[andrewparker]

I received a phishing email from the author. I guess he must have scraped my email address from a blog post I wrote about bitcoin and coinbase.

While I am glad he has made attempts to contact Coinbase, I felt like live execution of the attack was spammy, so my first instinct was the block the domain of the sender's email, which Coinbase passes through to me. In execution of his proof of concept, the author is likely badly ruining his spam score / sender score.

[infosec-au]

Hey, I'm the author of this blog post. I think you're mistaken, I didn't send any phishing emails to anyone. All the emails were sent through coinbase via their request money featurein which I am trying to get them to fix. All emails to you were from Coinbase legitimately and none of them are phishing for your credentials. The lack of rate limiting on the api which allows for money requests is hence very dangerous.

[flopsey]

It wouldn't have been nearly as compelling without a live demonstration. I guess he felt it was worth the bad score.