Skip to main content

Is auda.org.au a Scam? Security Check Results - .au Domain Administration (auDA) Reviews

auda.org.au favicon

Is auda.org.au Safe? Security Analysis for .au Domain Administration (auDA)

https://auda.org.au

Check if auda.org.au is a scam or legitimate. Free security scan and reviews.

GovernmentAustraliamedium
GatsbyReactJavaScriptCSS
Analyzed 9/7/2025Completed 6:48:48 AM
77
Security Score
LOW RISK

AI Summary

The .au Domain Administration (auDA) is the official Australian not-for-profit organization responsible for managing and administering the .au country code top-level domain (ccTLD). It serves as the authoritative body for domain name policy, registrar accreditation, and stakeholder engagement within the Australian internet namespace. The organization holds a strong market position as the sole administrator of the .au domain, providing essential services to registrants, registrars, and the broader Australian internet community. Technically, the auDA website is built using modern web technologies including Gatsby and React, leveraging static site generation for fast performance and excellent mobile optimization. The site demonstrates good SEO practices, accessibility, and a professional design consistent with its government and non-profit status. Security is robust with HTTPS enforced and multiple security headers implemented, reflecting a mature security posture. While the website lacks explicit published incident response or vulnerability disclosure policies, it maintains comprehensive privacy and cookie policies aligned with GDPR compliance. Contact information including official emails, phone numbers, and physical address are clearly presented, enhancing business credibility. No advertising or affiliate marketing is present, focusing the site on informational and governance functions. Overall, auDA exhibits a high level of trustworthiness, technical maturity, and compliance appropriate for its critical role in Australian internet governance. Strategic recommendations include publishing explicit security incident response and vulnerability disclosure information to further enhance transparency and security readiness.

Detected Technologies

GatsbyReactJavaScriptCSS

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

auDA operates as a non-profit entity managing the .au domain namespace, positioning itself as a key governance body in the Australian internet ecosystem. Its business model centers on policy administration, registrar accreditation, and stakeholder engagement rather than commercial revenue generation. The organization targets domain registrants, registrars, government bodies, and internet users in Australia. Its competitive advantage lies in its exclusive authority over the .au domain and its established trust within the Australian internet community. The website content and structure support clear communication of policies, services, and governance initiatives. Partnerships with registrars and technology providers are implied but not explicitly detailed on the site. Growth indicators include ongoing policy consultations and domain namespace expansions. The organization maintains a professional and authoritative online presence consistent with its governance role.

Extracted Contact Information

Marketing Intelligence Data

Email Addresses (1)

i*****@auda.org.au

Phone Numbers (1)

+6129273****

Physical Addresses (1)

Level 11, 99 Walker Street, North Sydney NSW 2060, Australia

Security Posture Analysis

Comprehensive Security Assessment

The security posture of auDA's website is strong, with HTTPS enforced and a comprehensive set of security headers including Content-Security-Policy, Strict-Transport-Security, X-Content-Type-Options, and others. No exposed sensitive data or vulnerable libraries were detected in the analyzed content. Forms appear secure with no visible injection or data leakage risks. However, the absence of publicly available incident response or vulnerability disclosure policies represents a compliance gap. There is no security.txt file or dedicated security contact information visible, which could hinder coordinated vulnerability reporting. Privacy policies are comprehensive and GDPR compliant, indicating good data protection practices. Overall, the site reflects a mature security culture but would benefit from enhanced transparency around incident handling and vulnerability management.

Strategic Recommendations

Priority Actions for Security Improvement

1

Publish a dedicated incident response policy and contact information to improve security transparency.

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

.au Domain Administration (auDA)

Description:

Australian not-for-profit organisation responsible for administering the .au domain.

Key Services:
Domain name administrationPolicy development for .au domainRegistrar accreditationStakeholder engagement
Content Quality:

excellent

Branding:

consistent

Technical Stack

Technologies:
GatsbyReactJavaScriptCSS
Frameworks:
Gatsby
Performance:

fast

Mobile:

excellent

Accessibility:

good

SEO:

good

Security Assessment

Security Score:
90/100
Best Practices:
  • HTTPS enforced
  • Modern security headers implemented
  • No exposed sensitive data detected
  • Secure forms with no visible vulnerabilities

Analytics & Tracking

Services:
Google Analytics
Tracking Level:moderate
Privacy Compliance:good

Advertising & Marketing

Transparency Level:poor

Website Quality Assessment

Design Quality:excellent
User Experience:excellent
Content Relevance:excellent
Navigation Clarity:excellent
Professionalism:excellent
Trustworthiness:high

Key Observations

1

Website is fully accessible with no blocking or WAF challenges.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

75/100
Score

Weak Strict-Transport-Security configuration

LOW

Current value: "max-age=15552000; includeSubDomains; preload"

Weak Referrer-Policy configuration

LOW

Current value: "same-origin, no-referrer-when-downgrade"

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

58/100
Score

No Cookie Policy found

HIGH

GDPR requires clear information about cookie usage

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

Privacy policy may not be GDPR compliant

MEDIUM

Privacy policy lacks explicit GDPR compliance elements

GDPR Compliance Analysis

Privacy Policy85% confidence
Cookie Policy0% confidence
Contact Information Found90% confidence
phone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

25/100
Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

85/100
Score

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security
SPF Details
Record:
v=spf1 ip4:203.202.88.211 ip4:203.29.5.145 ip4:203.29.5.156 ip4:210.9.145.82 ip4:58.65.248.12 ip6:2407:6e00:2:205:a4a8:512c:241d:d506 include:spf.protection.outlook.com include:_spf.salesforce.com include:aspmx.pardot.com -all
DNS Lookups:3/10
Policy:-all
DKIM Selectors Found
Selector:selector2(1296-bit rsa)
DMARC Details
Policy:reject
Aggregate Reports:6fbj8nm1@ag.dmarcian-ap.com
Forensic Reports:6fbj8nm1@fr.ap.dmarcian.com

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

100/100
Score

Partial SSL/TLS Assessment

LOW

Completed 2 of 4 security checks due to time constraints

Certificate Details

Subject:auda.org.au
Issuer:Sectigo RSA Extended Validation Secure Server CA
Valid Until:12/27/2025 (111 days)
SANs:auda.org.au, www.auda.org.au

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

85/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

Domain Registration Details

Protection Level
strongDNSSEC OFF

DNS Records

A Records:104.17.238.107, 104.17.237.107
AAAA Records:2606:4700::6811:ee6b, 2606:4700::6811:ed6b
Name Servers:
ingrid.ns.cloudflare.com
karl.ns.cloudflare.com
MX Records:
0: auda-org-au.mail.protection.outlook.com
SOA:Serial: 2382600391, TTL: 1800s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:284ms

SPF Analysis

SPF Record:
v=spf1 ip4:203.202.88.211 ip4:203.29.5.145 ip4:203.29.5.156 ip4:210.9.145.82 ip4:58.65.248.12 ip6:2407:6e00:2:205:a4a8:512c:241d:d506 include:spf.protection.outlook.com include:_spf.salesforce.com include:aspmx.pardot.com -all

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100
Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website is built on Gatsby, a modern React-based static site generator, ensuring fast load times and excellent mobile responsiveness. The use of modern CSS and JavaScript frameworks supports a professional and accessible user experience. SEO is well implemented with appropriate meta tags and Open Graph data. The site is hosted on a secure HTTPS platform with strong security headers. No legacy or vulnerable technologies were detected. The static nature of the site reduces attack surface and technical debt. Opportunities exist to further modernize by integrating automated security monitoring and publishing security-related documentation. Overall, the technical infrastructure is robust and well-suited to the organization's governance role.
Analyze Another Website