<div dir="auto">Namecheap has updated their status page item to include<div dir="auto"><br></div><div dir="auto">"We have stopped all the emails (that includes Auth codes delivery, 
Trusted Devices’ verification, and Password Reset emails, etc.)"</div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto">Yikes.</div><div dir="auto"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Feb 12, 2023, 3:54 PM Michael Thomas <<a href="mailto:mike@mtcc.com">mike@mtcc.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div>
    <p>I think that it might be appropriate to name and shame the third
      party, since they should know better too. It almost has the whiff
      of a scam. <br>
    </p>
    <p>Mike<br>
    </p>
    <div>On 2/12/23 3:49 PM, Eric Kuhnke wrote:<br>
    </div>
    <blockquote type="cite">
      
      <div dir="auto">
        <div>One very possible theory is that whoever runs the outbound
          marketing communications and email newsletter demanded the
          keys and got them, with execs overriding security experts at
          Namecheap who know better. 
          <div dir="auto"><br>
          </div>
          <div dir="auto">I would sincerely hope that the people whose
            job titles at Namecheap include anything related to network
            engineering, network security or cryptography at that
            company do know better. Large domain registrars are not
            supposed to make such a rookie mistake. </div>
          <br>
          <br>
          <div class="gmail_quote">
            <div dir="ltr" class="gmail_attr">On Sun, Feb 12, 2023, 3:46
              PM Michael Thomas <<a href="mailto:mike@mtcc.com" target="_blank" rel="noreferrer">mike@mtcc.com</a>>
              wrote:<br>
            </div>
            <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
              On 2/12/23 3:40 PM, Eric Kuhnke wrote:<br>
              > <a href="https://www.namepros.com/threads/concerning-e-mail-from-namecheap.1294946/page-2#post-8839257" rel="noreferrer noreferrer noreferrer" target="_blank">https://www.namepros.com/threads/concerning-e-mail-from-namecheap.1294946/page-2#post-8839257</a>
              <br>
              ><br>
              ><br>
              > <a href="https://lowendtalk.com/discussion/184391/namecheap-hacked" rel="noreferrer noreferrer noreferrer" target="_blank">https://lowendtalk.com/discussion/184391/namecheap-hacked</a><br>
              ><br>
              > It looks like a third party service they gave their
              keys to has been <br>
              > compromised. I got several phishes that fully pass as
              legit Namecheap <br>
              > emails.<br>
              ><br>
              > <a href="https://www.namecheap.com/status-updates/archives/74848" rel="noreferrer noreferrer noreferrer" target="_blank">https://www.namecheap.com/status-updates/archives/74848</a><br>
              ><br>
              ><br>
              If they actually gave them their own private keys, they
              clearly don't <br>
              get how that's supposed to work with DKIM. The right thing
              to do is <br>
              create a new selector with the third party's signing key.
              Private keys <br>
              should be kept... private.<br>
              <br>
              Mike<br>
              <br>
            </blockquote>
          </div>
        </div>
      </div>
    </blockquote>
  </div>

</blockquote></div>