“But…yeah - the email’s legit.”
Ahem … actually, if it involves “a weird link taking me to any site (even one that looks legit) asking me to log in with my username and pw, verifying my home address” (as you mention in your first sentence) then the email is definitely not legit.
The way this new ICANN-mandated procedure is supposed to work, the link which users are invited to click on should definitely not ask them to supply any identifying information.
If you’ve received an “immediate verification required” email which provides a link which asks you to log in, then either the email was a phishing attack or your registrar has committed an elementary security blunder.
With your other points, about “there is a better way to roll this stuff out to your customers”, I agree totally.
Some registrars other than Dreamhost do in fact provide on their websites a fairly clear explanation of what is going on here.
As an additional point: this new procedure was introduced with the 2013 edition of the ICANN Registrar Accreditation Agreement, which came into force on Jan 1st 2014. Many registrars (according to their blogs) appear to think that with this new policy, ICANN are pushing the boundaries of what the real world will put up with.
However, one of its provisions is:
( https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en#whois-accuracy )
Looking at the dates, this consultation should be happening any time now. So, now could be a good time for users to express their sense of outrage. The procedure is onerous for registrars, confusing for users, and provides no commensurate benefits.