Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

Recognising and preventing phishing

When scammers come angling for your data – part 2

Phishing: almost everyone with an e-mail address encounters it on a regular basis. Indeed, according to Statistics Netherlands, one in every two hundred Dutch people fell victim to phishing scams in 2019. And, although many people think it could never happen to them, the scammers are becoming more cunning all the time, and their tactics more devious. While badly written and obviously fake messages that are supposedly from banks do still circulate, some phishing material is very convincing. Having explained exactly what phishing is in part 1 of this two-part blog, here I consider how you can recognise and prevent this kind of fraud.

When scammers come angling for your data

Using technical solutions to stop phishing

Phishing scams vary a lot. Some use e-mail, while others rely on SMS, for example. Where mail-based phishing is concerned, various countermeasures are possible. Most obviously, solutions can be implemented at the receiving end: spam filters can stop most phishing messages reaching users' mailboxes. However, some will still get through and may therefore be read. If the user gets taken in and clicks a link in one of those messages, the associated website will load. Fortunately, most modern browsers check sites against phishing blacklists before displaying them. Well-known blacklists include Google's Safe Browsing and Microsoft's SmartScreen. If you try to visit a blacklisted site, your browser will normally respond with an error message. You can check whether your browser uses Safe Browsing by visiting the test website. If a warning appears, you know you're protected. Blacklisting is a quick way to block access to phishing sites, but doesn't get the sites shut down. For that, you can send in a Notice-and-Take-Down (NTD) request asking for the site's host to disable it, or for the domain name to be inactivated.

What recipients can do

Scammers send their phishing messages in huge numbers, hoping that just a few will get through and catch their recipients out. Messages that pretend to be from a particular organisation are more likely to be effective if the recipient has a relationship with that organisation. The most common reason that recipients give for realising that an e-mail is a trick, is that they have no connection with the supposed sender. To get around that problem, some fraudsters opt to impersonate organisations that almost everyone deals with, such as the tax authorities. Although plenty of phishing messages are still full of spelling errors and muddled sentences, we also see many written in a very professional style. The availability of good online translation engines such as DeepL may well be important in that regard. If a message fits the recipient's expectations – because it's about a parcel delivery and the recipient has recently ordered something online, say – it's more likely to be believed.

Recipients urged to act quickly

Naturally the content of a phishing message needs to get the recipient to act. And preferably act quickly, before the website gets blacklisted. For that reason, a common tactic is to generate a sense of urgency by setting a deadline. Scammers also use marketing techniques such as posing as authoritative figures – a bank manager, for instance – to persuade the recipient that they shouldn't let the message lie.

'Homoglyph' is the new buzzword in phishing

Then various tricks are used to give the impression that the links in phishing messages are legitimate. They include using subdomain names and paths that feature real domain names, and using homoglyphs. For example, the operator of 'scamdomain.nl' might create a subdomain called 'sidn.nl'. The recipient sees 'sidn.nl' and feels reassured, although the website linked to the subdomain has nothing to do with SIDN. The same can be done with a path, such as https://example.nl/www.sidn.nl. A reader in a hurry sees 'sidn.nl' at the end, and doesn't notice that the domain is 'scamdomain.nl'. Frauds often make use of Internationalized Domain Names (IDNs) as well. IDNs can include characters from non-Latin alphabets. They can be used for subdomains and occasionally top-level domains. You might have 𝗌𝚒𝖽𝚗.scamdomain.nl, for instance, where the letters 𝗌𝚒𝖽𝚗 look like the Latin letters 'sidn', even though they are entirely different characters. Fortunately, some browsers can now detect lookalike links and replace them with corrected versions.

What can you do to make sure you're not caught out?

When you get a message, take your time to look at the sender's address: does it really belong to the organisation in question? And what about the contents? If there's a link, make the URL visible by hovering over it with your mouse. What's the domain in the URL? Is it one you would expect this organisation to use? Whenever a message urges you to act quickly, take care. We're prone to poor decision-making when we're under pressure, making us vulnerable to digital fraud. If in doubt, therefore, take your time. Put the message aside until you can look at it carefully, and maybe ask someone else what they think of it. Messages that you're sure are phishing should be reported to the Fraudehelpdesk, in order to help minimise the number of victims. Above all, remember: no matter how good technical solutions such as spam filters and blacklists may be, it's still important to use common sense. If you have any doubt at all, don't click on a link. And never share your personal data unless you're really sure.

Finally a few practical tips:

  • Enable e-mail security standards for your domain and your e-mail servers.

  • Test your domain(s) on internet.nl.

  • Received a message?

    • Check who sent it.

    • If there's a link, see where it leads.

    • Does the sender urge you to act quickly? Be extra cautious and take your time.

    • If in doubt, ask someone else what they think.

Article by:

Elmer Lastdrager

Elmer Lastdrager

Research engineer