SIDN analyses

Watch the video series SIDN analyses!

In our video series SIDN Analyses .nl, we take a closer look at popular .nl websites. What makes them successful? What sets them apart from the competition? Watch SIDN Analyses Belsimpel.

Tip Choose a good domain name

  • Short and easy to remember
  • Use your company name
  • Avoid confusion
  • Don't use hyphens
  • Choose your extension carefully

Read more tips and info about choosing a good domain name and website

Tip Increase security awareness

Password security

  • Use a complex password with at least ten characters, or use a passphrase: a sentence plus numbers and special characters
  • Don't use one password for everything
  • Use two-factor authentication if possible

E-mail security

  • Train your staff to recognise phishing mail, so that they don't use dodgy links or open dodgy attachments
  • Always look to see whether a message's sender matches the contents
  • Avoid clicking on links wherever possible: if you want to visit the linked page, don't click, but copy and paste the link into your browser

See more tips on increasing security awareness

Tip Use modern internet standards

  • IPv6
  • SPF
  • DKIM


Ever heard anyone say that the internet could run out of space? That's no surprise. With the old version of the Internet Protocol (IPv4), only about four billion addresses can be created. And there aren't many left. Fortunately, there's a new version of the protocol: IPv6. With IPv6, an almost infinite number of unique internet addresses are possible. On, you can check whether a registrar supports IPv6. More on IPv6 on


The Domain Name System (DNS) is a system for translating IP addresses into domain names. The translation work is done by name servers. Unfortunately, crooks can interfere with the process. They can put about incorrect translations, which result in people who want to visit your site ending up on fakes. Or get your e-mail diverted to another mailbox. DNSSEC helps to prevent that kind of thing. On, you can check whether a registrar supports DNSSEC. More about DNSSEC on


DKIM is a security standard that links e-mail messages to domain names using digital signatures. The recipient can then check which domain name the e-mail is associated with, and therefore which organisation is responsible for sending it. More about DKIM on


DMARC makes it possible to define a policy on what an e-mail service provider should do with messages that can't be verified as coming from the domain they claim to come from. It's then harder for imposters to send messages as if they come from another organisation's e-mail domain. DMARC can therefore be used to reduce the risk of a domain name being abused for fraudulent e-mail. With DMARC, it's also less likely that legitimate e-mail is mistaken for spam by mail service providers. More about DMARC on


SPF is a system for checking whether the mail server trying to send mail from a given domain is actually authorised to do so. As such, it provides a technical mechanism for detecting sender address falsification. With SPF, a receiving system can tell whether a message comes from an authorised server. Using the DNS, the receiving system looks up the domain name in the 'from' address of an incoming message to see whether the sending mail server's IP address is authorised to send from the domain in question. If the sending mail server isn't in the published list of authorised servers, (the 'SPF records'), the mail is treated as unauthenticated. More about SPF on


STARTTLS and DANE are used together to prevent the interception or manipulation of mail traffic. STARTTLS makes it possible to secure the connections between mail servers using TLS certificates. The complementary DANE standard enables mail servers to insist on the use of TLS. More about STARTTLS and DANE on

Tip Is your site up to date? Test it on

Check your domain on

Tip Use security certificates


Most people know that HTTPS (with the 's' and the lock) is secure, because it involves encrypted connections. But when you type '' into your browser, it'll try plain old HTTP before anything else. So firms tend to set up a redirect from the HTTP address to the corresponding HTTPS address. However, that means there's an insecure step before a secure connection is established. An HSTS header tells the visitor's browser that all your web pages use HTTPS, so that the browser goes straight to HTTPS. As a user, it's best to always type 'https://' before a domain name (e.g. ''). Then you'll go straight to the secure site. Your registrar can advise on the use of HSTS for your domain name.


Transport Layer Security, or TLS for short, is better known as SSL or certificates. It's the protocol indicated by the familiar green lock in your browser's address bar. With the most comprehensive variant, the browser shows the name of the company that holds the certificate in green letters within the address bar. Users can then be sure whose website they are looking at. Your registrar can tell you about the various options.

Read more about SSL

Tip Follow trends in internet use

Every 2 years, we publish a survey of trends in internet use: How is the way that people use the internet changing? And what are the implications for the use of and demand for domain names? In recent years, we've seen a big increase in public interest in issues such as on-line security and privacy.

Read the full research report Trends in Internet Use

The previous video in this series: SIDN analyses fonQ