Here is a simple fact: Your (valuable?) .com/.org/.net domain is only as secure as your mailbox. ICANN does not write this in their regulations but if you boil it all down, that’s how it is. Anyone who can hack your mailbox will be in control of your domain name. I wonder what exactly the companies with hugely valuable domain names are doing. I looked up who is taking care of google.com – and this nice little job is taken care of by markmonitor.com. Dropped them an email to ask if they could help me. Got no answer. Called them by phone, and yes, they could help if we had 100 domain names or more. I didn’t ask about the price. They probably have very good security. But why doesn’t ICANN stipulate that everyone who owns a domain name should be able to buy higher security as an option?
Facebook now asks me if I’m sick and tired of their antispam feature with the curly letters with lines through – and they propose that I authenticate my identity through an sms with a code they send to my mobile phone. That’s the kind of simple trick that ICANN could demand that all registars implement. As long all the security around domain names are running through only one rather insecure channel (our mailboxes) we will keep seeing a rise of domain thefts based on identity thefts. Why doesn’t ICANN change its policy?
