Why CPA firms need to know about restricted top-level web domains

Take a closer look at this growing area of internet naming and what it means for branding and cybersecurity.
By Chris Cromer

New top-level web domains, such as .cpa, are growing in popularity with progressive organizations. Some of the more well-known ones are .ai, .io, and .xyz. If your firm is looking to modernize its digital front door, here’s what you need to know about these new top-level web domains (TLDs) and why you may want to consider using them.

The evolution of TLDs

If you wanted to get a domain prior to 2012, the options were limited to legacy TLDs: .com, .org, or .net. Each of these TLDs had an intended purpose or community to serve, which is why .com (intended for commercial companies, hence the acronym .com) became the most desired and the rest lagged far behind in popularity.

Over the past eight years, more than 1,200 new, highly relevant TLDs have become available to the public through ICANN, the not-for-profit organization that oversees the internet’s naming system. The result is not only a massive increase in availability but also a new wave of innovation around how domains are used.

Take Google: It launched the .new TLD in 2019 where, if a domain now has a special purpose, it must be used for an action. For example, if you enter “doc.new” in your web browser address bar and hit Enter, it will automatically open a new Google Doc for you to begin editing. Blockchain and crypto companies are also using TLDs creatively. .Luxe, .kred, and .xyz are now integrated with the Ethereum Name Service (ENS), a blockchain name system similar to the global domain name system (DNS), to allow crypto wallets to use a domain to store cryptocurrency instead of a complex crypto wallet address.

There are many more creative uses for TLDs and domains that are in development and yet to be launched. It’s safe to say that what was once a boring part of the technology stack is now getting interesting and that tomorrow’s internet is going to be much more complex.

The value of restricted TLDs

While most TLDs allow anyone to register a domain with relative anonymity, registry operators — the organizations, such as the AICPA, that control, administer, and maintain the TLDs — now have the ability to create restricted TLDs for which only those who meet eligibility criteria can register. To get a .cpa domain, for example, applicants must be licensed CPAs or licensed CPA firms. The AICPA was awarded ownership and management of .cpa in 2019 by ICANN. CPA.com, the AICPA’s business and technology arm, administers and manages the .cpa domain.

.cpa launched in September 2020 to licensed firms and earlier this year to individually licensed CPAs. The .cpa domain will be launched globally to select countries later in 2021. To date, more than 6,000 .cpa domains have been registered by thousands of individually licensed CPAs and licensed firms, including 90% of firms in the AICPA Major Firms Group and 80% of the 500 largest firms.

Restricted TLDs such as .cpa allow organizations that represent a profession or community, such as CPAs, realtors, banks, etc. to operate their own exclusive TLD, similar to how the U.S. government runs the .gov TLD.

Restricted TLDs have many advantages. Firstly, they offer organizations the opportunity to obtain shorter, more relevant domains that match their company name, function, or mission. With .cpa, for example, many firms registered domains to promote industry niches, practice areas, and even geographical locations. Domains including dentist.cpa, church.cpa, forensics.cpa, and orlando.cpa were all secured by firms in an effort to differentiate their online identity from the competition.

Restricted TLDs also bring a security upgrade to organizations. The security threat is decreased because cyber-squatters and cybercriminals cannot get lookalike domains in a restricted TLD. Additionally, registry operators can choose whether to allow internationalized domain names (IDNs) and also require some security protocols. For example, with IDNs enabled in a TLD, it’s possible for domains to be registered that use non-English characters that are indistinguishable from their English counterpart, such as the Cyrillic “y” and English “y,” making lookalike domains even easier to exploit. Most see a tremendous security benefit in the elimination of squatters and criminals alone. It’s important to note, however, that the need for proper cybersecurity measures and protocols is not wholly eliminated with restricted TLDs. Those measures are still critically important.

Acceptance of the new TLDs is growing with greater awareness, as is demonstrated by all the .io, .co, and other non-.com domains you see advertised on athlete’s uniforms. Restricted TLDs, such as .cpa and .bank, have brought greater trust, security, and branding for organizations and industries. And innovation is just now taking off to shake things up and change the status quo. Firms should take notice and not lose out on fast-moving opportunities to improve their domain and brand, reduce risks, and take advantage of new technologies.

Chris Cromer is director of operations for CPA.com, the AICPA’s business and technology subsidiary. He is a technology expert with over 25 years of experience in network security, operations, and software application deployment at multiple Silicon Valley companies. Among other responsibilities at CPA.com, he also oversees the product management of .cpa domains.

Webcast with CPE

Join CPA.com’s webcast on Aug. 12 at 2 p.m. ET to learn more about the growing popularity of top-level domains and to hear best practices from firms that have adopted .cpa. 1 free CPE credit offered.


Get your clients ready for tax season

Upon its enactment in March, the American Rescue Plan Act (ARPA) introduced many new tax changes, some of which retroactively affected 2020 returns. Making the right moves now can help you mitigate any surprises heading into 2022.


Black CPA Centennial, 1921–2021

With 2021 marking the 100th anniversary of the first Black licensed CPA in the United States, a yearlong campaign kicked off to recognize the nation’s Black CPAs and encourage greater progress in diversity, inclusion, and equity in the CPA profession.