Contact Verification

From TLDinfo
Jump to: navigation, search

Contents

Contact validation and verification requirements

As part of the ongoing effort to improve contact quality, ICANN requires contact validation for each registrant contact registering a generic TLD. This is required as of January 1, 2014 for new TLDs and September 2014 for the existing gTLDs. Our system will send a customizable e-mail asking every registrant contact to verify the accuracy of the contact e-mail address. This e-mail confirmation is done once for each registrant contact used with a newly registered domain, whenever the registrant contact of a domain name is updated and whenever the e-mail address of a contact associated with such a domain name is modified. Verification needs to be done once for each e-mail address used in a registrant contact and all other contacts using the same e-mail address will be considered successfully verified.

We will provide a customizable white-label solution for the notification e-mails and the website that will record the confirmation. You may change for example the sender address and add a free text as well as your own signature to the e-mail template. Moreover, you can provide your own verification website. This customization can be done via web interface (Account -> Settings -> Contact verification) or API as of December 16, 2013.

In the background, we will further perform validation checks of the other fields to ensure they are not blank and formatted correctly in accordance with ICANN-mandated specifications (see Validated).

To avoid delays and failed registrations, we ask that you also ensure that all submitted data is formatted correctly.

Definitions

Effective July 21, 2014, we will activate the following optimizations regarding the contact verification e-mails. These notifications are delivered to registrants via the RRPproxy system due to the new ICANN requirement to validate each registrant contact registering a generic TLD.

  • Domain names that have been registered with the relevant e-mail address as owner contact will be listed in the contact verification e-mail as well.
  • The confirmation link used to validate the e-mail address will also contain the corresponding e-mail address in addition to the trigger code.
  • Resellers will have the option to disable the system notifications and to notify their customers in a separate process on their own.

Validated

Technical check if the data used in the contact handle has all required fields filled with information and is in compliant format due to the ICANN specifications: postal address to spec UPU S42 Standard, email to spec RFC 5322, phone num to spec ITU-T E.164

FIRSTNAME & LASTNAME: [NOT EMPTY] or ORGANIZATON: [NOT EMPTY]
STREET0: [NOT EMPTY]
ZIP: [NOT EMPTY]
CITY: [NOT EMPTY]
COUNTRY: [spec ISO 3166]
PHONE: [spec ITU-T E.164] matches: Validate international phone numbers in EPP format RFC 4933
EMAIL: [spec RFC 5322]

EPP-style phone numbers use the format:

+CCC.NNNNNNNNNNxEEEE 

where C is the 1–3 digit country code, N is up to 14 digits, and E is the (optional) extension.
The leading plus sign and the dot following the country code are required. The literal “x” character is required only if an extension is provided.

The following list of countries do not have a zip code and our system will accept contacts located in those countries without zip code, wherefore you also have not to enter a fake value to create a valid contact handle:

2 letter CC Country
AO Angola
AG Antigua and Barbuda
AW Aruba
BS Bahamas
BZ Belize
BJ Benin
BW Botswana
BF Burkina Faso
BI Burundi
CM Cameroon
BQ Caribbean Netherlands
CF Central African Republic
KM Comoros
CG Congo
CD Congo, the Democratic Republic of the
CK Cook Islands
CI Cote d'Ivoire
DJ Djibouti
DM Dominica
GQ Equatorial Guinea
ER Eritrea
FJ Fiji
TF French Southern Territories
GM Gambia
GH Ghana
GD Grenada
GN Guinea
GY Guyana
HK Hong Kong
IE Ireland
JM Jamaica
KE Kenya
KI Kiribati
MO Macao
MW Malawi
ML Mali
MR Mauritania
MU Mauritius
MS Montserrat
NR Nauru
AN Netherlands Antilles
NU Niue
KP North Korea
PA Panama
QA Qatar
RW Rwanda
KN Saint Kitts and Nevis
LC Saint Lucia
ST Sao Tome and Principe
SA Saudi Arabia
SC Seychelles
SL Sierra Leone
SB Solomon Islands
SO Somalia
ZA South Africa
SR Suriname
SY Syria
TZ Tanzania, United Republic of
TL Timor-Leste
TK Tokelau
TO Tonga
TT Trinidad and Tobago
TV Tuvalu
UG Uganda
AE United Arab Emirates
VU Vanuatu
YE Yemen
ZW Zimbabwe

Verified

The email address used in the contact handle has been verified by the owner by confirming the contact verification mail sent to the given email address of the contact handle.
As of September 2014 the new changes will be applied to all generic TLD registrations (including com, net, org, info and biz).

RRP API

AddContact

AddContact checks if the used email address is already verified, if that is the case the new contact is directly set to verified.

[COMMAND]
(required)           
command    = AddContact
...        
VALIDATION = (0|1)
CHECKONLY  = (0|1)
PREVERIFY  = (0|1)
           
EOF

VALIDATION: explicit validation if all required fields are set: (FIRSTNAME LASTNAME or ORGANIZATION) STREET0 CITY ZIP COUNTRY PHONE EMAIL
CHECKONLY: does NOT INSERT a new contact
PREVERIFY: generates the email with triggercode if the email has not been already verified or if there is an unverified job pending.

[COMMAND]
(required)                                    
[RESPONSE]                          = 
code                                = 200
...                                 
property[validated][0]              = 1
property[verified][0]               = 0
property[verification requested][0] = 1
                                    
EOF

VERIFICATION REQUESTED: returned only if PREVERIFY=1 in command

ModifyContact

In the ModifyContact command it is prohibited to remove information from a validated contact (see definitions) if the contact is related to a domain (with active contactverification) as owner.

[COMMAND]
(required)           
command    = ModifyContact
...        
validation = (0|1)
checkonly  = (0|1)
preverify  = (0|1)
           
EOF

VALIDATION: explicite validation if all required fields are set
CHECKONLY: does NOT UPDATE the contact
PREVERIFY: generates the email with triggercode if the email has not been already verified or if there is a pending request

[COMMAND]
(required)                                    
[RESPONSE]                          = 
code                                = 200
...                                 
property[validated][0]              = 1
property[verified][0]               = 0
property[verification requested][0] = 1
                                    
EOF

VERIFICATION REQUESTED: returned only if PREVERIFY=1 in command

ActivateContact

[COMMAND]
(required)        
command = ActivateContact
trigger = [TRIGGERCODE]
        
EOF

Note: The triggercode will not expire, the ActivateContact command can still be sent a long time later than the 15 days suspension timeframe for a domain.

StatusContact

[COMMAND]
(required)                                    
[RESPONSE]                          = 
...                                 
property[validated][0]              = 1
property[verified][0]               = 0
property[verification requested][0] = 1
                                    
EOF

VERIFICATION REQUESTED: Is email verification requested and pending (status = UNVERIFIED) ?

CloneContact

A cloned contact will also be validated/verified, if the source already is.

QueryContactList

QueryContactList supports searchpatterns for valid and verified. Also with 'type = showverificationrequested' shows the contact handles where an email verification is already requested.

[COMMAND]
(required)          
command   = QueryContactList
type      = showverificationrequested
wide      = (0|1)
verified  = (0|1)
validated = (0|1)
orderby   = (verified|validated)
          
EOF
[COMMAND]
(required)                                         
[RESPONSE]                               = 
...                                      
property[verification last requested][1] = 2014-11-24 08:13:48
property[verification created date][1]   = 2014-11-12 16:33:58
property[verification history][1]        = 2014-11-12 16:35:03 [EMAIL]; 2014-11-24 08:13:48 [EVENT];
                                         
EOF

AddDomain

If an unverified contact is used, the X-TIME-TO-SUSPENSION: <DateTime> must be set (NOW() plus 15 days)

[COMMAND]
(required)                                  
RESPONSE                          = 
...                               
property[x-time-to-suspension][0] = 2014-11-23 00:41:49.0
                                  
EOF

TransferDomain

After a TransferIN (single or bulk) the contacts will be synced back into the system (via RRP->AddContact) here is a validation and verification check. If the owner email is not verified a job will check all domains with unverified contacts and generate a verification request.

ModifyDomain

Check, if owner change to an unverified contact and set X-TIME-TO-SUSPENSION: <DateTime>

[COMMAND]
(required)                                  
RESPONSE                          = 
...                               
property[x-time-to-suspension][0] = 2014-11-23 00:41:49.0
                                  
EOF

Disallowed to change status: CLIENTHOLD, if domain is suspended.

StatusDomain

[COMMAND]
(required)                                  
[RESPONSE]                        = 
...                               
property[x-time-to-suspension][0] = [DateTime]
property[status][0]               = clientHold
property[status][1]               = serverHold
                                  
EOF

X-TIME-TO-SUSPENSION: Does not mean the domain is already suspended (it's just a candidate)
STATUS0=ClientHold: status set by RRP, cannot be removed by user -> means domain is suspended
STATUS1=ServerHold: status mapping from X-INTERNAL-SUSPENSION set by RRP, cannot be removed by user -> means domain is suspended

QueryDomainList

QueryDomainList supports searchpatterns for domains which are SUSPENDED

[COMMAND]
(required)        
command = QueryDomainList
type    = SHOWSUSPENDED
zone    = [ZONE]
        
EOF

QueryDomainList supports searchpatterns for domains, whose owner contacts are UNVERIFIED.

[COMMAND]
(required)        
command = QueryDomainList
type    = SHOWUNVERIFIED
zone    = [ZONE]
        
EOF
[COMMAND]
(required)                                    
[RESPONSE]                          = 
...                                 
property[domain][132]               = xn--maxmller-95a.com
property[contact][132]              = P-JCD21
property[verified][132]             = 0
property[x-time-to-suspension][132] = 2014-01-15 12:00:00
                                    
EOF

ResendNotification

Resend the email verification process for a contact when it is not verified yet but already validated

[COMMAND]
(required)        
command = ResendNotification
type    = CONTACTVERIFICATION
object  = [email_address]
        
EOF

SetProperty: ContactVerification

Add RegistrarProperties to set the information for whitelabled email notifications for contact verification

[COMMAND]
(required)                                           
command                                    = SetProperty
contactverification-email-sender           = noreply@emailverification.info   (DEFAULT)
contactverification-email-verification-url = http://emailverification.info    (DEFAULT)
contactverification-email-language         = en  (DEFAULT)
contactverification-email-freetext0        = [please enter your text]
contactverification-email-signature[0-2]   = [please enter your text]
                                           
EOF

Default Email Templates (en) for all registrars with the possibility to exchange some information like sender address, text and language.

EPP server

Add/ModifyContact

...
</create>
<extension>
<keysys:create xmlns:keysys="http://www.key-systems.net/epp/keysys-1.0">
 <keysys:contact>
  <keysys:checkonly>1</keysys:checkonly>
  <keysys:preverify>1</keysys:preverify>
  <keysys:validation>1</keysys:validation>
 </keysys:contact>
</keysys:create>
</extension>
...

StatusContact

add extension to response

...
</resData>
<extension>
 <keysys:resData xmlns:keysys="http://www.key-systems.net/epp/keysys-1.0">
 <keysys:contactInfData>
  <keysys:validated>1</keysys:validated>
  <keysys:verification-requested>1</keysys:verification-requested>
  <keysys:verified>0</keysys:verified>
 </keysys:contactInfData>
 </keysys:resData>
</extension>
...

StatusDomain

add extension to response: X-TIME-TO-SUSPENSION

AddDomain

add extension to response: X-TIME-TO-SUSPENSION

ModifyDomain

add extension to response: X-TIME-TO-SUSPENSION

Email templates

English version

Subject: [%PRESUBJECT%]Request for email address validation

Dear registrant [%IF DOMAIN%]of [%DOMAIN%][%ELSE%]or prospective registrant[%END%],

due to the requirements under the ICANN Registrar Accreditation Agreement we are required to confirm the validity of the email address provided for the domain name registration application or contact creation.

You will only have to do this once for each email address used.

Please click on the following link to confirm that you have received this email and to validate your email address:

<[%VERIFICATIONURL%]?trigger=[%TRIGGER%]>

If the above shown link should be broken please proceed to

[%VERIFICATIONURL%]

and enter your personal validation token into the form field:

trigger = [%TRIGGER%]

Please note that in case you do not validate your email address, we are required to suspend your domain name registration(s) using these contact details no later than:

[%SUSPENSIONDATE%]

After the suspension date you can always re-activate your domain name(s) by confirming the address as described above.

[%IF FREETEXT%][%FREETEXT%][%END%]

Thank you very much for your cooperation!

Best regards,
[%IF !SIGNATURE0%]Your ICANN Accredited Registrar
[%ELSE%][%SIGNATURE0%]
[%SIGNATURE1%]
[%SIGNATURE2%]
[%END%]

German version

Subject: [%PRESUBJECT%]Wichtige ICANN-Bestimmung: Kontakt-Validierung

Sehr geehrte Kundin, sehr geehrter Kunde,

wir möchten Sie darum bitten, die Korrektheit Ihrer Kontakt-E-Mail-Adresse zu bestätigen!

Die Überprüfung muss nur einmal für jede E-Mail-Adresse, die von Ihnen als Domain-Inhaber-Kontakt verwendet wird, erfolgen. Diese E-Mail-Adresse gilt daraufhin auch für alle anderen Kontakte, die Sie verwenden, automatisch als erfolgreich validiert.

Bitte klicken Sie auf den folgenden Link um zu bestätigen, dass Sie diese E-Mail erhalten haben und um Ihre E-Mail-Adresse zu validieren:

<[%VERIFICATIONURL%]?trigger=[%TRIGGER%]>

Sollte der obenstehende Link nicht funktionieren, klicken Sie bitte hier:

[%VERIFICATIONURL%]

und geben Sie bitte Ihr personalisiertes Validierungszeichen in das Formularfeld ein:

trigger = [%TRIGGER%]

Eine Angabe Ihrer Kundendaten ist zur Validierung nicht erforderlich!

WICHTIGER HINWEIS:

Wenn Sie Ihre E-Mail-Adresse nicht bestätigen, sind wir leider aufgrund von zwingenden Bestimmungen seitens ICANN dazu angehalten eine Domain-Registrierung, die diese E-Mail-Adresse als Inhaber-Kontakt verwendet, auszusetzen. Ihre Domain wäre dann nicht mehr erreichbar und somit nicht mehr funktionsfähig. Die Abschaltung erfolgt spätestens am: [%SUSPENSIONDATE%]

Nach diesem Datum können Sie Ihren Domain-Namen jederzeit durch die Bestätigung Ihrer Adresse, wie oben beschrieben, reaktivieren.

[%IF FREETEXT%][%FREETEXT%][%END%]

Vielen Dank für Ihre Mitarbeit!

[%IF !SIGNATURE0%]Ihr ICANN akkreditierter Registrar
[%ELSE%][%SIGNATURE0%]
[%SIGNATURE1%]
[%SIGNATURE2%]
[%END%]

VERTRAGLICHER HINTERGRUND:

Die Validierung des Registrantenkontaktes bei der Registrierung unterhalb einer generischen Domain-Endung ist Teil der laufenden Bemühungen von ICANN, die Qualität von Kontaktdaten zu verbessern. Um Registrierungsdienste für neue TLDs anbieten zu können, müssen wir diese Anforderung von ICANN übernehmen. Ab dem 3. Quartal 2014 wird die Neuerung auch auf alle Registrierungen unter generischen TLDs (einschließlich .COM, .NET, .ORG, .INFO und. BIZ) angewendet.

Branded version

If a reseller wants a branded version in another language he MUST ATTACH AN ENGLISH VERSION below his preferred language! Please contact our support for further details!

Sending of standalone contact verification e-mails

If you want to send your own notifications to your customers it is necessary to approve a separate appendix with the legal framework. We reserve the right to conduct random checks whether your notification process is in compliance with the requirements. Please agree to the appendix and its policies by using the API command SetProperty or via web interface. The appendix will be made available in the download section of the web interface as of July 21.

[COMMAND]
(required)                                                   
command                                            = SetProperty
contactverification-email-acceptance-of-conditions = 1
                                                   
EOF

As soon as this registrar property is set accordingly, your customers will not receive any contact verification e-mails via our system. Instead, you will receive an event with the corresponding trigger code for further use in your own notification process to your customers.

Attention.png In the event of an infringement of the obligation to perform the verification of the e-mail addresses on your own, penalties or the termination of the Reseller Agreement are effective!


FAQ

When will the domains be suspended if I use the same unverified contact handle for domain registrations on different days ?

Each domain registration has it's OWN X-TIME-TO-SUSPENSION date (created date/transfer date (in case of transfer in) plus 15 days) independent of the used contact handle.

What does it mean RRP contact is invalid (validated = 0)?

The following attributes must be set: Definitions

Can I register a domain with an invalid contact ?

No, the RRPproxy will forbid the AddContact during the AddDomain process.

[COMMAND]
(required)            
 [RESPONSE] 
code        = ...
description = Could not create registryContact...
            
EOF

How can I generate an email verification request without registering a domain ?

[COMMAND]
(required)          
command   = ModifyContact
contact   = [contact_handle]
checkonly = 1  does NOT UPDATE the contact
preverify = 1  generates the email with triggercode if the email has not been already verified or if there is a pending request
          
EOF
[COMMAND]
(required)                                    
[RESPONSE]                          = 
code                                = 200
description                         = Command completed successfully; Verification requested
property[validated][0]              = 1
property[verification requested][0] = 1
                                    
EOF

Is it possible to verify an unvalidated contact handle ?

No, if you verified the email address only contact handles with validated = 1 will be set to verified = 1. In order to do so you have to ModifyContact with valid data and it will become also verified.

If I change the owner of a domain (which has already a X-TIME-TO-SUSPENSION date) will this give me another timeframe of 15 days ?

No, otherwise it would be possible to change the owner every 14 days and there would be a possibility to never verify an email address of the owner!

Is it possible to remove the domain from suspension (status=clientHold/serverHold) by myself if the owner is meanwhile verified?

Yes, you can send a ModifyDomain command with delstatus0=clientHold and the domain will be released from lock, otherwise the system will do this in a timeframe of about 30 minutes.

I want to implement my own emailverification website, how do I do this ?

Via the contact verification properties you can set your own URL:

[COMMAND]
(required)                                           
command                                    = SetProperty
contactverification-email-verification-url = http://your-emailverification-url.example
                                           
EOF

This information will appear in the verification email as the following link:

http://your-emailverification-url.example?trigger=TRIGGERCODE

Via https API, LIVE - URL you can send the ActivateContact command to verify the email address:

https://api.rrpproxy.net/api/call?s_login=USER&s_pw=PASSWORD&command=activatecontact&trigger=$trigger

How will the events for contact verification look like?

Event example:

REASON:CONTACTVERIFICATION WITH TRIGGERCODE: xxxxxxxxxx
MESSAGE:CONTACTVERIFICATION WITH TRIGGERCODE: xxxxxxxxxx
OBJECT:<CONTACTHANDLEID> or <EMAIL>
CLASS:CONTACT_REGISTRATION
SUBCLASS:CONTACT_REGISTRATION_NOTIFY

EPP Poll:

<?xml version="1.0" encoding="UTF-8"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
  <response>
    <result code="1301">
      <msg>Command completed successfully; ack to dequeue</msg>
    </result>
    <msgQ count="1" id="15784">
      <qDate>2016-06-22T06:50:05.0Z</qDate>
      <msg>CONTACT_CONTACT_REGISTRATION_NOTIFY</msg>
    </msgQ>
    <resData>
      <contact:panData xmlns:contact="urn:ietf:params:xml:ns:contact-1.0">
        <contact:id paResult="false">P-ABC1234</contact:id>
        <contact:paTRID>
          <svTRID>UNDEF</svTRID>
        </contact:paTRID>
        <contact:paDate>2016-06-22T06:50:05.0Z</contact:paDate>
      </contact:panData>
    </resData>
    <extension>
      <keysys:poll xmlns:keysys="http://www.key-systems.net/epp/keysys-1.0">
        <keysys:data>
          <contact>P-ABC1234</contact>
          <reason>CONTACTVERIFICATION WITH TRIGGERCODE:MTQ2NjU3ODIwNC41MDg5IzQ0ODEyNTg3MTc0NzIgTA==</reason>
        </keysys:data>
        <keysys:info>CONTACTVERIFICATION WITH TRIGGERCODE:MTQ2NjU3ODIwNC41MDg5IzQ0ODEyNTg3MTc0NzIgTA==</keysys:info>
      </keysys:poll>
    </extension>
    <trID>
      <clTRID>poll-4035830250883638326</clTRID>
      <svTRID>00dd4356-12e6-41c0-9573-ec2347cefeeb</svTRID>
    </trID>
  </response>
</epp>

How will the link for email verifications look like?

http://emailverification.info?trigger=xxxxxxxxxx=&email=your@email.net

Personal tools
Namespaces

Variants
Actions
Resources
new gTLDs
Products
New Users
General
Tools