Re: Users receiving a lot of spam emails from no-reply@dropbox.com

MohammedAnsar

users receiving a lot of spam emails from no-reply@dropbox.com , how to block these and allow only legitimate emails.

Hannah

Hi there, @MohammedAnsar, thanks for reaching out to us.

The no-reply@dropbox.com address is a legit Dropbox address; what kind of emails are you receiving?

If you could send us a screenshot, while hiding any personal info, that would be really helpful.

Thanks.

Hannah
Community Moderator @ Dropbox
dropbox.com/support

Did this post help you? If so, give it a Like below to let us know.
Need help with something else? Ask me a question!
Find Tips & Tricks Discover more ways to use Dropbox here!
Interested in Community Groups? Click here to join!

cps_1

Hannah,

We are experiencing the same issue. The email is from no-reply@dropbox.com.

Our customers are receiving emails from one our salespeople. The email seems to be origination from Dropbox itself. This is becoming a major issue, and we need it resolved. I would prefer to not post the full details here.

Rich

@cps_1 wrote:

The email is from no-reply@dropbox.com. Our customers are receiving emails from one our salespeople. The email seems to be origination from Dropbox itself.

Are these emails to some content that has been shared with them? Are you sure your salesperson's account hasn't been compromised?

Dropbox can't control actual spam that's sent in their name (i.e. a forged email header made to look like it originated from Dropbox). If that's what's happening you would need to find something within the email header to flag against within your email security. There's nothing that Dropbox can do in that scenario.

If these emails are actually being sent by Dropbox, then it's likely due to some content being shared with the recipients. If that content is junk, spam, phishing attempts, etc., then it's usually due to someone losing control of their account, often due to weak or stolen credentials.

Have the salesperson sign in to their Dropbox account. If they're able to, change the password, enabled multi-factor authentication, and check the Security page for active devices and web sessions that have signed in, removing any that aren't recognized. Also have them check their email filters because when something like this happens, the attackers often set up filters to hide any incoming email from the service so the victim isn't aware that there's a problem.

cps_1

Rich,

We cannot get into his account, he contacted support. When he goes to reset his password, he doesn't receive the email link to reset. Which I assume is because the reset email could have been changed.

The email is sourcing from no-reply@dropbox.com.

We need to have an admin go in and reset his account and sign out of all devices. He has tried though chat to get this accomplished and it hasn't happened yet.

Rich

@cps_1 wrote:

We cannot get into his account, he contacted support.

How did he contact Support? Does he have a ticket number? If so, reply here with it and a Dropboxer may be able to check on the status.

If he hasn't opened a ticket, have him contact Support directly by visiting the Support page while you're NOT signed in to a Dropbox account, including these forums, and he'll see an option for sign in issues. It's best to use an Incognito or Private browsing session to make sure he's not signed in.

https://www.dropbox.com/support/sign-in-issues