Dear neighbors,

What should I do about emails instructing me to visit some “” website I’ve never heard of before?

== Background ==

I recently registered a new domain “” at Dreamhost,
and received an official-sounding email allegedly from DreamHost.

The people who wrote don’t seem very happy about the name-services people,
so I am skeptical that email actually came from DreamHost.

The email follows, except I’ve mangled the “VerificationCode” in the link.

... From: DreamHost ... Reply-To: Date: 2 Apr 2014 20:45:09 -0700 Subject: IMMEDIATE VERIFICATION required for ...

As of January 1, 2014, the Internet Corporation for Assigned Names and Numbers (ICANN) has mandated that all ICANN accredited registrars begin verifying the WHOIS contact information for all new domain registrations and Registrant contact modifications.

You have registered one or more domains from DreamHost and verification of the Registrant email address is required for these domain name(s) to remain active. Please click the link below to verify the email address. You have until 04/17/2014 to verify this email address. After this date, the domain name(s) will be suspended until the email address is verified.

Click here to verify your email address

If the above link does not work, please copy-and-paste the following URL into an open web browser to complete the verification process:

Once you click the link, your email address will be instantly verified and there is nothing further for you to do on the following domains:



From my 10 minutes of research this looks like a scam.

Dreamhost should confirm the scam because “From:” is a domain for which they are the registar, and the registration appears to carry the dreamhost snail mail address. The only thing out of order with the registration listing is dreamhost would certainly use there own nameservers. Also NAME-SERVICES.COM has private registration enabled, not something you would expect from anything official in nature.
Actually… a little more research does reveal there is a new process and a new phishing scam to go with it. Whether yours is official or scam is a good question. Since the email you received is not coming from an address I’m guessing the one you got is scam… Dreamhost wouldn’t need to set up a separate domain ( just to send this notification out.

read more here:

This email message is legitimate. Click the link.

Interesting. I suppose then I can imagine the reason for the special domain deals with making sure the email gets delivered without getting hung up in spam filters and RBL’s. On the other hand, the special domain made the email more suspicious to me.

You should consider adding some documentation. I checked the wiki before commenting. Here is a reasonable example:

That example really doesn’t help prevent phishing scams, like this one, tho. So perhaps documentation should be more complete, indicating that you will not be asked to enter your panel credentials after clicking the official looking link.

That’s legit? Wow.
I woulda bet real cash-money that was a scam site. Visiting the home page at does absolutely nothing to inspire any sort of confidence of legitimacy.

I did that too.

I just received the email explained by the OP. Did we decide we’re clicking these links to confirm our mailing address? The subject line “IMMEDIATE VERIFICATION required for…” seems way too hasty to sound legitimate.

I registered for a new domain 10 minutes ago.

Yes you should click the link, per post #3 above (which was written by a dreamhost employee)

You’ve got to be kidding me. It’s been months, and this messaging still looks and feels like phishing. There HAS to be something Dreamhost can do to improve this.

My suggestion is to make this part of the registration process. If it can’t be integrated entirely into the registration, DH at least needs to alert users that they will get this email, AND provide something in the email to confirm it’s legit.

Possible to link to and then redirect with a message to users?

Holy cow, this message is legit? Add me to the list of people who would have bet money otherwise.

Please, Dreamhost, make some mention that users should expect this notice.

Im sorry - but when I get suspicious - I cannot trust a guy on the forum who SAYs he’s a DH employee. Can we have some verifiable indication that this is NOT a scam??

1 Like

The green name tells you he’s a dreamhost employee. (He’s also the forum admin.)

Gotcha - thanks - and sorry for doubting him, but this is monumentally bad practise - I know it is not directly by DH - but there should be some stuff out there in FAQ or something confirming these emails are OK - they are about the most dubious “genuine” emails I’ve ever seen!

Oh I agree. Even when you dig for info it looks dubious. It would be entirely different if it was documented somewhere else besides this thread in this forum which is the only official information you get from googling, at least this thread is now at the top of the list.

I’d love to hear from someone who has clicked this link without any negative consequences. I agree that it’s a the sketchiest-looking verification request ever.

Heck yes. I got one of these last month and clicked on it without hesitation. It’s simply a matter of equipping oneself with a browser tool that can safely click on unknown links. Firefox with NoScript (which disables Javascript and various other things) is what I use.

I really don’t know what the world is coming to, if people are afraid to click on links.

Just a note: I actually still get an almost-identical scam via snail-mail hardcopy every year or so. Basically “doom and destruction for all your internets unless you send us the monies” thing.

I still doubt. Firstly, the message is horribly translated into German. Secondly the whois information given in the email is different from the one that is given when I look into my DreamHost account and check the information there. If this is not a scam, why is there a random address in the email?

If whois privacy is turned on, a proxy email address is generated. if you send email to that address it should arrive in your inbox.

Well, that’s an explanation, thanks. The whole email just looks a bit dubious.