Subject: Please provide your missing account information by 9 July 2021
Hi [My full name],
Please provide your missing account information
Please send it by 9 July 2021.
It looks like we're missing some information for your account. To comply with applicable laws, we need to collect certain information from
you to help make the PayPal community as secure as possible.
So I checked the email header.
Received: from mx1.slc.paypal.com (mx0.slc.paypal.com [188.8.131.52]) by
Therefore, it came from the paypal.com domain. So it all looks legitimate.
But then I contacted Paypal, using their messaging system, and they told me that unless it came from email@example.com or firstname.lastname@example.org, then it isn't from them.
Which leaves me in doubt. The "From" address was email@example.com, but we all know that the from-address is easy to spoof, it's the "Received: from" that tells the truth. And that says it's from a paypal subdomain.
So I don't have confidence that the person on the messaging system understood the problem, I don't have confidence that Paypal understands it's own system.
Here's the message that I got from the Paypal messaging system.
So I've forwarded the email to firstname.lastname@example.org.
There is nothing under "Account notifications" to click on or follow, so really, that's all I can do. And they said in the message above, that they sent me nothing.
If Paypal terminates service on 9 July 2021, I'll contact them further. But at this point in time, I'm taking no action.