It is normal to receive this email from Bubble?

Hi there,

I received an email marked as spam, coming from the bubbleapps.io using my domain and my domain in the “from name” and the subject “Keep me posted update”

[mydomain] Website [mydomain-no-reply@bubbleapps.io]

The content is XXX. Have I been hacked? or is there a bubble problem?
I never use that name, domain, nor did I schedule this email…

Thanks!

The only thing that comes to mind is that our email and name is on the front page. Some lazy spammer may have scraped it? It is not difficult to spoof the from:email, but I agree that the golifo-no-reply@bubbleapps.io is concerning - because the spammer should have sent it from your custom domain (rather than the bubbleapps.io email). I played around a bit with variants of your Bubble, including /version-test, but did not see anything apparent that exposes the @bubbleapps.io internal email.

Ok, another possibility: do you have any email APIs exposed? This is what I see in your swagger:

https://golifo.com/api/1.1/meta/swagger.json

Thanks @deadpoetnsp . I am going to look at it closer. I have a Stripe API and generally a basic plain Sendgrid. Yeah - I am concerned because it comes from a Bubble owned domain…

It’s likely spoofed. Spammers send emails seeming to come from the recipient’s own address for years already.