Guild Wars 2

I received an e-mail from ‘The Guild Wars 2 Team’ w/ the topic ‘Welcome to the World of Guild Wars 2!’

Every time I received mail from them was from ‘ArenaNet’ so… Has anybody else received this e-mail and is it legit? With all the account hacking going on I became paranoid. Honestly it’s pretty sad that I’m paranoid to click that when I actually do have a GW2 account.

I did a while back (28th) and the email at the top said guildwars2.ncsoft.com via bluehornet.com. Mousing over all the links shows a guildwars2.ncsoft.com address and clicking on the links takes me to the original GW2 pages, with no mispellings or false looking URL’s so I think mine is legit, though someone could have gotten hold of yours and tampered with it.

Just don’t click a link unless you’re expecting one. Always best to type it in manually too.

GaileGray.9587:

I scan the email link VERY carefully before I click, but yes, we do sometimes send things out as The Guild Wars 2 Team. Keep in mind that anyone can put any name in their “sender” profile, so use caution when clicking links in any inbound email.

It would be helpful if mails from ArenaNet didn’t result in a “softfail” with Google’s authentication.

Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning support@guildwars2.com does not designate 216.136.162.124 as permitted sender) smtp.mail=support@guildwars2.com

CorpraSalaith.8912:

I did a while back (28th) and the email at the top said guildwars2.ncsoft.com via bluehornet.com. Mousing over all the links shows a guildwars2.ncsoft.com address and clicking on the links takes me to the original GW2 pages, with no mispellings or false looking URL’s so I think mine is legit, though someone could have gotten hold of yours and tampered with it.

You only made me more confused about what I feel towards the mail lol

I think it would be best if Arena Net started to use cryptographic signing for all emails they send. Then we would be 100% sure that the email originated from Arena or someone with Quantum computer ).

Freyar.3254:

It would be helpful if mails from ArenaNet didn’t result in a “softfail” with Google’s authentication.

It’s not Google’s authentication specifically, it’s SPF (sender policy framework), a protocol intended to reduce spam and source spoofing. It’s not perfect, but it’s pretty easy to configure and does help combat “basic” spoofing, so it’s odd that Arena Net’s postmaster didn’t bother to create the appropriate records.

Freyar.3254:

GaileGray.9587:

I scan the email link VERY carefully before I click, but yes, we do sometimes send things out as The Guild Wars 2 Team. Keep in mind that anyone can put any name in their “sender” profile, so use caution when clicking links in any inbound email.

It would be helpful if mails from ArenaNet didn’t result in a “softfail” with Google’s authentication.

Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning support@guildwars2.com does not designate 216.136.162.124 as permitted sender) smtp.mail=support@guildwars2.com

SPF isn’t a huge deal anyway, but their sysadmins really should get the IP of their SMTP servers included in their SPF record.