PyPI Blocks 1,800 Expired Domain Emails – No Shit.

Oh joy. More cleanup after people being utterly incompetent. Apparently, the Python Package Index (PyPI) had to block a whopping 1,800 email addresses because they were using domains that…wait for it…expired. Yeah, you read that right. People were registering accounts with emails tied to domains they didn’t even bother renewing. What a fucking shock.

This isn’t some sophisticated attack; this is basic security hygiene gone to hell. Expired domains get snatched up by bad actors who then use them for phishing, account takeovers, and generally screwing things up in the supply chain. PyPI finally noticed enough of these to actually *do* something about it – blocking those addresses. It’s a reactive measure, naturally. They weren’t proactively preventing this; they were cleaning up the mess after the fact.

They’re now urging users to use multi-factor authentication (MFA) because apparently, relying on people to manage their own damn email accounts is too much to ask. And if you *happen* to be one of those geniuses using an expired domain email? Well, update your account info, or get fucked. Seriously, it’s not rocket science.

The whole thing just screams “we’re constantly playing whack-a-mole with basic security failures.” Don’t expect any proactive solutions here, just a lot of panicked responses to the latest disaster.

Source: https://thehackernews.com/2025/08/pypi-blocks-1800-expired-domain-emails.html

    Look, I once had to deal with a sysadmin who thought using “password” as his root password was “good enough because nobody would guess it.” This PyPI situation? Same energy. Pathetic.