There are few things more disconcerting than knowing someone is attempting to do something with one of my domain names without permission. That’s how I feel when I receive an unexpected email from GoDaddy with the subject, “Here’s your one-time-use support PIN.”
Someone (privately) on X mentioned this feeling when receiving this email, and I can relate. I receive these emails once or twice a year. From what I understand, these emails are generated when someone calls GoDaddy support about a particular domain name and can’t get access to the account / domain name management. GoDaddy will send a pin code to the email address on file. I have been told it’s generally people who call in and are mistaken about a domain name they think they own which I actually own. Perhaps they have a different extension or previously owned the domain name.
Whenever I receive one of these emails, I forward it to my GoDaddy Account Manager to let him know it’s not me. I am sure he doesn’t particularly care, but I do this to document it in case there is an issue. For instance, if someone socially engineered the tech support staff into making a change to my account, it would document in real time that I was not trying to access my account via phone.
After emailing my Account Manager, he will follow-up by looking through my account history to let me know there were not any unauthorized changes made to my account or domain names within my account. I assume if he saw any changes or updates he would escalate the issue to a higher level of support. Fortunately, this has never been the case.
Within my GoDaddy account, I have a call-in pin code and 2 factor authentication enabled. In addition, I have their enhanced DTVS security enabled on my account. Despite having these additional security measures in place, the pin-code request emails are always alarming even though they’ve been harmless.