A guy I know passed along this e-mail sent to one of his customers. They assumed it was a phish, since they didn’t recognize the domain name in the link, but couldn’t figure out what the goal of the phish was.

They even checked the list of ICANN registrars, and nope, registrar.eu wasn’t on the list.

Nonetheless, this mail was real, and if the recipient had ignored it, his domain would have been suspended. What’s going on?

Dear domain name owner, *Your action is required to prevent domain suspension*

This verification e-mail is triggered because your e-mail address is used in the owner contact of a domain registration and this e-mail address was not verified before or we have received information that this e-mail address might not be in use anymore.

As we did not receive affirmative response on our last e-mail, we send you a final reminder. Please note that your domain name(s) may be suspended if the e-mail address is not confirmed. The domain name registration policy of ICANN requires that a valid and working e-mail address is provided with each domain registration.

To verify this requirement, we kindly request you to confirm the accuracy of your e-mail address by clicking the link below:

http://icann-verification.registrar.eu/?email=xxx@yyy&authCode=123456

If you do not confirm the validity of your e-mail address by 2016-06-14 17:40:40, domain name(s) associated with this e-mail address may be suspended and can only be re-activated once the verification is completed. Thank you very much for your cooperation.

Kind regards, * Please consider the environment before printing this e-mail

What we have here is the deep and twisty maze of hosting and domain registrar resellers. Being a small host or registrar is impractical because there’s a lot of fixed costs for either, such as physical data centers for hosting and registry agreements for registrars, so large providers often sell “white label” service to resellers who put their own brand on it.

A visit to registrar.eu’s web site brings up a page with the unhelpful message “For more information, please contact your hosting provider” in six languages. A little more sleuthing, checking the RIPE assignment of their IP addresses, found that they’re the same people as openprovider.com, a Dutch company that is indeed an ICANN accredited registrar.

ICANN requires that registrars verify the e-mail addresses provided with domain registrations, which is not at all unreasonable. So the registrars automatically send out notices like the one above. The problem is that when there’s a few layers of reseller involved, the customer usually has no idea who the underlying provider is for the guy from whom she buys her domains.

Some resellers, including Openprovider, offer customizable templates so the notices have the reseller’s name on them, but in my experience, most resellers don’t bother to change them from the default, so the users get mystery messages like the one above. So I told my contact that this message is almost certainly real, that the domain it’s related to is likely a European one since that’s Openprovider’s main market, and whoever registered dealt with a reseller and likely has no idea that it’s Openprovider underneath.

To some extent, this problem is self-correcting, since customers are likely to complain when their domains are suspended for lack of address confirmation (mine sure do,) and the resellers will either clean up their messaging or the customers will go elsewhere.

But it does remind us that the Internet’s economic ecosystem is impressively complex. It also points out that although it’s often noted that the Net disintermediates commerce, by letting customers deal directly with vendors rather than local stores and agents, it also makes it easy to add extra intermediation, with layers of companies that are not more than interlinked web sites.