The Python Package Index (PyPI) has introduced a strong new security measure to protect developers and the open-source community from a growing cyber threat. The platform has blocked over 1,800 email addresses linked to expired domains in order to prevent account takeovers and possible supply chain attacks.

Domain resurrection attacks are at the center of this move. These attacks happen when a developer’s custom email domain expires and is later purchased by hackers. Once attackers own the domain, they can intercept emails, request password resets, and take control of developer accounts. Even with two-factor authentication in place, this loophole can allow criminals to bypass protections and access accounts.

For PyPI, which hosts thousands of Python packages used worldwide, such takeovers could have devastating consequences. If attackers hijack a developer’s account, they can upload malicious updates to widely used packages. These compromised packages can then spread harmful code across projects and organizations around the globe.

To close this gap, PyPI now monitors the status of custom domains linked to user accounts. If a domain expires or enters a redemption phase, the email address connected to it is automatically marked as unverified. Since June 2025, this process has already flagged and unverified more than 1,800 email addresses. This has shut down a major entry point for attackers and reduced the risk of unauthorized access to developer accounts.

The system relies on Fastly’s Status API, which checks domains about once every 30 days. If a domain is found to be inactive, PyPI immediately un-verifies the associated email address. Users who were depending on expired custom domains are encouraged to add backups or update their account details to avoid losing access.

This measure is not just about protecting individual developers. It also secures the larger software supply chain, where one weak link can put thousands of users at risk. Open-source projects are often deeply interconnected, and a single compromised package can ripple across industries, exposing sensitive data and systems.

A real-world example of this threat occurred in 2022. Hackers managed to acquire the expired domain of a developer who maintained the ctx package. With control of the domain, they published malicious versions of the package on PyPI, which were then downloaded by unsuspecting developers. The new system directly prevents similar incidents from happening again.

PyPI has also reminded users to take additional steps to protect themselves. Developers are encouraged to add a secondary email address from a reliable provider like Gmail or Outlook. This ensures continued access even if a custom domain lapses. Enabling two-factor authentication is another strong recommendation, making it much harder for attackers to gain control of an account even if they intercept other details.

The scale of the action highlights the seriousness of the issue. Over 1,800 email addresses tied to expired domains have already been blocked in just a few months. Without this safeguard, those accounts could have become easy targets for hackers looking to exploit expired domains.

This decision shows PyPI’s commitment to protecting both developers and the wider community that depends on Python libraries. By addressing even subtle threats like expired domains, the platform is reinforcing the security of the ecosystem and maintaining trust in open-source software.

The move also sends a clear message: cybersecurity is not only about fighting obvious attacks but also about fixing the smaller gaps that hackers often exploit. Developers must remain vigilant by keeping their accounts updated and securing their digital identities, while platforms like PyPI continue to improve protections.

By blocking emails linked to expired domains, PyPI has taken away a powerful weapon from attackers. This step makes it harder for malicious actors to hijack accounts and insert dangerous code into widely used packages. For the global developer community, it represents a meaningful boost to supply chain security and a reminder of the importance of proactive defenses.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news