I have received confirmation emails. What should I do now?
In the following cases, as the holder or administrative contact of a domain, you will receive emails regarding actions for which a reaction from you may be required:
- Whois data update
According to an ICANN requirement, the Admin-C of a gTLD receives an annual information email containing the complete Whois data of the domains they manage. The Admin-C is required to verify the accuracy of the Whois data and adjust it if necessary. If changes are necessary, you can adjust your domain contacts in the hosting.fr client portal. For more information, see the Helpdesk article “I moved - What do I need to change for my domain?”. - Expired Registration Recovery Policy (ERRP)
The domain holder must be informed in a timely manner of the expiration of the paid registration period, according to an ICANN requirement, whether the domain is automatically renewed by the provider or registrar or not. No direct reaction to this email is required, unless your chosen payment method is prepaid. In this case, funds must be added to your client account, otherwise your products cannot be automatically renewed. - Owner-C contact verification
Due to an ICANN requirement, the contact data of the Owner-C (domain holder) must be verified for gTLDs. After the successful registration of a domain, an incoming transfer, or a change of the Owner-C contact’s email address in the partner system, an email containing a verification link is automatically sent to the registered Owner-C contact. The latter must activate the confirmation of their modified contact data via this link.
Verification via this link must be carried out within 15 days. Within this time window, the domain holder will receive a reminder email containing the verification link every 3 days.
Important: If the data is not verified within the given time frame, this will result in the deactivation of the affected domain! - FOA email / “Form of Authorization”
During an incoming or outgoing transfer of a gTLD, the Admin-C contact receives an email from the registrar with information about the initiated domain transfer. The transfer can then be confirmed in the client interface and immediately validated or canceled. If the transfer is neither actively confirmed nor canceled, it will be automatically carried out after five days.
For more information on canceling or confirming an initiated transfer, see the Helpdesk article “ACK/NACK, what does it mean?”.
What these domain confirmation emails are, and why you receive them
Domain confirmation emails are automated messages sent to the domain owner or the administrative contact to confirm specific domain-related actions or to ensure that contact data remains accurate. These emails are not “marketing” messages. They exist because domain registries and industry rules require registrars to maintain up-to-date, verifiable contact information and to confirm specific high-impact actions, such as changes to ownership details or initiating a transfer.
In practice, you may receive confirmation emails in situations such as verifying owner contact details after a registration, transfer, or contact update, responding to expiry-related notifications, or confirming a transfer authorization request. These messages typically contain a verification link and a deadline. If you complete the verification within the required timeframe, the domain continues to operate normally. If you do not, the domain may be restricted or deactivated depending on the type of confirmation and the applicable rules.
The key point: treat these emails as operational tasks. They directly affect domain availability and transferability.
What to do when you receive a confirmation email?
When you receive a confirmation email, first identify which domain it relates to and what action it requests. The email subject and content usually indicate whether it is a data verification request, a transfer authorization message, or an expiry/renewal notice. Then use the action plan below.
Common confirmation email types and recommended actions:
Owner/registrant contact verification (after registration, transfer, or contact update)
- Open the email and use the verification link as instructed.
- Complete the confirmation as soon as possible to avoid restrictions.
- If the email address is no longer accessible, update the contact email through the registrar process first.
Transfer confirmation/authorization (FOA)
- If you initiated a transfer, follow the authorization instructions to approve it.
- If you did not initiate a transfer, do not approve it and review account security immediately.
Whois data accuracy reminders
- Confirm whether the displayed owner/contact data is correct.
- Update incorrect data promptly to avoid compliance issues.
Expiry-related notifications
- Treat these as time-sensitive. Confirm whether the domain should be renewed, cancelled, or transferred.
- If you plan to transfer, avoid last-minute action and ensure the transfer is completed before deadlines.
This structured response reduces the risk of missing an important deadline or approving an action you did not intend.
What happens if you miss the deadline, and how to recover
Most confirmation emails include a fixed timeframe to complete the required action. If you miss the deadline, the consequences depend on the type of email. For contact verification requests, the domain may be restricted, paused, or deactivated until verification is complete. In transfer-related cases, missing the confirmation window can delay the transfer or cause it to fail.
Recommended recovery steps:
- If the email is still available and the link still works, complete the verification immediately.
- If the link is expired, trigger a new confirmation process if the portal supports re-sending it, or repeat the underlying action that requires verification.
- If the domain is already restricted and you cannot complete verification, contact support with the domain name and a short description of the situation (for example, “verification email expired” or “cannot access registrant email address”).
Operationally, the best prevention is simple: treat domain confirmation emails as urgent, because delays can impact website availability, email delivery, and domain transfer timelines.
How to recognize legitimate confirmation emails and avoid phishing
Because confirmation emails can directly impact domain ownership and availability, attackers sometimes imitate them. Always validate the message before clicking links.
Use these safety checks:
- Verify that the email references the correct domain name and matches changes you actually initiated (registration, contact update, transfer, etc.).
- Be cautious if the email creates urgency without context or directly asks for credentials. Legitimate confirmations typically ask you to confirm via a link rather than sending passwords.
- Do not click links if the sender address, link destination, or wording looks inconsistent with your provider’s usual communication style.
- If you suspect a phishing attempt, do not approve anything. Instead, log in to your customer portal directly (without using email links) and check whether there are pending transfer requests or contact verification steps.
As a general rule: approve confirmation actions only when you initiated the change or can clearly verify why it is required. This avoids accidental transfer approvals and prevents unauthorized domain-related actions.