

Tell HN: Beware of Dropbox Upgrade Mail - FractalNerve

Hi,<p>If you just received a localized and authentic looking email from dropbox (oldversion@dropboxmail.com) informing you that you&#x27;re running an old version of dropbox on your computer, including the name of your computer in it, DO NOT OPEN IT!<p>It&#x27;s probably the deployment of a botnet, some malware or similar.<p>Headers:<p><pre><code>     Return-Path: &lt;oldversion@dropboxmail.com&gt;
     X-Greylist: delayed 337 seconds by postgrey-1.34 at dd32100; Mon, 18 Aug 2014 02:40:55 CEST
     X-policyd-weight: using cached result; rate: -7
     Received: from sjd-rb12-12d.dropboxmail.com (sjd-rb12-12d.sjc.dropbox.com [108.160.166.120])
	for &lt;redacted&gt;; Mon, 18 Aug 2014 02:40:55 +0200 (CEST)
     Received: from snt-ra10-20c.sjc.dropbox.com (snt-ra10-20c.sjc.dropbox.com [10.12.10.187])
	by sjd-rb12-12d.dropboxmail.com (Postfix) with ESMTP id F124F2008DD8A
	for &lt;redacted&gt;; Mon, 18 Aug 2014 00:35:15 +0000 (UTC)
     MIME-Version: 1.0
     From: Dropbox &lt;oldversion@dropboxmail.com&gt;
</code></pre>
Thanks and have a nice day!
======
Anaid-Dropbox
Hi guys,

I work with the support team at Dropbox (you can verify that on our forums
:D).

My apologies for the concern this has raised, the email is legitimate and
@dropboxmail.com is one of our official domains. You can see it here:

[https://www.dropbox.com/help/217](https://www.dropbox.com/help/217)

I made a post in our forums explaining the situation:
[https://forums.dropbox.com/topic.php?id=119186](https://forums.dropbox.com/topic.php?id=119186)

Please let me know if you have additional questions about this.

Thanks!

------
greenyoda
The mail headers seem authentic. dropboxmail.com is registered to Dropbox,
Inc.[1]

Maybe you should contact Dropbox to confirm whether that e-mail is legitimate
before telling everyone that it's not?

[1]
[http://www.whois.com/whois/dropboxmail.com](http://www.whois.com/whois/dropboxmail.com)

------
thybag
Got the same message & did some googling which resulted in finding this forum
thread:
[http://forums.linuxmint.com/viewtopic.php?f=58&p=909267](http://forums.linuxmint.com/viewtopic.php?f=58&p=909267)

Sounds dodgy to me.

------
gdibildox
It felt dodgy but it seems legit. They should use the app directly to inform
the user.

[https://www.dropbox.com/help/6252](https://www.dropbox.com/help/6252)

