Sophisticated phishing or bad security by Dell?

I've received a very likely phishing email from "Dell " claiming to be confirmation of my Dell Service Contract. It has a lot of information about my actual recent Dell purchase, and looks almost fully legitimate, except for some serious red flags..

I would really like to discuss this with someone in Dell's security team. 

For a number of strong reasons I believe this is NOT a legitimate Dell email, and is instead a sophisticated Phishing attempt.  If it truly is not legitimate, than it is highly concerning how anyone would be able to obtain the amount of information it displays regarding my recent purchase and the service contract included. 

Reasons I believe this message is not legitimate:

• Every other message concerning my purchase has come from dell.com, not dellscp.com. I have no reason to trust dellscp.com, which I've never heard of and cannot confirm is owned by Dell. Dell expects me to open attachments, and trust login links in email from a domain they've never disclosed to me previously?
• The email's SMTP headers show it arriving to my email provider from the "gold-group.com" domain and an IP address assigned not to gold-group.com, but to sendgrid.com, which appears to be an email marketing company.  Large companies do sometimes outsource their customer communication to mail providers like MailChimp, and this is probably such a company.  But that practice is BAD for customers who are rightly cautious of email security.  They are the very definition of spoofed email, and they ask customers to trust an inherently untrustworthy message.
• I can't conclusively connect the dellscp.com website to Dell.  It looks like a Dell site. But that's what phishers do. they copy legitimate content and create a look-alike site, but with a slightly off URL. The site claims to be "Dell Service Card Portal", and wants me to login with my Dell credentials. But if I search for "Dell Service Card Portal" I get NO valid hits on that phrase.  Not from anywhere, much less from a dell.com site where it should be mentioned if it's valid. The SSL certificate for this site doesn't even claim to be the Dell Inc organization like Dell.com's certificate does - it only claims to be dellspc.com - whatever that is.. Worse, the certificate is issued from a dodgy CA (Sectigo aka Comodo) with a wikipedia-documented history of being badly hacked, and of issuing certificates to malware operators.  Not the same certificate issuer used by dell.com.

I'm not about to provide my credentials to that site, nor to open the attachments on the email.  Nor to even load the images in the email, which very likely contain tracking beacons that will confirm I opened the message.

If all this really is legitimately from Dell, then it would represent horrendous security practice by a company far too sophisticated to make such mistakes.  Dell support scams are rampant.  Dell should make it very easy to fully authenticate any communication coming from them.

If this is not legitimate, then Dell should be pursuing whoever is hosting this dellspc.com website and the email provider SendGrid whose IP address seems to have originated it.