Highlighted

Unsolicited "password reset" emails from Adobe

Contributor ,
Apr 17, 2020

Copy link to clipboard

Copied

I am still getting emails like this:

 

Dear [redacted],

To reset your password, click this link.
https://adobeid.services.adobe.com/reset/en_US/[redacted]

Please note:
For security purposes, this link will expire 72 hours from the time it was sent.

If you cannot access this link, copy and paste the entire URL into your browser.

The Adobe Team

Copyright 2020 Adobe. All rights reserved.
Adobe Inc., 345 Park Avenue, San Jose, CA 95110 USA 

 

For a time in late 2019 I was getting several of these a day.  I submitted a bug report and they reduced in frequency, but I still see these once or twice a week.

 

I've checked out the headers (I have extensive experience with SMTP) and they look legit, all the hostnames and IP addresses from origin to destination check out. 

 

Is this some hacker spamming the "reset password" link in hopes of somehow getting access?  Given:

 

  1. there are no suspicious IPs or hostnames anywhere in the headers;
  2. DKIM, DMARC and SPF all pass validation;
  3. the link is not clickable in the original email;
  4. and it does point to an Adobe server,

 

I'm pretty sure this is not an attempt to exploit anything. 

 

That leaves a bug in Adobe's systems that "believe" I submitted a password reset request.

Anybody else seeing this?  Any idea how to get the attention of the right person at Adobe?

 

I've attached a redacted copy of the headers in case anyone wants to examine them.

Views

124

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Unsolicited "password reset" emails from Adobe

Contributor ,
Apr 17, 2020

Copy link to clipboard

Copied

I am still getting emails like this:

 

Dear [redacted],

To reset your password, click this link.
https://adobeid.services.adobe.com/reset/en_US/[redacted]

Please note:
For security purposes, this link will expire 72 hours from the time it was sent.

If you cannot access this link, copy and paste the entire URL into your browser.

The Adobe Team

Copyright 2020 Adobe. All rights reserved.
Adobe Inc., 345 Park Avenue, San Jose, CA 95110 USA 

 

For a time in late 2019 I was getting several of these a day.  I submitted a bug report and they reduced in frequency, but I still see these once or twice a week.

 

I've checked out the headers (I have extensive experience with SMTP) and they look legit, all the hostnames and IP addresses from origin to destination check out. 

 

Is this some hacker spamming the "reset password" link in hopes of somehow getting access?  Given:

 

  1. there are no suspicious IPs or hostnames anywhere in the headers;
  2. DKIM, DMARC and SPF all pass validation;
  3. the link is not clickable in the original email;
  4. and it does point to an Adobe server,

 

I'm pretty sure this is not an attempt to exploit anything. 

 

That leaves a bug in Adobe's systems that "believe" I submitted a password reset request.

Anybody else seeing this?  Any idea how to get the attention of the right person at Adobe?

 

I've attached a redacted copy of the headers in case anyone wants to examine them.

Views

125

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Apr 17, 2020 0
Most Valuable Participant ,
Apr 17, 2020

Copy link to clipboard

Copied

The only link I have that MAY work (or may not) is...

-https://www.adobe.com/cfusion/mmform/index.cfm?name=wishform

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Apr 17, 2020 0
Contributor ,
Apr 17, 2020

Copy link to clipboard

Copied

Thanks, I submitted a bug report there, I hope it gets some attention.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Apr 17, 2020 0