According to the Reddit threads they are accepting spoofed emails. This is expected in the current dmarc/spf config. Ask them to change their SPF record from
after reading up on the options, understanding the implications and setting the TXT record TTL's to something like 5 mins until it has been in place for a month, then putting it back to 1 hour or longer. The rua has been in place long enough to know what problems it will cause. Be fearless and cause some problems then fix the problems. psd= may have to be different but only fastmail staff would know for sure.
Hit inbox on two different accounts of mine (different domains). Thankfully the subaccount called me, but looks like other people on Reddit fell for it. Forwarded to Fastmail's support hours ago but it's been crickets from them.
Update: Since I posted this I've received the real renewal email saying to update my card, the phish was only 8hrs earlier.
------
Also change the _dmarc record from
to something like: after reading up on the options, understanding the implications and setting the TXT record TTL's to something like 5 mins until it has been in place for a month, then putting it back to 1 hour or longer. The rua has been in place long enough to know what problems it will cause. Be fearless and cause some problems then fix the problems. psd= may have to be different but only fastmail staff would know for sure.