Bill Cole <sausers-20150...@billmail.scconsult.com> writes:

> It can happen, particularly when a listed domain changes the way they
> send email. I'm not sure I understand exactly what Dropbox is doing
> here or how it is  possible for a user to masquerade as PayPal, but I
> suspect this is a new service of some sort.

It seems to be a new service:

https://invoice.dropbox.com/login

and from the mail Mark posted, it seems they let people

  choose the human part of the name: "John Doe <no-re...@dropbox.com>"
  choose the Subject
  choose the Reply-To:
  choose the body

  put something at dropbox that will have a link in the mail

  but include a footer which is

    [name] sent you an invoice using Dropbox, Inc. PO Box 77= 767, San
    Francisco, CA 94107 View Privacy Policy[2]

  have the mail go out dkim-signed under dropbox.com

and thus I think dropbox.com needs to be removed from
default_welcomelist, as surely entities on default_welcomelist can't
allow web users to spam and match the entry.

Reply via email to