You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Mark London <mr...@psfc.mit.edu> on 2023/03/20 21:34:02 UTC
Dropbox invoice phishing
Dropbox now has an invoice feature, that allows you to create a customized invoice. So what this person did was to create an invoice that looks like it’s coming from PayPal. Except for the fact that the From address shows it is coming from Dropbox.
Months ago I saw a similar problem with fake invoices coming from PayPal.
I hate Spammers.
> On Mar 20, 2023, at 2:58 PM, Greg Troxel <gd...@lexort.com> wrote:
>
> A quick grep shows:
>
> 4.000000/updates_spamassassin_org/60_welcomelist_auth.cf:def_welcomelist_auth *@*.dropbox.com
>
> so the code is operating as designed.
>
> It seems that either dropbox is compromised, or dropbox is allowing
> user-generated content to go out under their domain. Either way it
> seems they should be removed from USER_IN_DEF_SPF_WL, unless this is a
> blip and they fix it right away.
>
> Have you written to abuse@dropbox.com, and what did they say?
>
Re: Dropbox invoice phishing
Posted by jason hirsh <hi...@att.net>.
Technically you pommel m
> On Mar 20, 2023, at 5:34 PM, Mark London <mr...@psfc.mit.edu> wrote:
>
> Dropbox now has an invoice feature, that allows you to create a customized invoice. So what this person did was to create an invoice that looks like it’s coming from PayPal. Except for the fact that the From address shows it is coming from Dropbox.
>
> Months ago I saw a similar problem with fake invoices coming from PayPal.
>
> I hate Spammers.
>
>> On Mar 20, 2023, at 2:58 PM, Greg Troxel <gd...@lexort.com> wrote:
>>
>> A quick grep shows:
>>
>> 4.000000/updates_spamassassin_org/60_welcomelist_auth.cf:def_welcomelist_auth *@*.dropbox.com
>>
>> so the code is operating as designed.
>>
>> It seems that either dropbox is compromised, or dropbox is allowing
>> user-generated content to go out under their domain. Either way it
>> seems they should be removed from USER_IN_DEF_SPF_WL, unless this is a
>> blip and they fix it right away.
>>
>> Have you written to abuse@dropbox.com, and what did they say?
>>
>