Personalized emails are the norm in the banking and finance sectors, and this practice should be utilized by domain registrars who hold our valuable domain name assets. Personalization should be easy for domain registrars to implement, and I don’t see a reason not to use it.
I received an email from a domain registrar yesterday morning, and the email was not addressed to me personally. Shortly after I received the email, I learned that it was most likely a GoDaddy phishing attempt. However, I still think the personalization should be required for all domain registrars on all emails, including marketing emails, transfer completion emails, and any other registrar to customer communication.
Personalizing an email doesn’t necessarily solve the issue of phishing entirely. There is a more targeted phishing attempt called “spear phishing.” This involves a phishing attempt that is very targeted. According to Norton, “the spear phisher thrives on familiarity. He knows your name, your email address, and at least a little about you. ”
To make it even more safe for customers, I think domain registrar emails should also include a bit of account info, perhaps a unique passcode or something else from the user’s account. Maybe the last four digits of the user’s account number. Since many domain administrators receive these emails, it might be more safe to not include payment information like the last 4 of credit cards or social security numbers, but the last 4 digits of an account is pretty innocuous.
With the new Whois verification requirements from ICANN, explained in this article on TheVerge.com, there will likely be many phishing attempts to steal domain registrar account information. Domain registrars need to do their part to ensure customer security, and domain owners need to be wise when it comes to opening these emails and ensuring that they are from their domain registrar and aren’t a phishing attempt.