i received multiple e-mails from [removed] that did not address me; instead it had another e-mail that was not mine in the "Hello, ___" line.
the e-mail headers seem legitimate, including DKIM:
Return-Path: <[removed]> Received: from [removed] ([removed]. [173.0.84.228])
by mx.google.com with ESMTPS id x13-20020a62860d000000b00525421f9c3dsi969829pfd.37[Removed. Phone #s not permitted]55.03 [---snipped---] Received-SPF: pass (google.com: domain of [removed] designates 173.0.84.228 as permitted sender) client-ip=173.0.84.228; Authentication-Results: mx.google.com; dkim=pass header.i=[at]paypal.com header.s=pp-dkim1 header.b=x+7MG25i; spf=pass (google.com: domain of [removed] designates 173.0.84.228 as permitted sender) smtp.mailfrom=[removed]; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=paypal.com DKIM-Signature: v=1; a=rsa-sha256; d=paypal.com; s=pp-dkim1; c=relaxed/relaxed; q=dns/txt; i=[at]paypal.com; t=1659023698; h=From:From:Subject:Date:To:MIME-Version:Content-Type; bh=hhmKfJEdmbWt3BNc1fACjCYgExN8FZYRNo2e/UeLIM4=; b=x+7MG25iApzCocjCVxViCEQawtyIhE6Qha6seQSPzGTk6wK7nRNB105wcCyEQuUs KS1YGVBrFLFDFGrBZQw7JZVIyuTS4Nyju9q/zTGyhGVfNGyCQDlQW6ItPrwloLWc j+rQjRQYVS1siu25SAuyY8YluSH0ufGjfaNuLs+3OUkoeuKwO3okCMtVbqH/PxZ2 nVgn8z0v/HMIQm8CoUT+Acpq+MpWzyBVpL2zoFkfvm6CLqS9fAWyK7HFpHXpbQDk 0iNzONIXEoW1QrqwXUbtWjKETCHRo2RVqRuWWahz02A0tPFtuYxHmbenEocNMr16 wMGzzfCf26HxDhzRV7BvTQ==;
(other emails went through [removed](173.0.84.226) or mx4.*(*.229) )
the e-mail content also appears in-line with other legitimate paypal e-mails, including link hrefs.
should i be concerned about these e-mails? is this a potential spoof, or a potential (accidental) security breach within paypal? (is it possible that e-mails intended for me are similarly finding themselves in somebody else's e-mail inboxes?)
... View more