Am 11.08.20 um 16:53 schrieb Benoit Panizzon via mailop: > Hi List > > o1678912x138.outbound-mail.sendgrid.net [167.89.12.138] and IP under > control of sendgrid was repeatedly involved in phishing and other spam > since June. > > It ended up being blacklisted @ SWINOG. > > Now a sendgrid customers complains to us, that his emails are being > rejected because of this listing. > > But that makes me wonder: Doesn't sendgrid deal with such issues like > asking for delisting after blocking the sender itself and re-uses > recently (last phish received on 14. July) 'abused' ip addresses for > other customers? > > Mit freundlichen Grüssen > > -Benoît Panizzon-
As far as I understood, the IP addresses are not allocated to customers (except in some cases where the customer domain is being used for hostnames of big customers) but are part of a shared mail distribution network. This means that blocking sendgrid IPs does on one hand affect other customers, and on the other hand it does not reliably block the spammer. Much more effective is to block based on the string of digits in the envelope sender address (bounces+1234567-...) which apparently identifies the sender. Whether the sender has been hacked or is a genuine spammer is sometimes not easy to see, because sendgrid does some header obfuscation of their own, so some marks normally associated with spammers may also be seen in mails from non-spammers or compromised accounts. Cheers, Hans-Martin _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop