Registrant contact information is maintained by the registrar. The failure of a Registered Name Holder[1] to furnish up-to-date contact information with its Registrar[2] may result in the forfeiture of rights[3] up to and including the suspension or cancellation of the registration itself.[4]
Point being that, short of transfer Auth-Codes[5], a verification link sent to the registrant's email address by the DNS provider is the functional equivalent of nearly the most that a registrar may be required to do in order to contact and/or verify a registrant.
The registrant's email address is made part of the WHOIS directories, whether obfuscated by a privacy service or not. It's publicly accessible information in accordance with § 1.1(a)(i) and (a)(iv) of ICANN's stated Mission.[1]
The DNS provider absolutely can send a notification to the registrant without having to 'go through' (meanining interact with) the registrar. Even a third-party privacy service merely exists as a notification broker. Any notification sent by the DNS provider would simply pass through onto the registrant directly.
Point being that, short of transfer Auth-Codes[5], a verification link sent to the registrant's email address by the DNS provider is the functional equivalent of nearly the most that a registrar may be required to do in order to contact and/or verify a registrant.
[1] https://www.icann.org/resources/pages/ra-agreement-2009-05-2...
[2] https://www.icann.org/resources/pages/ra-agreement-2009-05-2...
[3] https://www.icann.org/resources/pages/benefits-2013-09-16-en
[4] https://www.icann.org/resources/pages/registration-data-accu...
[5] https://www.icann.org/resources/pages/auth-2013-05-03-en