Phishing scam?

[GTRS Fiero]

For the last 2 weeks or so, emails from the forum are all identified as a phishing scam.  Is anyone else experiencing this?

The emails come from a different domain.  I see that the SPF records for both that domain and this domain have a similar IP range, with a neutral policy.  Maybe the server's IP changed?  Maybe it's an authentication issue.  Likely, it happened about the same time as the software upgrade.  It seems to have been OK on the 18th, and having issues by the 22nd.

[Fierofool]

Nothing like that but I and some others have been getting cloned mails from former members Don Hulse and Clyde Davis with nothing but a link in the message.  When hovering the cursor over the sender, a different address is displayed.

[GTRS Fiero]

There are several possibilities:
1. Those accounts have been compromised.  I believe Don's email was through AT&T.  I don't know about Clyde's.  AT&T and Yahoo use the same mail servers, and are frequently compromised.  These email accounts are compromised en masse, so it isn't as if having a secure password would help.  Any addresses and emails in any accounts on the compromised server can then be compromised.  With a bit of work, the accounts can then be manipulated.  Worse, things can be charged to any affiliated accounts.  I hope that Don's account has been deleted.
2. Someone probably pulled receiving email addresses from a group email.  Since AT&T has no SPF record, anyone can easily spoof any AT&T, Yahoo, SBCGlobal, etc email address.  This is a prime reason for avoiding the use of free email addresses.
3. One of the people who used to email both Don and Clyde has gotten a virus.  If you put your heads together, you could probably figure out who it is.  To avoid this, I used to have people put a gibberish email address in their address book, starting with !!.  That puts it as the first entry in the address book.  Emails sent out would reject from that email address, and you'd know you were infected.  Unfortunately, most mail servers and clients got wise to that, and so did the virus writers.

You already know this, but for other readers, don't click on the links in those emails.

[GTRS Fiero]

Off-topic, but I had something really unnerving happen to me.  I received a phone call from a dead person.  Someone who died almost 4 years previously.  It's bad enough when their smarthome sometimes has audibles in that person's voice, but this was a phone call.  My phone rang, and showed the person's name.  I answered, and the person's voice began to talk.  Apparently, it's possible to make recordings and schedule things in advance.  If, for example, you plan to go rock climbing with someone in several years, you could set up an automated call for 4 years from now, record a message, and have a given phone number called with that message.

[TopNotch]

Most email programs and/or services will let you view the header of a message you receive. There, you can find out who it is really from, or at least that it is not from the name attached.
But if you get a very short unexpected message from anyone, with a link or an attachment, don't even bother checking. Just delete it.