tags:

views:

87

answers:

5
Q: 

How to validate the ownership of the website ?

e.g. Google Webmaster Console does it by asking website owners to upload a file with specific name. Other services use the same approach.

Is there any reason why not verify ownership by simply asking people to confirm by clicking the email that was sent to the email under that particular domain? (provided that website does not give out its users email addresses like gmail etc)

+4  A: 

Because it is the most direct and 100% bulletproof way to find out if the guy has the control over the site in question.

Email address "under" the domain can belong to the admin while the site is actually managed by the developer.

Also, many use anonymous registration, in which case email will be sent to the registrar address (though it will usually forward to your real address or at least notify you).

Developer Art  2009-10-29 13:20:16
sorry - I don't understand your answer. can you explain more?
Janusz  2009-10-29 13:21:46
Suppose you want to find if somebody has control over the site. One way, and I'd argue the most direct, is to see if they can do something specific to the site. You're suggesting another technique, which is less direct and more subject to error. It's possible to have an email address at an organization without any ability to change the website (I have an address in my employer's domain, and no authority or ability to change the website; the guy two cubes down can change the website, but has an email address identical to mine except the name.)
David Thornley  2009-10-29 14:20:20
+1  A: 

How would they know that you are the person at that domain responsible for the website unless you modify it in some way? I have a company e-mail address - that doesn't mean I'm responsible for the company website.

Dominic Rodger  2009-10-29 13:21:55
Good example Dominic. However - for my purpose its still satisfactory. I should probably rephrase my question - I don't really need to prove who is in control of the website / or owns it - rather than is associated with the website in a way. E.g. The only thing I am concerned is if the competitor of that website could pass the test - which I assume company wouldn't give out email addresses on their domain to their competitors.
Janusz  2009-10-29 13:24:26
Look at it another way: not everyone in a company is *authorized* to represent the company, especially on the Web. Usually, there are policies in place that say, "only Marketing or Web or IT," people can register our site with online services. What if a disgruntled worker registered his company's site and wrote bad things about them before he/she got fired? You'd be held responsible for not properly verifying ownership.
inked  2009-10-29 13:56:49
@Janusz: If you're asking how you'd verify control of a website, that's one thing, and I still wouldn't recommend trusting an email with a random address with the same domain. You're asking about Google, and they'll do as they see fit.
David Thornley  2009-10-29 14:16:34
+2  A: 

I have a GMail account doesn't mean I own the gmail.com domain. Like 'Developer Art' said, uploading a file shows that you have access to web-hosting portion of the domain.

lsiu  2009-10-29 13:24:26
+1  A: 

I can prove that I "own" Yahoo, Hotmail, Gmail, and many others with your proposed verification technique. What's so hard about uploading a file to a server for someone doing web work?

ceejayoz  2009-10-29 13:41:51
A: 

I think the intent is, "If you own the site, please place this verification file in your site's root directory." Once the verification system sees the file there, ownership is verified. At the very least, it confirms the ability to post to a site's root folder. Not having this expectation of your users might open you up to folks doing malicious activities as someone else's site because you didn't properly verify ownership. In legal circles, we call that, "due diligence."

E-mail... you know, I keep receiving messages from banks I don't have accounts with, the British Lottery and even more from a guy in Nigeria. They look real. Now that I think about it, maybe I should forward all of their e-mails to each other. The lottery guys and the Nigerian guy can put all their money into the fake bank accounts. Spam problem solved!

inked  2009-10-29 13:53:52

related questions

Combined SVN FTP system?
Looking for ways to automate web site testing
Find coordinates of every link in a page
What is your preferred site for code snippets
Javascript make the web broswer srcoll to the top?
Best Ruby on Rails social networking framework
Twitching Consumption of Web Services from Web Site to Web Application
How to use chrome to login to same site twice with different credentials ?
Looking for a Good Resource for Print Designers that are doing Web Design
How does dedicated webhosting compare to Amazon's Cloud?
What makes a good website for an open source project?
Communicating between websites (using Javascript or ?)
Which CMS or other framework should I use to develop a stackoverflow-like site?
How to store Application Messages for a .NET Website
What to charge for a simple website
What is the best solution for maintaining backup and revision control on live websites?
What is a good Content Management System to deploy for a personal website/blog?
What do most users consider acceptable load times on a website?
Should my website abandon username/password authentication in favor of OpenID?
Shopping Cart
Personal Website Construction
HTTPS in IIS 5.1
Do you think using websites like Elance, to obtain side jobs while still working full time, could help my programming career?
Whatever happened to VB Accelerator?
My website got hacked... What should I do?