Namecheap's outbound email flow compromised: valid rdns, spf, dkim and dmarc on phishes
Michael Thomas
mike at mtcc.com
Sun Feb 12 23:46:05 UTC 2023
On 2/12/23 3:40 PM, Eric Kuhnke wrote:
> https://www.namepros.com/threads/concerning-e-mail-from-namecheap.1294946/page-2#post-8839257
>
>
> https://lowendtalk.com/discussion/184391/namecheap-hacked
>
> It looks like a third party service they gave their keys to has been
> compromised. I got several phishes that fully pass as legit Namecheap
> emails.
>
> https://www.namecheap.com/status-updates/archives/74848
>
>
If they actually gave them their own private keys, they clearly don't
get how that's supposed to work with DKIM. The right thing to do is
create a new selector with the third party's signing key. Private keys
should be kept... private.
Mike
More information about the NANOG
mailing list