The form doesn’t verify the email address. Shenanigans ensue.
Most Whois records are now private in the wake of GDPR. However, ICANN requires registrars to enable a way for people to send a message to domain name owners.
GoDaddy does this via a web form on Whois records. People can fill out a form with prefilled reasons for the contact, and it goes to the domain name owner.
But there’s a bit of a flaw in GoDaddy’s system: the sender’s email address is never verified, which means anyone can impersonate another person.
John Berryhill brought this up at last week’s Internet Commerce Association meeting. So this morning, when I received a message that said DomainInvesting.com author Elliot Silver (it was his email address) wanted to contact me because “Your domain name or the content on your website may be infringing on a trademark and/or violating local laws or regulations. It is important that you respond at the earliest,” I immediately thought John might be pulling one over.
I was nearly certain of this after reaching out to Elliot, who told me that he received a similar message from GoDaddy purporting to be from me.
There’s an easy solution to this problem: many forms and account signups require email verification via an emailed link.
Of course, perhaps this isn’t a widespread problem at GoDaddy. Maybe it’s only an issue when an attorney has too much time on his hands.
Post link: A flaw in GoDaddy’s Whois contact form
© DomainNameWire.com 2023. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.