Matt,
Inspired by the options to confirm domain ownership with Google, Could you ask the relay operator to include a randomly generated (by you) token in their contact field? It may take a while to propagate and it requires action on the operator's part, but it's not difficult and I expect it provides the assurance you need.
On 05/03/2015 04:20 PM, Matthew Finkel wrote:
On Sun, May 03, 2015 at 12:05:49PM -0700, Aaron Hopkins wrote:
On Sun, 3 May 2015, Matthew Finkel wrote:
Or as Robert suggests, just send verification mail to the listed contact address of the relay. If they don't list one on their config, find an alternate verification mechanism like e-mailing whois contacts for the IP or domain name, or refuse the request.
I'd prefer not denying them a t-shirt because they don't want to publish an email address publically, but using whois seems like a stretch and usually ends at the hosting provider instead of the operator.