ICANN – A redesign of domain ownership is needed.
As we’re wrapping up 2014 in domaining, it’s important to outline the effect a certain ICANN requirement has had this year.
Beginning in January 2014, ICANN mandates that domain Registrars implement a verification mechanism – via email or phone – for all domain account holders.
Citing the need to maintain valid WHOIS information, this method of storing personal data not only is reminiscent of requirements for bloggers to register in Russia, it also created a dangerous increase in domain phishing and domain theft.
By passing the buck to domain Registrars, ICANN effectively generated a haven for spoofing such alert emails.
To verify a registrant’s email, domain Registrars such as GoDaddy, send out notifications seeking the confirmation of the email address. The method, is usually via a click on the link provided, and typically no logging into an account is needed.
However, domain thieves take advantage of domain owners by emulating domain Registrar emails; there is no standardized “look and feel” of such verification notifications.
In other words, even if GoDaddy tells its customers that no login is needed to verify the email address, that statement has no effect for those unaware of the alert, or those who did not read or understood it.
ICANN’s requirement has thus created a big increase in domain thefts in 2014, particularly from China, which will only continue to worsen in 2015, unless it redesigns how domain ownership is defined.
