domain name from another service provider, asking me to answer questions on a website using either a “.com” or a “.fr” domain name which is not the one from my Bank. That is where I see a problem: how to ensure that these are legitimate? By trusting the person who sends the email? By trusting that website asking me questions? No way.

A personalized domain name extension offers this new opportunity to drastically increase the level of trust:

1. Asking a client to answer a survey on a third party website implies that the sender of the email is trusted (not the case with my Bank, using a “.fr”): when the email is sent from the personalized “.brand” domain name, the level of trust is increased since it guarantees that the Bank is sending the email.
2. Answering the survey on the subdomain of a third party website sends several wrong messages:
   1. “Our Bank is not able to create a form for our clients to answer us directly”;
   2. “Your answers will be read by another company and we do not control the use they will have of your answers”;
   3. “That link you click onto to answer our questions will probably offer our service provider to send you commercial emails in the future but we don’t care about this”;
   4. “We don’t have the time to do the job for you, someone else does”.

If it remains the job of specific companies to create the right surveys for Banks, having them hosted on a Bank’s website operating its own personalized domain name extension is an easy thing to do: if this can be done on sub-domains, then it can easily be hosted on a “.brand” domain name. Companies offering survey services are probably already offering such services… but not in France apparently. Note that in these cases, external survey companies will deal with your data anyway but if hosted behind a “.brand” extension, it won’t look like.

Size matters

The debate is a funny one when discussing “what a good domain name is”, and most of the time, you will hear that “the shorter, the better”.

I strongly disagree with this for “.brand” domain name extensions since a Trademark wants to be noticed and when it comes to infringements, a Trademark wants to ensure that a client is talking to the right person when answering an email: the longer its domain extension will be, the higher the possibility will be to notice the name is different from a “.com”. That is also what “.brand” domain name extensions offer: the possibility to highly notice a sign when offering a client to visit a website. Look at https://www.miami.lamborghini/ : such website just cannot be a fake one, and neither is receiving an email from them. The longer, the better.

The future is worth

Homographic attacks are an increasing risk for Banks and other Trademarks: these attacks increase unfortunately and they are harder to detect by final consumers (those to receive bank emails). To make it simple, a letter used in the domain name will look similar to the one used in a standard ASCII alphabet: can you make the difference between this “a” and this “?”? Well, there is one and you probably won’t check this when answering an email or navigating to a website using such letters.

The risk is very high here since the use of these letters exists in various domain name extensions offered to the general public. When using a “.brand” domain name extension, the risk to visit another website or answer an email to the wrong person ceases to exist since the “.brand” extension is the seal: you cannot create or add a different letter to a domain name extension… unless you have the patience to wait for the next round of ICANN applications to new gTLDs, and $185000.

An alternative for Banks

I see two alternatives for Banks who won’t be interested in creating their “.brand” new gTLD:

1. The price to acquire a personalized “.brand” domain name extension is high so an alternative for Banks…is to use a domain name ending in “.Bank”. The registry offering these domain names says that only banks can acquire one.
2. Online brand protection offers to keep watching what’s happening on social networks, rogue websites, marketplaces, fake boutiques, webstores, app stores, domain name registration websites (registrars), Google adwords and even… the DarkNet, to minimize the potential for fraudsters to profit from client’s banks and brands. It does not cost much and some of these specialists not only do the monitoring for you but they also offer to take down infringers and recover your domains. I particularly like the new offers monitoring the DarkNet.Of course, you know what the DarkNet is right?

Just in case I forget…when choosing a domain name extension, don’t forget to check if the extension is not similar to another one.