The National Internet Exchange of India (NIXI) in January has come up with a new regulation to control fraudulent websites with .in domain name. Individuals now have a limit of up to two websites, after which they would need permission from NIXI CEO to open up a third website with .in domain name.

Businesses and companies can create up to 100 websites, post which they too need to seek permission. But the move has irked internet experts who didn’t find the cause sensible.

Anil Kumar Jain, CEO, NIXI, told BusinessLine, “Domains are registered trademarks, right kind of people should register rather than anyone with fake identities. We have given instructions to registrars who are dealers booking the domain. They need to get proper information of the website applicant, which is sometimes not possible when it’s happening via a reseller. This new step was added to get the complete information in perspective.”

Also read
phishing credit card data with keyboard and hook symbol 3d illustration

Fraudsters most active during peak business hours between 7AM and 7PM - HDFC Bank study

‘Stricter compliance’

“This is for stricter compliance of information collection. The applicants have to share an explanation for why they need more websites along with their Aadhaar card and PAN card proofs. We are clearing this within 24 hours. And till now none of the requests have been rejected,” he said

He added that this brings more discipline to the application process. This will apply to .in domains which come under the government’s purview, and this will not be applicable or expanded to .com, .net, .org or any other domains. NIXI also manages .bharat as a local language domain, available in all 22 languages, a feature unique to India.

Rajshekhar Rajaharia, an independent internet researcher, told BusinessLine, “This doesn’t make sense. They are copying the US’ method of asking proofs and reason for setting up websites — but they too do it only for non-American citizens and not their own nationals. If someone really wanted to do something fraudulent, they can easily set up multiple websites with different email ids and identities. This move is only an add-on step to complicate processes and might impact start-up level companies.”

NIXI currently doesn’t have data on previous cases of fraudulent websites created, saying it’s managed by CERT-In instead.

‘Remove bureaucratic processes’

Amitabh Singhal, Director, Telxess Consulting Services and former CEO of NIXI, said that the idea of setting up NIXI was to promote .in domain and remove bureaucratic processes to make it easier for people to access .in domain names. Earlier, setting up domains involved a lot of documentation and separate fees.

Singhal said, “A registry has to always keep a track of domain name abuse and use for malicious reasons. Why doesn’t NIXI have data pertaining to abuses being done through domain names. The reason for NIXI to do this is to protect, I have no doubt about that. But they need a way to do covert tracking in the backend and if someone is applying for more than two websites, then check their activities and based on suspicions, ask for further documents.”

Singhal added, “For individuals, I think this could be impractical if I want more than two names, then I have to seek permission. If someone was really good with abusing domain names and book it for that purpose, they could easily do it with a gang of people and do multiple bookings.”

“As far as corporates are concerned, they have to be more alert to ensure their domain names and IPs are kept safe. When they (NIXI) are saying 100, now how many companies can book 100 names which resemble their trademark name, and will that be enough. Without background data, I will be sceptical on putting in these restrictions and want to know how they arrived at that number.”

comment COMMENT NOW