Hi Ron,

 > As far as I'm aware, it's unacceptable / illegal for a hosting
 > company to hijack the email address of a registrant.  I have this
 > situation where a client wants to escape from the clutches of a
 > particular hosting company, change the DNS entry and transfer the
 > domain name, but can't. 

Assuming a .au domain, I'd ask this question of AuDA directly, where you
can name names and such .. sounds pretty sus on the face of it, but AuDA
seem not to monitor this list looking for questions to answer :)

Is the hosting company also the domain's registrar?  Only a registrar
could change these data at the registry .. 

 > What steps can I take to ensure that the registrant's contact details
 > properly recorded?  What processes / procedures are in place to
 > validate the registrant's contact details, and to prevent such
 > hijacking? 

Well as far as I know, only the registrant could change the registrant
contact address or other details, unless (perhaps) s/he had specifically
assigned management rights for the domain to said hosting company; even
that should involve only technical, not registrant, contact address.

I'd assume that any such assignment of rights would be up to the hosting
company to demonstrate to AuDA's satisfaction, if the registrant were to
seek AuDA intervention with the registrar to regain control over their
domain.

Perhaps likewise the registrant may wish or might need to duly appoint
you or someone as their agent to deal with sorting it out, as many
registrants would find the process mysterious if not intimidating.

2c, cheers, Ian