Why Does Tucows Send Important Emails Which Look Like Phishing?


A few weeks ago, I received what I thought was a particularly inept phishing attack.

Subject: shkspr.mobi

***PLEASE NOTE THAT IF YOU DO NOT RESPOND TO THIS EMAIL YOU MAY RUN THE RISK
OF THIS NAME BEING ERRONEOUSLY DELETED - PLEASE ENSURE THAT YOU REPLY TO
THIS MESSAGE (VIA EMAIL) WITH REFERENCE TO THE ACCURACY OF THE WHOIS

INFORMATION***

Hello;

I'm writing to you from Tucows (Registrar for your domain). It has come to our attention that the WHOIS for this domain (see subject line) may not be accurate.

According to Section 18 of the Registrant Agreement you accepted when you registered the domain name, all information is to be current, complete and accurate.

(http://www.opensrs.com/docs/contracts/exhibita.htm)

18. INFORMATION. As part of the registration process, you are required to provide us certain information and to update us promptly as such information changes such that our records are current, complete and accurate. You are obliged to provide us the following information:

(a) Your name and postal address (or, if different, that of the domain name holder);
(b) The domain name being registered;
C the name, postal address, e-mail address, and voice and fax (if Available) telephone numbers of the administrative contact for the domain name;
(c) The name, postal address, e-mail address, and voice and fax (if
(d) Available) telephone numbers of the billing contact for the domain name; and
(e) The name, postal address, e-mail address, and voice and fax (if
(f) Available) telephone numbers of the technical contact for the domainname.

Any voluntary information we request is collected in order that we can continue to improve the products and services offered to you through your
Reseller.

As the Registrar, it is our responsibility to maintain the WHOIS and ensure that the information provided is up to date and accurate. We have received notification that information listed in the WHOIS for the domain name may be inaccurate. We are required, as per our ICANN obligations, to ensure that this is remedied. This is outlined in Section 20 of the Registration Agreement.

20. REVOCATION. We, in our sole discretion, reserve the right to deny, cancel, suspend, transfer or modify any domain name registration to correct a mistake, protect the integrity and stability of the company and any applicable registry, to comply with any applicable laws, government rules, or requirements, requests of law enforcement, in compliance with any dispute resolution process, or to avoid any liability, civil or criminal. You agree that we shall not be liable to you for loss or damages that may result from our refusal to register or cancel, suspend, transfer or modify your domain name registration.

Please ensure that the WHOIS information is updated no later than close of business on date Apri 1 2013 If you would like to further discuss this
issue, please do not hesitate to contact me.

Regards,

REDACTED | Compliance Officer |Tucows

Clearly Phishing, Right?

Let's see, this fired off all my spidey-senses for a phishing email.

  • BIG LEGAL WARNING TEXT
  • Poor grammar.
  • Numerous spelling errors ("Apri 1 2013"?)
  • Atrociously formatted
  • Vague threats.
  • I don't have any contractual relationship with Tucows.
  • Demands for personal information.

So, I ignored it. Turns out, that was a mistake!

Uh-Oh!

A few hours ago, I received this email:

Hello;

This is to inform you that to date I have not received any notification that any changes have been made to the Whois for this domain nor have you confirmed the accuracy of the whois.

As the agreement that you have with us states that "Your willful provision of inaccurate or unreliable information, your willful failure promptly to update information "

And

"the accuracy of contact details associated with the your registration shall constitute a material breach of this Agreement and be a basis for cancellation of the domain name"

And that we (Tucows) as per our obligation with ICANN are left with no other recourse than to cancel the above mentioned domain.

If you have any questions, please feel free to contact me.

And, with that, my domain disappeared from the Intertubes!

Quick!

I frantically placed an international phone call and spoke to one of Tucows's compliance officers. We quickly established that this wasn't a scam and that all I needed to do was drop them an email stating that my WHOIS info was correct.

I did so, and in mercifully short time my domain popped back up.

I pointed out to them that I was unaware that I had any relationship with them. "Should have read your contract," they replied huffily.
Even if I had, I responded, the emails clearly look like they're a scam. "No they don't," they said. And that was the end of the matter as far as Tucows was concerned.

How Would You React?

Why didn't I spot this was a genuine email? Would you know that this poorly typed jumble of legalese was a real threat to your website?

I remember Tucows back when it was "The Ultimate Collection of Windows Software" - a rather motley collection of dog-eared "shareware" back in the day. Since then, it has become one of the biggest domain providers on the planet.

Nevertheless, my contract is with VidaHost (Affiliate link, lovely company, use code "edent" for a discount). A search of their site doesn't show any mention of Tucows. A search of my various contracts contains nothing about them.

I'm a geek, and even I find the weird nature of domain name registrars confusing. What hope for the average punter?

With the rise in spam and phishing, it behoves companies to make sure that their communications don't inadvertently look like illegitimate scrawls from the Internet’s underbelly.

Tucows clearly suffers from a lack of quality control. If they're this sloppy with their important emails, imagine the state of the rest of the company.

2 thoughts on “Why Does Tucows Send Important Emails Which Look Like Phishing?

  1. Domains, the dark corner of Internet business ;-). It's no fun there. Every top level domain has its own rules and they regularly fail to follow the business chain backwards when trying to communicate.

  2. I get a nice and simple email from Namecheap saying click this link if these details are correct. I click on over a 130 links a year to verify the details on my domains.. but that's it. Job done. Reading what you have experienced makes me glad I don't have to deal with TUCOWS.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.