Medium Severity
Brand spoof: Dropbox
Description
Impersonation of Dropbox, a file sharing service; specifically spoofs the Dropbox sender domain.
References
No references.
Sublime Security
Created Aug 17th, 2023 • Last updated Apr 23rd, 2024
Feed Source
Sublime Core Feed
Source
type.inbound
and sender.email.domain.root_domain == 'dropbox.com'
and not headers.auth_summary.dmarc.pass
// mitigates situations where an ESG misconfiguration could cause auth failures
and not strings.ends_with(headers.message_id, ".dropbox.com>")
Playground
Test against your own EMLs or sample data.