Re: intuit DNS

2023-02-12 Thread J. Hellenthal via NANOG
Ruhroh someone took the ai out again -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Feb 12, 2023, at 02:01, Saku Ytti wrote: > > ╰─ dig NS intuit.com|grep ^intuit|ruby -nae 'puts $F[-1]'|while read dn

Namecheap's outbound email flow compromised: valid rdns, spf, dkim and dmarc on phishes

2023-02-12 Thread Eric Kuhnke
https://www.namepros.com/threads/concerning-e-mail-from-namecheap.1294946/page-2#post-8839257 https://lowendtalk.com/discussion/184391/namecheap-hacked It looks like a third party service they gave their keys to has been compromised. I got several phishes that fully pass as legit Namecheap emails

Re: Namecheap's outbound email flow compromised: valid rdns, spf, dkim and dmarc on phishes

2023-02-12 Thread Michael Thomas
On 2/12/23 3:40 PM, Eric Kuhnke wrote: https://www.namepros.com/threads/concerning-e-mail-from-namecheap.1294946/page-2#post-8839257 https://lowendtalk.com/discussion/184391/namecheap-hacked It looks like a third party service they gave their keys to has been compromised. I got several phi

Re: Namecheap's outbound email flow compromised: valid rdns, spf, dkim and dmarc on phishes

2023-02-12 Thread Eric Kuhnke
One very possible theory is that whoever runs the outbound marketing communications and email newsletter demanded the keys and got them, with execs overriding security experts at Namecheap who know better. I would sincerely hope that the people whose job titles at Namecheap include anything relate

Re: Namecheap's outbound email flow compromised: valid rdns, spf, dkim and dmarc on phishes

2023-02-12 Thread Michael Thomas
I think that it might be appropriate to name and shame the third party, since they should know better too. It almost has the whiff of a scam. Mike On 2/12/23 3:49 PM, Eric Kuhnke wrote: One very possible theory is that whoever runs the outbound marketing communications and email newsletter dem

Re: Namecheap's outbound email flow compromised: valid rdns, spf, dkim and dmarc on phishes

2023-02-12 Thread Eric Kuhnke
Namecheap has updated their status page item to include "We have stopped all the emails (that includes Auth codes delivery, Trusted Devices’ verification, and Password Reset emails, etc.)" Yikes. On Sun, Feb 12, 2023, 3:54 PM Michael Thomas wrote: > I think that it might be appropriate to na

Re: Namecheap's outbound email flow compromised: valid rdns, spf, dkim and dmarc on phishes

2023-02-12 Thread Michael Thomas
It makes you wonder why they just don't rekey and put up a different selector while deleting the compromised selector? Yes, this is bad but it has a straightforward solution to the compromise -- unlike compromised cert signing keys, natch. Mike On 2/12/23 4:01 PM, Eric Kuhnke wrote: Nameche