How did they get my email? the only place that I typed my email is in my ubuntu server while deploying my email, I still did not set the HTTPS and TSL but I’ve set the SSL, could it be the reason? is there a way to know? or the only option is just making my server HTTPS and move on with it
1 Like
Please Post full Header of the email.
1 Like
Could also be a bulk email, and coincidence that you installed ERPNext. Neither Frappe nor the Foundation shares or sells email ids to 3rd parties.
Neither is any information collected if you self install via this install script or download the official VM.
By collecting header information we can analyze the source of the mail.
You can view header information by clicking show original in options tab.
As @rmehta mentioned foundations will never share the data with 3rd parties.
It may be some advertisement bulk email from some advertisement agencies.
This is the original of the message
https://drive.google.com/open?id=1nF_KhydITnqbSN4vqYkIwUwYNAf19Z1A
Yes, it seems that it’s a bulk advertisement email
It seems that they sent this message to more than 400 users, and probably someone who has limited understanding regarding spam emails will fall for it.
his imgur picture has 400 views https://imgur.com/KscPoto
I got the same email as well. We are on ERPNext cloud. 
I too received the same type of spam email , which is received immediately after registering a trial ERPNext instance on the erpnext.com website.
Might be possible that email address was entered somewhere in demo site, which the sender had been leeching upon.
Thanks for reporting. We will investigate if there are any breaches regarding the account at ERPNext.com
I can confirm that we had a breach and email ids were stolen from ERPNext.com
We are doing a detailed analysis and will put out a post on this.
Edit: Thanks @Yousef for reporting!
3 Likes
Any update on this?
1 Like