I got one, too.
The bad thing is that sender has managed to get SPF and DKIM right because the email has been sent through Sendgrid:
Received: from o1.em.coinbase.com (o1.em.coinbase.com. [50.31.37.137])
Received: from o1.em.coinbase.com (o1.em.coinbase.com. [50.31.37.137])
by mx.google.com with ESMTPS id p13si266962icl.54.2015.04.08.11.49.44
for
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Wed, 08 Apr 2015 11:49:44 -0700 (PDT)
Received-SPF: pass (google.com domain of {UNDISCLOSED}@em.coinbase.com designates 50.31.37.137 as permitted sender) client-ip=50.31.37.137;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of {UNDISCLOSED}@em.coinbase.com designates 50.31.37.137 as permitted sender) smtp.mail={UNDISCLOSED}@em.coinbase.com;
dkim=pass header.i=@coinbase.com;
dmarc=pass (p=REJECT dis=NONE) header.from=coinbase.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=coinbase.com;
h=content-type:mime-version:content-transfer-encoding:from:to:subject;
s=smtpapi; bh=mzFmpzK4RGa5/BW6ukZz8pgNqs8=; b=QCxwr642hzexeNV19i
R8Ui1ESMG1QJ7dvii3StPST9nuFdztnrXSdsWSt1x8W6x4cYgSmAgJ0QhSDwFyPP
Jmer3WqyWbTm5lh3QWJDnlgEtAtJPJIh7tXvhsIwl/s/Y2uaurdhdso5f6/A8HMw
zf99DP+mHtG+msY/S2ycwCYZE=
Real sender is probably
Received: from MTYwNDc2NQ (unknown [5.101.100.198])
which is a DigitalOcean customer.