Our previous articles on Cloudflare have highlighted how the company's global infrastructure can, paradoxically, protect cybercriminals and how Cloudflare's own processes fall short when it comes to dealing with abuse. We have seen that Cloudflare's free platforms for pages and scripts are widely used for phishing and spreading malware, and that abuse reports are often met with automatic rejections instead of swift action. Critics have pointed to a ‘blind spot’ at Cloudflare: that the company's enormous reach and business model sometimes outweigh proactive security.

Cloudflare sits behind one in five websites, promising speed, and security. But the same infrastructure now hides an industrial scale phishing economy. For six (6) months we tracked more than +600 fake tiquetesbaratos.com fraud domains - multiple hosted on pages.dev or workers.dev and fraud domains levering the Cloudflare reverse-proxy DNS services. Abuse reports met the same copy paste dismissal: “Unable to confirm phishing.” This article investigates why Cloudflare’s processes fail, how that failure fuels criminals, and what lawmakers must do next.

What is new since Excedo’s October 2024 primer on KYC for domain name registrants? Why Article 28 still matters.

The NIS2 Directive places new requirements on domain name registrars to get accurate information on registrants in order to minimise the anonymity that enables cybercrime.

The requirements of the NIS2 Directive are extensive and address many different aspects of digital security, including email security. For organizations to meet the email security standards set by NIS2, they need a correctly configured DMARC policy.

The NIS2 Directive will raise digital security levels across the EU. Although its jurisdiction spans across borders, individual countries have a say in how the requirements will be implemented locally and if they want to go above and beyond the security baseline set by NIS2.