A traversal view of the .nz space: security
Sebastian Castro •
At InternetNZ, we are passionate about the .nz domains, and we are always looking for new things to learn about it. In this series of blog posts, we’d like to show the difference between namespaces under .nz.
Here’s what you’ll learn about:
Blog post 1 (the one you are reading): Actively looking into the DNS: email services and security in .nz namespace.
Blog post 3: Web content and machine learning in .nz namespace.
So what’s in the .nz space? An overview.
Within .nz, domain registrations can happen directly using .nz (example.nz) or under one of the fifteen subspaces, like .co.nz (trademe.co.nz) or .govt.nz (covid19.govt.nz). Not all spaces are open to registration by anyone. For example, .govt.nz is only available to government organisations.
For this story, we are going to divide the .nz domains into four groups: .nz for domains registered directly under .nz, .co.nz for domains under .co.nz, .govt.nz, and other, capturing the remaining thirteen subspaces (.net.nz, .org.nz, .kiwi.nz, etc.)
The .co.nz domains are solidly the majority in our namespace, followed by .nz domains. Over the years, registrations directly under .nz are gaining space against the other group. The .govt.nz has around 1,000 domains that are hard to distinguish.
Actively looking into the DNS
The DNS is one of the most fundamental protocols that hold the Internet together. It’s heavily used to signal the availability of a certain service or a technology for a domain. If you want to visit a web page or send an email, computers will be using the DNS to find out where to connect.
Since 2019, we have been tracking some of those signals for all .nz domains. We have been looking for the adoption of new services or security practices. In this blog, you will see how those have evolved and how prevalent they are.
Email services and security
In Figure 2, we can see how different groups show to the world they have mail service. .co.nz, .govt.nz and other have around 61% of their domains with an MX record, .nz is an exception with lower adoption rates at 43%. Overall, support for mail services has been slightly reducing.
Also, in Figure 2, we can see support for Sender Policy Framework (SPF). It is a technology that helps to protect the domain against spoofing (someone impersonating your emails). It also helps to prevent the emails coming from your domain to be marked as SPAM.
The good news is SPF adoption has been growing across all groups in the last two years. What could be seen as bad news is only half of the domains that are ready to receive email have SPF enabled, except for .govt.nz where the coverage goes to roughly two thirds.