Andrew Allemann discussed the potential problem domain registrars face if / when Yahoo begins to recycle email addresses that haven’t been used in over a year.
The problem is not just limited to domain registrars, who will be forced to deal with the aftermath of angry customers that had domain names stolen.
The real problem will be had by domain investors and others who may unknowingly end up purchasing stolen domain names in the aftermarket. They may then have to deal with litigation when the legitimate domain owner finds out. Further, domain aftermarkets, domain brokers, domain auction platforms, and domain brokerages will also be burdened with associated problems if domain names that were stolen are sold on their platform. Aside from email address verification, I don’t believe most aftermarket websites are equipped to verify domain name ownership in any other way.
Frankly, this problem isn’t the fault of domain registrars, since it’s the responsibility of domain owners to keep their Whois information accurate, and that means they need to keep their email accounts secure. However, domain registrars can probably help prevent this from becoming a more widespread issue, and I want to make a recommendation on how they can take steps to prevent stolen domain names via recycled Yahoo email addresses.
- Send an email to domain registrants with @yahoo.com email addresses if the domain name is over a year old. Require domain registrants to acknowledge the message somehow.
- Put a notice at the top of the domain registrant’s account management or control panel page letting them know about the Yahoo email recycling issue.
- If the Whois email bounces or if they owner doesn’t reply / acknowledge the email, put a lock on their account that requires them to enter the last 6 digits of the credit card number on file in order to log in.
- Keep a record of the IP address of people logging in, and if a person tries to log in to 3 separate accounts from the same IP address, block them from logging in to any account until they contact the company.
Although domain registrars are not really at fault if this becomes an issue, they will bear the brunt of customer complaints. They are also best equipped to deal with the situation.
Basically, all kinds of sensitive information of the unfortunate’s life will be stolen, not just his/her domain names.
Very true but this is a domain blog so I’ll stick to that aspect.
These are great suggestions. Hopefully all the online banks, paypal, and everyone is listening too. Hopefully this post will get lots of Trackbacks.
or just dont use Yahoo . Change it ASAPPPP.
I missed the deadline. They told me that it will be deleted. It is not deleted yet, but still they will not allow me to access my data. They told me to open a new account. I don’t need the account, I need my emails…
or just dont use Yahoo