On 12/24/19 12:54, Mark Milhollan via mailop wrote:
The problem there is that what was once okay might turn to crud or DNS
responces might be different for you than for them. The former should
be detectable if they were to do it as they forward/relay but the odds
of that are low so Sendgrid might think all is well -- of course your
report might trigger a re-check but reports via this ML don't really
scale. The latter, if true, should almost certainly be fixed at least
with respect to e-mail related items but again might have once been fine
then suffered rot. Relativity at human scale, as it were.
In this case Sendgrid appears to be sending pure phishing spam if I'm
reading the initial report correctly.
[snip]
Contains a link to https://resize.yandex.net/mailservice?url=.....
It's very unlikely that Chase would be including links to a Russian
company in legitimate email.
And I'd think at forwarding/relay time there'd be basic malware and
phishing checks though perhaps use of that URL was too new to be
classified.
You would think, but yandex.net has been around for a while, as has Chase.
--
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop