Comment by deckar01
14 days ago
Google just let through an email spoofed from my own domain (via a mailgun server). It was a phishing attack about the domain being shut down. The connection between the domain name and my personal email address have never been published. Either google or Squarespace leaked the info.
Edit: The attacker didn’t actually know my email address. The google domain had a catch all email forwarding config that squarespace botched. Apparently they can spoof emails from my domain on a mailgun server as long as it’s to an email address on my domain.