These emails are probably legit.

You can log in on paypal and set your settings to disable all their offers and stuff they keep sending.
Go to your profile - under Account information click "Notifications" and disable whatever you want to disable.
They use "gimme all those ads" as a standard setting...

Maybe... The whole thing about phishing is looking like it's legit while it's not. Makes me wonder about the $10 offers i get if they are phishing or not since i never opened them...

A quick "e.paypal" Google search says it's phishing.

I don't get this "e.paypal.com" thing. You can't have e.paypal.com as your adress, without PayPal giving it to you. I own dozens of websites (I make my living with them) and have subdomains ("e" is a subdomain of paypal.com) on most of them. I can create those subdomains, because I'm the owner of the sites. Not my site? I can't have a subdomain. To have e.paypal.com, PayPal would have to create this subdomain.

So... How does this work? Is it something like "visit e.paypal.com and log in", or is it something like "visit safetoclick.gog.com and log in"? I'm really confused. The first doesn't make any sense, because PayPal won't set up a phishing site for PayPal accounts. The latter doesn't make any sense either, because you don't need the "e." which makes people suspicious...

As i mentioned earlier, it's like originally based on secure.paypal.com and shortened enough to get past filters.

The majority of email travels over the Internet unencrypted and as such is susceptible to being sniffed off the wire by people who have the proper access to one of the machines that it passes through or past on the wire. If someone knows your name and email from any source whatsoever, they can hand craft rather flawless looking emails appearing to come from Paypal, Facebook, any bank, etc. using example real emails from those sites/services as a template fo their forgery. The "From" address in emails is very trivial to forge and can never be trusted on any email. (Do a web search for how to forge the from address on email to find a tutorial on how easy it is for example.)

Even if someone is using Gmail or similar services and connecting to them over https always, that just protects the connection between your own computer and gmail, but not how the email arrived at Google in the first place. The only safe assumption to make is that every email we send or received is completely visible to anyone who wants to see it bad enough (criminals, government spy agencies, whoever). There is no real way to prevent it so one must assume "the gun is loaded" so to speak.

The bad guys don't even need to know whether or not you actually have a Paypal account, all they need is your email address and name and the names and addresses of 10 million other people, and they send out the fraudulent mails to all 10million people and know that some fraction of those people have used paypal before and probably have a paypal account and that some of those will be using the same email also. That's enough to snag a few fish when they reel in.

Another way is they steal identity information from infecting people's PCs with malware etc. also, and steal emaill addresses from the infected PC's address books etc.

Whenever you receive emails from your bank, paypal or some other critical service - always be suspicious. Turn on full email headers, completely ignore the "From" line as it is trivially forged, and scan through the Received headers and other headers present to try to determine where the email actually originated from for real. Most of the time the fraudulent nature of an email scam is revealed via one or more of the headers on the email message. You can also use the DKIM header as a way to try to validate the message (search the web for DKIM).

Unfortunately, email is and most likely always will be an insecure communication mechanism, and things that attempt to make it more secure like GPG/PGP etc. require technical acumen that the average person does not possess to utilize properly so ultimately one must always be cautious when it comes to trusting email and where it is truly coming from.

I just purchased some stuff from Amazon for the first time in ages about a month ago. Within a week I started getting inundated with all kinds of Amazon scams, false advertising etc. Now I receive real amazon mailings and ads too, but I got tonnes of obviously fake ones as well. Some are addressed to me directly. How do they know my name and email? I dunno. Chances are they have some way of observing the fact that I made an Amazon purchase recently, possibly by sniffing the legitimate emails coming from amazon to me, or possibly from some other criminal method. Could just be a coincidence too, but this is the second or third time I purchased something online somewhere and had fraudulent emails appear to come from the same retailer afterwards which were just phishing mails etc.

One can never be too careful! :)

I didn't say there was no way to use an address like that for the sender's address in a scam email. Any address can be put in that field. I just said that there was no specific reason to suppose that the email is a scam based on this address alone. Even though e.paypal.com is not apparently a reachable web host, it may easily be one of paypal's own mail servers.

Go to paypal.com/webapps/mpp/phishing (I can't create clickable just paste it in) and read about it

Sure, e.paypal.com can be a valid subdomain of paypal.com and if it exists then it belongs to paypal.com, and you're right that nobody else can own that without paypal creating it and giving someone permission to it (unless they hack PayPal's DNS nameservers or other hackery). However, anyone can forge an email to have any address on it whether the address is a real email address or something completely bogus.

Most decent mail client applications such as Mozilla Thunderbird or just about any other can have arbitrary outgoing email addresses configured in them. You just go into account settings and poke around and you'll find where you can add additional email addresses for outbound mail. You can put absolutely anything in there including chickensandwich@whitehouse.gov if you want. That doesn't make it a valid email address of course, but you could also put any address in there including a valid one that doesn't belong to you. When you write an email to someone you can then choose that particular address as the one that will show up on the From line and as long as your SMTP server doesn't reject the address it will be sent on its merry way to the destination with a forged fake From line on it. Of course if one's SMTP server doesn't accept it there are 10 million other SMTP servers on the Internet of which several will accept it and send it on its merry way also.

So, an email showing up in one's inbox that says it come "From: anywhere at all" doesn't mean that is where it came from, nor that the domain or host even exists at all, and if the domain does exist, it doesn't mean that is where the email come from either. To know where an email come from one has to trace through the full headers of the email, in particular looking for the bottom most "Received" header, however sometimes you need to look at other headers as well. If someone is forging email though, the best that can generally be done is to trace it back to the originating IP address of the computer that sent the email. There's no guarantee that that computer was owned by the perpetrator though, and when crime is being committed such as fraud via email generally one can assume that the emails were sent by the criminal through someone else's computer such as the guy down the street's Grandma.

So people receive fraudulent email coming from a forged and probably non-existent address of say... customer-service@e.paypal.com sent by some criminal in say... Russia, connected through the Tor network to somebody's grandma's PC in Utah which was compromised by malware they created. Granny has no idea her computer is sending out hundreds or thousands of fraudulent spam/phishing emails all day long every day that claim to come from paypal. The person receiving the mail thinks it is legitimate because it says it came from someone@somewhere.paypal.com not realizing that address can be complete fake bogus nonsense an 8 year old can fake. :) Someone traces the email headers to the point of origin and gets granny's IP address. It's useless because Granny had nothing to do with it, and there's no way to trace the mail back to the actual criminals in Russia or wherever they might be, hidden behind the cloak of Tor or some other obscuration.

About the best anyone can do is forward these mails with full headers visible to abuse@fbi.gov and other similar organizations, then click DELETE and go make a chicken sandwich. :)

I have had those PayPal e-mails before too. I do not trust much that arrives in my inbox, but the fact that gmail even goes as far as to list them as important really gets me.
I just deleat them and blame PayPal's lack of security. None of my accounts include my real name in them if I can help it. Only my bank, PayPal and Amazon have my real name on record by my action. With all others it is my user name or initials.
I do know that PayPal will send out my full name and address to anyone I buy from though. Apparently it is just so they can confirm that they are really selling to me, but the fact that PayPal do it so willingly is scary as I am sure it would not take much to convince their system to hand over that information.

Google have proven to me how easy it is to get all my real life data too. I had an email from them a while back (more then 2 years ago) where I was being noted for something illegal (pirate bay) and they wanted me to confirm that I understood that I was now being monitored for any further illegal activities.
Anyway, I am sure that this is bull. Yet as I remember the email stated it came from them - Google themselves - so I had opened it and read it. I remember thinking it was odd for Google to be monitoring me and not the police to turn up on my door.
It all looked official and it had my full name (when I am listed with them in the account page as "M M"), my full and correct address (even better as I never have things delivered there), my mobile number, my DOB, and a few other details that even if you had hacked my gmail or Facebook profile you would not have gotten. If the email had come from the NSA themselves it would have seemed less odd, but Google (I am aware of all the personal data mining they do, the reading of e-mails and monitoring of communication as well as your internet usage).
The thing is it was meant to scare me - and it did. There was a link to click so that "Google" could get confirmation that I understood. My action was to delete the email, drop using Chrome and always sign out of my email accounts when finished using them.
I am not sure if it was real or fake as I never attempted to find out and it was not until a year or so had passed that Google would threaten to close my Google+ account unless I conformed to what they wanted. This time it was really Google, but as I do not use G+ again I just deleted and ignored them.

The thing to remember is there are some very talented, computer savvy programers out there with access to working machines and they want our details. Why, you need to ask them, but I doubt many are for good reasons.
As to why PayPal do not act, too few people fall for it and if you do then you have breached their terms of service. So they can blame you for being gullible.

Hmm I went through and looked at some of the 'offers', and they were phishing... although they have my real name attached to them somehow. Quite annoying.

Forward to abuse@paypal.com, then add a rule to block the email address that's used on these as well as marking them spam...

Glad I never looked at those before this point, although the only offers I get usually are when logging in to paypal, and that's for a visa card...

edit: Types of emails include managing your balance, getting $10-$15 off on some other site when purchasing something, updates in terms of service and privacy.

Be suspect...

Log in to paypal, click on "My Profile" , click on "My settings" and "Notifications" and then change how you should receive emails from paypal. If you still receive ads and offers after you have unchecked promotions emails, I guess all of them are fake/phishing.
(except policy updates which you can't uncheck)

Here is a screenshot of the settings:
i.imgur.com/XmiLgs5.png