Security Requirements
To enhance the security, stability and resiliency of all sites and services in .POST, all Registrants are contractually required to follow the technical security requirements set out below. These requirements are proactively monitored by the UPU as part of the .POST Compliance Program.
REQUIREMENT | DESCRIPTION | BENEFIT |
---|---|---|
Registrant Verification | All Registrants are verified to confirm their identity and organization, and that they are qualified to register .POST domains |
Reduces the potential for cybersquatting and other illegal activity, since only genuine community members will be eligible to register a domain.
|
Domain Verification | Each request to registration a .POST domain is verified to ensure that the domain is available for registration by the Registrant | Reduces the potential for cybersquatting and other illegal activity |
DNSSEC |
Mandatory deployment of Domain Name System Security Extensions across all .POST domains
|
Minimizes potential for “man in middle” attacks by requiring all DNS traffic to be encrypted |
Multi-Factor Authentication | Mandatory use of multi-factor authentication for access to both the Registry and Registrar systems | Minimizes potential unauthorized access to registrations systems, reducing the likelihood of hijacked or redirected domains |
Heightened TLS | Mandatory use of TLS 1.2 or greater where possible | Eliminates potential threat vectors associated with outdate browsers |
HTTPS/SSL | All .POST domain registrant need to obtain a digital certificate. | Will ensure that the .POST resolves to HTTPS, and all data is secured in transit |
Proactive Compliance Verification | The UPU engages an external third-party security service to regularly monitor Registrants’ compliance with key security requirements/metrics | Quick identification and remediation of potential security threats to minimize the risk of them being exploited. |
Email Authentication |
.POST domain registrants are required to publish in the DNS a text record:
1) Domain-based Message Authentication Reporting and Conformance (DMARC) record;
2) Sender Policy Framework (SPF) and/or DomainKeys Identified Mail (DKIM) records when the domain name is used for email
|
DMARC helps minimize phishing and spoofing attack vectors and, when used in conjunction with DMARC and DKIM, increase the deliverability of email associated with that domain. |