Migrating to.bank A step-by-step roadmap for migrating to.bank 11/19/2015 Advanced.BANK Webinar for ICBA Members 1
Webinar Presenters Craig Schwartz ftld Registry Managing Director Managing.BANK and.insurance Domain Registries Former Chief Registry Liaison with ICANN Rob Holmes Return Path General Manager Responsible for Email Fraud Protection service Previously at leading in the DNS and brand protection service providers Thomas Barrett EnCirca President Sole Registrar serving on.bank s Security Requirements Working Group Founded in 2001 in Boston, Massachusetts 11/19/2015 Advanced.BANK Webinar for ICBA Members 2
.BANK Activation Roadmap Website Hosting Domain Name Registration DNS Hosting Marketing Threat Monitoring Name registration Email Hosting Name registration 1 2 3 4 5 11/19/2015 Advanced.BANK Webinar for ICBA Members 3
.BANK Activation Roadmap Step 1 Domain Name Registration Step 2 DNS Hosting Step 3 Website and Email Hosting Step 4 Marketing Step 5 Threat Detection 1 3 2 4 5 3o n >> Enter your questions into the GoToWebinar Widget << 11/19/2015 Advanced.BANK Webinar for ICBA Members 4
.BANK By The Numbers October 31, 2015 90% of all names from the U.S. U.S. Banks that have registered.bank names: 2,498 Total Number of U.S.-Based Domain Names: 5,090 All 50 U.S. States represented 1. Texas 2. Missouri 3. Massachusetts Ramping up marketing efforts in Europe and rest of world 11/19/2015 Advanced.BANK Webinar for ICBA Members 5
.BANK Activation Roadmap Step 1 Domain Name Registration Step 2 DNS Hosting Step 3 Website and Email Hosting Step 4 Marketing Step 5 Threat Detection 1 3 2 4 5 3o n >> Enter your questions into the GoToWebinar Widget << 11/19/2015 Advanced.BANK Webinar for ICBA Members 6
DNS Name Server Activation Activation with vanity DNS name servers ROCKPORT.BANK should be NS1.ROCKPORT.BANK and NS2.ROCKPORT.BANK SSL Required, even with Web forwarding or Parked Page DNSSEC required before name can resolve Requires coordination of both Registrar and DNS Provider, if different Useful links to check verification status and DNSSEC Registry Whois: https://www.register.bank/whois/ DNSSEC: http://dnssec-debugger.verisignlabs.com/ 11/19/2015 Advanced.BANK Webinar for ICBA Members 7
.BANK Activation Roadmap Step 1 Domain Name Registration Step 2 DNS Hosting Step 3 Website and Email Hosting Step 4 Marketing Step 5 Threat Detection 1 3 2 4 5 3 on >> Enter your questions into the GoToWebinar Widget << 11/19/2015 Advanced.BANK Webinar for ICBA Members 8
Website and Email Hosting.BANK domains must use SSL encryption even for web forwarding EnCirca recommends Extended Validation (EV) but Domain Validated (DV) is allowed You can migrate your website and email independently Be sure your web server is using allowed cipher suites DMARC Alignment required for out-going.bank email 11/19/2015 Advanced.BANK Webinar for ICBA Members 9
DMARC Prevents Email Spoofing secure-owens@firstcitizensonline.com 11/19/2015 Advanced.BANK Webinar for ICBA Members 10
What is DMARC? Provides domain-owners with control Block domain-based spoofing Provides domain-owners with intelligence Reporting mechanism (aggregate and forensic data) 11/19/2015 Advanced.BANK Webinar for ICBA Members 11
ftld Security Requirements for.bank Registrants must publish a valid DMARC record with a policy of either quarantine or reject... For domains intended to send email, Registrants must publish at least one of the following email authentication DNS Resource Records: Sender Policy Framework (SPF) Domain Keys Identified Mail (DKIM) When used to protect non-email sending domains, Registrants are required to publish a DMARC reject policy When deploying DMARC, Registrants may temporarily use a none policy during the implementation phase However, this may not be used indefinitely. 11/19/2015 Advanced.BANK Webinar for ICBA Members 12
DMARC Makes.BANK trustworthy Without DMARC, there is nothing that prevents fraudsters from sending emails from an address with a domain you own. DMARC ensures that all emails coming from spoofed.bank addresses are blocked before they reach the intended victim. 11/19/2015 Advanced.BANK Webinar for ICBA Members 13
.BANK Activation Roadmap Step 1 Domain Name Registration Step 2 DNS Hosting Step 3 Website and Email Hosting Step 4 Marketing Step 5 Threat Detection 1 3 2 4 5 3o n >> Enter your questions into the GoToWebinar Widget << 11/19/2015 Advanced.BANK Webinar for ICBA Members 14
Marketing the Benefits of.bank Improves better deliverability of email by major email providers, such as Google, AOL, Microsoft and Yahoo Builds consumer trust for online banking and communications by minimizing spoofing and phishing attacks Start with internal stakeholders: staff, management, board Prepare external stakeholders: customers, partners, suppliers, media A Guide to Leveraging.BANK: https://www.register.bank/guide/ 11/19/2015 Advanced.BANK Webinar for ICBA Members 15
Marketing Considerations Start building search engine history for SEO Branding impact. Bank logo? Website changes Social Media changes Retail Branch Signage Letterhead and business cards Re-direct old website to new website (using 301 re-directs) Set-up search engine analytics for new website 11/19/2015 Advanced.BANK Webinar for ICBA Members 16
.BANK Activation Roadmap Step 1 Domain Name Registration Step 2 DNS Hosting Step 3 Website and Email Hosting Step 4 Marketing Step 5 Threat Intelligence 1 3 2 4 5 3o n >> Enter your questions into the GoToWebinar Widget << 11/19/2015 Advanced.BANK Webinar for ICBA Members 17
Threat Attack Vectors DNS Threats DDOS Website Threats Hacking Email Threats Spoofing Phishing 11/19/2015 Advanced.BANK Webinar for ICBA Members 18
Email Threat Intelligence Do-it-yourself versus outsource 1. Do-it-yourself. Use your own email address in the DMARC DNS record to receive XML reports from email service providers 2. Do-it-yourself with reporting service. Use DMARC vendor in the DMARC DNS record to provide readable and actionable reports. 3. Outsource all of it. Use DMARC vendor to conduct an audit and achieve Alignment for your emails EnCirca can help with both.com and.bank DMARC monitoring Useful links to check DMARC Status of your domain Standards Body: https://dmarc.org/resources/deployment-tools/ DKIM checking tool is: http://dkimvalidator.com/ DMARC checking tool: https://otalliance.org/resources/spf-dmarc-record-validator 11/19/2015 Advanced.BANK Webinar for ICBA Members 19
EnCirca Services for Banks Where Are You in the.bank Road Map? EnCirca Offered Services 1. Domain Name Registration Free Phone consultation. Online availability search 2. DNS Hosting Free set-up and 90-day trial 3. Website and Email Hosting DMARC Alignment service. Hos ng packages 4. Marketing Free landing page to build search engine history 5. Threat Monitoring and Detection DMARC Monitoring service Services for your existing.com website EnCirca Offered Services 1. Consolidate your.com domain name Manage your domains with as a single registrar 2. Consolidate your.com DNS hosting Add your.com domains to your secure.bank DNS 3. DMARC Alignment for your.com Achieve email authentication for your.com too 4. Brand protection in other new extensions EnCirca supports all 1,000 new extensions 11/19/2015 Advanced.BANK Webinar for ICBA Members 20
Next Steps EnCirca is offering free consultations for all five steps of the.bank Roadmap Learn about EnCirca s one-stop-shop: http://www.encirca.com/bank General inquiries and call-back requests Email: dotbank@encirca.com >> Enter your questions into the GoToWebinar Widget << 11/19/2015 Advanced.BANK Webinar for ICBA Members 21