On May 13^th 2025, Nominet hosted its second members’ webinar of the year – focusing on its efforts to combat domain abuse in the .UK namespace. The ‘Tackling Domain Abuse’ session brought together members of Nominet’s leadership – including Chief Customer Officer, David Carroll and Head of Customer Success and Operations, Mayuresh Walke and Head of Membership Engagement, Alan Fitzwater – alongside Threat Analyst, Dominic Rivett and Registry Policy Manager, Jake Vincet.

The webinar outlined Nominet’s new Domain Health Initiative (DHI) – a strategic framework designed to foster a safer and more secure .UK by addressing domain abuse head-on.  

The following is an AI-assisted summary of the webinar, with the video now available in full at the Nominet Members’ Hub.

Domain Abuse: A Growing Challenge

Domain abuse, which encompasses activities like fraud, phishing, fake online shops and illegal content, remains a critical issue for registries, registrars and users alike. Our recently published figures for the 12 months to October 2024 show an increase, thanks to enhanced detection activity.

Mayuresh Walke noted that law enforcement agencies now report that more than 40% of all crime in England and Wales is fraud, with 70% of it occurring online – with numbers still rising.   Sectors like banking and retail are particularly vulnerable – which further underlines the need for more proactive measures.

David Carroll emphasised that domain abuse in 2025 is receiving global attention, with organisations like ICANN and government stakeholders placing higher expectations on registries to act as stewards of their namespace. David said the aim was to create deterrence on .UK. This aligns with Nominet’s strategic objective to maintain a healthy, secure and resilient .UK namespace.

The Domain Health Initiative: A Strategic Approach 

At the heart of Nominet’s efforts is the Domain Health Initiative, a comprehensive strategy to tackle domain abuse systematically. The initiative is built on five key pillars:

• Policy Development: Nominet is working with registrars to craft a specific Domain Abuse Policy that balances transparency, proportionality, and registrant considerations. Jake Vincet highlighted that this policy will define expectations for all parties and clarify when Nominet will intervene, while still adhering to the existing consultation process via the UK Registry Advisory Council (UKRAC).
• Tooling: Nominet is enhancing its internal capabilities, including the planned integration of Clean DNS, a case management tool that streamlines evidence collection and workflows. This complements existing threat feed analysis, ensuring robust detection and response mechanisms.
• Partnerships: Collaboration is central to the initiative. Nominet is engaging with the UKRAC, managed partners, and government bodies to share intelligence and best practices. The webinar emphasised the need for greater registrar involvement in industry discussions, particularly in mapping fraud journeys.
• Communication: Transparent communication with registrars, registrants, and the wider internet community is a priority. Nominet plans to publish more timely reports and share post-mortem analyses of major campaigns to raise awareness and deter threat actors.
• Early Detection and Prevention: By leveraging tools like Domain Watch and exploring API integrations, we hope to identify and mitigate abuse at the point of registration, empowering registrars to act proactively.

These pillars are guided by principles such as proportionality, a registrar-first approach, and capability development, ensuring that actions are timely, transparent, effective, and scalable.

Defining and Classifying Domain Abuse

A key discussion point was how Nominet defines domain abuse. The baseline is ICANN’s definition, which includes malicious activities like phishing and malware distribution. However, Nominet extends this to cover:

• Fraud and Fake Web Shops: Targeting scams in banking, retail, and ticketing.
• Law Enforcement Agency takedowns
• Illegal Content: Including Child Sexual Abuse Material (CSAM) and Non-Consensual Intimate Images (NCII), addressed in collaboration with organizations like the Southwest Grid for Learning.
• Exceptional Circumstances: Rare cases, such as domains linked to UK government-sanctioned entities, where Nominet may intervene directly.

Dominic Rivett delved into the complexities of classifying abuse, particularly for compromised domains (legitimate domains hijacked by threat actors) and exploitable services (legitimate services misused, like URL shorteners). Nominet’s approach prioritises proportionality: for compromised domains, the focus is on alerting registrars and registrants to remediate issues, rather than suspending domains outright, to protect legitimate users. Maliciously registered domains, however, may face suspension to prevent harm. 

Real-World Impact: Disrupting Campaigns

Nominet’s efforts are already yielding results. Dominic shared examples of successful interventions, including a large-scale phishing campaign involving gambling sites, where collaboration with a registrar led to the suspension of nearly 2,000 domains. Another case involved a WhatsApp cryptocurrency scam, where Nominet’s actions deterred further abuse on .UK after suspending a handful of domains. These cases demonstrate the power of systemic deterrence—making .UK an inhospitable environment for threat actors. 

To enhance transparency, Nominet plans to publish detailed post-mortems of such campaigns, sharing lessons learned with registrars and the public. “Talking about these campaigns publicly makes threat actors aware of how seriously .UK takes this,” Mayuresh noted, reinforcing the deterrent effect. 

Policy and Legislative Context

Jake Vincet provided an update on policy developments, including the Crime and Policing Bill, currently in the UK Parliament’s report stage. Expected to receive royal assent by late 2025, the bill introduces powers for “appropriate officers” to seek court-ordered domain suspensions, potentially with non-disclosure orders. Nominet’s existing Criminal Practice Policy, a voluntary arrangement with 14 law enforcement agencies, will remain the preferred approach, with court orders as a last resort. Notably, the Gambling Commission, not currently covered by this policy, may require further alignment. 

Nominet is also exploring API integrations to share abuse data with registrars in real-time, addressing feedback from the UKRAC. Additionally, the Domain Watch tool, which flags high-risk strings, could be made publicly available or open-sourced, though Mayuresh cautioned that its value lies in its broader capabilities, not just a list of prohibited terms.

Engaging the Community: Working Groups and Beyond

A recurring theme was the importance of collaboration. Nominet is forming working groups focused on policy, early detection, and end-to-end processing, inviting registrars to co-author solutions. Jake clarified that these groups are open to all members, not just managed partners, and will complement the existing UKRAC consultation process. Interested members were encouraged to share contact details for participation. 

Nominet also acknowledged the underrepresentation of registrars in industry discussions, such as fraud journey mapping, and pledged to facilitate their inclusion. David Carroll emphasised sensitivity to registrars’ business needs, ensuring that actions are proportionate and do not unduly harm legitimate operations.

Looking Ahead: A Safer .UK Namespace

Nominet’s Domain Health Initiative is a bold step toward systemic deterrence, aligning with its mission to be an excellent steward of the .UK domain. By combining policy innovation, advanced tooling, strategic partnerships, and transparent communication, Nominet aims to make .UK a trusted and secure namespace. The initiative also ties into broader security and social impact programs, addressing online harms and cascading best practices to registrars. 

Members were invited to provide feedback via post-webinar forms, and to share their interest in joining a number of upcoming working groups.

Conclusion

The webinar underscored Nominet’s commitment to tackling domain abuse collaboratively and proactively. By fostering deterrence, enhancing capabilities, and engaging its community, Nominet is paving the way for a healthier .UK domain space.  

As David Carroll summarised, “We want to build a reputation as a domain where abuse is not tolerated.” With the Domain Health Initiative in full swing, Nominet is well-positioned to lead the charge in creating a safer internet for all. 

For more details, check out Nominet’s 2024 annual update on .UK domains suspended for criminal activity.