Whenever I receive an email from GoDaddy that does not look like a standard GoDaddy email, it gets my guard up. Phishing and spearphishing are big problems, and I regularly see GoDaddy spoof emails. My email hosting provider catches most of them and automatically marks them as spam / junk, so I don’t see many of them in my inbox.
Earlier this week, I received an email from “GoDaddy Alerts” as the sender with an email address of email@example.com. The email was a notification that my nameservers had been updated. I had not received an email from the email address or the sender prior to receiving this one.
Previously, the email sender for this type of email was simply “GoDaddy.” The email address associated with this type of email was firstname.lastname@example.org. I don’t see anything else within the body of the email that changed other than the sender name and email address.
I was able to confirm the legitimacy of the email in three ways. First, the email contained my unique customer number that should be private. Second, the email had information about a specific domain name that had a nameserver update earlier in the day. Finally, I reached out to a representative from GoDaddy, and he confirmed the email was legitimate and not a limited test.
As with all changes like this, it is only a matter of time before this type of email is spoofed as well. I try to make a habit of never clicking on links in any email since spoofing is so prevalent these days. If something seems off about an email from GoDaddy, it is always best to contact the company to confirm the email is legitimate.