PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

It's Now (a Bit) Harder to Register a .Gov Domain

Trust is usually assumed when visiting an .Gov website, but registering one just required a bit of wire or mail fraud and a stolen letterhead until today.

Matthew Humphries
 & Matthew Humphries Former Senior Editor

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

When visiting a government website, it's natural to relax and assume the site is secure and you're safe. However, it turns out anyone can register a .Gov domain name with a little bit of forgery and fraud.

As KrebsOnSecurity reports, back in November, a researcher not associated with the US government managed to register a .Gov domain for a small US town. All it took was a fake Google Voice number, Gmail address, and a copy of the letterhead the town used in order to impersonate its mayor. An authorization form was downloaded, filled out, and sent via mail or fax to DotGov. In return, account creation links were issued.

By going through that process, the researcher committed wire fraud, but the point being the .Gov domain was authorized. No manual checks were carried out beforehand, for example, calling the mayor to verify the request would have instantly flagged the application as fraudulent. However, from today, such domain registrations got a little bit more secure.

Recommended by Our Editors

Google Will Soon Spot Fake Calls on Supported Android Phones
Google Will Soon Spot Fake Calls on Supported Android Phones
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts

An update posted on the DotGov website on March 5 states, "Effective on March 10, 2020, the DotGov Program will begin requiring notarized signatures on all authorization letters when submitting a request for a new .gov domain. This is a necessary security enhancement to prevent mail and wire fraud through signature forgery in obtaining a .gov domain. This step will help maintain the integrity of .gov and ensure that .gov domains continue to be issued only to official U.S. government organizations."

A notary is a public official who is tasked with verifying the identity of everyone else signing the documents and acts as a witness. An official stamp or seal is also required to be affixed to the document by the notary.

Related

Although this extra requirement does make it a bit harder to register a .Gov name if you aren't officially entitled to, as Krebs points out, there's still no manually checks happening. A determined individual could fake the notarization and there are online (cybercrime) services more than willing to help paying customers do so.

Further Reading

Security Reviews

Security Best Picks

About Our Expert

Matthew Humphries

Matthew Humphries

Former Senior Editor

My Experience

I started working at PCMag in November 2016, covering all areas of technology and video game news. Before that I spent nearly 15 years working at Geek.com as a writer and editor. I also spent the first six years after leaving university as a professional game designer working with Disney, Games Workshop, 20th Century Fox, and Vivendi.

I hold two degrees: a Bachelor's degree in Computer Science and a Master's degree in Games Development. My first book, Make Your Own Pixel Art, is available from all good book shops.

My Areas of Expertise

  • PC components and system building
  • Raspberry Pi
  • Software development
  • Storage technology
  • Video games and gaming hardware

Read the latest from Matthew Humphries

Read full bio