Potential Phishing Email?

Hello everyone I received a suspicious looking email today. That clamed to be from incident-response@gitlab.com. however looking closer at the email I saw that the email was unencrypted and was actually mailed by potomac1050.mktomail.com which doesn’t feel like a real GitLab mail server. However what was confusing me was the email appeared to be completely legitimate. The email is added below. All links redirect to real GitLab urls.


Does anyone know if this is legit and if it is why GitLab is using weird mail servers with no encryption.

Sounds like they use a marketing company for mass email delivery which when we check the domain mktomail.com, first google search: How to whitelist just our company's emails sent by... - Marketing Nation which shows it being an Adobe product.

Also, there was a problem with omniauth recently, there have been some posts on here about it within the last few weeks, so it seems to be related to that. If you didn’t create your account using omniauth, eg: you registered by your email address manually yourself, then you haven’t anything to worry about. Also if you use 2FA and did use omniauth it also isn’t a problem since they cannot get passed 2FA with the password alone - as per the text in the email.

As an aside, I tend not to follow links in emails even if they are genuine, I prefer to go directly to the website in question myself. So even if it was fake, I could make sure my account is secure by visiting the site manually and resetting it. But as far as I see, it’s a legitimate mail.

Yes I tend not to follow email links either, I just thought it was awfully strange that Gitlab would be sending out unencrypted emails from weird mail servers when I know that all of their emails normally come from encrypted Gitlab mail servers.