Systems and methods of the present invention provide for one or more server computers communicatively coupled to a network and configured to: receive a request for a modification to domain name management; analyze metadata and registrant accounts associated with the request; determine whether related domain name activities indicate high or low risk of malicious behavior; if high risk, the request may be queued for manual review; on manual review, if the request is deemed high risk, an attempt to contact the registrant may be made; if unsuccessful, or if the registrant verifies an invalid request, the request may be cancelled. if the behavior or request is low risk, and/or if the registrant confirms the request is valid, the request may be approved and fulfilled.