Join 34,000+ subscribers and receive articles from our blog about software quality, testing, QA and security.
 

Email sent to users regarding cookies vs API token

I am getting spammed by users reporting the email you sent out regarding updating the password as a phishing attack. Is it possible to set up somewhere that Gurock doesn’t send emails to our users but rather to admins only?

As an example to why users are reacting, apart from the fact that no one here should ever get told by a non company person to update passwords/integrations…

For instance the website link to atlassian https://id.atlassian.com/login?continue=http://id.atlassian.com/manage/api-tokens

The email link to atlassianis is a cmail address https%3A%2F%2Fgurocksoftwaregmbh.cmail19.com

The noreply address is @gurock.io while support uses @gurock.com

I just think stuff like this creates extra noise that could be avoided. Perhaps I’m the only one with this problem. So anyway, how do I shield my users from Gurock?

/J