And were sent just hours apart. It’s the reason why people are talking over at DnForum about whether they recently gave up their Godaddy info to potential thieves. The first email is real, the second is fake. They both look completely legit with the only difference being the first one takes you to Godaddy.com and the other to GodaddyAuthorization.com
While there is no way to stop people from duplicating emails, it is probably a good idea to stop adding follow through links. Just words like “please login to your account and check your alerts”. Setting up the alerts to actually mean something would get people to start paying attention. Each email reminding them to check them and when checked would then lead them to verify or fix the problems mentioned in the email. I’ve learned over the years to NEVER follow through or sign in through an email but like all of us, get busy and could accidentally click through a bad email when the email addy and content look so close like this. I also have phone verification on my phone and a domain can’t be transferred out or pushed without a phone call directly to me. I personally know the people that call so they would know it wasn’t me on the phone. So I really have no worries about getting domains stolen. But not everyone does, so there needs to be some sort of adjustment to protect their clients. I have always felt that SMS needs to be integrated into Godaddy. My bank, paypal, and almost every money oriented site has it and it costs very little to install and implement (relatively little for a billion dollar company). A text code sent to your phone that you need to type in to let domain leave the account. If someone changes the verification/text phone number you even get a text to your old number for that. It’s 24 hours a day, don’t have to wait for a sales rep, and everyone, not just special account holders, could have the security. It would also attract new customers if they know that it is very difficult to have you domains stolen. But then I’d miss talking to Matt.
The difference is that the legitimate email does not require you to log in!
However, this won’t make a difference for millions(?) of GoDaddy customers, that can’t be aware of which option is valid and which isn’t; potentially, this can lead to the termination of registrations due to no confirmation.
If you do not click on the real godaddy one, the domains in your account cannot be account changed, nor can the nameservers be changed. The thing is most domainers and tech savvy people are aware, but what about all those small businesses, and the people holding the 1-2 or aged gem domains in their account. Godaddy needs to send out some PR warning people.
“so there needs to be some sort of adjustment to protect their clients.”……..Agreed! Security needs to be improved and should be a priority as we will always be battling malicious hackers with unethical intent. I have been a long time GD customer. They are now upselling every new feature and not taking care of the core….I believe they may be losing focus. Time will tell.
I used to work at Godaddy – their is (or was in my time) an SMS feature called 2 code authentication. From memory, it was to prevent unauthorized logins to your account.
I’m always interested in hearing new ideas for Godaddy and their user experience. I came up with the idea of sortable domain manager columns 🙂