This morning, I was cleaning out my email spam filter when I noticed an email from a domain registrar I use. The email started out “Dear Valued Customer.”
Although I appreciate the fact that this company values my business :-), I think it would have been better if they identified me either by name, company name, or by the Whois registrant name to make it more clear that it’s a legitimate email and not spam. I don’t click links in emails as a safety precaution, but I think they could make it more clear that it’s an official communication and not a theft attempt.
In this company’s defense, the subject of the message included my account number, but many people probably don’t know their registrar account numbers so this could easily be faked. I suppose someone could also easily send personalized phishing emails with my name included in the copy, but that would take more time and effort.
I’ve seen this type of thing with other domain registrars so I am not going to identify the registrar that sent this, especially because they did have my account number in the subject. I reached out to the registrar to let them know and they’ve passed along my feedback to the appropriate party. It’s possible that because it’s an ICANN required email, they must adhere to set standards.
Banks and other financial institutions do this as a safety precaution, and I think it’s something that domain industry companies should consider adopting.