How to validate the ownership of the website?
https://stackoverflow.com/questions/1643660
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
e.g. Google Webmaster Console does it by asking website owners to upload a file with specific name. Other services use the same approach.
Is there any reason why not verify ownership by simply asking people to confirm by clicking the email that was sent to the email under that particular domain? (provided that website does not give out its users email addresses like gmail etc)
Solution
Because it is the most direct and 100% bulletproof way to find out if the guy has the control over the site in question.
Email address "under" the domain can belong to the admin while the site is actually managed by the developer.
Also, many use anonymous registration, in which case email will be sent to the registrar address (though it will usually forward to your real address or at least notify you).
OTHER TIPS
I have a GMail account doesn't mean I own the gmail.com domain. Like 'Developer Art' said, uploading a file shows that you have access to web-hosting portion of the domain.
How would they know that you are the person at that domain responsible for the website unless you modify it in some way? I have a company e-mail address - that doesn't mean I'm responsible for the company website.
I can prove that I "own" Yahoo, Hotmail, Gmail, and many others with your proposed verification technique. What's so hard about uploading a file to a server for someone doing web work?
I think the intent is, "If you own the site, please place this verification file in your site's root directory." Once the verification system sees the file there, ownership is verified. At the very least, it confirms the ability to post to a site's root folder. Not having this expectation of your users might open you up to folks doing malicious activities as someone else's site because you didn't properly verify ownership. In legal circles, we call that, "due diligence."
E-mail... you know, I keep receiving messages from banks I don't have accounts with, the British Lottery and even more from a guy in Nigeria. They look real. Now that I think about it, maybe I should forward all of their e-mails to each other. The lottery guys and the Nigerian guy can put all their money into the fake bank accounts. Spam problem solved!
