1.2.7. Anti-phishing

Starting February 5, 2026, all emails from our company will contain an anti-phishing code. This is a unique identifier used to verify the authenticity of our emails. It helps protect against phishing attacks, where attackers send fake emails purportedly from our company in order to steal your money under the guise of payment for services or to obtain your data.

By default, your account ID is used as the anti-phishing code, but for more security, you can configure your own anti-phishing code that only you will know.

✅ Key signs that the email was sent by us:

• The email was sent from the address maillist@hosting.xyz.
• The email contains the anti-phishing code:
  • Or your account ID (if the anti-phishing code is not configured).
  • Or your anti-phishing code.
• Information about the email is available in your account in the "Emails archive" section.

❌ Key signs that the email was sent by malicious actors:

• The email was sent from an external address (not from maillist@hosting.xyz).
• The email does not contain an anti-phishing code.
• The email contains an anti-phishing code, but it does not match the one that should be there, for example:
  • You have not configured the anti-phishing code, and the email does not contain your ID or contains an anti-phishing code that you do not recognize.
  • You have configured anti-phishing code, and the email contains an ID or anti-phishing code that you do not recognize.
• There is no information about the email in the "Emails archive" section.
• The email tries to rush you, contains suspicious links, threats, etc.

If you have any doubts about the authenticity of an email from our company, you can also contact us for consultation via online chat (available 24/7).

Just because you received a phishing message doesn't mean that malicious actors have somehow obtained your personal information.

Typically, the process for sending such messages works as follows:

1. Malicious actors scour the internet for information about active domains and identify their registrars.
   • This information is always publicly available and can be viewed on any WHOIS or RDAP service.
   • Please note that this refers to the domain itself, not its contacts, which are always hidden by default.
2. They forge the email template, sometimes trying to make it look like a message from a real registrar.
   • In some cases, anti-phishing code may even be added, but it will not match yours.
3. They search the web for vulnerable sites and hack into them to use them for sending messages.
4. Phishing messages are being sent through a hacked site.
   • Recipient addresses are typically generated using a template — the domain address is taken, and standard prefixes such as admin, info office, seller, support, etc., are added to it.
5. They wait for one of the recipients to open the link in the message and enter their personal and payment information.

When we detect a phishing campaign, we immediately take the necessary steps: we block the senders' addresses, display a warning in our control panel, and file complaints with the site host and domain registrar used to send the phishing messages.

1. Open the "Personal data" section and switch to the "Security" tab.
2. In the "Anti-phishing" block, click "Configure":
3. Enter your anti-phishing code, which only you will know, and save the changes:
4. When the anti-phishing code is configured, a corresponding message is displayed next to the settings button:

Examples of how anti-phishing code appears in emails:

• Anti-phishing code is not configured — account ID is used:
• Anti-phishing code is configured: