My account has been suspended. Is this a scam?

Detailed Analysis

A Reddit user posting to r/Anthropic describes receiving an email purportedly from Anthropic's Safeguards Team informing them that their Claude account had been suspended due to suspected underage use. The email requests age verification through Yoti, a legitimate third-party identity verification company, and includes a 30-day window to appeal. The user's primary concern centers on two seemingly suspicious technical details: the sender address contains a long randomized alphanumeric string ([email protected]), and the embedded link begins with https://url8792.mail.anthropic rather than a clean anthropic.com URL. Critically, the user confirms the account suspension is real, and they had already clicked the link before pausing to scrutinize the sender details.

Despite the alarming appearance of the email, the technical indicators strongly suggest it is legitimate. Both the sending address and the redirect link operate from subdomains of anthropic.com — a domain that cannot be registered by third parties without Anthropic's control. The randomized string embedded in the sender address is a standard artifact of commercial email delivery platforms such as Salesforce Marketing Cloud or SendGrid, which generate unique tracking identifiers appended to a verified sending domain. Similarly, redirect URLs in the format "url####.mail.[domain].com" are a routine feature of these platforms, used to track link engagement while remaining technically anchored to the company's own domain infrastructure. A phishing attempt would typically rely on lookalike domains (e.g., mail-anthropic.com or anthroplc.com) rather than authentic subdomains.

Yoti's involvement further supports the email's legitimacy. Yoti is a well-established UK-based digital identity and age verification provider used by regulated platforms across multiple industries. Anthropic's use of a third-party age verification service aligns with broader industry compliance practices, particularly given increasing regulatory pressure — including the UK's Online Safety Act and various U.S. state-level child privacy laws — that require platforms to implement age assurance mechanisms. Anthropic's terms of service prohibit use by individuals under 13 in general and under 18 in some jurisdictions, and enforcement actions of this kind represent a credible operational process for a company of Anthropic's scale.

The user's anxiety reflects a genuine and widespread problem in digital security communication: legitimate transactional emails from large companies frequently resemble phishing attempts in their visual and technical construction, creating confusion for even cautious users. The best practice in such situations — regardless of whether the email ultimately proves authentic — is to independently verify the suspension by logging in directly at claude.ai or contacting Anthropic support through its official help portal, rather than relying solely on email links. The fact that the user paused after clicking and sought community verification before proceeding demonstrates sound instinct, even if the email appears genuine in this case.

This incident connects to a broader tension in AI platform governance: as Anthropic and competitors enforce content policies and user eligibility requirements at scale, the automated enforcement emails they generate can be technically indistinguishable from phishing infrastructure to ordinary users. The opacity of email service provider routing, combined with growing public awareness of account-compromise scams, creates a trust deficit that companies must address through clearer sender identification practices and in-product notifications that corroborate external email communications.