According to the notices I have been receiving, my website will be suspended in 2 days. If it is suspended, then I’m guessing the email is legit. If not, then fake. I will post the outcome after 2 days.
The email is legit. See post# 3 of this thread.
OK, I ignored the warning emails, and my website ended up getting suspended. Reached a suspension notice page when I tried to go to my website, stating that it is in suspended pending email verification. I went back to the email, clicked on ‘verify’, and was met with a “Congratulations, you have successfully verified the Registrant email address for the following domains:…” And now when I go to my website I get the message “You have reached a domain that was pending verification per ICANN rules but has since been verified. It may take 24 to 48 hours for the website to come back online.”
So I guess the email is legit.
I agree, dreamhost, the ICANN folks, or someone needs to somehow make a more legitimate appearing email, given the risk of phishing / malware emails that look so similar. Dreamhost should also inform users of this as well at the time of sign up. Posts on online forums (including mine!) are not quite reassuring enough.
I ignored the messages, as a weird link taking me to any site (even one that looks legit) asking me to log in with my username and pw, verifying my home address? Yeah - I’m not naive, and I don’t trust even my turbo add-on Mozilla to protect me every time. I navigated to DreamHost’s homepage, logged in - no big notice of URGENT END OF THE WORLD YOU MUST VERIFY OR BE SUSPENDED. So I figured yeah, scam.
But the BIG FINAL NOTICE came, so I sent the text of the msg to customer support asking if it was for real.
“yeah - we’ve been sending out notices like that”
I mean - I just have to think there is a better way to roll this stuff out to your customers. Perhaps the aforementioned announcement on the website?
Now? I rec’d the big final notice email in the midst of the single busiest week of my new business. Every single one of my clients wants me. I am jumping from meeting to meeting, with barely time to read a new message from one of three email addresses on my phone much less clicketyclicking through customer support. Frustrating? yep.
But…yeah - the email’s legit.
Good Lord of Oreos.
“But…yeah - the email’s legit.”
Ahem … actually, if it involves “a weird link taking me to any site (even one that looks legit) asking me to log in with my username and pw, verifying my home address” (as you mention in your first sentence) then the email is definitely not legit.
The way this new ICANN-mandated procedure is supposed to work, the link which users are invited to click on should definitely not ask them to supply any identifying information.
If you’ve received an “immediate verification required” email which provides a link which asks you to log in, then either the email was a phishing attack or your registrar has committed an elementary security blunder.
With your other points, about “there is a better way to roll this stuff out to your customers”, I agree totally.
Some registrars other than Dreamhost do in fact provide on their websites a fairly clear explanation of what is going on here.
As an additional point: this new procedure was introduced with the 2013 edition of the ICANN Registrar Accreditation Agreement, which came into force on Jan 1st 2014. Many registrars (according to their blogs) appear to think that with this new policy, ICANN are pushing the boundaries of what the real world will put up with.
However, one of its provisions is:
Looking at the dates, this consultation should be happening any time now. So, now could be a good time for users to express their sense of outrage. The procedure is onerous for registrars, confusing for users, and provides no commensurate benefits.
Dreamhost has never been a front runner in the documentation dept.
In this particular case dreamhost really needed to build in an instruction screen as part of the registration process so that the user could expect the email to arrive. In addition, they also need a publically linkable instruction page that is NOT part of the registration process. (Unfortunately wiki’s aren’t good for this type of page either because wiki entries can come from anyone, not just the ‘official source’)
In this particular case dreamhost also choose to use a special previously unknown domain (dreamhostregistry.com) to generate the email. Presumably this was an effort to make sure the email didn’t get hung up in spam filters and RBL’s. To this, Dreamhost choose not to even use it’s own mail servers. (so what’s NOT fishy about the email?)
The OP in this thread choose to ask before clicking. At the time, I applied all the normal “smell tests” to the situation and initially concluded “scam”. Then after further googling, downgraded that to “possible scam” (see post#2 of this thread). Unfortunately, one can also find scams related to this new procedure. No where in the process does dreamhost tell you actually what to expect, so you’re on your own and guessing when the email does arrive.
In fact a year later the only “proof” that the email is NOT a scam is that a google search turns up THIS thread, and ONE dreamhost employee contributed 8 words under his green name. Documentation at it’s finest. The ONLY “official words” in this case.
Sadly this is the status-quo at dreamhost. This poorly documented process could be fixed in a few minutes time. It might take another few minutes of refinement by someone else. And it might take another refinement after the public teaches how to mis-read the words written (something that becomes more intuitive when you write documentation everyday). As pointed out, ‘other’ registrar’s have provided some decent documentation,and even updated it. So why doesn’t dreamhost?
oh wait. I forgot where we started… “Dreamhost has never been a front runner in the documentation dept.” Dreamhost seems to prefer to have the same old tired conversations and expend energy answering or more likely ignoring the same things, (ignoring is an act which passively consumes the same energy as answering) rather than just solving the problem and moving on. If one really wants to understand the larger problem googling the term “siloed vs empowered” will teach much.
I wanted to add to the chorus here, this is really, really poor practice on Dreamhost’s part. I received at least 24 of these emails all at once (strike #1), saw the mismatched domains – dreamhostregistry.com and raa.name-services.com – as mentioned above (strike #2), and read the over the top immediacy (“IMMEDIATE VERIFICATION REQUIRED” – strike #3). I had all the emails selected and was about to delete the group when I stopped to do a quick search. That search yielded results that did NOT inspire confidence at all… even when I happened upon this thread. After quickly scanning the first few messages, it still seemed a no-brainer. Thank goodness I kept reading anyway!
These emails practically scream SCAM. Dreamhost really must do something about that. I compared the emails to other ones I receive from Dreamhost that are more obviously legitimate emails. The other emails come from “Dreamhost Registration Service” or “Dreamhost Support” and the subject contains both my DH panel username and a ticket or ID number. These new emails just say “Dreamhost” in the name along with the screaming subject line. Changing just those two things would go a long way towards legitimacy.
I can’t say I agree on that point. Email can be too easily forged, to look legit to the average joe or jane. Sure some of us know how to dig deeper, but not everyone. Your dead on with the screaming subject line tho.
I did have a new thought on this subject after reading your thought provoking post. I don’t know the answer to this question: Do these emails show up in your dreamhost support history? If they don’t that’s bad, real bad. If they do, the top line of the body of the email could simply be an italicized font that states, To confirm this emails source, please log into the dreamhost panel and check “support history”.
Just registered on here to throw in that this garbage is still happening 18-Mar 2015
Looks like phishing and still comes from a non- @dreamhost.com email address?
There should at least be a link in there to a REAL dreamhost site that dictates the reasons for this policy.
I still brag on you after these countless years, but this is sloppy even for your “we’re a small community” feel.
Taken the time and trouble, of choosing a forum name that differs from usual one because you stupidly insist on >4 character names (even if it might have been available) which shows how much I think you need to hear this, to register for this forum to let you all know.
That this stupid email is still arriving un-prepared. I’m lucky that I’m smart enough to search around and not only decide that this is fishy, but also to determine that this looks 90% legit so clicked the link.
I’ve yet to be proved right by the way and it could still all be a SCAM!
I started off today with the feeling that Dreamhost was the right place to put my business, not so sure now. I’ll be reviewing next year, and certainly before I move the remainder of my domains over here.
In the meantime, anyone got any good recommendations for a domain hosting service?
i’ve been a dreamhost customer for well over a decade now, and i’m registering to say this is an embarrassment. garbled messages from suspect domains asking me to copy and paste a link into my browser window for identity confirmation purposes in multiple (google translated?) languages…and this has been getting complaints for over a year now? make this look legit, how hard can it be
Agree. This is rather poor form from a hosting company that strives, ignoring its long and rambling monthly newsletters for one moment, to be straight talking and customer-focused.
The fact that I also had to research to find out whether it was spam or not does little to engender confidence in both ICANN and Dreamhost. It’s embarrassingly amateur.
Firstly, the email seems to be translated by a first-year language student with dyslexia and questionable academic ambition.
Then the spammily-worded, caps-happy injunction to CLICK ON MY LINK or I shall carry out my threat of suspending your domain?! Unfamiliar URLs, no explanation from Dreamhost, and nothing to inform me that what I’m being ordered to do is in any way for my benefit.
I mean, I’ve received phishing emails that appear more legitimate. Where did these people get their communications degrees? Via a Nigerian Online Scam University?
name-services.com still looks like a scam site, and the e-mail is not GPG signed by Dreamhost.
This email is really bad. If it is legitimate you need to fix it to not appear to be phishing. Why would I trust anyone with my business if they can’t get a simple verification email correct.
Chalk me down as yet another Dreamhost customer of more than a decade, who just registered for this forum today purely because of this scammy looking email.
I did my own research and decided eventually that the email seemed just about legitimate enough, however, as others have already said, this legitimate email looks more scammy than many scams do!
There was no prior notice from Dreamhost that this was happening and needed action, unknown domain names being used, no GPG signature, screaming subject line requiring rapid response to prevent bad things, no documentation about the changes to registration, no mention during registration, just this forum page with a short reply from a Dreamhost employee.
Are you seriously sending this out to all your customers, Dreamhost?
Anyone with their head screwed on will rightly regard it as a scam. Why do we need to Google and dig through a forum to establish that it is legitimate?
Do you get a kick out of scaring your customers?
Come on guys, spend what, fifteen(?) minutes fixing it!!
There is also no copy of the e-mail in the support section of the dreamhost panel. All other e-mails are there, so why not this one?
That’s one of the things I checked to try to determine the authenticity of this message.
I opened a support ticket with DH about this, and here’s the reply I got.
Thanks for writing in!
I am so sorry for the confusion! This is a legitimate email – as an
ICANN certified registrar, we are obligated to make sure the contact
information for your domain is correct.
Please follow the link and verify your contact information without delay!
Let us know if you have any further concerns,
I just received one as well. It doesn’t look, read or smell legitimate to me.
When I click on the link (against my better judgement) I get “The End User IP must be supplied.”. There is no link on the page or anywhere to allow me to supply the IP address.
I also just signed up on the forums here after reading this thread and receiving a similar email for one of my domains (I’m also a decade long Dreamhost customer).
I clicked the link after reading the e-mail, then immediately freaked out, realizing that the e-mail wasn’t coming from a legit dreamhost.com domain. Google search sent me to this thread.
I’m relieved to know it was probably legit (at least according to what people are posting here?), but I agree that this had scam written all over it…very strange e-mail.
DH Mods - you guys should definitely let people know that this is a legit e-mail; it’s worthy of an all-customer notification
This kind of nonsense is why I am considering taking my business elsewhere. That is an appalling communication. May I suggest that instead of taking what seems to be an attitude of not caring and thinking that this is good enough you instead step up and make this another way to stand out from your comPetitors by explaining to your customers what the heck is going on?!