Skip to main content

US government tightens vetting for .gov domain registration

(Image credit: Shutterstock)

Registering a .gov domain is about to get a lot more difficult as the US government will soon start requiring notarized signatures as part of the registration process beginning on March 10th.

The reason behind this is to prevent wire and mail fraud that could lead to .gov domains, which are usually considered secure as they're registered by government agencies, from being registered by unauthorized organizations or individuals.

The US General Services Administration (GSA) oversees the DotGov program that operates the .gov top-level domain (TLD) and makes these domains available to government organizations in the US.

In an update on its website, DotGov explains why it will soon require notarized signatures to register a .gov domain, which reads:

“Effective on March 10, 2020, the DotGov Program will begin requiring notarized signatures on all authorization letters when submitting a request for a new .gov domain. This is a necessary security enhancement to prevent mail and wire fraud through signature forgery in obtaining a .gov domain. This step will help maintain the integrity of .gov and ensure that .gov domains continue to be issued only to official U.S. government organizations.”

Registering .gov domains

In order to request a .gov domain, government organizations have to prepare and send an authorization letter as well as fill out an online form after receiving their .gov registrar account.

The authorization letter must use official letterhead stationary and it also has to include a signature from an organization's authorizing authority according to the DotGov program. Beginning on March 10th though, this letter will need to come with a notarized signature to prevent organizations or individuals from registering a .gov domain without the proper authorization.

The change to how .gov domains are registered comes after independent security researcher Brian Krebs revealed in November of last year that almost anyone can register a .gov domain by using fake information on the authorization letter. However, if someone is caught doing so, they could be indicted for wire or mail fraud.

The .gov domain was first created in 1985 and for the past 35 years, users have associated it with legitimate government websites, which is why DotGov's new requirements make a lot of sense in helping to keep .gov sites secure.

Via BleepingComputer