Andrew Allemann discussed the potential problem domain registrars face if / when Yahoo begins to recycle email addresses that haven’t been used in over a year.
The problem is not just limited to domain registrars, who will be forced to deal with the aftermath of angry customers that had domain names stolen.
The real problem will be had by domain investors and others who may unknowingly end up purchasing stolen domain names in the aftermarket. They may then have to deal with litigation when the legitimate domain owner finds out. Further, domain aftermarkets, domain brokers, domain auction platforms, and domain brokerages will also be burdened with associated problems if domain names that were stolen are sold on their platform. Aside from email address verification, I don’t believe most aftermarket websites are equipped to verify domain name ownership in any other way.
Frankly, this problem isn’t the fault of domain registrars, since it’s the responsibility of domain owners to keep their Whois information accurate, and that means they need to keep their email accounts secure. However, domain registrars can probably help prevent this from becoming a more widespread issue, and I want to make a recommendation on how they can take steps to prevent stolen domain names via recycled Yahoo email addresses.
- Send an email to domain registrants with @yahoo.com email addresses if the domain name is over a year old. Require domain registrants to acknowledge the message somehow.
- Put a notice at the top of the domain registrant’s account management or control panel page letting them know about the Yahoo email recycling issue.
- If the Whois email bounces or if they owner doesn’t reply / acknowledge the email, put a lock on their account that requires them to enter the last 6 digits of the credit card number on file in order to log in.
- Keep a record of the IP address of people logging in, and if a person tries to log in to 3 separate accounts from the same IP address, block them from logging in to any account until they contact the company.
Although domain registrars are not really at fault if this becomes an issue, they will bear the brunt of customer complaints. They are also best equipped to deal with the situation.