Now I'm back and I see I misconstrued your (ambiguous) answer: lesson - I must never ask a question in the form of two, contrary, closed questions.
Fine, it's legit. Except it's not legit. The information that there was a new document for me was nonsense. There is no such document for me. So, I wonder why Dropbox decided to tell me there was. Telling me there is a document when there isn't a document sounds like phishing, whichever way you put it.
The list of accepted Dropbox domain names is dizzying in its length. Whilst I have every understanding that Dropbox organises its domains and its online and offline structure as it sees fit, would recognition of the "scam" as an ever-present phenomenon that has been with us since the day and hour one guy realised he could copy another guy's signature not suggest that a dizzying array of domain names makes the feasibility of creatively inventing a new one in order to fox and beguile the unwary - who needn't as a result be all that unwary in order to get caught out - all the more possible? The more you have, the more you can feasibly have.