If you change registrar-level things about your domain, they're now required to confirm your contact info with you. This isn't a "DDoS", or "deadly", or any of that nonsense: it's a new strategy to ensure whois data stays updated.
Whether or not it's an effective strategy for keeping whois data accurate is another debate (I don't think it is), but talking about it like some malicious act is pointless.
I agree that the title is linkbait, but an ineffective amount of bureaucracy can definitely be turned or perceived as malicious.
I read about this originally when they made the rule and it seemed arcane and ridiculous, I dont know how it ever was passed. I believe everyone who some experience with whois info knows the information is either false or hidden behind privacy emails and contact information. If they are not, they are subject to annoying or even abusive misuse. (I remember someone back in the day calling me repeatedly because they found my website after I beat them in some video game, the internet is filled with nutters.)
If ICANN wants to know the details, I dont care, but if all the internet wants my phone number, they can take a long walk off of a short pier.
The end of the article raised a good point though: this is going to train people to click on links in emails that look like they came from their registrar.
That's bad.
The registrar is public information. The registrant's contact information is public (or at least publicly accessible). So, wait a year for people to get accustomed to clicking on links in emails from their registrar, pick a target domain, forge an email from the registrar, send it to owner contact with a link to a phishing page. Congratulations, enjoy your new domain.
The email address doesn't seem to be the thing registrars should be "validating" about contact information, anyway. Shouldn't my registrar be calling/texting a code to the included phone number, and sending a letter with another code to the included mailing address?
If ICANN really wants whois information to be accurate they should require registrars to provide functional privacy screens including email forwarding for no charge or at most a nominal fee. And then build a common process to break the screen in the event of a reasonable and unresolved complaint (or legal requirement).
If you knew any of the people involved in pushing the agenda that lead to the policy, you wouldn't be so quick to discount the view that this is a malicious act.
If you change registrar-level things about your domain, they're now required to confirm your contact info with you. This isn't a "DDoS", or "deadly", or any of that nonsense: it's a new strategy to ensure whois data stays updated.
Whether or not it's an effective strategy for keeping whois data accurate is another debate (I don't think it is), but talking about it like some malicious act is pointless.