I've seen a few hundred of these emails in the past couple days coming in from multiple different companies.
I'm looking for more info.
at least one said it was zendesk, most did not say any software.
the tickets are being sent with CC addresses that contain large email lists. often others on the CC who don't know what's happening will reply "stop emailing me".
so far I've seen this coming in to multiple addresses and none of the sending companies are familiar either.
sounds familiar to anyone? any info on this? it's there a name i can lookup to find more info? i want to know what services this effects so i can properly protect my stuff and my work stuff.
Why do you think anything is hacked? It's trivially easy to send an email pretending to be someone else. There's no validation.
Do they contain valid data or something?
SPF.
Optional, but recommended. But doesn't guarantee anything unless both sides respect it. Also, IP spoofing is a thing.
Email is a broken protocol. There's a great copy pasta about why it can't or won't be fixed, which I unfortunately can't find. But it boils down to the fact that you can't get everyone to agree on, or implement, the fixes necessary to prevent spam.
Use a host that requires it. Done?
this isn't that
Could you elaborate on why you think that?
I've seen hundreds of those and they're mostly phishing attempts. this new one doesn't look anything like that.
this one has multiple addresses in the CC field, at least one of which is always a predefined list on the senders side. and it's otherwise a legit looking support ticket response.
but i want to know what's the origin, what's the vectors, and what's the target.