Northen California Chapter

Has Your Firm Applied for .CPA Yet? If So, Are You Planning to Use It?

Published January 11, 2021 By Erik Asgeirsson, Roman Kepczyk and Bill Reeb
If you are in the 20% of firms your size that have not applied for .CPA, it is important for you to listen to the following video overview from Erik Asgeirsson, Roman Kepczyk and Bill Reeb on why you should register at least your firm’s name prior to January 15th. This video also addresses the top questions being asked by CPA firms.



Let’s unpack that discussion a bit. As Erik, Roman, and Bill discuss, .CPA is different from other top level domains (TLDs). Please consider the following as you walk through your decision-making processes relative to moving to the new .cpa domain:

• is exclusive to the CPA Profession
• provides a great opportunity to obtain a short, memorable domain (branding)
• .cpa is more secure


Exclusivity to the CPA Profession

The first consideration is the exclusivity that .cpa domains brings to the profession. By operating the .cpa TLD as a restricted TLD, where only licensed CPA Firms or individually licensed CPAs can register a domain, we are able to make .cpa an exclusive domain used only by the CPA Profession. There are many benefits to this approach. For example:

“By operating .cpa as a restricted TLD, it prevents cyber squatters and cyber criminals from using a .cpa domain.”

“As a restricted TLD, clients and the public will learn that they can trust a .cpa domain wherever it is used.”

Branding

The second consideration is the branding opportunity. There are two aspects to this, the timing and the availability. TLDs only launch once and .cpa is currently in its second launch phase. This phase, as well as the prior phase, were restricted to licensed firms in the United States. On January 15th that restriction will be removed, and individually licensed CPAs will be able to register domains. Eventually other countries that use the CPA designation will have access to .cpa domains as well.

“Registering now will give you the best opportunity to get the domain you want. Several thousand firms have already registered domains, and some have already fully adopted them as their primary domain website and brand.”

Security

The third consideration is security in that .cpa is more secure. In TLDs that are open and unrestricted it is highly likely that many internationalized domain names (IDNs) will be supported. This enables an attacker to register a domain nearly identical to your own by using that IDN version of a letter in your domain. That domain would then be used to trick your employees or clients into clicking a link that steals their credentials.

“The .cpa TLD does not support IDNs.”

Registry operators in legacy TLDs, such as .com, .net, .org, etc…. are not required to monitor for malicious activity. The new TLDs are all required to monitor for known security threats. It’s important to note that this monitoring is performed on backend internet traffic and not the network traffic of where your domain is used. It is an extra layer of protection to help protect your domain. Firms must continue to follow best practices to secure their infrastructure.

“All domains in the .cpa TLD are monitored by Neustar, its Registry Provider, for malware, botnets, and other security threats.”

Lastly, let’s consider the security of where you register your domain, at the Registrar. Most of us are familiar with some of the more popular Registrars, such as GoDaddy.com, Web.com, Register.com, and others. Since the Registrar is where you control your domain, including which name servers are hosting its DNS, you should be very careful to use a Registrar that has a SOC report available. If your account is compromised at the Registrar, the attacker can easily redirect all of your email or web traffic to servers of their choosing. This is how many recent hacks have been carried out, by compromising DNS or the registrants Registrar account.

“Among other requirements, all Registrars for .cpa are required to provide at least two SOC 2 reports for review. The Registry Operator can reject a Registrar that does not meet this criteria and provide a secure system for its clients.”

Next Steps

The next step is to visit the https://domains.cpa website and search for the domains you would like to acquire. You add them to your cart and then fill out an application form. We will ask you for some information on the form, such as your firm license number and state where licensed, as well as other data that help us verify your identity and the identity of your firm. Once you have submitted the application our team of service agents will begin the task of verifying your data and provisioning your domain. This can take 1-2 days so please be patient. You will receive several email communications once it is approved.

Now that it is approved there are some steps for you to complete to finish the activation process. Visit https://domains.cpa/manage for a walk-through of those steps as well as some videos and other helpful information we have that will help you manage your new domain and setup a website.

Note that if you are purchasing before January 15th, which is when the General Availability phase begins, there are some activation requirements. These are simple requirements that help start you on the path to using your .cpa domain. Please visit our Apply Now page at https://register.domains.cpa/apply-now/# where you will find the link to the requirements.

The larger your firm, the more likely you will have personnel in departments, such as Marketing or IT, that will have a role in implementing your domain. These teams should be engaged early in the process to ensure that they have time to fully understand the benefits of using a .cpa domain and determine how they will approach the process of fulfilling the activation requirements.

Typically, marketing teams will need to understand the website activation requirement and what is required to fulfill it. They will also need to understand SEO best practices when changing domains.

The IT team will be focused on managing the domain registrar account and its DNS, procuring SSL certificates, and connecting the domain to an email system and other IT systems.

We have many FAQ’s, videos, and other material available on https://domains.cpa/faqs and https://domains.cpa/manage to help.