<div dir="auto">Namecheap has updated their status page item to include<div dir="auto"><br></div><div dir="auto">"We have stopped all the emails (that includes Auth codes delivery,
Trusted Devices’ verification, and Password Reset emails, etc.)"</div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto">Yikes.</div><div dir="auto"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Feb 12, 2023, 3:54 PM Michael Thomas <<a href="mailto:mike@mtcc.com">mike@mtcc.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<p>I think that it might be appropriate to name and shame the third
party, since they should know better too. It almost has the whiff
of a scam. <br>
</p>
<p>Mike<br>
</p>
<div>On 2/12/23 3:49 PM, Eric Kuhnke wrote:<br>
</div>
<blockquote type="cite">
<div dir="auto">
<div>One very possible theory is that whoever runs the outbound
marketing communications and email newsletter demanded the
keys and got them, with execs overriding security experts at
Namecheap who know better.
<div dir="auto"><br>
</div>
<div dir="auto">I would sincerely hope that the people whose
job titles at Namecheap include anything related to network
engineering, network security or cryptography at that
company do know better. Large domain registrars are not
supposed to make such a rookie mistake. </div>
<br>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Sun, Feb 12, 2023, 3:46
PM Michael Thomas <<a href="mailto:mike@mtcc.com" target="_blank" rel="noreferrer">mike@mtcc.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
On 2/12/23 3:40 PM, Eric Kuhnke wrote:<br>
> <a href="https://www.namepros.com/threads/concerning-e-mail-from-namecheap.1294946/page-2#post-8839257" rel="noreferrer noreferrer noreferrer" target="_blank">https://www.namepros.com/threads/concerning-e-mail-from-namecheap.1294946/page-2#post-8839257</a>
<br>
><br>
><br>
> <a href="https://lowendtalk.com/discussion/184391/namecheap-hacked" rel="noreferrer noreferrer noreferrer" target="_blank">https://lowendtalk.com/discussion/184391/namecheap-hacked</a><br>
><br>
> It looks like a third party service they gave their
keys to has been <br>
> compromised. I got several phishes that fully pass as
legit Namecheap <br>
> emails.<br>
><br>
> <a href="https://www.namecheap.com/status-updates/archives/74848" rel="noreferrer noreferrer noreferrer" target="_blank">https://www.namecheap.com/status-updates/archives/74848</a><br>
><br>
><br>
If they actually gave them their own private keys, they
clearly don't <br>
get how that's supposed to work with DKIM. The right thing
to do is <br>
create a new selector with the third party's signing key.
Private keys <br>
should be kept... private.<br>
<br>
Mike<br>
<br>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
</blockquote></div>