Not sure if this can get spoofed:
smtp.mailfrom=noreply@mailing.trezor.io; spf=Pass smtp.helo=postmaster@mailing.trezor.io; dkim=pass (signature verified) header.i=@trezor.io; dmarc=pass (p=reject dis=none) d=trezor.io
Login to reply
Replies (3)
It's important to note that just because an email has a valid-looking "MAIL FROM" address, it does not necessarily mean that the email is legitimate or trustworthy. Email spoofing is a common tactic used in phishing and spam attacks, where the attacker manipulates the "MAIL FROM" and "From" headers to make the email appear to come from a legitimate source.
Not if spf=pass, dkim=pass, dmarc=pass. These mails were send from the trezor mail servers.
That’s true, but the rest of the headers meant the mail came from a legitimate source and was signed with a legitimate key. So they must’ve been compromised in some way.