I posted a rant about this to bugtraq almost a year ago. In the case where it happened to me I was already annoyed because an update that had been NAKed several times was applied when a single ACK was received over a month later (sent by a former employee who happened to have the month old NOTIFY). And then when I called them to ask them WTF they requested that I fax them some letterhead to "prove" that I was who I said I was.
This is unfortunately standard. I've seen unsigned modifications go through for PGP-protected domains, and I've seen correctly signed modifications fail for the same domains. In fact our standard practice now is "send it until it works", since inevitably a modification which fails (incorrectly) one time will work if you just try it enough times. The funniest (?) part is when someone can put through a modification with no authentication whatsoever, then when you call to fix the damage, the InterNIC demands letterhead/CEO signatures/blood samples/etc. -- John Caruso, Director, System/Network Administration CNET: The Computer Network Email: caruso@cnet.com 150 Chestnut Street Phone: 415.395.7805 x1310 San Francisco, CA 94111 Fax: 415.623.2458