Should Your Business Have a .au Domain?
Since 2022, Australian businesses have had a shorter alternative to .com.au — just .au. It sounds trivial but actually has real security consequences. Here's what to check, and what to do about it.
If you've got an Australian business, you're almost certainly on a .com.au domain. Since 2022, there's been a shorter alternative available: just .au. So instead of yourbusiness.com.au, you (or your competitor) could be yourbusiness.au.
This is one of those small decisions that sounds trivial but actually has real consequences. Worth getting right.
What changed in 2022
Until 2022, the .au namespace only existed as second-level domains: .com.au, .net.au, .org.au, .id.au, and the rest. In March 2022, auDA (the Australian domain regulator) opened registrations for direct .au domains for the first time.
Existing holders of .com.au and .net.au domains got a six-month priority window to claim the matching short .au version of their existing name. After that window closes in September 2022, the matching .au becomes available to anyone — first-come, first-served.
Why it matters
The reason to care isn't aesthetics. It's security.
If you own yourbusiness.com.au but someone else manages to register yourbusiness.au, that other party can:
- Send convincing phishing emails (
accounts@yourbusiness.au) - Build a near-identical fake website at the matching
.auaddress - Receive invoices and quotes from your customers who get the address subtly wrong
For most small businesses this risk is low. But the cost of preventing it is one domain registration — about $25 a year — which is rounding error against the cost of dealing with a single successful phishing attempt aimed at your customers.
What to do now
Whether you're inside the priority window or not:
- Check whether your
.auis still available. Search your business name plus.auat any Australian domain registrar. - If it's available, register it. Don't think about it too hard. Twenty-five dollars a year of insurance against a problem you don't want to have.
- If it's already taken, find out by whom. Sometimes it's a legitimate reason (a different business with the same name); sometimes it's a squatter. There's an auDA process for disputing bad-faith registrations if you have a strong claim, but it's not quick or guaranteed.
Should you actually use the short version?
Once you own both, the question is whether to use .au as your main address or keep .com.au. My own answer: I switched my site to hamish.au because shorter is always better. But for an established business with years of branding on .com.au, the migration cost rarely justifies the change. The pragmatic move is to own both, point one at the other, and use whichever your customers already know.
What this looks like in practice
For a typical small business setup:
- Register both
.com.auand.auversions of your business name - Point one at your website (the canonical one)
- Set the other to redirect to the canonical version, so anyone who types it lands in the right place
That's it. After setup, both renew automatically once a year, and you've eliminated a small but real attack surface.
The bottom line
If you don't already own the .au matching your .com.au, check today whether it's still available. If it is, register it. If it isn't, consider whether you need to take action.
Get in touch if you'd like a hand checking your domain situation, or setting up a clean redirect from one address to the other.
Get in touch
Have a project in mind?
Get in touch and let's talk about what your business needs online.
Let's talk about your project.
Ready to get started? I'd love to hear about your business and what you're looking to achieve online.
