According to Theage.com.au, AusRegistry, the company that operates the .Au registry under agreement from auda.org.au, has launched a new service called .AULockdown that allows domain owners to bar automated changes to their domain at the registrar level.
“Companies with valuable websites can now pay up to $1,000 a year to opt-out of Australia’s automated domain registry system”.
“The lockdown prevents a registrar from using the application protocol interface (API) to AusRegistry’s domain register portal, and allows registrars to automatically update the registry over an authenticated channel.”
“The API is used by 33 accredited Australian domain registrars, such as MelbourneIT, GoDaddy.com and others, to change domain ownership, server information and other contact information for each domain name.
“AusRegistry is selling .AULockdown as a wholesale product to registrars, which will then sell it to domain owners for between $200 and $1,000 a year”, which we presume is in Australian Dollars (AUD)
“Registrars operating locked-down accounts will need to place a verified call with AusRegistry’s service desk and make a verbal request for the lock be lifted before they can make changes to that domain.”
“To bypass the lockdown restrictions, the attacker would need to spoof the number of the registrar, know the registrar’s AusRegistry service desk login and passcode, and have that person’s digital certificate.”