A flaw in GoDaddy’s Whois contact form

A flaw in GoDaddy’s Whois contact form

The form doesn’t verify the email address. Shenanigans ensue.

GoDaddy Whois contact form
GoDaddy’s domain owner contact form doesn’t verify the email address.

Most Whois records are now private in the wake of GDPR. However, ICANN requires registrars to enable a way for people to send a message to domain name owners.

GoDaddy does this via a web form on Whois records. People can fill out a form with prefilled reasons for the contact, and it goes to the domain name owner.

Sponsored

But there’s a bit of a flaw in GoDaddy’s system: the sender’s email address is never verified, which means anyone can impersonate another person.

John Berryhill brought this up at last week’s Internet Commerce Association meeting. So this morning, when I received a message that said DomainInvesting.com author Elliot Silver (it was his email address) wanted to contact me because “Your domain name or the content on your website may be infringing on a trademark and/or violating local laws or regulations. It is important that you respond at the earliest,” I immediately thought John might be pulling one over.

I was nearly certain of this after reaching out to Elliot, who told me that he received a similar message from GoDaddy purporting to be from me.

Sponsored

There’s an easy solution to this problem: many forms and account signups require email verification via an emailed link.

Of course, perhaps this isn’t a widespread problem at GoDaddy. Maybe it’s only an issue when an attorney has too much time on his hands.

Post link: A flaw in GoDaddy’s Whois contact form

© DomainNameWire.com 2023. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Leave a Reply

Your email address will not be published. Required fields are marked *