So, an "oops, I screwed up, and am in a panic" fee, of, say $100 and a quick but accurate identity check combined would take care of such an emergency. The fee would pay for the expense of the identity check, and perhaps provide a bit of profit for the registrar. This seems reasonable and workable. Or the fee could just be an extra profit for registrar and registry, raise the cost of doing business for the abusers, and also be workable.
What purpose does an identity check serve? How do you verify the identity? If a domain name is already registered, what value is there to the "identity" check? What identity are you verifying? The individual requesting the update? The company? What happens when you find yourself unable to navigate the County Clerk's office at 5:01PM to look up that fictitious name filing? If you want to establish identities, the time to do that is at registration time - not crunch time. Why not simply limit updates? As a method for stopping rapid update abuse, limits would seem to be highly effective. Possible policy: You get two "instant updates" a month. This is sufficient to handle a change of nameserver, plus a correction for the inevitable error. Further updates are allowed once every two days, similar to past policy. Or maybe even less. If you need more "instant updates," you pay a fee to the registrar, who can be made to have an interest in making sure that the transaction is not a fraud. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.