IMMEDIATE VERIFICATION required: name-services.com?


#41

I’m disappointed in the mixed messaging here. I have a ticket in and the representative really understood my issue and created a ticket for review, not just a “it’s valid, do it”. I have been with DH for, I believe “ever” and have never seen messages like this but last night got one.

Not only were these messages sent into the DH system from an outside source, it had information that ONLY Dreamhost has.

And I can tell you that name-services.com CANNOT be a proper site, right now it’s just a generic clickfarm.

I’ll update when I get a response to my ticket.


#42

I received a couple of these yesterday, and I naturally wanted to search around to see whether they were legitimate. I thought it would be worthwhile to share with everyone that DreamHost does actually have a wiki page dedicated to the new domain verification process:

It doesn’t mention “name-services.com” specifically, but everything else checks out.


#43

OK - thanks for posting. I couldn’t see how to deal with the message ‘The End User IP must be supplied.’ that I get when I click on the link, however.


#44

I really don’t like this. I’d be cool with it if it were testing the externally posted email address (that it forwarded to the actual owner) but I am TOTALLY not good with my private information leaving DH systems. Especially to a crappy site like name-services.com AND it doesn’t look like it’s hosted on dreamhost and they SURE AIN’T ICANN.

This really needs to be addressed. You spend all this time trying to teach people not to get spoofed and phished and then pull this? Shame on dreamhost.
[hr]
Note - the wiki page http://wiki.dreamhost.com/Domain_Verification_Policy does not mention name-services.com

I think someone might be spoofing these.

Still waiting on a response to my ticket. (Thanks Hector for not just saying “it’s ok” and blowing me off. There are just too many bad flags in this email.) For name-services.com to be basically a parking site I still think that this isn’t a real request but a phishing attempt.

If it IS, it means DH has a db leak. That would please me much less.


#45

Dreamhost has confirmed the e-mail is legitimate. Now to see about the error message I get when I click on the link.


#46

I did get a response claiming it’s legitimate. Although I do know that this was forced on them, it wasn’t forced on them to do it badly.

The email indicates that my contact information for the site has changed - yet I’ve “owned” (paid for) the domain for a couple years and I’m 3 months from renewal and never changed the info. I can think of nothing I’ve done that would trigger that process.

I did ask that if they aren’t able to control that email and where it’s from, the nice thing to do when they know it’s going to trigger a verification email (or if they think it MIGHT trigger the email) they could send an email, from dreamhost indicating that a verification email may be sent in the next 24 hours - watch for it. That would at least surprise us less.

Question for everyone here - Has anyone gotten one of these emails, done nothing about it just to see if it does end up redirecting the domain?


#47

Hello all,

As you may already know per an email we sent out a short time ago (to those that inquired about it today), and per numerous posts on this thread, I would just like to reiterate: the email sent from ‘do-not-reply@dreamhostregistry.com’ is legitimate.

Starting January 1, 2014, any gTLD New Registrations or Contact Modifications (WHOIS update for First Name, Last Name, Email Address, aka “Contact info”) must be verified by the Registrant. (Per: http://wiki.dreamhost.com/Domain_Verification_Policy )

ICANN’s reason for this new verification step is to prevent WHOIS and ownership changes on domains that were not made by the legitimate domain owner. The reason why the link you see in the email takes you to “name-services.com” is because name-services.com is a URL that our registry partner, Enom, uses to verify domain WHOIS changes.

I agree with you all that our communication on this process could/should have been much more informative and less surprising. The policy itself was sprung on us rather suddenly as well, and I certainly understand the skepticism upon receiving one of these emails for the first time. We’re working to improve this process moving forward.

On top of that uncertainty, we discovered a bug on our end of things today. For those that may have already gone through this verification process, some were not completed properly. ICANN takes this matter very seriously, and we were required to obtain the missing verifications. As a customer of DreamHost as well as an employee, I also had to re-verify a domain today, heh.

NOTE: If you have multiple domains requiring verification, and the information is correct, you need only verify one of the registrations using that contact information, and the remaining domains will be automatically verified.

You can read more about ICANN’s verification policy on their site, here: https://www.icann.org/resources/pages/contact-verification-2013-05-03-en

We offer our sincerest apologies for the confusion caused by this policy and the related emails sent. If you run into any trouble verifying your domain registrations or have further questions, please do not hesitate to contact our support teams via live chat or at Support > Contact Support in your web panel.


#48

Thanks for this - Can we get positive confirmation that the links that must be followed are insecure and point to http://raa.name-services.com/

These links are just so unprofessional looking that it is/was hard to trust them. You/we have all spent YEARS training not to click on links in emails from people we don’t know and to have it not be a secure link (so we can’t be reasonably sure that the entity on the other end is real) is just against everything we’ve finally got our grandparents to do some of the time.


#49

The new procedure may have in fact been sprung you on you, but this thread was started well OVER A YEAR AGO, and so far this thread is still the official source on the internet that the email and link are not a scam. In fact virtually nothing has been done in the last year to improve the process.

Some facts that make it spammy:

  • name-services.com has a private registration, nothing official looking like an Enom sponsored special domain.
  • going to the top level of name-services.com looks illegitimate. Why doesn’t Enom put something meaningful or official on this page?

Two things dreamhost must do:

  • Tell the user to expect the email from dreamhostregistry.com (a dialog box that MUST BE dismissed would be the best).
  • Copy the email into support history, so that it is verifiable.

Why does it take over a full year of complaints and suggestions before dreamhost reaches the point that dreamhost says:

This thread was started on April 13, 2014. The wiki page was created a few weeks later, but no one bothered to mention that here. Why?


#50

We are starting to hear that everyone is having these kinds of problems and they too are saying these look like phishing attempts.

I’m a little disappointed in knowing that “private” doesn’t mean private anymore.

More fallout:


#51

I seriously feel like this whole thing is one gigantic trolling. I also feel like creating a drinking game JUST TO DEAL WITH THESE SHENANIGANS that consists of taking a shot for every scam-like thing in this actual “legit” email.


#52

+1 for another long-time DH customer who assumed these emails were spam and ignored them!

Just because ICANN is requiring this, doesn’t means DH’s implementation of it has to be so sketchy.

C’mon, guys. Get it together.


#53

I’ve just had my domain temporarily blocked, which has halted development a bit, because this email ended up in my spam folder (unsurprisingly). I registered the domain about 6 months ago, and haven’t changed contact details, so why was I receiving this anyway? I already did it when I first registered the domain. At least a heads up in the dreamhost panel would be nice when these things get sent out


#54

OK, srsly…

2017 and I do not check my spam box because after 12 years with the same email, I know that the junk folder is actual junk and ONLY EVER JUNK. …well, it was that way…until this poorly handled name-services.com debacle.

DH doesn’t send me an email to tell me THAT I SHOULD WATCH FOR an email from name-services.com ?!!???!?!
DH doesn’t tell me that this name-services.com is associated to DH and it isn’t junk.
DH makes no effort to ensure I know about this other domain’s use by DH as to complete this stage of the identity verification for ICANN/etc.

[color=#FF0000]==========
[size=7]DH, PLEASE GET YOUR ACT TOGETHER AND PUT THIS email’s DOMAIN INFORMATION INTO THE REGISTRATION PROCESS!!![/size]

THIS IS JUST ABSURD AS H3||.[/color]


#55

hi @spacename, please don’t YELL on this forum: it’s not cool. I’m sure that DreamHost can improve its communication, documentation, etc but yelling won’t give us any actionable suggestions.

I’m not sure what exactly happened to you besides missing one email and since you posted on a very old thread I am not even sure that whatever originated this post is still valid. As a general rule of thumb: don’t post on old threads or if you choose to do so, consider providing more details. For example, did you register a new domain? Transfer one from another provider? Updated some details in WHOIS? That said…

The transfer and update processes are described on the DreamHost knowledge base: https://help.dreamhost.com/hc/en-us/articles/235175787-ICANN-Transfer-Policy and https://help.dreamhost.com/hc/en-us/articles/217083957-Domain-verification-policy have some more details on the emails you will receive.

If you could describe more precisely what you did and what you wish you would have received, and what you saw instead, we could get to the root cause and fix messages, documentation, etc.

Thank you


#56

That is a huge assumption to make. Regardless of which mail service I use (and I use quite a few), I periodically go through spam folders just to make sure things that are flagged as spam actually are. All mail services make this mistake from time to time. Assume nothing.


#57

If this is the case then it’s flawed. I recently changed the Registrant email address of my client s domain to my own email address. That’s because we manege all the IT.

So, if the details had been inappropriately tampered with, I’m able to verify my own edits, rather than the previous registered owner!!

FAIL!

Another reason to suspect phishing. As all the threads above indicate, the raa.name-services.com is absolutely a click Farm.

Members on this forum suggesting they’re a DH employee could also be part of the phishing process.

The ONLY reason I might consider this legitimate, is that we use Gmail mailservers, and they don’t flag it.

I’m not going to click through, I’ll wait and see, this is a secondary url redirect anyway.


#59

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.