Bill Cole <sausers-20150...@billmail.scconsult.com> writes: > It can happen, particularly when a listed domain changes the way they > send email. I'm not sure I understand exactly what Dropbox is doing > here or how it is possible for a user to masquerade as PayPal, but I > suspect this is a new service of some sort.
It seems to be a new service: https://invoice.dropbox.com/login and from the mail Mark posted, it seems they let people choose the human part of the name: "John Doe <no-re...@dropbox.com>" choose the Subject choose the Reply-To: choose the body put something at dropbox that will have a link in the mail but include a footer which is [name] sent you an invoice using Dropbox, Inc. PO Box 77= 767, San Francisco, CA 94107 View Privacy Policy[2] have the mail go out dkim-signed under dropbox.com and thus I think dropbox.com needs to be removed from default_welcomelist, as surely entities on default_welcomelist can't allow web users to spam and match the entry.