Josu Waliño, CEO of the PuntuEUS Foundation, the registry for .EUS in the Basque Country (Spain) is a very active partner of GCA since 2021, especially around our Domain Trust Project. Puntueus places trust and the security of their users at the core of their daily work and have made a significant contribution to transparency by publishing malicious findings – they undertake daily monitoring enabling cases of malware, phishing, spam, typosquatting, identity theft, and other practices – on their home site. EUS is recognized to be one of the most secure top level domains (TLDs) in the world.
What role can PUNTUEUS play in such a unique digital ecosystem as that of the Basque culture and language?
Nowadays, the digital development of society is crucial and for this our main challenge is to help in this work, having the Basque language as one of the driving forces. With this we want it to form part of each digitization process. The .EUS domain is the main tool for this task since it gives visibility to the community on the Internet, boosting the digital environment through a common brand that identifies us.
You have just completed a whole rebranding process. Could you please walk us through the changes?
Previously, PUNTUEUS had a logo that identified us solely as a project, but it did not convey the essence of who we are: digitalization, diversity, modernity, security, courage…all at the service of the Basque digital community. The goal of the new brand is to convey our values through a whole image line that identifies us, and we believe the new image conveys the essence of what .EUS means.
Trust and security are now central to your image as a registry. Who did you have in mind for that new strategy? Your users? The industry? Both?
Trust in the domain and the security of our community has always been the central axis of our work, but it is true that until now we have not transmitted what we do. We realised we had to focus on the fundamental aspect of trust and security as it is essential both for .EUS and for our users.
We are aware that .EUS has to be a high-quality domain, with the security of our users at the centre. That is why we monitor all .EUS websites on a daily basis in search of abuse cases, and we help users to solve any incident they may have.
We collaborate with the main cybersecurity agencies both in the Basque Country and internationally, and we have just published our cybersecurity observatory where we provide detailed information on the situation in real time. We do all this work focused on the security of our community so they can see how we look after their domains and the high standard of security we stand by.
At the same time, we are also focusing on trust and security as a signal to industry, as we believe that transparency is a key element in promoting cybersecurity on the Internet.We want to show our example so it can help other Top-Level Domains (TLDs). That is why .EUS is recognised to be one of the most secure TLDs in the world.
You are a very active registry, and you are present in many anti-abuse domain forums. What could you say about the current debates inside the domain industry? Are things finally changing?
It’s an interesting time within the industry, especially since there’s a lot of discussion going on around DNS [Domain Name System] abuse and how to address it. Until now, ICANN only asked us for a report showing that we are following up on abuse cases but without implying a real commitment on mitigation. Now the debate has been opened to deepen the role that all agents must play in abuse cases, the type of follow-up that must be carried out, and the mitigation work needed.
We believe it is our duty as a registry to monitor and solve any type of incident, and we try to bring this idea to the debate. We hope that thanks to initiatives such as the DNS Abuse Institute created by PIR [Public Interest Registry], and the involvement of different entities, we can promote active policies to fight against DNS abuse to achieve a safer Internet for all.
Going back to anti-abuse domains, how could our initiative, Domain Trust, and the community you are part of support your work? And GCA as a whole?
GCA’s work through initiatives such as Domain Trust is essential for registries like .EUS to implement cybersecurity policies in collaboration with other agents of the community.
GCA generates a framework through which different agents can learn and collaborate in the development of initiatives that help us improve the security of our domain, as is the case of Domain Trust and its community. Through this project we have better tools for analysing .EUS thanks to the contributions of the entire community. It is this type of initiative that helps us generate security spaces in all the TLDs.
The author, Alejandro Fernández-Cernuda Díaz, is the Director of Engagement of the Internet Integrity Program, where Domain Trust sits. You can connect with Alejandro on LinkedIn.