I told you guys something smells fishy.
Yes, but you want to avoid saying that too early, before there is a chance to draw the fish out some more.
It was bullshit from the get-go for the reasons I discussed in connection with how the TDRP works, if you read between the lines of my post on that topic (i.e. this guy wouldn't be involved in a TDRP in the first place). When a registrar brings a TDRP, if indeed there was one going on here in the first place, it is generally because there has been a communication error between registrars, and there is generally no need to escalate it to a TDRP, because the technical facts of a TDRP are pretty cut and dried. This is why they almost never happen in the first place.
But, and I get this pretty regularly, there are sometimes situations where someone needs "help with a problem" because what they are actually trying to do is to learn enough about how a particular system works in order to figure out a way to game it. Those questions are "interesting" to the extent that drawing out the inquirer can lead to entertaining results.
There were a lot of things in this guy's posts that didn't make sense. But don't spoil the party by tipping your hand early.
what would be nice is some way to ban him from ever owning domains again. stolen or not.
How would such a thing even be possible?
Such an implementation would require a way of actual personal identification between the registrant and the registrar. There's no way to do that.
I can go to the store with some cash, buy a sim card and a pre-paid debit card, and I have a phone and a debit card with no ID (the details if you want to do it right can vary by country, and you might want to use a smurf to make the purchase). Using public wifi, I get a free email account. I can now register domains, pay for them, and confirm text messages if necessary, and nobody knows who I am.
There was a proposal a while back during the last negotiations of the registrar accreditation agreement, in which the law enforcement and government factions wanted registrars to collect ID numbers like driver's licenses or passports, when a domain name is registered. Of course, registrars have no way to confirm any of that data, and it's not as if anyone is going to give registrars access to all of the ID databases on the planet in order to "confirm" them.
Even in situations where a vendor online does something like "send us a scan of your driver's license" or passport or whatever, it's not as if there aren't a zillion ways to fake a .jpg of a driver's license or passport. These are simply mechanisms to test "how far is this person willing to fake it", and some butt-protecting to the extent "we tried", but don't really serve any useful purpose of actually identifying anyone. This also leads to the problem of registrars - who can also be almost anyone - having a huge abusable and/or hackable cache of ID data.
But the upshot of the inability to truly identify a person on the internet is that you can't ban "a person" from doing anything on the internet either. There were some discussions a few years ago about developing a framework for a standardized "digital ID" for use in e-commerce applications, but the usual paranoia from the "it's the mark of the Beast!" crowd makes it difficult to actually solve the problem productively.