DNS Belgium has deployed a machine-learning system, dubbed RegCheck, to proactively identify and block potentially fraudulent domain name registrations within the .BE, .vlaanderen, and .brussels top-level domains. The move, announced February 10, 2026, represents a significant upgrade to the registry’s security measures, shifting from reactive responses to preventative action.
RegCheck automatically analyzes new .BE domain registrations, assessing patterns indicative of malicious intent. The system aims to balance the ease of domain registration with the need to curtail abusive registrations, according to DNS Belgium. The tool has been operational since March 2024.
The development of RegCheck originated from academic research conducted at KU Leuven’s Department of Computer Science, beginning with a thesis project in 2019/20. Recognizing the potential for machine learning to detect fraudulent patterns, DNS Belgium collaborated with its Dutch counterpart, SIDN, to jointly develop the system. The two registries shared code and expertise, defining the key features to be used in the machine-learning model.
A key challenge during development was the often-delayed manifestation of malicious activity. A domain initially appearing legitimate could later be exploited for fraudulent purposes, requiring the model to consider broader patterns beyond the initial registration data. Rather than allowing the algorithm to independently discover patterns, the development team focused on “feature engineering,” explicitly identifying characteristics associated with suspicious registrations – such as the inclusion of numerical strings within domain names – and combining these factors into a comprehensive reputation score.
According to Maarten Bosteels, head of R&D at DNS Belgium, RegCheck’s strength lies in its holistic assessment. “The machine-learning model evaluates the combination of all characteristics instead of simply adding up the ‘violated’ rules,” he stated, indicating a more nuanced and accurate evaluation than previous manual verification processes.
The system operates as a “wide net,” capable of flagging approximately 30% of domain name registrations while identifying around 80% of potentially fraudulent ones, explained Thomas Daniels, a researcher in DNS Belgium’s R&D team. Flagged registrations undergo a separate verification process before activation, preventing immediate apply for scams – a precaution previously taken only after a domain was already active.
DNS Belgium reports a 30% reduction in malicious domain name registrations in the seven months following RegCheck’s launch, compared to the same period in the previous year. The registry manages .be, .vlaanderen and .brussels domain names, as stated on its website (dnsbelgium.be).
While DNS Belgium has no current plans to commercialize or open-source RegCheck, the organization has expressed willingness to share its code and expertise with other registries interested in implementing similar approaches.
