back to article Namecheap admits 'unauthorized emails' pwning its customers

Domain registrar Namecheap blamed a "third-party provider" that sends its newsletters after customers complained of receiving phishing emails from Namecheap's system. CEO Richard Kirkendall appears to have named the provider as SendGrid in a since-deleted tweet this morning. More than one customer noted that the emails – …

  1. Victor Ludorum

    Whose account?

    I got the 'DHL' email apparently from Namecheap and ignored it. Headers show it was sent through SendGrid.

    Just guessing here, but is it possible Namecheap's SendGrid account was compromised somehow? Weak password, credential stuffing, 2FA fatigue or something else?

    1. sitta_europea Silver badge

      Re: Whose account?


      I got the 'DHL' email ...


      I reject all those too.

    2. Anonymous Coward
      Anonymous Coward

      Re: Whose account?


      They have enough of a record for you to suspect something else....

    3. Robert Carnegie Silver badge

      Re: Whose account?

      "the platform used to send an email to 50 percent of the world's email addresses"

      I wouldn't boast about that. It sounds like a Major Incident.

  2. sitta_europea Silver badge


    SendGrid, acquired by comms API merchant Twilio in 2019, claims on its website to process "over 100 billion emails" a month ...


    ... and I'll cheerfully reject every one of them.

    1. yetanotheraoc Silver badge

      Suck it up, lusers

      "This situation is not the result of a hack or compromise of Twilio's network. We encourage all end users and entities to take a multi-pronged approach to combat phishing attacks..."

      Translation: Phishing emails are business as usual.

    2. OhForF' Silver badge

      over 100 billion emails a month sure makes me wonder how many of those are unsolicited commercial emails aka spam

  3. chivo243 Silver badge

    Namecheap and missing coins?

    Namecheap and missing coins? That's Gold baby, the story that writes itself!

  4. GlenP Silver badge


    Friends had their domain & email server moved to Namecheap by a 3rd party who supposedly supported them.

    Under a year later their account was compromised and being used for spamming. Namecheap denied all responsibility and refused to take any action despite the fact the spam was being sent from their servers and continued after security settings were updated.

    I moved the domain & email to another provider and the spamming miraculously stopped!

  5. Anonymous Coward
    Anonymous Coward

    They are also RENOWNED!!!! for allowing known scammers with fake registrations operate inside their systems...

    allowing all sorts of fake corruptions on FQDN of large companies...

    Including financial institutions...

    and guess what.. they won't take them down unless YOU can PROVE..

    1. financial loss

    2. Targeted campaign..

    and in one case i had to say i was going to embarrass their CEO on his media accounts, for me to get any traction...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like