Analysis: A Winning Strategy for Domain Registrars and ICANN
In a recent meeting to update the current Registrar Accreditation Agreement (RAA), Registrars and ICANN staff reviewed suggested changes to the RAA which could potentially impact the domain registration process for Registrars. Law enforcement representatives produced several updates to their recommendations with respect to two core issues: Data maintenance and WHOIS validation.
What They Are Trying to Accomplish
“The data provided by domain name registrants will be validated to ensure the registrant is providing correct, complete, and valid data upon domain name registration and subsequent renewals.”
How It Will Be Accomplished
- “When a prospective registrant submits a registration request, the Registry will send a unique HTML link to the registrant’s email of record or to the email of record of the beneficial registrant.
- The registrant/beneficial registrant must then follow the link, and provide supplementary information that will permit registrar to verify the registrant, including phone number. This process inherently identifies the IP address of the registrant/beneficial registrant.
- Registrar will call or SMS the phone number provided during the registration form.
- In that phone call, Registrar will provide the person with a PIN # (real time) and the applicant will input the PIN# in the designated area in the registration link.
- No domain name will be placed into the zone file and will not resolve until the account e-mail and telephone number have been verified.”
Essentially, law enforcement is urging ICANN to make it a requirement that all Domain Registrars email and phone verify every domain registrant. This is where finding the right solution makes a huge difference. Here at TeleSign, we have already been verifying phone numbers with many of the largest Domain Registrars around the world. When a registration is submitted, we send an automated call or SMS to the registered phone number with a one-time verification code to prove that the user is available at this working number. This verified number is then stored in the WHOIS database by the Registrar according to ICANN regulation. Anytime in the future that a registrant needs to be contacted, the registrant can be easily reached at the verified phone number on record. Annually, Registrars can use this verified phone number to automatically update the registrants WHOIS information and keep their database up-to-date.
Furthermore, once a phone number has been verified, this number can be used as an authentication method in the future. Anytime the registrant is accessing the account or making significant account changes, such as a password reset or upgrading services, the Registrar can send a one-time authentication code to that registered number to authenticate that it is truly the original user gaining access or making these changes and not a fraudster.
Implementing this kind of verification has benefits for both the Registrar and for ICANN. By verifying WHOIS phone numbers upon registration, Domain Registrars can:
- Fulfill compliance with this potential ICANN regulation (RAA).
- Record contactable and verified information for all of their customers in case of potential issues with that domain (WHOIS data).
- Protect account access from compromise (Two-factor authentication).