Re: [At-Large] ICANN News Alert -- Update on Registrar Accreditation Agreement Amendments
On 26 Sep 2012, at 05:47, John R. Levine <johnl@iecc.com> wrote:
It is almost impossible these days to sign onto a mailing list or get a free id on some web site without clicking on a link in an e-mail. Yet apparently, you can register a domain name without such a nicety.
Quite right. Mail verification is a solved problem.
Yes and no it's solved only if you assume that all domain registrations are done via websites .. They're not
Phone verification is a lot more costly,
I'm not sure I believe that. I use a variety of services that verify transactions by calling my phone number and speaking a code number I have to type into their web site. Given how low value some of the transactions are, they can't be spending much on their IVR system.
Hopefully going forward, we will not make these kind of mistakes again.
My, you're an optimist.
R's, John _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Mr Michele Neylon Blacknight Solutions ♞ Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.co http://blog.blacknight.com/ http://blacknight.cat http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Facebook: http://fb.me/blacknight Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
On Wed, Sep 26, 2012 at 7:25 PM, "Michele Neylon :: Blacknight" <michele@blacknight.ie> wrote:
On 26 Sep 2012, at 05:47, John R. Levine <johnl@iecc.com> wrote:
It is almost impossible these days to sign onto a mailing list or get a free id on some web site without clicking on a link in an e-mail. Yet apparently, you can register a domain name without such a nicety.
Quite right. Mail verification is a solved problem.
Yes and no
it's solved only if you assume that all domain registrations are done via websites .. They're not
What other methods are used? Feeling like this will be a dense question, but I can only think of ccTLDs using manual or semi-manual systems of completed forms sent by email or fax (in themselves with the level verification being asked built in). And do you know if there's a breakdown of how registrations are completed by method (x % by web, x % by fax, x % other means?) Adam
Phone verification is a lot more costly,
I'm not sure I believe that. I use a variety of services that verify transactions by calling my phone number and speaking a code number I have to type into their web site. Given how low value some of the transactions are, they can't be spending much on their IVR system.
Hopefully going forward, we will not make these kind of mistakes again.
My, you're an optimist.
R's, John _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Mr Michele Neylon Blacknight Solutions ♞ Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.co http://blog.blacknight.com/ http://blacknight.cat http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Facebook: http://fb.me/blacknight Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
In some instances (i.e. whoever wants to fake their info) email and telephone verification will be valid just up to the moment the domain gets registered. Both email and telephone can be made bogus after that. Just like Yellow Pages books, once they are published they are already obsolete. You can have all the rules in place to try to "verify" who you are by chequing Email & Tel at the moment of registration but in going forward who knows who you are if these are not valid anymore. What about using a third party certifier before being able to register a domain? Kind of a global domain passport? Is this something that can be considered? -ed On Wed, Sep 26, 2012 at 6:35 AM, Adam Peake <ajp@glocom.ac.jp> wrote:
On Wed, Sep 26, 2012 at 7:25 PM, "Michele Neylon :: Blacknight" <michele@blacknight.ie> wrote:
On 26 Sep 2012, at 05:47, John R. Levine <johnl@iecc.com> wrote:
It is almost impossible these days to sign onto a mailing list or get a free id on some web site without clicking on a link in an e-mail. Yet apparently, you can register a domain name without such a nicety.
Quite right. Mail verification is a solved problem.
Yes and no
it's solved only if you assume that all domain registrations are done
via websites .. They're not
What other methods are used?
Feeling like this will be a dense question, but I can only think of ccTLDs using manual or semi-manual systems of completed forms sent by email or fax (in themselves with the level verification being asked built in).
And do you know if there's a breakdown of how registrations are completed by method (x % by web, x % by fax, x % other means?)
Adam
Phone verification is a lot more costly,
I'm not sure I believe that. I use a variety of services that verify transactions by calling my phone number and speaking a code number I
have
to type into their web site. Given how low value some of the transactions are, they can't be spending much on their IVR system.
Hopefully going forward, we will not make these kind of mistakes again.
My, you're an optimist.
R's, John _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Mr Michele Neylon Blacknight Solutions ♞ Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.co http://blog.blacknight.com/ http://blacknight.cat http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Facebook: http://fb.me/blacknight Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
-- *NOTICE:* This email may contain information which is confidential and/or subject to legal privilege, and is intended for the use of the named addressee only. If you are not the intended recipient, you must not use, disclose or copy any part of this email. If you have received this email by mistake, please notify the sender and delete this message immediately.
On 26 September 2012 08:46, Eduardo Diaz <eduardodiazrivera@gmail.com>wrote:
In some instances (i.e. whoever wants to fake their info) email and telephone verification will be valid just up to the moment the domain gets registered. Both email and telephone can be made bogus after that. Just like Yellow Pages books, once they are published they are already obsolete.
I was thinking this too. Of course, there could be post- registration re-checks -- either scheduled, random or on-demand (ie, if there is a problem contacting the registrant using existing available WHOIS info). I regularly get messages from various sources to "re-validate" the information they have on hand. - Evan
On 9/26/2012 4:37 PM, Evan Leibovitch wrote:
On 26 September 2012 08:46, Eduardo Diaz <eduardodiazrivera@gmail.com>wrote:
In some instances (i.e. whoever wants to fake their info) email and telephone verification will be valid just up to the moment the domain gets registered. Both email and telephone can be made bogus after that. Just like Yellow Pages books, once they are published they are already obsolete.
I was thinking this too.
Of course, there could be post- registration re-checks -- either scheduled, random or on-demand (ie, if there is a problem contacting the registrant using existing available WHOIS info).
I regularly get messages from various sources to "re-validate" the information they have on hand.
- Evan
True. You could also exclude certain telephone number ranges, example (+447..., +448.. - forwarding numbers) email address with no source IP in the headers and/or certain IP addresses or ranges (known VPNs/Proxies). As to get back to physical verification as an alternative, the reseller channel could be more than invaluable:
What about using a third party certifier before being able to register a domain? Kind of a global domain passport? Is this something that can be considered?
-ed
A local reseller has more knowledge regarding local challenges i.t.o. identification than a distant registrar will normally have. They will also probably be much better at doing it. So apply the verification process locally, get a token and use at any registrar. That token can be used for however many domains. Lets take a quick look at what happens if the parties involved do not know one another and under the current policies. By no choice of definition can we say this serves legitimate internet users. http://hosts-file.net/?s=67.23.230.35&view=matches (Incidentally, looking at the domain registration details shows a mix and match of telephone numbers, addresses and emails.) Derek
In some instances (i.e. whoever wants to fake their info) email and telephone verification will be valid just up to the moment the domain gets registered. Both email and telephone can be made bogus after that.
Well, sure, anyone who is sufficiently devious can use throwaway email addresses and phone numbers. But I can tell you from experience that the number of people who do that are an insignificant fraction of the people who deliberately or through sloppiness put in bogus info.
What about using a third party certifier before being able to register a domain? Kind of a global domain passport? Is this something that can be considered?
It would be fine to allow registrars to outsource the verification if they don't want to do it themselves, but the last thing we need is another place where people can point fingers. R's, John PS: I don't believe Stuart's $7 unless he's doing something silly like using live people to make verification calls.
Quite right. Mail verification is a solved problem.
Yes and no
it's solved only if you assume that all domain registrations are done via websites .. They're not
It's solved if you believe that anyone with an e-mail address can click a URL or respond to mail sent to that address. Sheesh. Some of us have been doing confirmation of mailing list signups for about 15 years. R's, John
participants (6)
-
"Michele Neylon :: Blacknight" -
Adam Peake -
Derek Smythe -
Eduardo Diaz -
Evan Leibovitch -
John R. Levine