How we protect you from email spoofing
Namecheap strives to protect you from spammers and those who want to deceive you by sending emails on our behalf. That’s why we’re implementing strict SPF and DMARC rules for namecheap.com. These records help to prevent the forgery of our email address, limiting the number of servers that are authorized to send messages associated with namecheap.com.
At the same time, if you have email forwarding set up for your mailbox, SPF and DMARC records might influence deliveries from @namecheap.com email addresses. The destination server may reject our messages treating the forwarding server not as an intermediary but as the sender.
Let’s have a closer look at this process.
For example, let’s say you have user@test1.tld mailbox that forwards your mail to user@test2.tld.
Namecheap sends you a message from hello@namecheap.com to user@test1.tld.
In this case, the email delivery process consists of two steps:
- Email gets delivered from hello@namecheap.com to user@test1.tld;
-
user@test1.tld forwards an incoming message to user@test2.tld. Meanwhile, hello@namecheap.com remains the sender.
When receiving the email, test2.tld server spots the namecheap.com SPF record and analyzes whether it is in violation or not. During this process, the server finds out an additional chain caused by email forwarding (Step 2). Since this service has no relation to namecheap.com, the test2.tld server decides that the email is spoofed and rejects it.
How to know when to take action
First of all, pay attention to the mailbox associated with your
Namecheap account. If you don’t have an email forwarding set up for it, there’s nothing to worry about.
- If you use one of Namecheap’s email services (i.e., Free Email Forwarding, Private Email, cPanel Email, G Suite Email) with your account email, don’t worry. Our forwarding servers are properly configured to get your emails delivered.
- In case you have email forwarding set up with a third-party service, there’s a risk that our important emails (e.g., domain/service expiry notes, auto-renewal notifications, password reset emails, or security alerts) may not be delivered to you.
- If you have a domain name or names with us, it’s also worth checking your mailboxes indicated in the Registrant, Administrative, Technical, and Billing contacts as some of our messages may be also addressed there.
What to do if you use a third-party email forwarding service
The Sender Rewriting Scheme (SRS) is a solution for servers responsible for forwarding. It helps to modify the sender’s email address and keep it associated with the message at the same time so that email is successfully delivered to the destination mailbox without breaking the SPF record.
In case the SRS is installed for your third-party forwarding server, an email from us will have a certain entry in the header.
Click here to see a header entry example.
Header info without an SRS set up:
envelope sender: hello@namecheap.com
envelope recipient: user@test1.tld
Header info with SRS configured on the forwarding server:
envelope sender: SRS0=HHH=TT=namecheap.com=user@test1.tld
envelope recipient: user@test2.tld
where TT is a timestamp, HHH - hash responsible for authentication, SRS0 - prefix which helps to distinguish rewritten address from the original one.
Configuring the SRS requires
administrative privileges. This means it’s the responsibility of the email service provider to perform this type of step. If you need to configure the SRS for your forwarding server, please contact your
email administrator or look for
SRS software (e.g.,
PostSRSd) for your email server.
If you are an email administrator, please consider configuring the Sender Rewriting Scheme (SRS) on your Message Transfer Agent (MTA).
