RBI Mandates '.bank.in' Domains by October 31, 2025: A Deep Dive into Enhanced Security for Indian Banks


India's banking sector is on the cusp of a significant security upgrade. The Reserve Bank of India (RBI) has officially mandated that all commercial, cooperative, and district banks migrate their digital presence to the exclusive '.bank.in' domain by October 31, 2025. This directive, formalized on April 22, 2025, marks a critical step towards fortifying cybersecurity, combating digital fraud, and bolstering public trust in India's rapidly evolving digital financial landscape.

The RBI's Official Circular

To provide complete transparency and help our readers understand the seriousness of this mandate, below is a snapshot of the official RBI circular (Circular No. RBI/2025-26/28) issued on April 22, 2025, which formally directs all banks to migrate to the ‘.bank.in’ domain by October 31, 2025.

Official RBI Circular mandating migration to '.bank.in' domains for all banks by October 31, 2025.

Why the Shift to ‘.bank.in’?

  • Combat Fraud: The RBI’s directive is a response to the rising incidents of email-based fraud and phishing attacks targeting Indian banks. By standardizing domains, it becomes easier for customers to identify genuine banking websites and emails, reducing the risk of falling prey to cybercriminals.

  • Strengthen Cybersecurity: The exclusive ‘.bank.in’ domain, managed by the Institute for Development and Research in Banking Technology (IDRBT) under the authority of NIXI and MeitY, will provide a more secure digital identity for banks, aligning with global best practices in financial cybersecurity.

  • Boost Public Confidence: A unified domain structure will foster greater trust in digital financial services, making online banking more user-friendly and reliable.

What Was Proposed and What’s Now Mandatory

India’s retail lending market is booming, driven by increasing financial inclusion and digital adoption. However, this growth comes with challenges, including data security risks and operational inefficiencies. Tokenization addresses these issues head-on, offering a range of benefits:

  • February 2025: RBI signaled its intent to introduce ‘.bank.in’ and ‘.fin.in’ domains for the financial sector, urging banks to prepare by strengthening email authentication protocols like DMARC, SPF, and DKIM.

  • April 2025: The RBI made it official—migration to ‘.bank.in’ is now mandatory, not optional. Banks must register their new domains via IDRBT and complete the transition by October 31, 2025.

Key Requirements of the RBI Circular

  • Register the ‘.bank.in’ domain through IDRBT (contact: sahyog@idrbt.ac.in).

  • Complete migration by October 31, 2025.

  • Implement robust email authentication (DMARC, SPF, DKIM) on both old and new domains to prevent spoofing and phishing.

  • Apply strict DMARC policy (preferably ‘reject’) on old domains post-migration to prevent misuse by fraudsters.

Challenges Banks Will Face

  • Aligning all third-party email services with new security protocols.

  • Warming up the new domain for bulk communications (OTPs, alerts, statements) to maintain sender reputation and avoid spam filters.

  • Ensuring seamless deliverability and compliance with Microsoft, Google, and Yahoo’s bulk email requirements.

  • Ensuring seamless deliverability and compliance with Microsoft, Google, and Yahoo’s bulk email requirements.

  • Maintaining visibility and control over email traffic during the transition.

  • Upgrading IT infrastructure to support the new domain and security requirements.

What Should Banks Do Now?

  • Start registration for ‘.bank.in’ with IDRBT.

  • Audit all email sources (marketing, CRM, ticketing, etc.).

  • Implement DMARC, SPF, and DKIM on both old and new domains.

  • Gradually transition email traffic, monitoring deliverability and security.

  • Enforce a strict DMARC policy on old domains after migration.

  • Partner with email security platforms to ensure compliance and gain real-time insights

How JNR Management Can Help

At JNR Management, we understand the complexities involved in the '.bank.in' domain migration. We offer comprehensive solutions to streamline your transition, ensuring compliance and minimizing disruption. Our services include:

  • End-to-End DMARC, SPF, and DKIM Implementation: We provide expert guidance and hands-on support to ensure your email authentication protocols are robust and effective.

  • Comprehensive Domain and Subdomain Audits: We conduct thorough audits to identify all active email sources within your organization, ensuring no sending source is overlooked.

  • Strategic Domain Warm-Up and Sender Reputation Management: We provide strategic guidance on warming up your new domain and maintaining a positive sender reputation, ensuring your emails reach their intended recipients.

  • Alignment with Bulk Email Authentication Requirements: We ensure compliance with bulk email authentication requirements from major providers like Gmail, Microsoft, and Yahoo.

  • Ongoing Support for Deliverability and Security: We offer continuous support to monitor and maintain email deliverability and security during and after the migration.

  • Expert Compliance Consulting: Our team provides expert consulting to ensure your compliance with RBI, IRDAI, and CERT-In advisories.