The target domain is https://links.namecheap.com which goes to https://iterable.com/
DKIM-signed
Seems to be either DHL or Metamask.
What concerns me a lot being a customer is that they have been compromised for a couple of days already without taking proper actions: https://twitter.com/polmesegue/status/1623628920636559361