Usually, phishing emails comes from a fake address, but in this case, this email came from the original email which may have caused people to believe in it. Not everyone will go on the internet and search if MetaMask requires KYC or not.
Likewise, I often see messages from fake emails with many variations, but this time it was indeed a stir from the namecheap support email that made big news, but at least by getting into the news in several big articles one can see that it was not all from metamask or Namecheap for denying it.
Email spoofing as attack for phishing is common and easy to manipulate, so people should always be cautious of any kind of emails legit or looks like legit that ask payments for any transaction that you never did.
As namecheap uses third party api for their emails, this will probably look like the ledger incident where millions of emails and personal data where get accessed.
We have to check in more detail if suddenly an official email comes asking for a bill of payment or other private keys because I have experienced where there has been an incoming legitimate email with a bill printed even though I have never done anything after I checked more deeply about the suspicions so I ignored and after that they don't come again, so all forms that we suspect must be thoroughly examined whether it's true that we did it or there was email abuse on their part.
Namecheap's case is true it is their negligence that in the end, they will no longer believe.