Sunday, 17 April 2016

Problems with domain privacy

Over the last couple of months several of my unused domains have been due for either renewal or deletion which reminds me that about a year ago a domain that I used to receive important email was suspended. I discovered that this was due to the registrar creating fictitious contact details in order to offer domain privacy. So I moved all my domains from one registrar, based in the UK, to another but based elsewhere.

The move went well but a after making a change to my contact details I received an email from the new registrar asking for proof of my identity as Nominet, the UK domain registry, required me confirm my name and address as their checks had proved unsuccessful. They informed me that if I didn't comply with the request then my domain would be suspended after 30 days.

For the next week I frantically tried to convince the registrar that I was who I said I was but they refused to accept most of the evidence that I offered them as they insisted on having sight of an national identity card, a passport or a driving licence, none of which I currently hold. I was eventually told that my domain would be suspended and that there was nothing that they could do to help as they were merely carrying out Nominet's request.

So I contacted Nominet by telephone and asked them why they couldn't verify my name against an address that I have been living at for more than 20 years. They explained that as I had requested domain privacy from a registrar they didn't actually hold my address as it had been replaced in their database by the address of the registrar. I immediately realised that the cause of the the problem was yet again domain privacy and that providing the registrar with proof of my identity was a manual workaround to updating Nominet's database correctly. It was suggested that I logged into an account that the registrar had created but that I never knew existed, changed the contact address to reflect my own and then wait up to 24 hours for my details to be automatically checked by their systems. In just a few hours I found that my identity had been verified and the threat of the domain being suspended had been removed.

For domain privacy to work on .uk domains for registrant type "UK Individual", the registrar doesn't need to replace their customer's address with their own as address details can be suppressed by changing a flag in Nominet's database. In this way, Nominet are still aware of the registrant's real address and can still make any verification checks that they feel that they need to do. WHOIS queries then show: "The registrant is a non-trading individual who has opted to have their address omitted from the WHOIS service."

By writing this post I'm warning or at least reminding others that if a domain registry has special procedures that need to followed then the registrar not only needs to be aware of those procedures but have the appropriate systems in place. It shouldn't have been necessary for me to contact Nominet by telephone, something that may not have been practical or possible if the registry had been based overseas or only spoke in a language other than English.

A quick look at the domain privacy page on Wikipedia shows that there are several other country based registries that might also have their own peculiarities relating to what options might be available regarding the display of a domain registrant's contact details.

As a result of this very frustrating experience I moved my .uk domains to another UK based registrar which naturally understood Nominet's domain privacy procedures.

No comments:

Post a Comment