[deckar01]

Google just let through an email spoofed from my own domain (via a mailgun server). It was a phishing attack about the domain being shut down. The connection between the domain name and my personal email address have never been published. Either google or Squarespace leaked the info.

[deckar01]

Edit: The attacker didn’t actually know my email address. The google domain had a catch all email forwarding config that squarespace botched. Apparently they can spoof emails from my domain on a mailgun server as long as it’s to an email address on my domain.