hn.algolia.com used to return a pair of cloudflare IPs: 104.16.46.55 and 104.16.45.55. Requesting hn.algolia.com from these IPs now results in an "Origin DNS error" from Cloudflare.
I interpret this to mean that there is another record missing, as well: whatever the origin was set to.
I am not sure about that. On my system that openssl invocation fails because the site doesn't staple the intermediate Letsencrypt R3 certificate, and openssl doesn't retrieve it while browsers do.
I received one of the phishing messages as well as the follow up / apology. An interesting wrinkle is that both were handled by sendgrid and used the same dkim selector. I would guess that a set of sendgrid api credentials shared with some 3rd party service was compromised.
I received one of these phishing emails, today, and also Namecheap's follow-up/apology. The phony email purported to be from DHL, which really stood out.
Both emails were handled by Sendgrid, passing spf, dkim, and dmarc. They appear to use the same dkim selector, though I suppose that isn't so important--just that the headers were convincing enough.