DomainPeople phishing scam?

[budgetname]

Hi,

Just received a request which appears to be from domainpeople requesting to transfer one of my domains to them. I have NOT done this. :td:

In the request email it says to go to address http://transferauthorization.com/transfer/

Anyone know if this is the legit domainpeople request page? Phishing? Or just some idiot?

Thanks,

 

[Spade]

That domain was created last month...

doesnt quite feel right...

Call them up. See what happens - but this looks like a scam.

 

[Mark]

Did the email header contain any info showing it coming from them ?

Kind of hard to prove without contacting them directly or seeing more info ...

Were you in the middle of a transaction at all on this domain ?

	 "NameCheap.com" <info<AT>transfer-approval.com> 	
to domaininvestor
	
show details
	 Apr 20 
STANDARDIZED FORM OF AUTHORIZATION

DOMAIN NAME TRANSFER - Initial Authorization for Registrar Transfer

Attention: Domain Name Owners
Re: Transfer of ******.***

eNom, Inc. has received a request from Domain Manager (Domain Name Owners) on 20 Apr 2007 for us to become the new registrar of record.

You have received this message because you are listed as the Registered Name Holder or Administrative contact for this domain name in the WHOIS database.

Please read the following important information about transferring your domain name:

* You must agree to enter into a new Registration Agreement with us.  You can review the full terms and conditions of the Agreement at

< http://transfer-approval.com/u.asp?id=****************** >

* Once you have entered into the Agreement, the transfer will take place within five (5) calendar days unless the current registrar of record denies the request.

* Once a transfer takes place, you will not be able to transfer to another registrar for 60 days, apart from a transfer back to the original registrar, in cases where both registrars so agree or where a decision in the dispute resolution process so directs.

If you WISH TO PROCEED with the transfer, you must respond to this message by using the following URL (note if you do not respond by 27 Apr 2007, *******.*** will not be transferred to us):

< http://transfer-approval.com/u.asp?id=***************** >

YOU MUST CLICK THIS LINK TO CONTINUE THE TRANSFER PROCESS

If you DO NOT WANT the transfer to proceed, then don't respond to this message.

If you have any questions about this process, please contact support<AT>NameCheap.com.

This is one recently from Enom (Through Namecheap) to me that was legit.

 

[budgetname]

Thanks domainspade

Already emailed them but no reply yet.

Email sent to me below.
It appears to be sent from [email protected]
----------------------------
Domain Name Transfer - Request for Confirmation Message

Re: Transfer of:
cool.info

DomainPeople, Inc. has received a request to transfer one or more domains from
another Registrar. This request was initiated by DomainPeople
on Fri Apr 27 07:03:16 PDT 2007.

You have received this message because you are listed as the Registered Name
Holder or Administrative contact for this domain name in the WHOIS database.

Please read the following important information about transferring your domain
name:

You must agree to enter into a new Registration Agreement with us. You can
review the full terms and conditions of the Agreement at:
http://www.domainpeople.com/registrationagreement.htm

Once you have entered into the Agreement, the transfer will take place
within five (5) calendar days unless the current registrar of record denies
the request.

Once a transfer takes place, you will not be able to transfer to another
registrar for 60 days, apart from a transfer back to the original registrar,
in cases where both registrars so agree or where a decision in the dispute
resolution process so directs.

If you WISH TO PROCEED with the transfer, you must respond to this message via
the following method (note if you do not respond within 7 days the domain name
or domain names listed above will not be transferred to us.).

To authorize the transfer, simply log in to the consent form below using the
Order ID and Password.

http://transferauthorization.com/transfer/

OrderID: *****
Password: ********

If you DO NOT WANT the transfer to proceed, then don't respond to this message.

Sincererly,
DomainPeople, Inc.

 

[Spade]

Your gonna have to see the header on the email in order to determine where it really came from.

 

[budgetname]

Your gonna have to see the header on the email in order to determine where it really came from.

Here's the applicable parts from header;
-------------------------------------

Received: from mail.domainpeople.com (unknown [204.174.223.76])
by ******.pacific.net.au (Postfix) with ESMTP id ****
for <****@*****.***.au>; Sat, 28 Apr 2007 01:10:16 +1000 (EST)
Received: from [204.174.223.61] (helo=rpapp01.domainpeople.com)
by mail.domainpeople.com with esmtp (Exim 4.52)
id 1HhS5P-0002nq-3X; Fri, 27 Apr 2007 08:10:15 -0700
From: [email protected]
To: ****@*****.***.au
Message-ID:
<*******.*******[email protected]>
Subject: Registrar Transfer Consent Request

---------------------------

Appears to go directly from this unknown address "(unknown [204.174.223.76])" directly to my isp. Holds no info on routing. So this means forged header sent directly to my isp then?

Were you in the middle of a transaction at all on this domain ?

No transaction at the moment.

 

[Spade]

The IP addy is from Vancouver, BC

Reverse DNS shows - blurr.domainpeople.com

looking for more...

Unsure - looks like it may be legitimate, but that scares me - definetly worth a phone call.