In a recent meeting to update the current Registrar Accreditation Agreement (RAA), Registrars and ICANN staff reviewed suggested changes to the RAA which could impact the domain registration process. Law enforcement representatives produced updates to their recommendations with respect to two core issues: Data maintenance and WHOIS validation.
What they are trying to accomplish: “The data provided by domain name registrants will be validated to ensure the registrant is providing correct, complete, and valid data upon domain name registration and subsequent renewals.”
How it will be accomplished:
Essentially, law enforcement is urging ICANN to make it a requirement that all Domain Registrars email and phone verify every domain registrant. This is where TeleSign comes in. We have already been verifying phone numbers with many of the largest Domain Registrars around the world. When a registration is submitted, we send an automated call or SMS to the registered phone number with a one-time verification code to prove that the user is available at this working number. This verified number is then stored in the WHOIS database by the Registrar.Furthermore, once a phone number has been verified, this number can be used as an authentication method in the future. Anytime the registrant is making account changes, such as a password reset, the Registrar can send a one-time authentication code to that registered number to authenticate that it is truly the original user making these changes and not a fraudster.Implementing TeleSign Verify is great for both the Registrar and for ICANN. Verifying WHOIS phone numbers upon registration allows Domain Registrars to;
My two cents:This process can be improved. Law enforcement is suggesting a link via email which is dangerous and can lead to malware and fraud. Many consultants in the industry advise clients not to click on links in emails because of the potential threat. My recommendation is during the registration process the user completes the phone verification step all within the Domain Registrars website. The final step is to send a verification email to the registrant with a code that the user enters back into the Domain Registrars website. This will prevent users from receiving links that can be potentially dangerous to the users.