Combat phishing and malware

We're dedicated to fighting malware and phishing in the .nl zone. That's why we've started ('abuse to zero for .nl'). is a programme through which we work with registrars to make .nl domain names as unattractive to criminals as we possibly can.

What are malware and phishing?

  • Malware is harmful software. It includes programs that record what you type or hijack your computer for use in cyberattacks. Criminals often spread malware by 'planting' it on other people's websites without permission.

  • Phishing typically involves sending an e-mail with a link to a website. So you might get a message that says, 'Use this link to confirm that you want to continue using internet banking.' But, if you click the link, you land on a fake site that looks just like your bank's website. You're then asked to enter sensitive information, such as your account log-in or your PIN. Phishing e-mails used to be easy to spot because they were full of mistakes. But nowadays many are very convincing. Phishing messages are also sent by text, WhatsApp and social media.

If problems are spotted on your site, you''ll get an e-mail

The e-mail will come from Netcraft, our partner in Netcraft specialises in detecting malware and phishing. The e-mails are easy to recognise: they always have '[]' in the subject line.

What to do if you get an e-mail form Netcraft

Please contact your registrar (hosting service provider), who can help you get rid of infected files. Your registrar can also advise you on preventing anything similar happening again.

If no one tackles the problem, we'll disable your domain name

If the issue that Netcraft e-mails you about isn't dealt with quickly, we may have to intervene. In that case, we'll change your domain name's name servers. Then people won't be able to reach your site, so internet users won't be at risk.

The earliest we'll act is 90 hours after our final warning to everyone associated with the registration.

NB: We intervene only in exceptional cases. And we take a very careful approach to abuse prevention. We'll intervene only after Netcraft has sent multiple messages to the abuse reporting address or the other contact addresses we have for the registrant, the hoster and the registrar, asking for action to be taken. Where possible, we follow up those messages with phone calls or e-mails of our own. And, before we actually take the name off line, we check via another source whether the malware or the phishing content is still live. We also check that disabling the website isn't going to have any disproportionate negative impact.

Disclaimer We are committed to minimising abuse in the .nl zone. And we take a very careful approach to abuse prevention. Nevertheless, because the abuse detection process is largely automated, errors do occasionally occur in the identification of abusive websites. If you've received a report that you think is mistaken, please contact

Frequently Asked Questions

Contact the firm that manages your website. They'll be able to help you find and remove the infected files. It's very important that all infected files are removed. See Google webmaster tools for help and advice about removing phishing files and malware.

You should also change all the passwords for your hosting account, so that the criminals can't use them to hack your site again. Make sure that you're using the latest, fully updated version of your CMS.

After discovering an infected website, Netcraft sends e-mails to everyone connected with the registration. The e-mails are sent at intervals of eighteen hours, until 90 hours after the detection.

Meanwhile, we send e-mails of our own to you (the registrant), the hoster and the registrar. After 90 hours, we check via another source whether the malware or phishing content is still live. We also check that disabling the website isn't going to have any disproportionate negative impact. If no one responds to the e-mails and the second source confirms that the infection is still present, we delink the name servers from the domain name. That effectively makes the domain name and therefore the website unreachable. Once the domain name has been disabled, we'll let your registrar know by e-mail.

Netcraft scans .nl websites for phishing content, web-inject malware and illegal web shells.

By default, all e-mails that Netcraft sends for us are written in both Dutch and English. They are also sent in the language of the country where more than six abuse sites have been hosted in the last six months.

Zorg dat de software die je voor site gebuikt up-to-date en goed beveiligd is:

  • Gebruik een goed wachtwoord.

  • Gebruik virusscanners en andere beveiligingsmiddelen.

  • Vraag je webdesigner of beheerder om hulp.

First, go to the registrar for the domain name. You can see who that is by looking up the domain name in the Whois – the search bar on the homepage at

You can also report your suspicions to, and we'll follow it up.

  • Tuesday 11 December 2018

    .nl domain name

    Get the best domain name for your business: use the SIDN checklist!


    Need a domain name that'll win you customers. Use our checklist!

    Read more
  • Thursday 28 November 2019

    .nl domain name

    Will .nl pass the six million marker?


    Business websites driving growth

    Read more
  • Tuesday 16 July 2019

    Internet security

    Travel organisations are the summer's preferred phishing target

    Phishing 520x520

    The holiday season has started

    Read more


Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.