.POST – Delivering a more secure online experience

The .POST Domain Management Policy outlines measures Posts need to adhere to in order to register and use a .POST domain. In addition, below you can find a number of policies developed by the UPU to improve trust in .POST.

DNSSEC policy

.POST uses the most advanced Internet security. It is the first sponsored top-level domain to be 100% secured by the Domain Name System Security Extensions (DNSSEC), to prevent redirection of .POST Internet traffic to fraudulent sites and unintended addresses. You can trust that a .POST domain is not taking you to a fake postal website.

DNSSEC policy and practice statement for .POST

This document provides organizations with information on the UPU's deployment of DNSSEC in the .POST zone, including policy and controls around the creation; management and protection of the cryptographic keys used to sign the .POST zone.

Secure e-mail server policy

The goal of the policy is to allow .POST to be used for e-mail, while minimizing spam, phishing and other abusive e-mail. This policy outlines the requirements and authentication rules for setting up e-mail servers under .POST domain names. Through compliance with these rules, users will have increased confidence in e-mail with .POST domains.

.POST secure e-mail server policy

This policy provides e-mail server authentication rules for establishing e-mail servers under .POST, using the Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-Based Message Authentication, Reporting and Conformance (DMARC).

These .POST security policies give Internet users confidence that they are communicating with a trusted postal organization.

.POST usage of TLS 1.2 certificate and no redirection policy

Transport Layer Security (TLS) is an open standard for encryption which enables people and applications to communicate in private over the Internet. TLS is the successor to Secure Sockets Layer (SSL) technology, and it provides three essential services to help ensure security on the Internet:
1. Message confidentiality
2. Authentication
3. Message integrity

No redirection of .POST domains should be allowed (to avoid misuse and hijacking). An alternative to redirection is to give the domain the status of a parked domain and remove unnecessary A records on the DNS for the redirection of the domain.