• Please review our updated Terms and Rules here

Network Solutions: "Alert: Keep Your Domain Active"

SomeGuy

Veteran Member
Joined
Jan 2, 2013
Messages
4,434
Location
Marietta, GA
First of all, I apologize if this is a bit too off topic, but if it is, just point me to a better place to discuss/ask about this and I will move on. Apparently my google-fu isn't what it used to be.

So obviously I have a web site domain, and a looong time ago I registered it through Network Solutions. Over all, things have been OK. The other day I happened to log in and they were making a big deal about two factor authentication (which most of the time means: you have to go buy a smart phone and cell service just so you can receive insecure texts from us, which is a problem because I don't own a smart phone and don't need one). Although it let me continue without enabling 2FA, it did "verify" my phone number - surprisingly it actually sent an automated voice call with a code. Works for me.

But this morning I get this odd sounding e-mail:

Alert: Keep Your Domain Active
From: Network Solutions <support@networksolutions.com>

Confirm Email Address

Dear [******],

This is in regards to the following account:

Email Address: [*******]
Phone Number: [********]
Address: [******hell**********]

Network Solutions is now required by ICANN (the regulating body for domain
registrations) to have all domain owners confirm their email address contact information or
their domains will be deactivated. If your domains are deactivated you will still own the
domains but you will not be able to have live websites until you verify your contact
information. If you wish to view the list of domains subject to verification, please login to
Account Manager.

To ensure your domains remain active, please click the CONFIRM button below to
confirm the email address we have for you is accurate.


If you have any questions, feel free to contact customer service at 1-866-507-1946.

Best Regards,
Network Solutions® Customer Support

Need Assistance?

Call: 1-866-507-1946

Hours: 7:00 a.m. - Midnight ET, 7 days a week

I don't have a problem with them "verifying" my e-mail address. Given I had verified my phone number recently, this seemed not too suspicions, but the way it is worded is almost typical of a scam, trying to scare people. So, I'll be on the safe side and check a bit further.

So, first check the headers: The e-mail server reports it was received as "Received: from jax4mhfb01.myregisteredsite.com ([64.69.218.94]:45138 )". That host name looks suspicious has heck, but I logged in to my account and had it send a legitimate e-mail, and that has the exact same header from the exact same IP! Older e-mails from a year or so ago actually originated directly from the networksolutions.com domain.

Very fishy. Trying to search google for any relation between networksolutions.com and myregisteredsite.com shows nothing specific, but there were few hints of a relationship.

Ok, so how about I just do a search for other people who have gotten this e-mail. Well, a couple of hits but on sites that I don't really consider "authoritative" in any way. Mixed results if this is legit or not.

How about just a site search on networksolutions.com about varying e-mails or something like this? Not a damn thing on their site! The "right" way to do this would be for me to log in on their site, click a button to "verify e-mail", received the e-mail, then enter a code on their site or open a validation URL to their site. But there is nothing like this at all!

Ok, so what about the actual "confirm" URL in the e-mail? Well, because they use HTML formatting, my e-mail client actually barfed on it, but the URL was to https://cclinks.networksolutions.com with a long string after it, apparently an "encrypted" code of some kind. Well, ok that is their site, but if that is one of those redirectors that can point anywhere...

Eh, what the hell. It will probably sign me up for more spam (meh, bring it on, I get plenty already) I took some precautions in case it case it pointed to malware or a fake web site.

See the attached screen shot. The links seem to be legit, but didn't push any further. Who the hell is "www.registrar-transfers.com"? Once again, a web search turns up nothing useful.

networksolutionsfail.png

At any rate, if this was legit, then it is a whole pile of massive fails. I'm still left with absolutely no clue as to what is going on.
 
I've been getting similar emails from GoDaddy for years (at which I have a couple of sites registered) and just ignore them.
 
Sounds like a scam, but if you want to make sure, go to their web site, call the phone number off of their website, and get everything cleared up. Just ignore the stuff in the email.
 
Since domain registrar information is public record, anyone can troll around on it and harvest contact information, and do. There are slimy companies which all they do all day long is troll domain registration renewals or new records and either try to scam, spam or sell unnecessary services. The most common unnecessary service is "SEO" or search engine optimization, where they'll spam search engines to get your website higher up in the search rankings. They all usually try to impersonate the registrar you have your domains with, or at least make themselves look like a legitimate partner or third party company when doing so.

There are registrars which have domain privacy options that obscure the domain contact information with their own, so that people can't see your contact info directly. Some registrars like Godaddy charge for this service, but others have it included in the cost of the domain registration. I've started switching my domains to namecheap because Godaddy has turned into nickel and dime hell. They used to provide all sorts of things for free, like a one page website or free email hosting, but all of that costs money now, and their base domain rate keeps inching up every year.

Though there are some TLDs which by policy you can't use domain privacy on, .in being one for instance (I have one .in domain.)
 
There are registrars which have domain privacy options that obscure the domain contact information with their own, so that people can't see your contact info directly. Some registrars like Godaddy charge for this service, but others have it included in the cost of the domain registration. I've started switching my domains to namecheap because Godaddy has turned into nickel and dime hell. They used to provide all sorts of things for free, like a one page website or free email hosting, but all of that costs money now, and their base domain rate keeps inching up every year.

Yep, GoDaddy has turned to crap. Been with them for over 10 years. I'm going to switch soon too.
 
Ah, sort of like all those old .nu TLD domains. Strange case that--.nu stands for the island nation of Niue, but is controlled by Sweden, over the objection of the government of Niue. Strange situation, that.
 
Exactly so--the .nu TLD is prized by Swedes and Danes particularly because in the respective languages, "nu" means "now". Nuiean businesses prefer the .au TLD.
 
They did this to me.

I received an e-mail at the end of June telling me to check my whois for errors. Naturally, I used whois from a command line to check it. Everything was good, as always, and so I went about my business.

On Thursday, they suspended my domains with no notice at all. They say it will take 24 to 48 hours to bring them live again. In the meantime, my customer's e-mails aren't arriving (I'm a small ISP in a rural county). In locking the records, they removed the correct DNS servers and put their own so nothing is resolving to anything now.

I went back and looked at the e-mail and it did warn of this in the body of the e-mail. However, I've been seeing e-mails about checking for errors for years (two of the domains are just short of 25 years old). What I didn't know was that instead of just checking them now, we have to then confirm to Network Solutions that we checked them!

They could at least send a couple of automated warning e-mails before deactivating the domains to give some warning about what they are going to do. It is possible that they did, but from some other address. I get so much spam to that address that e-mails that aren't from the usual Network Solutions domain would quickly get lost.

Oddly enough, three spam messages have gotten through! That's easy to explain, though. If an smtp server trying to relay e-mail requests the MX records from a DNS server that has those MX records cached, then for that e-mail, the smtp server will know where to send it.
 
I once used GoDaddy as my registrar and hosting, but haven't for years. I still get phishing messages asking to verify my email on GD. Straight to the spam bucket.
My current registrar has, at no additional charge, added a privacy screen to the publicly available whois information. Smart move.
 
I used to use porkbun.com. no issues, great prices. the only reason I have moved from them is I now work for a registrar/registry so no need.
 
It appears that their 24 to 48 hours to reactivate the domains may not apply to weekends. It's 44 hours since they promised 24 to 48 hours and they still haven't reactivated the domains they shut down.
 
Back
Top