Home / Blogs

Do You Know Who Your Domain Name Registrar Is?

A guy I know passed along this e-mail sent to one of his customers. They assumed it was a phish, since they didn’t recognize the domain name in the link, but couldn’t figure out what the goal of the phish was.

They even checked the list of ICANN registrars, and nope, registrar.eu wasn’t on the list.

Nonetheless, this mail was real, and if the recipient had ignored it, his domain would have been suspended. What’s going on?

Dear domain name owner, *Your action is required to prevent domain suspension*

This verification e-mail is triggered because your e-mail address is used in the owner contact of a domain registration and this e-mail address was not verified before or we have received information that this e-mail address might not be in use anymore.

As we did not receive affirmative response on our last e-mail, we send you a final reminder. Please note that your domain name(s) may be suspended if the e-mail address is not confirmed. The domain name registration policy of ICANN requires that a valid and working e-mail address is provided with each domain registration.

To verify this requirement, we kindly request you to confirm the accuracy of your e-mail address by clicking the link below:

http://icann-verification.registrar.eu/?email=xxx@yyy&authCode=123456

If you do not confirm the validity of your e-mail address by 2016-06-14 17:40:40, domain name(s) associated with this e-mail address may be suspended and can only be re-activated once the verification is completed. Thank you very much for your cooperation.

Kind regards, * Please consider the environment before printing this e-mail

What we have here is the deep and twisty maze of hosting and domain registrar resellers. Being a small host or registrar is impractical because there’s a lot of fixed costs for either, such as physical data centers for hosting and registry agreements for registrars, so large providers often sell “white label” service to resellers who put their own brand on it.

A visit to registrar.eu’s web site brings up a page with the unhelpful message “For more information, please contact your hosting provider” in six languages. A little more sleuthing, checking the RIPE assignment of their IP addresses, found that they’re the same people as openprovider.com, a Dutch company that is indeed an ICANN accredited registrar.

ICANN requires that registrars verify the e-mail addresses provided with domain registrations, which is not at all unreasonable. So the registrars automatically send out notices like the one above. The problem is that when there’s a few layers of reseller involved, the customer usually has no idea who the underlying provider is for the guy from whom she buys her domains.

Some resellers, including Openprovider, offer customizable templates so the notices have the reseller’s name on them, but in my experience, most resellers don’t bother to change them from the default, so the users get mystery messages like the one above. So I told my contact that this message is almost certainly real, that the domain it’s related to is likely a European one since that’s Openprovider’s main market, and whoever registered dealt with a reseller and likely has no idea that it’s Openprovider underneath.

To some extent, this problem is self-correcting, since customers are likely to complain when their domains are suspended for lack of address confirmation (mine sure do,) and the resellers will either clean up their messaging or the customers will go elsewhere.

But it does remind us that the Internet’s economic ecosystem is impressively complex. It also points out that although it’s often noted that the Net disintermediates commerce, by letting customers deal directly with vendors rather than local stores and agents, it also makes it easy to add extra intermediation, with layers of companies that are not more than interlinked web sites.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By John Levine, Author, Consultant & Speaker

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

DNS

Sponsored byDNIB.com

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

Cybersecurity

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix