Namecheap's outbound email flow compromised: valid rdns, spf, dkim and dmarc on phishes
mike at mtcc.com
Sun Feb 12 23:54:50 UTC 2023
I think that it might be appropriate to name and shame the third party,
since they should know better too. It almost has the whiff of a scam.
On 2/12/23 3:49 PM, Eric Kuhnke wrote:
> One very possible theory is that whoever runs the outbound marketing
> communications and email newsletter demanded the keys and got them,
> with execs overriding security experts at Namecheap who know better.
> I would sincerely hope that the people whose job titles at Namecheap
> include anything related to network engineering, network security or
> cryptography at that company do know better. Large domain registrars
> are not supposed to make such a rookie mistake.
> On Sun, Feb 12, 2023, 3:46 PM Michael Thomas <mike at mtcc.com> wrote:
> On 2/12/23 3:40 PM, Eric Kuhnke wrote:
> > https://lowendtalk.com/discussion/184391/namecheap-hacked
> > It looks like a third party service they gave their keys to has
> > compromised. I got several phishes that fully pass as legit
> > emails.
> > https://www.namecheap.com/status-updates/archives/74848
> If they actually gave them their own private keys, they clearly don't
> get how that's supposed to work with DKIM. The right thing to do is
> create a new selector with the third party's signing key. Private
> should be kept... private.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the NANOG