Namecheap's outbound email flow compromised: valid rdns, spf, dkim and dmarc on phishes

• Previous message (by thread): Namecheap's outbound email flow compromised: valid rdns, spf, dkim and dmarc on phishes
• Next message (by thread): Namecheap's outbound email flow compromised: valid rdns, spf, dkim and dmarc on phishes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2/12/23 3:40 PM, Eric Kuhnke wrote:
> https://www.namepros.com/threads/concerning-e-mail-from-namecheap.1294946/page-2#post-8839257 
>
>
> https://lowendtalk.com/discussion/184391/namecheap-hacked
>
> It looks like a third party service they gave their keys to has been 
> compromised. I got several phishes that fully pass as legit Namecheap 
> emails.
>
> https://www.namecheap.com/status-updates/archives/74848
>
>
If they actually gave them their own private keys, they clearly don't 
get how that's supposed to work with DKIM. The right thing to do is 
create a new selector with the third party's signing key. Private keys 
should be kept... private.

Mike

• Previous message (by thread): Namecheap's outbound email flow compromised: valid rdns, spf, dkim and dmarc on phishes
• Next message (by thread): Namecheap's outbound email flow compromised: valid rdns, spf, dkim and dmarc on phishes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]