TEL: +44 (0) 20 7421 8250   EMAIL:

New gTLD Updates | .CREDITUNION & .HEALTH Launch Schedules, .BANK & .INSURANCE Security Requirements Update, Donuts DPML Plus Extended and more

Written by: 
Kirsty Holmes
3 May 2017


Registry operator CUNA Performance Resources, LLC has announced the launch schedule for its new restricted TLD, .CREDITUNION, as follows:

Sunrise opens

Sunrise closes

Sunrise Type

General Availability

(16:00 UTC)

(16:00 UTC)

Start Date Sunrise
(first-come, first-served)

(16:00 UTC)

During the Sunrise Phase, trade mark rights holders meeting the Eligibility Requirements below may register their domain names on a first-come, first-served basis, provided that the term applied for is in the Trademark Clearinghouse.
Under General Availability, domains will be available to all those meeting the Eligibility Requirements on a first-come, first-served basis.

Eligibility Requirements
In order to register, renew, or accept the transfer of a .CREDITUNION domain name, you must be a legal entity with a bona-fide nexus to the .CREDITUNION sector.  That is, you must be able to reasonably demonstrate a link or an interest to the relevant sector at the time of registration and throughout the duration of the .CREDITUNION domain registration.
Registrations under the .CREDITUNION TLD are limited to bona-fide members of the relevant sector, which are anticipated to include Natural-person Credit Unions legally domiciled in the United States.
Registrants may occasionally be required to state or reaffirm their intended use of a registered domain name and a domain holder’s nexus may be verified at any time by the registry, including post-registration validation (the registry may retain a portion or the entirety of any registration fees, for applications not meeting the eligibility requirements).
Name Selection Criteria
Domains must reflect your company name or trademark/brand, or derivative thereof, related to the relevant sector.
The use of proxy/privacy registration services is not permitted.
Registry operator DotHealth, LLC has announced the launch schedule for its new semi-restricted TLD, .HEALTH, which relates to brands, organisations and people who provide high-quality health products, services and/or information, as follows:

Sunrise opens

Sunrise closes

Sunrise Type

Limited Registration Period opens (Industry Access Period)

Limited Registration Period closes (Industry Access Period)

General Availability

(15:00 UTC)

(15:00 UTC)

End Date Sunrise
(not first-come, first-served)

(15:00 UTC)

(15:00 UTC)

(15:00 UTC)

A Qualified Launch Program for ‘HealthSetters’ (existing members of the health and wellness industry) is also running until 7 July, wherein the registry may allocate up to 100 domains for the purpose of promoting the TLD and to provide participants the opportunity to register domains that further the goal of the HealthSetter Program.
During the Sunrise Phase, trade mark rights holders may register their domain names, provided that the term applied for is in the Trademark Clearinghouse, with multiple applications for the same domain resulting in an auction.  The corresponding trademark registration must have been issued and in full force and effect on or before 1 September 2016.

During the Limited Registration Period (Industry Access Period), any person or entity with a bona fide connection to the health and wellness industry, that is, health-related brands, organisations and individuals, may apply for domains.  The registry will issue registration tokens to those prospective registrants that qualify for participation in this phase, enabling them to register domains on a first-come, first-served basis.  All registrations are subject to Trademark Claims.
Under General Availability, domains will be available to all (there is no requirement to be in the health industry) on a first-come, first-served basis.
Key Registration and Usage Requirements
Please note that, whilst the TLD is open to the general public (other than eligibility requirements for the QLP, Sunrise and LRP phases), the registry requires the following for all .HEALTH domains and the .HEALTH terms of service strongly recommend that only content related to health and wellness should be hosted on a .HEALTH domain:

  • Privacy/proxy registrations are permitted except for online pharmacies.
  • All live sites, other than those that are parked, must use an SSL certificate.
  • Any online pharmacy site selling prescription drugs online must be certified by Legitscript.
  • Sites providing clinical data must cite their sources.
  • All sites must provide at least one contact method.

IDNs are not currently permitted.
Available Registration Terms: 1-10 years
Privacy and Proxy Registration Services are permitted for use with domains except for those used to conduct or facilitate the conduct of any commercial transaction for healthcare-related products or services, including, without limitation pharmaceuticals, supplements and/or telemedicine.  This restriction includes use of a domain name to market or promote health transactions or the availability of health transactions that are conducted on a website located on a different domain name.
Compliance with Applicable Laws
All registrants must comply with all Applicable Laws at all times, including by ensuring that prospective customers located in a jurisdiction that prohibits the marketing or provision of a particular product or service to persons or entities located therein are not able to obtain such product or service from or through registrant’s website.  In addition, with respect to any website that facilitates the practice of medicine, the conduct or promotion of health transactions and/or any other regulated health care activity, all medical, pharmaceutical and/or other health care providers or practitioners participating in such activities must be licensed and in good standing under and otherwise compliant with all Applicable Laws, including, without limitation, those of any jurisdiction where any patient or other user or consumer of such activities may be located.
Personal Health Information
In addition, all websites that handle Personal Health Information must adhere to the following minimum standards:

  • All such Personal Health Information must be encrypted while being handled.
  • All stored Personal Health Information must be backed up on a regular basis.
  • Access to all Personal Health Information must be limited to authorised personnel.
  • Personal Health Information may not be altered or tampered with.
  • Personal Health Information that is no longer needed must be disposed of permanently.

Communication Security
SSL certificates are required of all registrants:
All websites with active content (whether or not facilitating a commercial transaction) must employ either Secure Sockets Layer or Transport Layer Security technology.  Websites that are limited to “under construction”, “coming soon”, or other static landing or “parked” pages are exempt from this requirement.
Transparency and Prohibited Practices

  • The following must be published clearly and accurately on the website in an area visible to all visitors: the owner of such website and either an email address, telephone number or postal address for contacting the owner.
  • If any website displays paid advertisements or other paid content, such website must clearly distinguish such paid advertising or content from editorial content.
  • All websites displaying, distributing, publishing, transmitting or otherwise disseminating clinical data must cite the source and date thereof in a manner that affords the readers or other consumers of such information a reasonable opportunity to identify the same when reading or otherwise consuming such information.

Requirements Relating to Specific Healthcare Activity Types
Subject to compliance with Applicable Laws, domain names may be used for the promotion, marketing, sale and/or other provision of dietary supplements, provided, however, that use of any domain name for the promotion, marketing, sale and/or other provision of any supplement or other product containing illegal pharmaceuticals, toxins, controlled substances, or other problematic ingredients as determined by the TLD Abuse Monitor in its reasonable discretion, is strictly prohibited.
Designer Drugs and Psychoactive Products:
No domain name may be used to promote, market, sell and/or otherwise provide any “designer” drug or other psychoactive product, including, without limitation, controlled substances under Applicable Law and products marketed or commonly used for the purpose of causing the user to experience a psychoactive effect.
Subject to compliance with Applicable Laws domain names may be used for the marketing, promotion, sale and/or other provision of telemedicine or telehealth services, provided that all persons providing such services on or through any website are properly licensed in each jurisdiction from which they may provide such services and each jurisdiction in which any patient or other person using or receiving such services is located.
Online Pharmacies:
Domain names may not be used for an online pharmacy unless the applicable registrant obtains and maintains an Internet Pharmacy Certification from LegitScript LLC, an Oregon limited liability company, for such online pharmacy.  In addition to such certification, the following terms apply:
(i) Licensure, Registration and Good Standing: Domain names may be used for Certified Online Pharmacies only to the extent they are licensed, registered, and in good standing to operate a pharmacy, or otherwise engage in the practice of pharmacy, in all jurisdictions where such licensure, registration and good standing status is required by Applicable Law, including, without limitation, all jurisdictions from which any medication is distributed or dispensed and all jurisdictions to which any medication is offered to be delivered.
(ii) Prescription Requirements: Domain names may not be used to facilitate the distribution, dispensing, sale or other provision of (A) medications for which a prescription issued based on a prior in-person examination is required by Applicable Law, or (B) drugs that have not been approved for medical use or sale to the general public pursuant to Applicable Law, including, without limitation, falsified medications and counterfeit drugs.
(iii) Registrant Responsibility: Each registrant is solely responsible for discovering, reviewing, understanding and complying with all Applicable Laws, including, without limitation, those relating to licensure, drug safety, and supply-chains.  Some potentially relevant United States laws include the Federal Food, Drug, and Cosmetic Act and the Federal Controlled Substances Act.

.BANK and .INSURANCE - Use Restriction and Security Requirements Update
Registry operator fTLD Registry Services, LLC has revised its use restriction applicable to Service Providers, that removes the prohibition on using a .BANK/.INSURANCE domain for marketing purposes.
Furthermore, domain holders should also take note of some modifications to the Security Requirements for .BANK/.INSURANCE domains as follows (these relate to Requirements #27, 23, 25, 29 and 30 and there is a key date of 1 January 2018 for compliance for #23 DNSSEC):
Note: .BANK/.INSURANCE domains are referred to as “in-zone” and any other domain name is “out-of-zone”.
1. Requirement #27 is modified to specify that DNS Resource Records (eg CNAME, DNAME, MX) may be used to alias to out-of-zone domains and are subject to requirement #23, DNSSEC, by January 1, 2018, and requirements #25 and #29 (ie, TLS encryption at the relevant version).
2. Requirement #29 is modified to differentiate Transport Layer Security (TLS) services to include: web connections, server-to-server email and other services (eg FTP, POP3, iMAP) as follows (and defined in requirement #29):
a. Web connections: TLS v1.1 or greater should be maintained.  TLS v1.0 may be used to serve educational information about the importance of browser hygiene and provide guidance about how to update a browser.  Registrants should communicate to customers/visitors to their websites a specific date when access to their websites using TLS v1.0 will no longer be possible.
b. Server-to-Server Email: For domains sending or receiving email, TLS v1.1 or greater must be offered at the highest priority.  However, when exchanging mail with out-of-zone domains earlier versions of TLS/SSL are permitted, including, as the lowest priority, defaulting to unencrypted email when it is not possible to provide encryption.
c. Other services: TLS v1.1 or greater should be used but TLS v1.0 does not need to be disabled at this time.
A public key certificate must be used to meet this requirement.
3. Requirement #30 is modified to specify that redirection to out-of-zone domains must be made from the HTTPS version of an in-zone domain.  Out-of-zone domains operated by third-party providers are not subject to compliance with the Requirements.
4. Annex A (Authorizations for Defined Services Deployed on Non-.BANK or Non-.INSURANCE Domains) has been eliminated based on the following:
a. Hosted Email Solutions: As fTLD requires DMARC and SPF and/or DKIM for in-zone domains, registrants have control over who sends email on their behalf either directly as with an email marketing service provider or indirectly such as with Google and Outlook 365 whose platforms provide email services for their customers.
b. Content Delivery Networks: As CDN services are generally deployed using a CNAME, the modification noted above in #1 applies to them.
c. Security and Fraud Services: As these services are generally deployed in a manner that does not impact the customer’s experience accessing a registrant’s website, there is no basis for requiring compliance with the Requirements by out-of-zone domains.
d. Aliasing to Legacy Domains: This is covered above in #1.
The full updated Security Requirements can be found at:
Donuts Registry - DPML Plus Availability extended to 31 May
Donuts registry has announced that it has, once again, extended the availability of its DPML Plus product until 31 May 2017.

.MARKETS and .TRADING - Release of 3-character Premium Domains
Registry operator Boston Ivy has announced the release of more than 35,000 3-character premium names for its .MARKETS and .TRADING TLDs on a first-come, first-served basis.
The registry is also dropping its premium renewal fees for .BROKER, .FOREX, .MARKETS and .TRADING to standard renewal pricing.  This change in renewal pricing will only affect domain names that have not yet been registered and premium names already registered will maintain their current premium renewal pricing, however, the registry is open to renegotiating these renewals.
.TEL - Tiered Premium Domain Pricing from June
The .TEL registry, Telnic Ltd., has announced that it will support tiered pricing options as of 21 June 2017 (00:00 UTC).  Premium domains will have premium registration prices, however will renew and transfer at the standard rate.
New gTLDs Delegated
Two more new gTLDs have recently been delegated:  .RUGBY, to registry operator World Rugby Strategic Developments Limited and .HOTELS, to B.V., on 7 April 2017.
New gTLDs Currently Running - .ONLINE
Radix Registry has announced that the recent sale of the domain name CASINO.ONLINE to an anonymous buyer for USD 201,250 is the highest reported price paid to date for a new gTLD registration.  The registry made the sale via Sedo.
.ONLINE was launched in August 2015 and there are currently 729,998 registered domains under the TLD.  .ONLINE ranks in eighth position in the Top 30 new gTLDs, with .XYZ in first position with 6,013,896 registered domains.
There are now 27,961,033 registered new gTLDs to date (Source:
Should you wish to place an order, or for further information, please contact your Client Manager or