This is NOT spam: .us nexus requirements and compliance policy

Most of you know that the usTLD Nexus Requirements Policy requires that a .us domain name registrant must be either:

  • A US citizen or a person resident in the United States of America (Nexus Category 1)
  • A United States entity or organization (Nexus Category 2) , or
  • A foreign entity or organization that has a bona fide presence in the US (Nexus Category 3)

It is a continuing requirement that all usTLD domain name registrants remain in compliance with Nexus. This means that if you don’t fall into one of these categories above, you can’t ask a US citizen to buy a .us domain and then transfer ownership to you.

Neustar, Inc., the registry operator for the .US domain, enforces the nexus requirements and will:

  • Require that Registrars certify that they enforce the Nexus requirement upon their Registrants, and that Registrars require Registrants to certify tha t they meet the Nexus requirement.
  • Conduct a scan of selected registration request information.
  • Conduct “spot checks” on Registrant information.

When you are registering a .us domain, a registrar will collect the name, postal address, e-mail address, voice telephone number, and (where available) fax number of the name holder for the name registered and will also collect the IP address and corresponding names of the primary and secondary name servers for the registered name.

Be sure to submit all and correct information when registering a .us domain name and also pick the Nexus Category that applies to you because in case of a “.US NEXUS COMPLIANCE” review and if you don’t fulfill the nexus requirements your registration will be canceled.

Neustar will actually conduct the “spot checks” mentioned above. This is not some urban legend. Every couple of months or so I will get an email from the Neustar .US Nexus Compliance. Although the wording is not all that good, there is no name of the sender anywhere in the email and the email is send in the middle of the night (in US time), this is not SPAM! And it is not some phishing attempt. Believe me. This is legit. Be sure to check that the email address is actually and also be sure to whitelist this address in your spam filters because it is important. Here is an email I got 2 days ago:

Dear Konstantinos Zournas,

As you may be aware, in November 2001, the United States Department of Commerce (“DOC”) selected Neustar, Inc. (“Neustar”) to be the Administrator of the .US top-level domain (“usTLD”), the official top-level domain for the United States of America. As Administrator of the usTLD, Neustar has agreed to perform random “spot checks” on registrations in the usTLD to endure that they comply with the usTLD Nexus Requirements which can be found at (“Nexus Requirements”).

Our records indicate that you are the registrant of the domain name *************.US (“Domain Name”).

On September 02, 2012, this domain name was selected for Nexus revalidation and confirmation. According to the information you provided with your registration of the Domain Name, you indicated that you qualify under:

Category * – You are a US ************.

As part of our verification process, we ask that you provide to us by no later than ten (10) days after the date set forth above, a written response with supporting documentary evidence to demonstrate how you qualify under the above Nexus category.

To satisfy the Nexus investigation for a Category * registrant, we request that you provide a valid Deed, lease, tax id, utility bill, or any official document with the companies US address listed.

In some instances, we may request additional documentary evidence from you to demonstrate that you meet the Nexus requirements.

You should be aware that if you either (i) do not respond within the ten (10) days, or (ii) are unable to adequately explain or demonstrate through documentary evidence that you meet any of the Nexus Requirements, Neustar may issue a finding that your entity or organization has failed to meet the Nexus Requirements. Upon such a finding, you will then be given a total of ten (10) days to cure the US Nexus deficiency. If you are able to demonstrate within ten (10) days that your entity or organization has remedied such deficiency, you will be allowed to keep the domain name. If, however, you either (i) do not respond within the ten (10) days of such a finding of noncompliance, or (ii) are unable to proffer evidence demonstration compliance with the Nexus Requirements, the domain name registration will be deleted from the registry database without refund, and the domain name will be placed into the list of available domain names.

Thank you for your cooperation in this matter. Please let us know if you have any questions.

Kind Regards,

.US Nexus Compliance
.US America’s Internet Address

Please note that you have 10 days to respond to this email and prove that you are in compliance with the .us Nexus Requirements and another 10 days to cure any US Nexus deficiencies. If you don’t reply within these 20 days (20 days according to the email above or 30 days according to the usTLD Nexus Requirements Policy) your domain name will be deleted without refund, and the domain name will be placed into the list of available domain names through the normal deletion process. Be sure to provide any of the required documents promptly. Any deficiencies in whois details or nexus category will NOT be possible to fix simply by changing whois or the selected nexus category. Upon receipt of the email above the domain name will be placed on a REGISTRY-LOCK. This means that if you have put false or fake information you will not be able to change it after you receive this email. e.g. To transfer ownership to your friend in the US. The domain cannot be modified by the registrant so you will have to prove what’s already there. The name on the whois is the name of the person/company who must be nexus compliant. Once an investigation is started the name is locked and you cannot change anything. You can’t even change your Nexus category, so even if you are a US citizen (Nexus Category 1) but have put Nexus Category 3 by mistake you might lose your domain name. I had a problem with a registrar that had the categories mixed in their database. So when you selected Nexus Category 1 when registering a domain, Nexus Category 2 appeared in Whois. It took my a while to figure out what was going on.

If you reply to the email and fulfill the nexus requirements you will get this email:

Greetings Konstantinos,

Thank you for responding to our inquiry. As a result of our review, we are satisfied that the explanation you have provided meets the Nexus requirements. Thank you for your timely response and understanding of this process.

Kind Regards,

.US Nexus Compliance
.US America’s Internet Address

 After that be sure to check that the REGISTRY-LOCK status has been removed from your domain name. If it hasn’t, and many times it is not removed, just reply to the email asking for the REGISTRY-LOCK status to be removed. If you don’t then you will not be able to change whois details (i.e. sell the domain) or change the nameservers. While in REGISTRY-LOCK status you will able to renew the domain and the domain will resolve but when the time comes that you will want to make changes you will not be able to.

And don’t think for a moment that these “spot checks” are very rare and will not happen to you. The story about is pretty famous. The domain has been deleted 2 times due to a nexus compliance deficiency. The domain was sold by an American to a European company for $75,000 at Afternic in 2007. It was later deleted by Neustar, only to be caught by Pool and auctioned. The Luxembourg bidder that paid $18,500 at Pool had his domain name deleted again by Neustar. Again due to a nexus compliance deficiency. It was later caught by and auctioned once again. It is now owned by a US company.

If anyone from outside the U.S is interested in registering .US names or has already registered some, I would suggest you to form a US company, rather than give false or fake information during a .US registration process.


About Konstantinos Zournas

I studied Computer Engineering and Computer Science in London, UK and I am now living in Athens, Greece. I went online in 1995, started coding in 1996 and began buying domain names and creating websites in 2000. I started the blog in 2012.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.