Sometimes you need a construct for verifying a domain name ownership before you allow specific actions to be done to that domain. An example could be to send a bunch of mail to a specific domain. This will never be considered spam when you’re the owner of that domain, but it will be considered spam if that isn’t the case.

To validate domain ownership, you can check WhoIs records, ask for some proof of ownership, etc. But all these methods require human intervention. IRIS (Internet Registry Information System) isn’t done yet and won’t be globally available for the next few years, and we all probably have seen once the output of a WhoIs server. Try to parse that with a generic RegEx, no way in hell. So how do you automatically check if someone is really an owner of a domain?

Let’s just assume an owner has the power to change DNS records, anyone else hasn’t. SPF works that way, and I don’t think any sysadmin is going to give up those passwords easily. (It could compromise a lot!) So how about if you simply put a TXT record in DNS which has some custom format, like: “myapp:accountIdOfTheCustomer”. Guess what? This can be checked with a simple DNS query :)

The customer must logon to “myapp” and once it has done so, domain names can be checked against the account ID of that customer, so once you’ve got that in place, there’s no need to do any handwork. Requirement here is that the customer is in charge of their own DNS, but that should be the case most of the time. Since the customer doesn’t want to give anyone else access, they won’t put anyone else’s account number there… And you can put some salt in there if it’s needed…

Friday, June 26, 2009 7:18:24 PM (Pacific SA Standard Time, UTC-04:00)      Comments [0]