Those who want to obtain a .gov domain will now have to go through an enhanced identity verification process first.
Prior to the additional security measures, all it took for someone to get one was to list the person responsible for billing, technology or administration.
Although the request needs to be printed with an official letterhead, forging one appears to be simple enough.
The new preventative measure should make it harder for cyber-criminals to use .gov domains for nefarious purposes.
It is scheduled to go live in a matter of days.
Once it does, ID verification will be a necessary part of the process.
Furthermore, all authorisation letters will be required to bear notarised signatures.
According to the US General Services Administration (GSA), this should help to keep mail and wire fraud at bay.
It is still unknown whether the GSA will be putting additional safeguards in place.
Although the agency claims to have already implemented more fraud prevention controls, it is yet to elaborate on what precisely these may be.
Either way, the question remains: if someone is willing to go through the trouble of faking a letterhead and someone’s signature, why would they not be willing to fake the notarisation on top of that?
Consultant and domain name expert John Levine sees this as a good start, but he does believe that there is more that the GSA could do.
It is not entirely clear how big of a risk it is to register a fake .gov domain name – in the end, the additional measure could very well be enough.
The Cybersecurity and Infrastructure Security Agency, for one, holds the opinion that more should be done.
In fact, it wants to attain control of the process by taking it from the GSA.