top | item 34768933

(no title)

So… What happened? Did you get your keys stolen out of a CI or something? It just seems suspicious that you’d be the only business affected by this 3rd party provider.

discuss

btgeekboy|3 years ago

If I have a business and I use a company like sendgrid, I have credentials to use that service. If some employee has access to that account (such as to send newsletters), and that employee’s credentials were lost or stolen, that doesn’t seems suspicious at all.

I don’t have any inside info here, but it makes sense. And as a namecheap customer, I see no reason to panic at this time.

citrin_ru|3 years ago

Employees should use 2FA for their accounts and Sendgrid seems to offer this; for password stored in sending applications one can use combination of password and IP ACLs but I don't know if SendGrid allows to set IP ACLs for senders. While 2FA is not a panacea it significantly reduces rick.

One can send newsletters using a subdomain like news.acmecorp.com and have Sendgrid's IPs in SPF record only for this subdomain and not for the main domains (though most recipient would not notice change from say @acmecorp.com to @news.acmecorp.com).

OJFord|3 years ago

You wouldn't claim 'the issue was with a 3rd party provider' though.

jcrawfordor|3 years ago

I don't think this is unique to NameCheap, I've gotten both metamask and DHL emails from other lists I'm on, I assume from the same threat actor. I would assume that they're opportunistically using whatever mailing list they can gain access to.

morganbird|3 years ago

They're actually pretty common, just like there are tons of metamask phishers on twitter. Those are just popular vectors because they're fairly broadly effective. Preventing spam and phishing like this is unfortunately a pretty big part of the job for anyone in the business of sending email. (source: engineering manager at a marketing platform)