We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.
I use File Request to help clients send sensitive information to me securely.
To improve security and their confidence, it would be nice if they could verify that the File Request is going to m...
Thanks so much for replying, Walter!
I don't think that would address the concern, which is email spoofing.
We work in the financial services industry and attackers routinely spoof our emails. That is, they send emails to our clients that appear to be from us, but aren't. A clever attacker could easily create a Dropbox account and say their name is my name, then create a File Request, and then send a spoofed email to my client requesting sensitive information via File Request. The victim would be totally fooled because the Dropbox file request does not say who is receiving the files -- other than their name, which is not unique of course, and anyone can fake besides.
One possibly simple solution is for the Dropbox File Request page to display the email address associated with the Dropbox account that will receive the file. For example, "John removed is requesting a file."