Combat phishing and malware

We're dedicated to fighting malware and phishing in the .nl zone. That's why we've started ('abuse to zero for .nl'). is a programme through which we work with registrars to make .nl domain names as unattractive to criminals as we possibly can.

What are malware and phishing?

  • Malware is harmful software. It includes programs that record what you type or hijack your computer for use in cyberattacks. Criminals often spread malware by 'planting' it on other people's websites without permission.

  • Phishing typically involves sending an e-mail with a link to a website. So you might get a message that says, 'Use this link to confirm that you want to continue using internet banking.' But, if you click the link, you land on a fake site that looks just like your bank's website. You're then asked to enter sensitive information, such as your account log-in or your PIN. Phishing e-mails used to be easy to spot because they were full of mistakes. But nowadays many are very convincing. Phishing messages are also sent by text, WhatsApp and social media.

If problems are spotted on your site, you''ll get an e-mail

The e-mail will come from Netcraft, our partner in Netcraft specialises in detecting malware and phishing. The e-mails are easy to recognise: they always have '[]' in the subject line.

What to do if you get an e-mail form Netcraft

Please contact your registrar (hosting service provider), who can help you get rid of infected files. Your registrar can also advise you on preventing anything similar happening again.

If no one tackles the problem, we'll disable your domain name

If the issue that Netcraft e-mails you about isn't dealt with quickly, we may have to intervene. In that case, we'll change your domain name's name servers. Then people won't be able to reach your site, so internet users won't be at risk.

The earliest we'll act is 90 hours after our final warning to everyone associated with the registration.

NB: We intervene only in exceptional cases. And we take a very careful approach to abuse prevention. We'll intervene only after Netcraft has sent multiple messages to the abuse reporting address or the other contact addresses we have for the registrant, the hoster and the registrar, asking for action to be taken. Where possible, we follow up those messages with phone calls or e-mails of our own. And, before we actually take the name off line, we check via another source whether the malware or the phishing content is still live. We also check that disabling the website isn't going to have any disproportionate negative impact.

Disclaimer We are committed to minimising abuse in the .nl zone. And we take a very careful approach to abuse prevention. Nevertheless, because the abuse detection process is largely automated, errors do occasionally occur in the identification of abusive websites. If you've received a report that you think is mistaken, please contact

Frequently Asked Questions

Contact the firm that manages your website. They'll be able to help you find and remove the infected files. It's very important that all infected files are removed. See Google webmaster tools for help and advice about removing phishing files and malware.

You should also change all the passwords for your hosting account, so that the criminals can't use them to hack your site again. Make sure that you're using the latest, fully updated version of your CMS.

After discovering an infected website, Netcraft sends e-mails to everyone connected with the registration. The e-mails are sent at intervals of eighteen hours, until 90 hours after the detection.

Meanwhile, we send e-mails of our own to you (the registrant), the hoster and the registrar. After 90 hours, we check via another source whether the malware or phishing content is still live. We also check that disabling the website isn't going to have any disproportionate negative impact. If no one responds to the e-mails and the second source confirms that the infection is still present, we delink the name servers from the domain name. That effectively makes the domain name and therefore the website unreachable. Once the domain name has been disabled, we'll let your registrar know by e-mail.

Netcraft scans .nl websites for phishing content, web-inject malware and illegal web shells.

By default, all e-mails that Netcraft sends for us are written in both Dutch and English. They are also sent in the language of the country where more than six abuse sites have been hosted in the last six months.

Zorg dat de software die je voor site gebuikt up-to-date en goed beveiligd is:

  • Gebruik een goed wachtwoord.

  • Gebruik virusscanners en andere beveiligingsmiddelen.

  • Vraag je webdesigner of beheerder om hulp.

First, go to the registrar for the domain name. You can see who that is by looking up the domain name in the Whois – the search bar on the homepage at

You can also report your suspicions to, and we'll follow it up.

  • Tuesday 26 June 2018

    Internet security

    "People should be able to trust e-mail from their local authority"


    SIDN starts promoting the adoption of internet standards for secure e-mail

    Read more
  • Friday 16 February 2018


    Safer Internet Days comp: win a book about the internet!


    Answer our prize question and win 1 of the 10 internet books!

    Read more
  • Tuesday 3 April 2018

    Internet security

    SSL: now essential for every website and webshop


    Many websites and webshops still have little or no SSL protection

    Read more


Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.