Dropbox now has an invoice feature, that allows you to create a customized invoice. So what this person did was to create an invoice that looks like it’s coming from PayPal. Except for the fact that the From address shows it is coming from Dropbox.
Months ago I saw a similar problem with fake invoices coming from PayPal.
I hate Spammers.
> On Mar 20, 2023, at 2:58 PM, Greg Troxel <gdt@lexort.com> wrote:
>
> ?A quick grep shows:
>
> 4.000000/updates_spamassassin_org/60_welcomelist_auth.cf:def_welcomelist_auth *@*.dropbox.com
>
> so the code is operating as designed.
>
> It seems that either dropbox is compromised, or dropbox is allowing
> user-generated content to go out under their domain. Either way it
> seems they should be removed from USER_IN_DEF_SPF_WL, unless this is a
> blip and they fix it right away.
>
> Have you written to abuse@dropbox.com, and what did they say?
>
Months ago I saw a similar problem with fake invoices coming from PayPal.
I hate Spammers.
> On Mar 20, 2023, at 2:58 PM, Greg Troxel <gdt@lexort.com> wrote:
>
> ?A quick grep shows:
>
> 4.000000/updates_spamassassin_org/60_welcomelist_auth.cf:def_welcomelist_auth *@*.dropbox.com
>
> so the code is operating as designed.
>
> It seems that either dropbox is compromised, or dropbox is allowing
> user-generated content to go out under their domain. Either way it
> seems they should be removed from USER_IN_DEF_SPF_WL, unless this is a
> blip and they fix it right away.
>
> Have you written to abuse@dropbox.com, and what did they say?
>