[kwantam]

A few weeks ago I tried to register Google Apps on a domain I purchased, and found that it'd already been registered by someone else. I sent an email to the support team explaining that there was a previous account and that I was the new owner, and upon proving that the domain was now mine they deleted the old account and had me start anew.

Obviously, while the email-support method is safe, the automated system for unlocking admin access based on "proof of ownership" is pretty scary! Seems like this could be solved by requiring you to prove ownership and then releasing new auth info to a linked email account on a different domain. That helps to establish both present ownership and a chain of ownership back to the last time you had authorized access and were able to adjust the "emergency email account" setting. It's not perfect, but it's a heck of a lot better.

It also seems to me like someone wanting to abuse this right now could do so pretty easily: you can confirm that a domain is available and that it has had a google Apps account set up in the past before you spend a dime, so you can just set a computer to trawling known Google Apps domain names (e.g., by looking at traffic on large mailing lists) to find ones whose registration has expired.