Update: Looks like it’s a legitimate email from Dropbox. I’m wrong (won’t be the last time):
From TUAW.com
Dropbox sends password change notification to some users
In the meantime, some Dropbox users who have never changed their password or who have an easily crackable password will be getting email reminders to change their password. These emails may appear suspicious, but they are coming from Dropbox (and you should double-check, should you receive one, that you’re directed to a Dropbox reset page). When you pick a new password, you can make it extra secure by using a random generation system like Diceware — endorsed by the makers of 1Password and XKCD alike.
Here’s my original (alarmed) post:
I just got this plausible-looking message … “Please create a new Dropbox password” …
but it’s got to be a SCAM. If you get one, my advice is Don’t click!!
(Of course my Dropbox account is working just fine without any change of password.)
The sender is NOT Dropbox but no-reply@dropboxmail.com (spoofed, in other words)
This is NOT from Dropbox. It’s from some loathsome con artists, I reckon. [Update: Oo er. Maybe it IS legit! See comments.]
– P
Looks like this is in fact a legitimate e-mail from Dropbox. http://www.tuaw.com/2012/08/01/dropbox-sends-password-change-notification-to-some-users/
I have to say though that I too considered this as classic a phishing attempt as they come. What concerns me is that we have been conditioned (and rightly so in my opinion) to consider e-mails such as this bogus. Now Dropbox comes along sending out an e-mail requiring us to unlearn and go against all of the training we’ve learned. In addition If Dropbox did change my password then how is it that I can click “Launch Dropbox website” and go directly to my account?
Wow. I think you’re right. Thanks for the link to tuaw.com
Re your comment: “If Dropbox did change my password then how is it that I can click “Launch Dropbox website” and go directly to my account?”
Yes, that’s still working for me too … but try going to the web page manually and logging in and … old password doesn’t work.
I did a whois on the dropboxmail.com address and it seems it is associated with dropbox. Messy messy messy.
– P