And DHL, NETFLIX, and others.. and they are SO blatant and obvious..
Maybe the DHL/Netflix/Amex guys have a bigger stick that they can use,
the amount of phishing attempts through SendGrid is staggering, and
especially when exactly the same phishing email comes in day after day..
I am sure that these companies and their customers are suffering a
monetary loss ..
From: "NETFLlX" <ad...@ibizperu.com>
Mime-Version: 1.0
Reply-To: ad...@ibizperu.com
Message-ID: <kycgvu4mqteph35tls1...@ismtpd0050p1iad1.sendgrid.net>
Subject: Please Update Your Payment Method.
List-Unsubscribe:
<mailto:unsubscr...@sendgrid.net?subject=https://u16064047.ct.sendgrid.net/wf/unsubscribe*q*upn=zxgg1V1rOEkx11H7u0uAg5sUFZIf2T3q8k7s4iDNspiMgEuxbwPIZu1nkhEHpPOjvQE4KSNWkcUg8UUn10oKf0dsebvnaFNOgljlazAsbFRdiFBWMAs-2Fad8oJDJ-2B43DJpN6BUR-2FFuMr3-2BBiheO2552CGSkecahQ-2F18FqQtgjTFzSuC6Fx5jSI-2F-2BlnLq0eZ9TIWus2-2FQw0ijivOxCtLrypgMI4-2FFe3U-2B-2FfWJYIV-2FuAFWg9dlz1AsfrjbudCR3m-2F4Jw5PLqhs-2FJISE0e7ECDf2XO-2Fe9E1naujVtfPTbL8zEu8w1zWV5tgmLRP4rVSUUEjuqMUWGRHDesqyVG0XqSpog-2FIvJVhV3k9NsdWLRchXlssUrm4epuK3F1KavsEXMEq0UvhDnFYaYNkZeDDALFe0TCCtVLcqywXxlDIug53ewWrBSGoTH8pZM4OcKrXoJHOZ16pK7Qnh5kem6UXCfGX4djxXFZOhiGj0DOIh4YGxzbQ4bXGuCmvNFtsvv5-2BkZIJb1qUVYKQh2XdqeDkKTPrpxDaPCCoo83qdlXw5PgjD-2B9UvQOTTFemVrgtSMrv966iL-2FDk0RFGXfA5hPHkwdZUqMCM2FFOgHDd7lKMAUYevkwQfVhaEFEY4LhGCGo8GrV-2B25aXd-2BnuldoHOtAICrw-2BDfdHj1FC5ht-2F55ZrASKUa4gk-3D>
X-SG-EID:
FPVrtLHU9M4sDT1ATFN/QI+n707JakhnaCXRFxaaQuxQVmlAdwwnzg7a76XGUnNfiv+rnN7O+ehvw9
gszB7V6nlk3iu4/pEcuyrdO+Ti1eair2jeqBD7abKR1i2oW3Qpau9vZViutg1WQ4VA9cNL48yy0aRU
5MSY+mOJ/fAw5/DUIMaet6VQL+RJMdZWm6FI599DRKwTS1wOJIrSk17y+g==
Not sure a 'better' reporting tool is needed, if they aren't taking
action on the reports that they are getting.. A one liner filter rule
should have stopped these weeks ago..
On 2020-05-05 2:30 p.m., Blake Hudson via mailop wrote:
Been getting a variety of Amex scams for several weeks via SendGrid.
Wish they had a better reporting mechanism.
Received: from wrqvfvsw.outbound-mail.sendgrid.net
(wrqvfvsw.outbound-mail.sendgrid.net [149.72.248.105])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mail.ispn.net (Postfix) with ESMTPS id 65FE3800E4E
for <REDACCTED>; Tue, 28 Apr 2020 12:04:22 -0500 (CDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.ispn.net 65FE3800E4E
Authentication-Results: mail.ispn.net;
dkim=pass (1024-bit key) header.d=mytuner.mobi
header.i=@mytuner.mobi header.b="e2+SR0dP"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mytuner.mobi;
h=content-type:mime-version:subject:to:from:list-unsubscribe;
s=s1; bh=hTbLWa0rB3Wwo49o0xU2xD9v4bjCR41krW7VkpSSxzw=; b=e2+SR0d
P7ePRapdg8cLSi5DcN4zltCNr7B0hOOVYEuW4uM4Wjml3DlKmym1U8iZxogOAbit
RYVNhmHtTrKG2ykVesUyZpOZZk6xvjyUSbqepBPMMh++2xiEhWVZrKtquE8gwqGh
wt0tQamfhNOT/BlnS4cnr8U8FW2RrnKobwtM=
Received: by filter1430p1mdw1.sendgrid.net with SMTP id
filter1430p1mdw1-2514-5EA8620E-32
2020-04-28 17:04:14.507763321 +0000 UTC m=+1091412.289296934
Received: from WIN-KM74NPGSU4J.us-west-2.compute.internal (unknown)
by ismtpd0035p1las1.sendgrid.net (SG) with ESMTP id
oDjUdUZhRYO-Wd8jQmosYw
Tue, 28 Apr 2020 17:04:14.270 +0000 (UTC)
Content-Type: multipart/alternative; boundary="===============1274991544=="
MIME-Version: 1.0
Subject: Security Notification on your Card
To: Customers <ale...@americanexpressexps.com>
From: "American Express" <ale...@americanexpressexps.com>
Date: Tue, 28 Apr 2020 17:04:14 +0000 (UTC)
Message-ID: <odjuduzhryo-wd8jqmo...@ismtpd0035p1las1.sendgrid.net>
List-Unsubscribe:
<mailto:unsubscr...@em1.mytuner.mobi?subject=https://u2431612.ct.sendgrid.net/wf/unsubscribe*q*upn=JnbB8LqllIRjPYoM4u8zjobQE6BWXAQ2vqkwS-2F8K-2F1HNikf1unW3QGdWxhiQ2Xa1TwEk5tGHYdw-2Bzx57-2FKxHmJhJLfgMSa6xdBXV0weI7JZzHiOlbW5WCKk98uLR1GRLIkX-2B1X71DlgYVltapRVD97kk482fCrdCx0wINVOfBjjncWvN6dJ21e0-2F5tA62ly-2BZW-2F4cPrlQWq05yevZdPgsg-3D-3D>
X-SG-EID:
eLF1XdoUgtODrTnreYcGkW29+W8SlXhMCPQICHWXv4c4UPqo4BYpwT6WdoB1GFSwuwd6mNC9sCJf1r
5PzIFZRABSj7gKeokjHm7Lnl8QkLAKEXf2JojGJnXeyze4NC/w39UhwzU/ki7FK6ScIgZx+gfhUQEe
W/8/g7BcHCE1Lc+BnEOTTL+ZjLy6xWcHvoTOvSwKTV5H7YXMjUPnsbijhXY/GG1vgjjAfJT228fgF5
JgGA5Yu0hMI46ZfVGtVOMh
On 5/5/2020 9:48 AM, Michael Peddemors via mailop wrote:
Since on the topic of SendGrid..
Received: from dhl.com (unknown)
by geopod-ismtpd-2-1 (SG) with ESMTP
id yXjQUIVNTmWUp86G27YZTw
for <REDACCTED>;
Tue, 05 May 2020 10:02:57.886 +0000 (UTC)
From: DHL Express <expr...@dhl.com>
Subject: Shipment Arrival Notice.
Date: Tue, 05 May 2020 10:02:57 +0000 (UTC)
Message-ID: <20200505100257.58c63efbca795...@dhl.com>
MIME-Version: 1.0
X-SG-EID:
=?us-ascii?Q?Fty1fbakBjfkMnPdNSS4UpmkoEOMkDriB8B3kSQUjCzRogyCEiG1y0V8I5N3J4?=
=?us-ascii?Q?Y=2FMd=2F0SFVzCTWMExjNhU9h6pIlyK51PQJ=2FVJLye?=
=?us-ascii?Q?RmHv4lJals+LEOvb4dhaYhRi0UPG27bJ=2FJA5mqh?=
=?us-ascii?Q?VL0Nx9J=2FyaWQ+bIzekwAAGSkhnpeyO+imjI0Cgh?=
=?us-ascii?Q?r7cfzn2kmMSVsOUIPudnngC0yrk3M=2F80HBjUiIy?=
=?us-ascii?Q?Wl1Av6MSMteTs=2FjUoR3TVyk006pkGBREAMe4gdV?=
=?us-ascii?Q?7+1=2F+mc9MUFtHbXdptHbg=3D=3D?=
I don't even think they are trying to stop outbound phishing any more..
This is a little too obvious, and while historically SendGrid ran a
tight ship, and got a little lee way from spam auditors.. it's getting
very bad, and going on for too long.. risking loosing any preferential
treatment..
Overnite..
149.72.1.84 (M) 5 wrqvhkrq.outbound-mail.sendgrid.net
149.72.24.42 2 wrqvkvnx.outbound-mail.sendgrid.net
149.72.24.51 1 wrqvkvpp.outbound-mail.sendgrid.net
149.72.25.142 7 wrqvkwvz.outbound-mail.sendgrid.net
149.72.43.171 9 wrqvnbxb.outbound-email.sendgrid.net
149.72.58.101 3 wrqvpxsr.outbound-email.sendgrid.net
149.72.63.131 (RS) 3 wrqvpfvp.outbound-email.sendgrid.net
149.72.63.135 50 wrqvpfvt.outbound-email.sendgrid.net
149.72.63.193 6 wrqvpfck.outbound-email.sendgrid.net
149.72.134.56 (M) 1 o2.ptr4806.marketing.sg.getweave.com
149.72.146.9 (M) 1 wrqvwnhw.outbound-mail.sendgrid.net
149.72.163.111 4 wrqvxpsf.outbound-mail.sendgrid.net
149.72.185.201 1 wrqvbwcw.outbound-mail.sendgrid.net
149.72.194.224 3 o1.sg.intherooms.com
149.72.219.45 6 wrqvdbnd.outbound-mail.sendgrid.net
149.72.224.183 (RS) 2 wrqvzhbt.outbound-mail.sendgrid.net
149.72.226.67 5 wrqvznqp.outbound-mail.sendgrid.net
149.72.227.4 50 wrqvzphq.outbound-mail.sendgrid.net
149.72.243.74 5 wrqvfpqx.outbound-mail.sendgrid.net
149.72.243.152 1 wrqvfpwv.outbound-mail.sendgrid.net
On 2020-05-05 6:31 a.m., Jaroslaw Rafa via mailop wrote:
Dnia 5.05.2020 o godz. 08:32:43 Michael Orlitzky via mailop pisze:
That message was never retried, even though this page says you'll retry
for 72 hours:
https://sendgrid.com/docs/glossary/deferrals/
That sample is fresh in my mind, but it's not a unique problem. We do
pre-queue scanning and sometimes you're just gonna get a busy signal.
We'd all love it if you could re-send at least once per the RFC so that
people will stop calling us about lost messages =)
I have also seen previously several times that Sendgrid did not retry.
However, I've also seen cases when Sendgrid did retry properly. I
wonder if
it depends on the sender/customer. Maybe they retry when sending
messages
for some customers and don't retry when sending for other ones?
Personally I had a slightly different problem with Sendgrid Sometimes
when
they retry, they retry immediately (without any noticeable delay),
and each
time connect from a different IP address. After only a small number
of such
unsuccessful retries, they give up. Again, it happens only for
particular
senders and not for others.
Retrying immediately when you get a 4xx makes no sense in my opinion,
because if 4xx response is caused by some issue on the receiving end,
you
couldn't expect that the issue will go away immediately once you retry.
Usually it takes some time to resolve the issue, so the sender should
implement reasonable delays between retries.
Using a different IP address for each retry makes it also impossible
for the
message to go past greylisting for the recipients who are using it, as
greylisting expects retry from the same IP address as the original
attempt
to send the message (also, greylisting expects a reasonable delay before
retry as well). (Please, don't debate now about greylisting itself and
whether it should be used or not. At least it has it's use against
botnet
spam).
A few years ago I ran into this issue and it was an important
transactional
message, so I try to report it to Sendgrid via some form on their
website
(sorry, I don't remember details, quite a long time has passed), but it
seemed evident that the person responding to me didn't know what I'm
talking
about and what greylisting is at all - he or she was referring me to
documents on their website that had nothing to do with the issue - so
I gave
up.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
