sgrayban Posted August 25, 2009 Share Posted August 25, 2009 (edited) I just got a phishy looking email that failed SPF checking for whmcs.com asking me to update my current whois info for a domain and the headers are very strange that is consists of more then one, SPF failed, the sender was really notify-customer.com and the fake sender and reply is "From: "WHMCS Enom Domains" <domains@whmcs.com>" Checking the link inside the email "wdrp.name-services.com" I can across more then one report of phishing/* at the google abuse email group and other places. Any one else get a email like this ? PS: I also found this thread about the same kind of email -- http://forums.asmallorange.com/topic/11297-beware-of-icannnamecheap-*/page__mode__threaded Edited August 25, 2009 by sgrayban 0 Quote Link to comment Share on other sites More sharing options...
WHMCS Support Manager WHMCS John Posted August 25, 2009 WHMCS Support Manager Share Posted August 25, 2009 This sounds like a legitimate email that eNom send reminding people to update their whois details. The link is just a whois lookup. 0 Quote Link to comment Share on other sites More sharing options...
sgrayban Posted August 25, 2009 Author Share Posted August 25, 2009 Not very legit if they are faking the from address and claiming to be whmcs.com -- in fact that violates all kinds of RFC's and SPF which is why I think its still fraud and wont click on that link. If ICANN has a issue with my whois they can email me then otherwise someone needs to *school* enom about email practices. 0 Quote Link to comment Share on other sites More sharing options...
Jordan Posted August 25, 2009 Share Posted August 25, 2009 There's really nothing to debate; Common sense would be to just mark the email as spam, and move on. If you think you need to update your WHOIS information, then just log into your registrar and make sure things are up-to-date. 0 Quote Link to comment Share on other sites More sharing options...
joe123 Posted August 26, 2009 Share Posted August 26, 2009 Not very legit if they are faking the from address and claiming to be whmcs.com -- in fact that violates all kinds of RFC's and SPF which is why I think its still fraud and wont click on that link. If ICANN has a issue with my whois they can email me then otherwise someone needs to *school* enom about email practices. they are not faking anything , those emails are sent on behalf of whmcs just as they send to my clients using my company name which is OK . as stated on that email they must do that and that domain belongs to enom: As of October 31, 2003 we are required by the Internet Corporation for Assigned Names and Numbers (ICANN) to send you this reminder by the Anniversary date of each registered Domain Name that is subject to the terms and conditions of that organization. 0 Quote Link to comment Share on other sites More sharing options...
othellotech Posted August 27, 2009 Share Posted August 27, 2009 Not very legit if they are faking the from addres *from* address on emails cant be trusted anyway, as it's for notation purposes only ... 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.