Is this "Problem: Inaccurate whois information" email legit?

Dave's Answer:

We're in luck, because I dug through my spam mailbox and have an example of this same email message, which is actually yet another in the long parade of bogus phishing messages that are simply intended to aid in criminals or hackers stealing your login and password data for a specific Web site or online service.

Here's what I bet you also received:

---

On Sun, 2 Nov 2008 12:38:13 +0530 we received a third party complaint of invalid domain contact information in the Whois database for this domain. Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the Whois database is valid data or not. If we find that there is invalid or missing data, we contact both the registrant and the account holder and inform them to update the information.

The contact information for the domain which displayed in the Whois database was indeed invalid. On Sun, 2 Nov 2008 12:38:13 +0530 we sent a notice to you at the admin/tech contact email address and the account email address informing you of invalid data in breach of the domain registration agreement and advising you to update the information or risk cancellation of the domain. The contact information was not updated within the specified period of time and we canceled the domain. The domain has subsequently been purchased by another party. You will need to contact them for any further inquiries regarding the domain.

PLEASE VERIFY YOUR CONTACT INFORMATION - http://www.enom.com

If you find any invalid contact information for this domain, please respond to this email with evidence of the specific contact information you have found to be invalid on the Whois record for the domain name. Examples would be a bounced email or returned postal mail. If you have a bounced email, please attach or forward with your reply or in the case of returned postal mail, scan the returned letter and attach to your email reply or please send it to:

Attn: Domain Services 14455 N Hayden Rd Suite 219 Scottsdale, AZ 85260

LINK TO CHANGE INFORMATION - http://www.enom.com

Thank you,
Domain Services

[IncidentID:01104]

---

How do I know this is not legit? Because my email program, Microsoft Entourage, has a delightful feature: it shows not just the "display" URL but also the actual URL of the site you'd visit if you clicked on the link. In this case it shows:

PLEASE VERIFY YOUR CONTACT INFORMATION - http://www.enom.com
<http://www.enom.com.sys53.ru>

So, in fact, instead of going to enom.com, it'd actually take me to a site based in the Russian Federation , a site that is definitely not part of a US company that focuses on domain registrations.

In fact, if you dig into the "whois" information for the domain, you find that they're using a nameserver called "nastynameserver.com". Uh, yeah, probably not a legit corporation!

You were smart enough to do the right thing, too, by not clicking on the link in a message of this nature but instead going directly to the site that ostensibly sent the message, just to find out that, surprise, there was no problem registered with eNom at all.

I've said it before and can't say it too often: be careful, and be skeptical

---