WHOIS Suspicious

Today I got an email claiming to be from ICANN. It went like this:

Dear Valued Customer,

ICANN, the organization responsible for the stability of the Internet, requires that each domain name registrant be given the opportunity to correct any inaccurate contact data (WHOIS data) associated with a domain name registration. Our records for your domain are as follows:

[...]

To review and update your WHOIS contact information, please log into our management interface at: https://manage.opensrs.net

If any of the information above is inaccurate, you should correct it. If all of the information above is accurate, you do not need to take any action.

Please remember that under the terms of your registration agreement, the provision of false WHOIS information can be grounds for cancellation of your domain name registration.

If you have any questions or comments regarding ICANN's policy, please contact them directly at icann@icann.org.

Thank you for your attention.

Best regards,
AccountSupport

It looks legit, except for a few things. First, there was this addendum:

NOTE: Please do NOT reply to this message. This is an outgoing message only.

Second, the email address showing up as the sender is support@accountsupport.com. Didn't seem right.

I decided to open up the original thing to see if it illuminated its origins any more. Browsing through the miscellaneous data, I discovered the IP address it appeared to come from: 216.40.35.x. I looked it up on Hostip.info, which returned that it belonged to Anjou, Canada. Hostip.info isn't always perfectly accurate, but ICANN's US base is in Marina del Rey, California... A far cry from Canada.

For the time being I think I'm going to ignore the email. Its legitimacy is questionable enough that I'd prefer to run the risk of whatever is a result of neglecting my WHOIS info rather than allow someone to get my domain name, username, and password.

Update: My dad, who has had no small experience with phishing (not as a victim, but as a natural cynic who has yet to succumb) agrees with my suspicion. With that I decided to report it to Gmail as a phishing attack. If anything comes from that I'll blog it.