<div dir="auto"><div>One very possible theory is that whoever runs the outbound marketing communications and email newsletter demanded the keys and got them, with execs overriding security experts at Namecheap who know better. <div dir="auto"><br></div><div dir="auto">I would sincerely hope that the people whose job titles at Namecheap include anything related to network engineering, network security or cryptography at that company do know better. Large domain registrars are not supposed to make such a rookie mistake. </div><br><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Feb 12, 2023, 3:46 PM Michael Thomas <<a href="mailto:mike@mtcc.com">mike@mtcc.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
On 2/12/23 3:40 PM, Eric Kuhnke wrote:<br>
> <a href="https://www.namepros.com/threads/concerning-e-mail-from-namecheap.1294946/page-2#post-8839257" rel="noreferrer noreferrer" target="_blank">https://www.namepros.com/threads/concerning-e-mail-from-namecheap.1294946/page-2#post-8839257</a> <br>
><br>
><br>
> <a href="https://lowendtalk.com/discussion/184391/namecheap-hacked" rel="noreferrer noreferrer" target="_blank">https://lowendtalk.com/discussion/184391/namecheap-hacked</a><br>
><br>
> It looks like a third party service they gave their keys to has been <br>
> compromised. I got several phishes that fully pass as legit Namecheap <br>
> emails.<br>
><br>
> <a href="https://www.namecheap.com/status-updates/archives/74848" rel="noreferrer noreferrer" target="_blank">https://www.namecheap.com/status-updates/archives/74848</a><br>
><br>
><br>
If they actually gave them their own private keys, they clearly don't <br>
get how that's supposed to work with DKIM. The right thing to do is <br>
create a new selector with the third party's signing key. Private keys <br>
should be kept... private.<br>
<br>
Mike<br>
<br>
</blockquote></div></div></div>