A letter arrived in my letterbox recently. Green branding, an Australian Company Number prominently displayed, a central Sydney address, a reference number, a QR code, and a “renewal fee” of $99 for one year or $171 for three. The sender was “Registration”, trading through reg.com.au. My business name, the letter warned, was due for renewal on 2 July 2026.

Everything about the letter was designed to look official, apart from one giveaway at the bottom in smaller font: “Registration is a third-party business name renewal service provider. We are independent of ASIC [Australia’s corporate regulator]. This is not a bill.”

ASIC’s own fee for the same three-year renewal is $102. Registration Pty Ltd pockets the difference for acting as a registered agent. This is a service I neither requested nor needed. While the operation is legal, consumer forums and small business groups consider it misleading and deceptive.

What I want to note here is not the ethics of the operator, but what the open .au namespace makes possible, and what .gov.au prevents.

Why the letter works

The letter is convincing because the name ‘Registration’ gives an impression of government or official function which the company does not actually possess. Nothing in the .com.au rules prevents that. A .com.au registration requires an Australian commercial presence and little else. Registration Pty Ltd holds reg.com.au entirely legitimately. The domain offers no signal about authority, accreditation, or relationship to government. That absence is the problem.

The user’s only structural trust signal in the letter and its use of .com.au is the fact of Australian commercial registration. Questions such as ‘is this the government?’, ‘an accredited agent?’, ‘a reseller?’, ‘a scammer?’ must be verified some other way: by reading the disclaimer, cross-checking with ASIC, knowing the sector. The burden of verification sits entirely with the recipient.

What .gov.au does differently

Contrast this with .gov.au. Registration Pty Ltd could not, under any circumstance, register asic-renewal.gov.au or similar. The .gov.au namespace is restricted to Australian government entities, with eligibility enforced at the registry. No disclaimer is required, because the domain itself is the assurance.

This is worth emphasising: .gov.au is not merely a convention. It is a structural trust mechanism. The registry does the verification once, at the point of accreditation, and every subsequent user benefits from that work for as long as the domain exists. A restricted SLD converts a per-interaction verification burden into a single registry decision.

It also gives government agencies something simple and credible to say: if it doesn’t end in .gov.au, it isn’t us. That is an actionable public message and one that requires no technical literacy to act on, and no familiarity with the specific agency involved.

The same applies, to varying degrees, to .edu.au, .csiro.au, and equivalent restricted SLDs across other ccTLDs around the world ( eg, .gov.uk, .govt.nz, .gob.es, .gouv.fr, etc.). The specific eligibility rules will likely differ, but the mechanism is the same: the registry enforces a meaningful boundary at the second level, and the namespace itself becomes a signal.

There is a broader point here, too. In an era where browsers increasingly hide URLs, where search and AI intermediaries often sit between users and destinations, and where most people navigate by clicking rather than reading addresses, domain names are less visible than they once were. Restricted SLDs like .gov.au are one of the few parts of the namespace that still reliably surface in public communications - on letters, in advertising, in government messaging. They keep domain names legible and meaningful to a general audience at a time when that legibility is quietly eroding.

Evidence from peers

AFNIC, the French registry, points to several practical advantages of maintaining .gouv.fr. As Pierre Bonis, CEO of AFNIC, puts it: ‘the more governmental services are systematically under .gouv, the more it is easy to fight back typosquatting of governmental services.’ When the French presidency launched granddebat.fr rather than granddebat.gouv.fr for a public consultation during the politically charged gilets jaunes protests, lookalike domains appeared within hours, some with rather different content. A simple ‘if it doesn’t end in .gouv.fr, it isn’t us’ would have resolved the confusion immediately.

AFNIC also notes that a single authoritative namespace makes email authentication (SPF, DKIM, DMARC) far easier to implement consistently across government communications. And from a registry operations perspective, delegating eligibility verification to a government body keeps things clean: they decide, the registry complies.

Trust as infrastructure, not reputation

It is tempting to frame domain trust as a reputational question - users learn to recognise particular brands, particular senders, particular email patterns. That framing understates what restricted SLDs do. Reputation belongs to individual actors and must be built separately by each one. Structural trust, encoded in the namespace, is inherited by every eligible registrant automatically.

This matters most in exactly the cases where reputational trust is weakest: rare interactions, unfamiliar agencies, new users, or moments of decision under time pressure. A small business owner who sees a business name renewal notice once every one or three years has no basis for familiarity. They cannot be expected to have built a reputational model of every agency and every sanctioned third party. What they can reasonably be expected to recognise is “ends in .gov.au”.

A note for ccTLD peers

A recent CENTR study of 52 ccTLD registries worldwide found that 33 offer a restricted government second-level domain. In Europe, fewer than half of registries offer one, meaning a significant share of the continent’s namespaces lack this layer of trust.

For registries weighing the administrative cost of maintaining restricted second-level structures, it is worth remembering that the value produced is mostly invisible. Nobody writes to thank a registry for the fact that their government namespace isn’t being exploited by misleading operators. The trust is consumed silently, every day, by every citizen who glances at a URL and makes a correct inference about who they are dealing with.

There is also a systematic bias at work here. The costs of maintaining restricted SLDs are visible and administrative - eligibility checks, policy maintenance, enforcement. The benefits are dispersed across millions of interactions that go well. That could cause restricted SLDs to be undervalued in internal discussions about whether to maintain or adopt them. The costs are countable, the benefits are not.

The Registration letter on my desk is a small piece of evidence for a larger point: the absence of structural trust creates a cost paid by users in verification effort and, sometimes, in money. A well-maintained restricted SLD is trust infrastructure. It deserves to be treated as such.