Dnforum.com - Possible User Verification Process Changes

**Adam Dicker** · 03-18-2011, 10:37 AM

To secure our community, I am considering adding phone and address verifications for all memberships.

Members that don't get verified will not be able to post.

What are you thoughts on this?

-=DCG=-

**UpMarketDns.com** · 03-18-2011, 10:46 AM

Sounds good to me !!! Anything that helps keep the serial scammers out has to be welcomed !

**MAllie** · 03-18-2011, 10:50 AM

My thought is that it should have been done long ago. I did it myself and it wasn't that hard. I always like a forum with verified members, but it seems to me that where money deals are involved it should be a given. And, after all, it's not as if the details will be published.

Perhaps there are good reasons others will object, and I'd be curious to hear them.

**Banned: dn-101** · 03-18-2011, 11:59 AM

Adam,
it's also very important that u share that info with the following:
FBI
KGB
Al Fatah
Mossad
M16 British Secret Intelligence Service

Oh wait, the minute u collect it the FBI will demand u hand it to them.

And by the way, did u see that black van with tinted windows outside of your house?

**erdinc** · 03-18-2011, 12:28 PM

I think phone verification is a good idea. I always supported this idea. However I'm not happy with address verification. I think phone verification is a good first step.

If you need to increase security more, the next step would be to avoid dnforum accounts getting hacked by using a method that many banks use. The user defines long custom string, maybe 14 characters. During login random characters (e.g. 3rd, 5.th, 7.th) are asked. This way even if you have a keylogger or you use an insecure wifi connection in a hotel, still they wouldn't gain access to your dnforum account. Here is a screenshot of a UK bank website:
http://img269.imageshack.us/img269/3953/lloyds.gif

**Adam Dicker** · 03-18-2011, 12:31 PM

Originally Posted by erdinc

However I'm not happy with address verification

What's the issue with address verification, just curious.

-=DCG=-

**Banned: dn-101** · 03-18-2011, 12:41 PM

Originally Posted by DotComGod

What's the issue with address verification, just curious.

-=DCG=-

Nothing, as long as trusted Chef Patrick from Moniker is in charge

**erdinc** · 03-18-2011, 12:47 PM

I don't feel comfortable giving my address. I'm a private person. If your website was hacked and all information was accessed by a hacker, they can't do too much with my phone number. However if they have my address they might use that information to apply for a loan, credit card, to create a fake identity, God knows what else. I just don't feel comfortable. Because domains are high value items that you can transfer over the internet, domaining is the most popular industry for hackers and scammers.

Once I had a problem with my bank account. One day suddenly all my money in my current account was gone. Somebody had spend all the money on a betting website. We could never find out how this happened. Since then I'm more careful with what information I give out on what website.

A few years ago the other domainer forum was hacked by an Iranian hacked. When a backup version was installed the hacker could still gain access to the forum. The forum admins had to negotiate with the hacker to get their forum back. I don't want to give out information that you might not be able to keep secure.

**actnow** · 03-18-2011, 12:58 PM

I have no preference on this decision since my phone number and address is already on some/many of my domains.

However, how are you going to verify 101,000 members phone number and address?
Call all of them? I doubt it.
Send postcards? It will cost DNF approx. $ 1.-2 per postcards - low estimate.
(postcard processing, postal fee, labor to tabulate the results - even if automated.)
Also, depending where DNF is sending it.

Just because my phone number and address is on some/many of my domains doesn't make it accurate.
(It is.)

The bad guys get around this all of the time.
How would you know if that address in France is accurate? Or, is it a parking lot? Or a mail drop?
Especially, if the ip# is in Iran or Nigeria.

(Adam already has my confidential cell phone number. I have his.)

**erdinc** · 03-18-2011, 01:08 PM

actnow,

Phone verification is done using a service like this: (try out the demo if you like)
http://www.telesign.com/solutions_tv_demo.php
You get an automated phone call.

Address verification (or rather address recording) is done via paypal payment. They will record your paypal address.

**Adam Dicker** · 03-18-2011, 01:14 PM

I understand, for the address verification, I was going to keep it seperate and off the server.

-=DCG=-

**south** · 03-18-2011, 01:49 PM

Just curious Adam, from previous verification, I assume the documents that were faxed / emailed always get shredded after confirmation of verification(?)

**biggedon** · 03-18-2011, 02:13 PM

Originally Posted by DotComGod

To secure our community, I am considering adding phone and address verifications for all memberships.

Members that don't get verified will not be able to post.

What are you thoughts on this?

-=DCG=-

Hi

if this is in reponse to the "king chef leto" thing, then verification wasn't an issue

if it's about hacked accounts,

how do you/will you know if the account is hacked after the user was verified, when the "legal" user doesn't post much or is inactive?

as a suggestion, perhaps take a note from another venue....where they have new users, use the "real names" as their user id.

much easier on the verification process, when used in conjuction with whois or other substantiating documents that you may require.

imo...

**Eraser** · 03-18-2011, 02:19 PM

Address verification (or rather address recording) is done via paypal payment. They will record your paypal address.

They can't verify my address using paypal as I have deleted my account. Does it mean, I can't post??

**Adam Dicker** · 03-18-2011, 02:29 PM

Originally Posted by Eraser

They can't verify my address using paypal as I have deleted my account. Does it mean, I can't post??

I didn't say this would be done through paypal, this is just a discussion.

-=DCG=-

**Adam Dicker** · 03-18-2011, 02:30 PM

Originally Posted by biggedon

if this is in reponse to the "king chef leto" thing, then verification wasn't an issue

No, this is something I have considered for the last 2 years and read a thread recently that reminded me of it.

-=DCG=-

**hugegrowth** · 03-18-2011, 02:40 PM

What are the problems with the way things are now? I don't see too much forum spam, what would the phone/address do to improve the forum?

That said, I wouldn't have a problem with a phone/adress verification - like someone else said, that info is already on all my domains Whois.

**mediawizard** · 03-18-2011, 02:40 PM

Thought convergence companies like domaintools / aftermarket and I think sedo too, charge $1 via paypal / credit card for verification, works fine for me.

As long as you have a professional payment system with a secure payment page authenticated by professional SSL certificate, this would probably be the easiest method.

You could also have authentication via facebook, for those who do have a profile with a real name and a decent number of friends.

**katherine** · 03-18-2011, 02:42 PM

Intrusive and easily circumvented: prepaid mobile phone card, skypein number etc...

I also think that the hijacking of established/inactive accounts has been an issue in recent times.

**erdinc** · 03-18-2011, 03:09 PM

I think because this is a paid forum there are less problems than other places. It is not like scammers who steal a domain at GoDaddy, come straight to dnforum to sell it. They probably go to some other place. As for existing dnforum accounts getting hacked, I suggest to have a look at my message #5 above.