These free resources can help you understand whether the implementation of your .BANK and .INSURANCE domain names (collectively, fTLD Domain) address our Security Requirements or identify potential issues that need to be resolved. In addition, fTLD contracts with a security monitoring vendor that provides reports which fTLD uses to inform registrars and registrants about compliance issues, many of which can be identified for resolution with the tools below.
Domain Name System Security Extensions (DNSSEC)
To confirm DNSSEC is deployed and configured properly at each zone and sub-zones for your fTLD Domain, you can use these tools:
To evaluate the configuration of your Domain-based Message Authentication, Reporting & Conformance (DMARC) record published for your fTLD Domain, you can use this tool:
For additional details, see the Implementation Guidelines here.
To confirm the publication of DMARC or Sender Policy Framework (SPF) records in the DNS for your fTLD Domain and the requested mail receiver policy of your DMARC record, you can use this tool:
Transport Layer Security (TLS)/Encryption
TLS must be implemented to protect the integrity and confidentiality of data in transit. For details, see the Implementation Guidelines here.
The following tools allow you test the configuration of servers for TLS implementation:
To test your email server (i.e., MX record domain), the following tool will provide information about the configuration of your email server and whether it is using strong encryption practices:
Registrants must have a public key certificate (also known as digital identify or TLS certificates) in place to meet the HTTPS-only requirement. Registrants may wish to use a wildcard certificate (e.g., *.domainname.bank, *.domainame.insurance) which covers every DNS name with encryption.
The following tool allows you to determine if the public key certificate installation has been successful: