What Is a domain name?

A domain name is an alternative way of addressing a device connected to the Internet. When a device wants to communicate with another device across the Internet it needs to use something called an Internet Protocol (IP) address. There are two different IP address protocols currently in use; the older IP version 4 (IPv4) and the newer IP version 6 (IPv6). Here are a couple of examples of IP addresses:

IPv4 212.104.130.9

IPv6 3cfa:1720:4545:3:200:f8bf:fc11:67cf

The newer IPv6 is meant to be replacing the older IPv4 system but currently the majority of networks still use IPv4.

As you can see, the IP addresses used by machines are not designed to be easily used by humans. Imagine how difficult it would be if a website location had to be accessed only by its IP address. To make the Internet addressing more human friendly the domain name system is used.

How do they work?

You use a domain name when you type an address into the address bar of a web browser or write an email. The device, a computer, smartphone or tablet for example, will send the domain name out to a Domain Name Service (DNS) that has the task of finding the correct IP address for that domain name.

Let’s suppose that I want to see the latest news on the BBC website. I would type www.bbc.co.uk into the address bar of my browser. My device sends this domain name out to a DNS system and the DNS system returns the IP address my device needs to be able to communicate with the BBC’s web servers.

The DNS service looks up bbc.co.uk, the domain name, finds 212.58.233.252, an IPv4 address for the BBC’s web servers, and sends this IP address back to my device. My device will then use that IP address to access the BBC’s website. You may not have realised it but all email addresses also make use of a domain name. The part to the right of the @ character is the domain name for the email address.

The email address horatio.nelson@hmsvictory.com is using hmsvictory.com as its domain name.

How are domain names structured?

The key to understanding domain names, and therefore being able to spot the dangerous ones, is to know how a domain name is structured. To help understand the structure let’s consider a standard UK postal address. Our example postal address is:

14 Highbury Road,
Maldon,
Essex.

We won’t be using the post code used widely in the UK.

To make our address look more like a domain name we need to write it out as a single line:

14 Highbury Road, Maldon, Essex

Domain names cannot use spaces so we need to remove them:

14HighburyRoad,Maldon,Essex

Domain names are case insensitive so the upper case characters are considered to be the same as the lower case equivalent. We can change our address to all lower case characters as it is the correct way to display a domain name:

14highburyroad,maldon,essex

To separate each part of a domain name the full stop character (.), also called a period or full point, is used so we need to replace the commas with full stops (.):

14highburyroad.maldon.essex

Now we have something that looks very much like the domain names used on the Internet.

The full stop (.) is probably the single most important part of any domain name and you should look for them as they clearly show the individual parts that make up the complete name.

The next step is to understand what each part means.

Domain Name Levels.

A domain name is made up of something called a Top Level Domain (TLD) and then sub-domains for each additional level that is required.

The TLD is always the part to the right of the last full stop (.) character. Anything to the left of a (.) cannot be a TLD and will always be a sub-domain.

In the postal address example the TLD will be essex as this is the last set of characters to the right of the last full stop character (.)

Our example address consists of a TLD (essex) and two sub-domains as shown below:



Notice how the full stops (shown in red) split up the domain name into its constituent parts.

Understanding TLD’s.

When domain names were first introduced there were only seven TLD’s. These were

.com Commercial
.edu Education
.gov Government
.int Internet
.mil Military
.net Network
.org Organisation (Charitable or Not for Profit)

Organisations based in the USA started to adopt domain names with one of these seven TLD’s. This explains why American businesses usually have .com as their TLD. It was not intended to signify an international business but simply that the domain name is being used by a commercial organisation. The .org TLD was intended to be used by non-commercial organisations such as charities and other Not for Profit organisations. The .int and .net TLD’s are not widely used.

These seven TLD’s are all registered in the USA.

As Internet use spread to other countries the two character country code was introduced as an alternative TLD. These country codes along with some of the original seven are still the most widely used TLD’s across the Internet.

According to Wikipedia there were 255 country-code top-level domains, purely in the Latin alphabet, using two-character codes in May 2017. You can find the list of them, as well as other TLD’s on the following Wikipedia page:

https://en.wikipedia.org/wiki/List_of_Internet_top-level_domains

For domain names registered in the United Kingdom the two character code (UK) is often used. This makes it unusual as it does not refer to any of the countries that make up the UK.

Some of the interesting Country Codes (CC’s) include:

.ca Canada but also used unofficially by some websites based in California.
.cn People’s Republic of China
.eu European Union
.kp North Korea
.me Montenegro
.mr Mauritania
.no Norway
.ru Russia
.su Soviet Union. Apparently still in use.
.tv Tuvalu
.us United States of America
.va Vatican City

You should be aware that having a TLD that is a country code does NOT indicate that the service connected to the domain name is located in that country. My business domain name is:

montel-its.uk

All this tells you is that the domain name is registered in the UK. The website and email services using that domain name could be located anywhere in the world.

Criminals will frequently register domain names using .com, .eu, .org and many others to give the illusion that it can be trusted because it is in a safe location. In reality the actual web server could be anywhere in the world.

Unfortunately, the introduction of a large number of generic TLD’s has done nothing to help people spot scams. There are more than 1,500 of them although thankfully not many of them are in widespread use.

Examples of these generic TLD’s include:

.actor
.amazon Owned by the Amazon business
.bank
.bible
.car
.catering
.dating
.football
.guru
.hospital
.lifeinsurance
.motorcycles
.pizza
.rich
.sex
.travel
.wedding
.you

One problem with these generic TLD’s is that you cannot tell where the domain name has been registered. Neither is it obvious where the related service may be operating from. If you want to find a local Pizza restaurant the domain name giovannis.pizza doesn’t give you any clue’s as to where the business might be located.

On the other hand giovannis-pizza.co.uk tells you that this business is probably trading in the UK as it has registered a domain name that uses a UK TLD. Search engines have made this less important but there is no doubt that using a country code is still beneficial for the majority of domain names.

You can find a list of generic TLD’s in the Wikipedia article.

There are also new geographic TLD’s that differ from the older 2 character country codes most people are familiar with. These TLD’s, often called Geo TLD’s allow specific geographical areas and locations to have a TLD associated with them. For example Nominet, the organisation responsible for UK domain names, has added .cymru and .wales as TLD’s.

As an example a business based or trading in Wales could have the following domain names:

brynnjones-plymwr.cymru
brynnjones-plumber.wales

There are a growing number of Geo TLD’s including:

.boston
.london
.miami
.tokyo
.vegas

The same rule still applies to the location of any website or other service linked to such a TLD. The actual service could be located anywhere in the world. You should never assume that it is located in the place suggested by its TLD.

What follows a TLD?

Often when you look at a domain name you will see characters following the TLD. Here is an example:

http://www.rob-r.co.uk/other/UKphonecatwiring.htm

The / character at the end of the TLD (.uk) is very important as it indicates that the TLD has finished and now the path to the resource is being displayed. This means that the TLD will have a full stop (.) to its left and may have a (/) to its right.

In the example above the /other/Ukphonecatwiring.htm has nothing to do with the domain name and is just the path to a resource. In this example the resource is a web page.

Interpreting Domain Names.

Whenever you want to see if a domain name looks genuine or fake you should apply the following steps:

Go from right to left.
Look for every full stop (.)
Split the levels up at the full stops.
Ignore anything following the / character.

This will make it far easier for you to see how the domain name has been constructed.

If we do this for the BBC domain name we get:

bbc . co. uk

The TLD is UK. The second level domain is .co so it should be an organisation that is trading as a business. The third level domain is in this case the trading name of that business.

Here are some other domain names that have been made easier to interpret:

nwolb . com
business . hsbc . uk
bank . barclays . co . uk
internetbanking . tsb . co . uk

NatWest have a very short domain name for their online banking service and use only two levels. With both Barclays and TSB we see four levels as each has used the lowest level to describe its use. Hopefully, you can see why looking for the all important full stop character will help you to correctly interpret any domain name.
Putting it into practice.

Take a look at this domain name:

apple.com-bb.eu

Is this a genuine Apple domain name?

To check this domain you need to find each of the sub domains by looking for those important full stop (.) characters.

This domain name has a second level sub-domain of .com-bb and the word apple is actually a third level sub-domain. Split the name into its separate parts and we see the following:

apple . com-bb . eu

So this is most definitely not an apple.com domain even though at a glance it appears to be just that.

Criminals registered this fake Apple domain name and then sent it out to thousands of people in a text message that warned them that their Apple ID had been locked for security reasons. It contained a link to a fake Apple website and the link in the message used the domain name you see above.

The criminals hoped that recipients would look at the apple.com part, assume that it is genuine and click on the link. This would take them to a fake Apple web page that would request the users Apple account credentials. A classic phishing scam that probably did collect many peoples details.

With the knowledge you now have you will be able to spot fake domain names like the one used in the Apple phishing scam text message. That makes it far less likely that you will become a victim of cyber crime.

One more thing.

The best person to keep you safe and secure when using any digital service is you. If you can make the effort to learn some basic skills, like this one, then you are far less likely to become a victim of a cyber crime.

Get into the habit of always looking at the domain names you are using and clicking on. A lot of the scams I look at are easily spotted by the use of suspicious domain names. I have been asked to assist people who have fallen for phishing scams quite a few times. Yet in every case the domain name used by the criminals was obviously not genuine.

If those people had just paid some attention to the domain name and not ignore it because the web page looked genuine then they would not have had their credentials stolen. It really is as simple as that.

For any service you use frequently or any that involve sensitive, confidential or financial data make sure that you know what the correct domain name should be. Doing this makes it very much more difficult for criminals to trick you into going to a fake website or downloading malware.