I don’t have any inside info here, but it makes sense. And as a namecheap customer, I see no reason to panic at this time.
You’re right it shouldn’t be the business of a domain registrar. But every provider in the chain that the copyright holders can reach to will end up responsible. You, the registrar, web host, ISP, everything.
Send your complaints to the US government and the copyright lobby. It’s a bullshit law. Namecheap complies with it because if they don’t, THEY get cut off by their own providers, and so on up the chain until the fines roll in.
Heroku did the same thing to me for same reason - completely shut down my entire account with several revenue generating websites with zero notice.
Untitled Note Hello XXXXX,
We are contacting you from the Namecheap Legal and Abuse department regarding your “XXXXX” Namecheap account.
We are in receipt of a copyright infringement notice pursuant to 17 U.S.C. §512 of the Copyright Act, requesting that we disable allegedly infringing material that appears on a domain hosted in your account (“Domain”):
xLINKSx
As a hosting service provider, Namecheap complies with the Digital Millennium Copyright Act (“DMCA”). We would like to help you avoid any service interruption. Please review the DMCA notice that we have included in this communication.
If you do not have the authorization to host the alleged disputed content, and if you are not authorized to use the disputed content, you will need to remove the content within 72 hours, or we may be required to suspend your hosting account under DMCA guidelines.
In order for us to consider a case resolved, the reported link(s) is to show the '404 Not Found' error/suspended page or redirect to the main page of the website.
If you believe that the identification of this infringing content is in error, we suggest that you contact the reporting copyright owner to resolve the matter. If the reporting copyright owner agrees there is a mistake, ask them to email Namecheap at dmca@namecheap.com.
If you are not able to come to an agreement with the reporting copyright owner or if you disagree with the copyright claim, you may submit a DMCA Counter-Notice to Namecheap within ten (10) business days of the date of this email. The Counter-Notice must comply with the requirements of the DMCA and must contain the following points:
1. Your contact information, including name, address, and telephone number, as well as facsimile number and email, if available;
2. A statement that, under penalty of perjury, you have a good faith belief that the material was removed or disabled as a result of a mistake or misidentification of the material to be removed or disabled;
3. Identification of the material that has been removed or to which access has been disabled, and the location at which the material had appeared before it was removed or access was disabled;
4. A statement that you consent to the jurisdiction of the United States District Court in which the address you provide is located, or if your address is outside the United States, for the judicial district of California;
5. A statement that you will accept service of process from the person who provided the initial notice or an agent of that person;
6. A physical or electronic signature by you or your agent.
The DMCA Counter-Notice should be sent either via this ticket by replying to our notice or to Namecheap.com Attn: Legal Department, 4600 East Washington Street, Suite 305, Phoenix, AZ 85034, USA, Facsimile:
Once a valid DMCA Counter-Notice has been submitted, Namecheap would provide a copy of the Counter-Notice to the reporting copyright owner. In addition, the DMCA requires that you remove the disputed content for at least ten (10) and not more than fourteen (14) days from when the Counter-Notice was served. Thus, Namecheap will advise the complaining party that the listing will be reinstated within ten (10) days and will remain so unless we hear from the reporting copyright owner that he or she has filed an action against you under the DMCA in a court of competent jurisdiction for copyright infringement and is seeking a court order to restrain you from publishing the disputed content.
By submitting your Counter-Notice to Namecheap, you agree to waive, and hereby do waive any legal or equitable rights or remedies you have or may have against Namecheap with respect to any Counter-Notice you send, or claims regarding any aspect of the disputed content and its publication and/or Namecheap's action in implementing a takedown or re-establishing the content, and you agree to indemnify and hold Namecheap, and its owners/operators, affiliates and/or licensors, harmless to the fullest extent allowed by law regarding all matters relating to your sending of a Counter-Notice.
If you feel you received this notification in error, please contact us at with more information as to why. We do apologize for any inconvenience this may cause you.
====================================
Edit
(I didn't receive the DHL one, but did test the Metamask link in a safe browser environment. It was just a phishing site to try to get people's crypto credentials)
I wonder how many people got caught and ruined by this scam, what if you are behind it? you don't deserve to be in business.
The emails could not have gone out with DKIM-signature and successfully validated by openDKIM at my receiving MX/SMTPD against the public half of the key in your DNS TXT record for your DKIM key, unless you had given them access to the private key.
Did the persons who are responsible for creating and maintaining your DKIM public/private key pair and its selectors directly give the key to some third party (sendgrid, mailchimp, whatever) type email newsletter services, or were they ordered to do so by somebody else in Namecheap management?
Or, did the persons responsible for your authoritative DNS zone for namecheap.com insert an additional DNS TXT record for the DKIM key used by a 3rd party service?
This means that if they get pwned, it's their ability to send mail on your behalf that gets abused, not some key stealing and DKIM impersonation (and why would they bother if a perfectly fine emailing system is already open and ready to spam the crap out of everyone).
The support ticket took 5 days and they shut down my account later that day, actually while i was trying to get a buggy old webcam to work.
They actually mention validation.com now; https://www.namecheap.com/id-validation/ though i couldn't find any reference to it at the time.
Subject: Your parcel was not able to be delivered
Sender: contact <hello@namecheap.com>
> Dear Client,
> We regret to inform you that your parcel was not able to be delivered on the specified date, xx/02/2023. The parcel is currently located in the DHL warehouse near your town.
> The reason for the delay was that the sender did not pay the necessary fees for the delivery. To avoid the parcel being returned, we ask that you pay the fee of 6.xx USD. You can track your parcel and pay the fee by clicking the tracking button.
> Track and Pay >> > DETAILS
> Order number: xxxxxxxxxxxx
> Total: (x.xx USD)
> Delivery is planned between: xx.02.2023 - xx.02.2023
> Once the fee is paid, we will be able to deliver the parcel . We apologize for any inconvenience caused and thank you for your understanding. Sincerely,
> The DHL Team
Link URL is: https://links.namecheap.com/u/click?_t=[long tracking info redacted]
Tried following the link in TOR and on a virtual machine, both get just a 2 word "Unauthorized Access", but it redirects to: hxxps://accomplish-delivery . mysafebridge . info/WorldwideDelivery0/auth/dhl/index.php?utm_source=Iterable_Marketing&utm_medium=email&utm_campaign=MKTG_CRM_Welcome_Hosting_D5_WF_20221118
Slightly modified it to make it non-clickable
Hopefully no one falls for these, sneaky to hind the redirect behind the links.namecheap
Did make it clear that something belonging to Namecheap had been compromised though...
As of now I haven't yet received spam/phishing from this breach either
Ironically, after all that high morals grandstanding, they are still sending me notification emails "reminding to prolong a yearly subscription". Like, WTF.
I'll admit my first thought was a cheeky way to validate my ICANN info but I quickly waved that away and figured it was phishing.
I was still very paranoid so I opened it in a non-Javascript, private browser but it seems that my DNS with anti-spam filters already picked it up as the destination was not being resolved.
I wonder whether that type of comment is in line with Hacker News Guidelines.
In any case, blaming or demeaning scam victims (what you call "suckers" and "poor souls") only adds to the psychological damage that those people experience. There are plenty of studies, recommendations and campaigns on this issue. For example, the UK's Financial Conduct Authority has a whole section in their website https://www.fca.org.uk/scamsmart and have been running TV ads to help protect pensioners.
The clues in the Metamask and DHL phising emails may have been obvious to you and many other Hacker News readers. I received them and quickly noticed they were phising messags. However, having the skills to spot (and stop) this type of messages doesn't mean we are always able to do it. A recent blog post by Kev Quirk, an infosec expert, is a case in point https://kevquirk.com/i-was-nearly-phished/
The demeaning in this particular case goes for the authors of the scam. The clues are in plain sight. They did not bother to hide it at all. I am not blaming victims.
How do I know this?
Attempted fraud on a business card that is only used for those two places.
Presumably they got lucky with a Luhn generator and ecommerce that was especially lax in their checks, but it was still pretty concerning!
A few local charities that all had their sites running the same shit ended up getting absolutely hammered with charge back fees a while back, someone had been abusing their pages to check and crack card numbers to use.
Donation pages seem to be the easiest to abuse based on the data I've seen.
If I have a domain from namecheap, and an email address with that domain, can I transfer it to something solid like outlook or gmail? My idea of how email works is really fuzzy.
Yes you can. You'll need to:
- Setup the account with the new provider (note: that most providers including I believe outlook and gmail will charge a monthly fee for using a custom domain). I recommend Fastmail.
- "Add the domain" with the provider (which will mean they're expecting mail from it on their end
- Update a bunch of DNS records to point to your new provider. This will include MX records as well as things like DKIM and SPF. The provider will likely tell you what you need to set in as part of the previous step.
I'd recommend having a look at Fastmail as well.
2) sign up with that service and input the domain name, do the rest of the configuration.
There is a huge blurry overlap between domain registrar and hosting services these days. It sounds like you are using Namecheap for both. I would highly recommend using domain registrars as ONLY domain registrars and having other things hosted elsewhere.
it was pretty obvious though lol
