Re: [mailop] I understand less and less why I accept any mail at all from Sendgrid

[Atro Tossavainen via mailop]

On Wed, Aug 17, 2022 at 11:44:18AM -0700, Luke via mailop wrote:
> That account was terminated on the 14th. For what it is worth (and I know
> this is worth very little here), our system did prevent more than ~90% of
> their *attempted* mail from ever leaving our pipes. So I like to tell
> myself we prevented 9 million phish instead of telling myself we sent 1
> million phish. Kidding of course...
> 
> Thomas, if you're still seeing mail arrive *today* with those unsubscribe
> links, that would be incredibly strange. Would love to chat offline if
> that's actually what you're seeing. An account sending email 3 days after
> being terminated isn't really a thing that happens.

A thing that might have affected the sending is that Radix (the .store
registry) took the sending domain out on 2022-08-14 at 03:23:40 UTC.

At least you'd hope that non-existent domains couldn't be used as senders.

The spamtraps do concur with what you say though, that flood was on
the 12th and 13th, ending around 10 pm UTC on the 13th.

More recently, what's the deal with user accounts 28489652, 28470998,
28470691, 27864014 and especially 5965629?

> 
> Luke
> 
> On Wed, Aug 17, 2022 at 10:09 AM Thomas Ho via mailop 
> wrote:
> 
> > Funny how we're still seeing this exact same template spewing out of
> > Sendgrid for days.
> >
> > I guess (hope) they're busy working on tackling much more malicious spam
> > coming from their network.
> >
> > -Thomas
> >
> > On 8/13/22 15:46, John Levine via mailop wrote:
> > > This showed up today, send to the email of my father who died in 2019.
> > >
> > > Full copy available on request to anyone who has a plausible use for it.
> > > -- Forwarded message --
> > > Date: Sat, 13 Aug 2022 15:41:20
> > > From: support 
> > > Reply-To: g...@hansa-fx.com
> > > To: x@x.x
> > > Subject: IP address blacklisted(Child Pornography Act 1996 violated)
> > >
> > > Hello,
> > >
> > > We have found instances of child pornography accessed from your IP
> > > address. This is a punishable offence under The Child Pornography
> > > Prevention Act of 1996 . For now we are blacklisting your IP address
> > > and if there is any further action from Microsoft you will be informed
> > > via email.
> > >
> > > If this was not you and you suspect potential hack or id theft contact
> > > Microsoft Support Team at +1-808-460-7701
> > >
> > > Microsoft Support
> > > +1-808-460-7701
> > >
> > > support
> > >
> > > 16 Central, HCW , Tampa , FL
> > >
> > > Unsubscribe (
> > >
> > https://u28413401.ct.sendgrid.net/asm/unsubscribe/?user_id=2401=jGkM5n0umWt5giSnrpl6O4tFPc5wzKFsV94hjZBX8pQIheAKOas_zWNsEOncd-HbCkpbIvoVXgT8sU6DigWO_eN-7q_f3_YdzG22esQZaeYvwfRfC4RvAZR91smd6V5UOKs3K3YnTNLu7eqpmNs5MgibY69YuER5xZyCM1zKjcZ-8WdqDiZ09ZDW8MnPZwlCq4ExdET6b1FfymKFmn0M57AS6OrQ9Z41ntAYLbucVhznk0bqlHrqgYAhJmD8r32C-y6jAiILcbSJnjKcwbO4A2XlH2Xq_STVI0NZNEGJSk3rsNiS1BljdqcVvog_l47a_9QqpTTzdEtJxb76h7njtiNvZmy2GahPuC5VtdWCFL8sw8dhTZN792pmswmZV8Stx9YNphaZCY0Zz-Y-6B3oy7d_C-u0550ED8DjIh5dQKo05hHfkqQv-JzGA1cm2BIQcEaDOWBAXIFPQhsZtmN1NV352KGimJzF1zQBc869JXc0LNV6lWdxB9tHv9FPAxyyUvAI7GCYEprshgEYBXxNc5vwH5SsHnk5XXKpbVztKb-rF_CXEu4_sVDZt1dcMerLreg5jj1abowz0vzCxu91ljSE_625gU2Nfvwf_evzfEtaDdgklH90ndYyZNjTEUFL7B1TCJ3FIyVfY2tfVarBYX_aZRyujWy2HMNwhbJApYoFQ5KIVbl8odCtVRe5Ss6z720nEmO6S3yE8IgJXIPTCuYH_plCZ2es85QKi21w-gGWICt3gPZNDYpxq2V23Amf9DtI98NiQg93_f9tWLu3ncR_l7Xu-QyQ-NHpZGOZzJGJl6hZO0NKhBs2fS-DSZwbI8sy0pFprpTmbArND7x-CkuBHe5H1WW0FyHCHb1NLsK9SBn-aJMsk0xtAowOpzMGPsWj_AFn12Gj1MU2qh_
> > >
> > Zc4tlcFvAEIaXfZnGVU0Y8MqPIL7zCaF4I01Q1GxU7wziTkPwcMyeUT8qvfjbtJnQ9_zTMykNipOu1NmmemXBHGJml3neoZ75wscSo_2XSg1AKGk0ceEGUu-Xrj5FsTwd4i_Lvu6i2aPAKpRgkCrLZN7x_Cy7fsLksN8juSIi3m-GYcaCMsxtAjo9xI9ZewQel_kjR-Nl43qwegdl1Al5eZmDY0VY749OELIRduc-SUty-0Pmt4NZPKD7hqCkVV6X_qgRC2aKxJAlFKIU03FW1R6Iueoz4qstvxH32NPeLz2H_OoTdTI=
> >
> > > ) - Unsubscribe Preferences (
> > >
> > https://u28413401.ct.sendgrid.net/asm/?user_id=28413401=iw27W5ySrSfDVCRlPaXMu5zZMK6M9L26Fq8UYqOfdZhoMDAwdTAwMFT1ohToGkgPLNAwsvCWjLkjDNagBfBVNm4La20qWnyb349Ffm1yfrD4ctSwuskuNp7Uzh4IUp41Fz5FYgodIco5ievuqL7nDm63AdCvifURyfq07C4ck6IkGGV9omBlZ8ahQz-3tfQdDuXkkIDKsln-j8pQTiYAA5cnxyzRrdDZKAPFE-nAcd6eB4cSSmMY09NNRAhGs5YRCqXXGKB4rg8QCfDbyNXKbsVbIl5lf9NZ3QOD2WjZhkFDFX0rv2rLzw3FsHRqaNyT-YRCrW_0zWBcn4nYM2r8jngI78F3qjI8LsQOcjXBVa27_OUX4cPEoqAibJW0zJHhKOD20KWDGgE2k6TUiFpMPQ1eHg6A28fWkJsffmFbKXirplWlcEo7iw3oiiUcVpREbcdELBXZ8MiiKIPil6T7if1FH2oBhwKnbyzjiUxo3uIlxos0Yr-xV-3ZA_h5o4JifaCzIFwNYxzT3hqapJw6njG_wUCUfT9z8McN5CzkKNjQc4WxwiMuld1JJbyzB5tjNjAHAht1wirqjrrFBHoG
> > >
> > 

Re: [mailop] I understand less and less why I accept any mail at all from Sendgrid

[Luke via mailop]

That account was terminated on the 14th. For what it is worth (and I know
this is worth very little here), our system did prevent more than ~90% of
their *attempted* mail from ever leaving our pipes. So I like to tell
myself we prevented 9 million phish instead of telling myself we sent 1
million phish. Kidding of course...

Thomas, if you're still seeing mail arrive *today* with those unsubscribe
links, that would be incredibly strange. Would love to chat offline if
that's actually what you're seeing. An account sending email 3 days after
being terminated isn't really a thing that happens.

Luke

On Wed, Aug 17, 2022 at 10:09 AM Thomas Ho via mailop 
wrote:

> Funny how we're still seeing this exact same template spewing out of
> Sendgrid for days.
>
> I guess (hope) they're busy working on tackling much more malicious spam
> coming from their network.
>
> -Thomas
>
> On 8/13/22 15:46, John Levine via mailop wrote:
> > This showed up today, send to the email of my father who died in 2019.
> >
> > Full copy available on request to anyone who has a plausible use for it.
> > -- Forwarded message --
> > Date: Sat, 13 Aug 2022 15:41:20
> > From: support 
> > Reply-To: g...@hansa-fx.com
> > To: x@x.x
> > Subject: IP address blacklisted(Child Pornography Act 1996 violated)
> >
> > Hello,
> >
> > We have found instances of child pornography accessed from your IP
> > address. This is a punishable offence under The Child Pornography
> > Prevention Act of 1996 . For now we are blacklisting your IP address
> > and if there is any further action from Microsoft you will be informed
> > via email.
> >
> > If this was not you and you suspect potential hack or id theft contact
> > Microsoft Support Team at +1-808-460-7701
> >
> > Microsoft Support
> > +1-808-460-7701
> >
> > support
> >
> > 16 Central, HCW , Tampa , FL
> >
> > Unsubscribe (
> >
> https://u28413401.ct.sendgrid.net/asm/unsubscribe/?user_id=2401=jGkM5n0umWt5giSnrpl6O4tFPc5wzKFsV94hjZBX8pQIheAKOas_zWNsEOncd-HbCkpbIvoVXgT8sU6DigWO_eN-7q_f3_YdzG22esQZaeYvwfRfC4RvAZR91smd6V5UOKs3K3YnTNLu7eqpmNs5MgibY69YuER5xZyCM1zKjcZ-8WdqDiZ09ZDW8MnPZwlCq4ExdET6b1FfymKFmn0M57AS6OrQ9Z41ntAYLbucVhznk0bqlHrqgYAhJmD8r32C-y6jAiILcbSJnjKcwbO4A2XlH2Xq_STVI0NZNEGJSk3rsNiS1BljdqcVvog_l47a_9QqpTTzdEtJxb76h7njtiNvZmy2GahPuC5VtdWCFL8sw8dhTZN792pmswmZV8Stx9YNphaZCY0Zz-Y-6B3oy7d_C-u0550ED8DjIh5dQKo05hHfkqQv-JzGA1cm2BIQcEaDOWBAXIFPQhsZtmN1NV352KGimJzF1zQBc869JXc0LNV6lWdxB9tHv9FPAxyyUvAI7GCYEprshgEYBXxNc5vwH5SsHnk5XXKpbVztKb-rF_CXEu4_sVDZt1dcMerLreg5jj1abowz0vzCxu91ljSE_625gU2Nfvwf_evzfEtaDdgklH90ndYyZNjTEUFL7B1TCJ3FIyVfY2tfVarBYX_aZRyujWy2HMNwhbJApYoFQ5KIVbl8odCtVRe5Ss6z720nEmO6S3yE8IgJXIPTCuYH_plCZ2es85QKi21w-gGWICt3gPZNDYpxq2V23Amf9DtI98NiQg93_f9tWLu3ncR_l7Xu-QyQ-NHpZGOZzJGJl6hZO0NKhBs2fS-DSZwbI8sy0pFprpTmbArND7x-CkuBHe5H1WW0FyHCHb1NLsK9SBn-aJMsk0xtAowOpzMGPsWj_AFn12Gj1MU2qh_
> >
> Zc4tlcFvAEIaXfZnGVU0Y8MqPIL7zCaF4I01Q1GxU7wziTkPwcMyeUT8qvfjbtJnQ9_zTMykNipOu1NmmemXBHGJml3neoZ75wscSo_2XSg1AKGk0ceEGUu-Xrj5FsTwd4i_Lvu6i2aPAKpRgkCrLZN7x_Cy7fsLksN8juSIi3m-GYcaCMsxtAjo9xI9ZewQel_kjR-Nl43qwegdl1Al5eZmDY0VY749OELIRduc-SUty-0Pmt4NZPKD7hqCkVV6X_qgRC2aKxJAlFKIU03FW1R6Iueoz4qstvxH32NPeLz2H_OoTdTI=
>
> > ) - Unsubscribe Preferences (
> >
> https://u28413401.ct.sendgrid.net/asm/?user_id=28413401=iw27W5ySrSfDVCRlPaXMu5zZMK6M9L26Fq8UYqOfdZhoMDAwdTAwMFT1ohToGkgPLNAwsvCWjLkjDNagBfBVNm4La20qWnyb349Ffm1yfrD4ctSwuskuNp7Uzh4IUp41Fz5FYgodIco5ievuqL7nDm63AdCvifURyfq07C4ck6IkGGV9omBlZ8ahQz-3tfQdDuXkkIDKsln-j8pQTiYAA5cnxyzRrdDZKAPFE-nAcd6eB4cSSmMY09NNRAhGs5YRCqXXGKB4rg8QCfDbyNXKbsVbIl5lf9NZ3QOD2WjZhkFDFX0rv2rLzw3FsHRqaNyT-YRCrW_0zWBcn4nYM2r8jngI78F3qjI8LsQOcjXBVa27_OUX4cPEoqAibJW0zJHhKOD20KWDGgE2k6TUiFpMPQ1eHg6A28fWkJsffmFbKXirplWlcEo7iw3oiiUcVpREbcdELBXZ8MiiKIPil6T7if1FH2oBhwKnbyzjiUxo3uIlxos0Yr-xV-3ZA_h5o4JifaCzIFwNYxzT3hqapJw6njG_wUCUfT9z8McN5CzkKNjQc4WxwiMuld1JJbyzB5tjNjAHAht1wirqjrrFBHoG
> >
> 9m2B9eqqIeckhXlTMCaQ3jJBMnLpcnAQ0_wLVL-Ua2U5SX1cXm1n6JorUlG27yxJvUItjuWXE99NnN9qImyxlaWg0Sk-OFOA76cLP5hVv10Vb_BMw5cwVcHLI5cKs5PEHUAX8ua4pV3fLgWR6TERaT8XpKcZhkiBtDD9kmleAOCgfSnjpvlyvFkJAPsoiibP-WhJNDmKE8FP25gZ2qp8nLaffDtB-mnu2rs2dD0XFijEcX-QvOPrqh35JhkYl2_NgXb8yiH8L45RRqqDKQprOF9cdvyeV5Q4P7DBvm8rynoSBWaMTGK5EVWIKI66IJPU5MFNCzoKp1WMbnIH-7EVIVwu6EIh4Zf1RHHWqj9kMABWHUx_FUAxtKJCV-t8IrT2T46yiZ4W5StTXvvKFti9h3fjm5FZnoOlKzmv-2LsBGN_nBQ8t4BLgFUVe-MeSYIwUzWUqs1W-vLqDIu5K-ZLZTuKv2Scr_Zsmf69w3sItxrz7AdHoj4xqjGa6cvtack98IyRV6WY5bSVoQyDC3vgSCQWZ7rNyWwr7QnXVgtMpEA0fEGomlkAVRfJYBv-zQ2UfQDlov0zc8hIprZ3mVS-QdzW7TXh6web9yjkoscnc46UaB_4Z-W7-cZy6lACb10DLrShERY6f4buraANSARHo9TXZAfgHFk7Mg==
>
> > )
> > ___
> > mailop mailing list
> > mailop@mailop.org
> > https://list.mailop.org/listinfo/mailop
>
> --
> "What is a threat? Something that can harm you.
> What is it that I seek? The ones that fear peace.."
>
> 
> Thomas Ho, Senior Threat Researcher - LinuxMagic Inc.
> For More Info www.linuxmagic.com
> "LinuxMagic" is a Registered TradeMark of 

Re: [mailop] I understand less and less why I accept any mail at all from Sendgrid

[Thomas Ho via mailop]

Funny how we're still seeing this exact same template spewing out of 
Sendgrid for days.


I guess (hope) they're busy working on tackling much more malicious spam 
coming from their network.


-Thomas

On 8/13/22 15:46, John Levine via mailop wrote:

This showed up today, send to the email of my father who died in 2019.

Full copy available on request to anyone who has a plausible use for it.
-- Forwarded message --
Date: Sat, 13 Aug 2022 15:41:20
From: support 
Reply-To: g...@hansa-fx.com
To: x@x.x
Subject: IP address blacklisted(Child Pornography Act 1996 violated)

Hello,

We have found instances of child pornography accessed from your IP 
address. This is a punishable offence under The Child Pornography 
Prevention Act of 1996 . For now we are blacklisting your IP address 
and if there is any further action from Microsoft you will be informed 
via email.


If this was not you and you suspect potential hack or id theft contact 
Microsoft Support Team at +1-808-460-7701


Microsoft Support
+1-808-460-7701

support

16 Central, HCW , Tampa , FL

Unsubscribe ( 
https://u28413401.ct.sendgrid.net/asm/unsubscribe/?user_id=2401=jGkM5n0umWt5giSnrpl6O4tFPc5wzKFsV94hjZBX8pQIheAKOas_zWNsEOncd-HbCkpbIvoVXgT8sU6DigWO_eN-7q_f3_YdzG22esQZaeYvwfRfC4RvAZR91smd6V5UOKs3K3YnTNLu7eqpmNs5MgibY69YuER5xZyCM1zKjcZ-8WdqDiZ09ZDW8MnPZwlCq4ExdET6b1FfymKFmn0M57AS6OrQ9Z41ntAYLbucVhznk0bqlHrqgYAhJmD8r32C-y6jAiILcbSJnjKcwbO4A2XlH2Xq_STVI0NZNEGJSk3rsNiS1BljdqcVvog_l47a_9QqpTTzdEtJxb76h7njtiNvZmy2GahPuC5VtdWCFL8sw8dhTZN792pmswmZV8Stx9YNphaZCY0Zz-Y-6B3oy7d_C-u0550ED8DjIh5dQKo05hHfkqQv-JzGA1cm2BIQcEaDOWBAXIFPQhsZtmN1NV352KGimJzF1zQBc869JXc0LNV6lWdxB9tHv9FPAxyyUvAI7GCYEprshgEYBXxNc5vwH5SsHnk5XXKpbVztKb-rF_CXEu4_sVDZt1dcMerLreg5jj1abowz0vzCxu91ljSE_625gU2Nfvwf_evzfEtaDdgklH90ndYyZNjTEUFL7B1TCJ3FIyVfY2tfVarBYX_aZRyujWy2HMNwhbJApYoFQ5KIVbl8odCtVRe5Ss6z720nEmO6S3yE8IgJXIPTCuYH_plCZ2es85QKi21w-gGWICt3gPZNDYpxq2V23Amf9DtI98NiQg93_f9tWLu3ncR_l7Xu-QyQ-NHpZGOZzJGJl6hZO0NKhBs2fS-DSZwbI8sy0pFprpTmbArND7x-CkuBHe5H1WW0FyHCHb1NLsK9SBn-aJMsk0xtAowOpzMGPsWj_AFn12Gj1MU2qh_
Zc4tlcFvAEIaXfZnGVU0Y8MqPIL7zCaF4I01Q1GxU7wziTkPwcMyeUT8qvfjbtJnQ9_zTMykNipOu1NmmemXBHGJml3neoZ75wscSo_2XSg1AKGk0ceEGUu-Xrj5FsTwd4i_Lvu6i2aPAKpRgkCrLZN7x_Cy7fsLksN8juSIi3m-GYcaCMsxtAjo9xI9ZewQel_kjR-Nl43qwegdl1Al5eZmDY0VY749OELIRduc-SUty-0Pmt4NZPKD7hqCkVV6X_qgRC2aKxJAlFKIU03FW1R6Iueoz4qstvxH32NPeLz2H_OoTdTI= 
) - Unsubscribe Preferences ( 
https://u28413401.ct.sendgrid.net/asm/?user_id=28413401=iw27W5ySrSfDVCRlPaXMu5zZMK6M9L26Fq8UYqOfdZhoMDAwdTAwMFT1ohToGkgPLNAwsvCWjLkjDNagBfBVNm4La20qWnyb349Ffm1yfrD4ctSwuskuNp7Uzh4IUp41Fz5FYgodIco5ievuqL7nDm63AdCvifURyfq07C4ck6IkGGV9omBlZ8ahQz-3tfQdDuXkkIDKsln-j8pQTiYAA5cnxyzRrdDZKAPFE-nAcd6eB4cSSmMY09NNRAhGs5YRCqXXGKB4rg8QCfDbyNXKbsVbIl5lf9NZ3QOD2WjZhkFDFX0rv2rLzw3FsHRqaNyT-YRCrW_0zWBcn4nYM2r8jngI78F3qjI8LsQOcjXBVa27_OUX4cPEoqAibJW0zJHhKOD20KWDGgE2k6TUiFpMPQ1eHg6A28fWkJsffmFbKXirplWlcEo7iw3oiiUcVpREbcdELBXZ8MiiKIPil6T7if1FH2oBhwKnbyzjiUxo3uIlxos0Yr-xV-3ZA_h5o4JifaCzIFwNYxzT3hqapJw6njG_wUCUfT9z8McN5CzkKNjQc4WxwiMuld1JJbyzB5tjNjAHAht1wirqjrrFBHoG
9m2B9eqqIeckhXlTMCaQ3jJBMnLpcnAQ0_wLVL-Ua2U5SX1cXm1n6JorUlG27yxJvUItjuWXE99NnN9qImyxlaWg0Sk-OFOA76cLP5hVv10Vb_BMw5cwVcHLI5cKs5PEHUAX8ua4pV3fLgWR6TERaT8XpKcZhkiBtDD9kmleAOCgfSnjpvlyvFkJAPsoiibP-WhJNDmKE8FP25gZ2qp8nLaffDtB-mnu2rs2dD0XFijEcX-QvOPrqh35JhkYl2_NgXb8yiH8L45RRqqDKQprOF9cdvyeV5Q4P7DBvm8rynoSBWaMTGK5EVWIKI66IJPU5MFNCzoKp1WMbnIH-7EVIVwu6EIh4Zf1RHHWqj9kMABWHUx_FUAxtKJCV-t8IrT2T46yiZ4W5StTXvvKFti9h3fjm5FZnoOlKzmv-2LsBGN_nBQ8t4BLgFUVe-MeSYIwUzWUqs1W-vLqDIu5K-ZLZTuKv2Scr_Zsmf69w3sItxrz7AdHoj4xqjGa6cvtack98IyRV6WY5bSVoQyDC3vgSCQWZ7rNyWwr7QnXVgtMpEA0fEGomlkAVRfJYBv-zQ2UfQDlov0zc8hIprZ3mVS-QdzW7TXh6web9yjkoscnc46UaB_4Z-W7-cZy6lACb10DLrShERY6f4buraANSARHo9TXZAfgHFk7Mg== 
)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


--
"What is a threat? Something that can harm you.
What is it that I seek? The ones that fear peace.."


Thomas Ho, Senior Threat Researcher - LinuxMagic Inc.
For More Info www.linuxmagic.com
"LinuxMagic" is a Registered TradeMark of Wizard Tower TechnoServices Ltd.
For More Info www.wizard.ca
604-682-0300 Beautiful British Columbia, Canada


This email and any electronic data contained are confidential and
intended solely for the use of the individual or entity to which
they are addressed. Please note that any views or opinions presented
in this email are solely those of the author and are not intended
to represent those of the company.



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] I understand less and less why I accept any mail at all from Sendgrid

[Michael Peddemors via mailop]

On 2022-08-15 17:42, Stuart Henderson via mailop wrote:

yes yes, but the point is that Twilio SendGrid are allowing their services
to be used by whoever is sending this. With a website saying things like
"We take trust and security seriously" and "With the industry’s largest
team of delivery experts monitoring your sender reputation" they don't
pick up on this?


hehehe.. had a SendGrid user complain that they had to report the shared 
IP on one of our reputation lists after a couple days, since SendGrid 
didn't bother removing it..


Always wonder how they don't notice when they are listed?  Are they just 
listed at too many places to deal with? hehehe



--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] I understand less and less why I accept any mail at all from Sendgrid

[Jarland Donnell via mailop]

Honestly the difference between SendGrid and the top 10 list here seems 
like it's shrinking every day: 
https://www.spamhaus.org/statistics/spammers/


On 2022-08-15 19:42, Stuart Henderson via mailop wrote:

On 2022/08/16 02:03, Ángel via mailop wrote:

On 2022-08-13 at 18:46 -0400, John Levine wrote:
> Subject: IP address blacklisted(Child Pornography Act 1996 violated)
>
> Hello,
>
> We have found instances of child pornography accessed from your IP
> address. This is a punishable offence under The Child Pornography
> Prevention Act of 1996 . For now we are blacklisting your IP address
> and if there is any further action from Microsoft you will be
> informed via email.
>
> If this was not you and you suspect potential hack or id theft
> contact Microsoft Support Team at +1-808-460-7701
>
> Microsoft Support
> +1-808-460-7701
>
> support

This is probably "just" a tech support scam. I have seen others on a
similar theme, but claiming to be sent from the national police and
asking you to provide your allegations to an email address. Presumably
in order to get replies of those gullible enough to believe it and pay
a "fine" and, one would guess, hunting in case someone admitted
something worth being extorted about.


yes yes, but the point is that Twilio SendGrid are allowing their 
services
to be used by whoever is sending this. With a website saying things 
like

"We take trust and security seriously" and "With the industry’s largest
team of delivery experts monitoring your sender reputation" they don't
pick up on this?

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] I understand less and less why I accept any mail at all from Sendgrid

[Stuart Henderson via mailop]

On 2022/08/16 02:03, Ángel via mailop wrote:
> On 2022-08-13 at 18:46 -0400, John Levine wrote:
> > Subject: IP address blacklisted(Child Pornography Act 1996 violated)
> > 
> > Hello,
> > 
> > We have found instances of child pornography accessed from your IP
> > address. This is a punishable offence under The Child Pornography
> > Prevention Act of 1996 . For now we are blacklisting your IP address
> > and if there is any further action from Microsoft you will be
> > informed via email.
> > 
> > If this was not you and you suspect potential hack or id theft
> > contact Microsoft Support Team at +1-808-460-7701
> > 
> > Microsoft Support
> > +1-808-460-7701
> > 
> > support
> 
> This is probably "just" a tech support scam. I have seen others on a
> similar theme, but claiming to be sent from the national police and
> asking you to provide your allegations to an email address. Presumably
> in order to get replies of those gullible enough to believe it and pay
> a "fine" and, one would guess, hunting in case someone admitted
> something worth being extorted about.

yes yes, but the point is that Twilio SendGrid are allowing their services
to be used by whoever is sending this. With a website saying things like
"We take trust and security seriously" and "With the industry’s largest
team of delivery experts monitoring your sender reputation" they don't
pick up on this?

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] I understand less and less why I accept any mail at all from Sendgrid

[Ángel via mailop]

On 2022-08-13 at 18:46 -0400, John Levine wrote:
> Subject: IP address blacklisted(Child Pornography Act 1996 violated)
> 
> Hello,
> 
> We have found instances of child pornography accessed from your IP
> address. This is a punishable offence under The Child Pornography
> Prevention Act of 1996 . For now we are blacklisting your IP address
> and if there is any further action from Microsoft you will be
> informed via email.
> 
> If this was not you and you suspect potential hack or id theft
> contact Microsoft Support Team at +1-808-460-7701
> 
> Microsoft Support
> +1-808-460-7701
> 
> support

This is probably "just" a tech support scam. I have seen others on a
similar theme, but claiming to be sent from the national police and
asking you to provide your allegations to an email address. Presumably
in order to get replies of those gullible enough to believe it and pay
a "fine" and, one would guess, hunting in case someone admitted
something worth being extorted about.

Regards


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] I understand less and less why I accept any mail at all from Sendgrid

[Michael Rathbun via mailop]

On 13 Aug 2022 20:06:44 -0400, John Levine via mailop 
wrote:

>Sure, but do they come from Sendgrid, which purports to be a service for
>legitimate businesses?

The most recent was 

>Received: from o50316380.outbound-mail.sendgrid.net 
>(o50316380.outbound-mail.sendgrid.net [50.31.63.80]) 
by rabendary.tesp.com with ESMTPS id md5001009616935.msg; Sat, 30 Apr
2022 15:04:35 -0500

It appears to be a bog-stock advance fee fraud, claiming to be
>From:  Jeff Green 

mdr
-- 
"The fact of being reported multiplies the apparent extent of any 
 deplorable development by five- to tenfold"
 -- Tuchman's Law

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] I understand less and less why I accept any mail at all from Sendgrid

[Slavko via mailop]

Dňa 13. augusta 2022 23:43:45 UTC používateľ Michael Rathbun via mailop 
 napísal:
>On 13 Aug 2022 18:46:02 -0400, John Levine via mailop 
>wrote:
>
>I wasn't able to find anything notable about that.  "Nadine", who died quite a
>while back, frequently gets the "I've hacked your system and have the video of
>you...", 

That is not targeted. Once per month my MTA is flooded with (exactly) the same
emails, even translated to our language from about 3000 IPs  from whole
world and tooks 24-48 hours.. They are addressed to many recipients, both
existing and not existing. I can see the same emails even on my job's email
-- different domain, different MTA, different provider, only language and words
are the same ;-) Thay repeats for long time. Most of that IPs are known
to many RBLs (about 80%), hacked PCs + some accounts (my guess).

From month to month, these emails uses different words, but content
is the same: "pay in bitcoin, othervise your video will be published", etc.

Do not wory about its targeting. They are only carefully worded, to they
looks as personalized... Simple improve your filtering, or if you cannot
that, delete/ignore them.


-- 
Slavko
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] I understand less and less why I accept any mail at all from Sendgrid

[Atro Tossavainen via mailop]

On Sat, Aug 13, 2022 at 06:46:02PM -0400, John Levine via mailop wrote:
> This showed up today, send to the email of my father who died in 2019.
> 
> Full copy available on request to anyone who has a plausible use for it.

Got a few hundred.

SendGrid user ID 28413401. Sending IP 167.89.38.98 is on SpamCop, but
not on any other major blocklists that I could see, yet.

Radix (the registry for .store and a few other new TLDs) has been
alerted separately.

-- 
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
Tallinn, Estonia
tel. +372-5883-4269, http://www.koliloks.eu/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] I understand less and less why I accept any mail at all from Sendgrid

[John Levine via mailop]

It appears that Michael Rathbun via mailop  said:
>On 13 Aug 2022 18:46:02 -0400, John Levine via mailop 
>wrote:
>
>>This showed up today, send to the email of my father who died in 2019.
>
>I wasn't able to find anything notable about that.  "Nadine", who died quite a
>while back, frequently gets the "I've hacked your system and have the video of
>you...", along with numerous other equally well-targeted communications. 

Sure, but do they come from Sendgrid, which purports to be a service for
legitimate businesses?

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] I understand less and less why I accept any mail at all from Sendgrid

[Michael Rathbun via mailop]

On 13 Aug 2022 18:46:02 -0400, John Levine via mailop 
wrote:

>This showed up today, send to the email of my father who died in 2019.

I wasn't able to find anything notable about that.  "Nadine", who died quite a
while back, frequently gets the "I've hacked your system and have the video of
you...", along with numerous other equally well-targeted communications.  

mdr
-- 
The hits just keep on coming for poor "Nadine". See the sad tale 
of email lists gone horribly wrong at 
F - IWAA #2157 GEVNP

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] I understand less and less why I accept any mail at all from Sendgrid

[John Levine via mailop]

This showed up today, send to the email of my father who died in 2019.

Full copy available on request to anyone who has a plausible use for it.
-- Forwarded message --
Date: Sat, 13 Aug 2022 15:41:20
From: support 
Reply-To: g...@hansa-fx.com
To: x@x.x
Subject: IP address blacklisted(Child Pornography Act 1996 violated)

Hello,

We have found instances of child pornography accessed from your IP address. 
This is a punishable offence under The Child Pornography Prevention Act of 1996 
. For now we are blacklisting your IP address and if there is any further 
action from Microsoft you will be informed via email.

If this was not you and you suspect potential hack or id theft contact 
Microsoft Support Team at +1-808-460-7701

Microsoft Support
+1-808-460-7701

support

16 Central, HCW , Tampa , FL

Unsubscribe ( 
https://u28413401.ct.sendgrid.net/asm/unsubscribe/?user_id=2401=jGkM5n0umWt5giSnrpl6O4tFPc5wzKFsV94hjZBX8pQIheAKOas_zWNsEOncd-HbCkpbIvoVXgT8sU6DigWO_eN-7q_f3_YdzG22esQZaeYvwfRfC4RvAZR91smd6V5UOKs3K3YnTNLu7eqpmNs5MgibY69YuER5xZyCM1zKjcZ-8WdqDiZ09ZDW8MnPZwlCq4ExdET6b1FfymKFmn0M57AS6OrQ9Z41ntAYLbucVhznk0bqlHrqgYAhJmD8r32C-y6jAiILcbSJnjKcwbO4A2XlH2Xq_STVI0NZNEGJSk3rsNiS1BljdqcVvog_l47a_9QqpTTzdEtJxb76h7njtiNvZmy2GahPuC5VtdWCFL8sw8dhTZN792pmswmZV8Stx9YNphaZCY0Zz-Y-6B3oy7d_C-u0550ED8DjIh5dQKo05hHfkqQv-JzGA1cm2BIQcEaDOWBAXIFPQhsZtmN1NV352KGimJzF1zQBc869JXc0LNV6lWdxB9tHv9FPAxyyUvAI7GCYEprshgEYBXxNc5vwH5SsHnk5XXKpbVztKb-rF_CXEu4_sVDZt1dcMerLreg5jj1abowz0vzCxu91ljSE_625gU2Nfvwf_evzfEtaDdgklH90ndYyZNjTEUFL7B1TCJ3FIyVfY2tfVarBYX_aZRyujWy2HMNwhbJApYoFQ5KIVbl8odCtVRe5Ss6z720nEmO6S3yE8IgJXIPTCuYH_plCZ2es85QKi21w-gGWICt3gPZNDYpxq2V23Amf9DtI98NiQg93_f9tWLu3ncR_l7Xu-QyQ-NHpZGOZzJGJl6hZO0NKhBs2fS-DSZwbI8sy0pFprpTmbArND7x-CkuBHe5H1WW0FyHCHb1NLsK9SBn-aJMsk0xtAowOpzMGPsWj_AFn12Gj1MU2qh_
Zc4tlcFvAEIaXfZnGVU0Y8MqPIL7zCaF4I01Q1GxU7wziTkPwcMyeUT8qvfjbtJnQ9_zTMykNipOu1NmmemXBHGJml3neoZ75wscSo_2XSg1AKGk0ceEGUu-Xrj5FsTwd4i_Lvu6i2aPAKpRgkCrLZN7x_Cy7fsLksN8juSIi3m-GYcaCMsxtAjo9xI9ZewQel_kjR-Nl43qwegdl1Al5eZmDY0VY749OELIRduc-SUty-0Pmt4NZPKD7hqCkVV6X_qgRC2aKxJAlFKIU03FW1R6Iueoz4qstvxH32NPeLz2H_OoTdTI=
 ) - Unsubscribe Preferences ( 
https://u28413401.ct.sendgrid.net/asm/?user_id=28413401=iw27W5ySrSfDVCRlPaXMu5zZMK6M9L26Fq8UYqOfdZhoMDAwdTAwMFT1ohToGkgPLNAwsvCWjLkjDNagBfBVNm4La20qWnyb349Ffm1yfrD4ctSwuskuNp7Uzh4IUp41Fz5FYgodIco5ievuqL7nDm63AdCvifURyfq07C4ck6IkGGV9omBlZ8ahQz-3tfQdDuXkkIDKsln-j8pQTiYAA5cnxyzRrdDZKAPFE-nAcd6eB4cSSmMY09NNRAhGs5YRCqXXGKB4rg8QCfDbyNXKbsVbIl5lf9NZ3QOD2WjZhkFDFX0rv2rLzw3FsHRqaNyT-YRCrW_0zWBcn4nYM2r8jngI78F3qjI8LsQOcjXBVa27_OUX4cPEoqAibJW0zJHhKOD20KWDGgE2k6TUiFpMPQ1eHg6A28fWkJsffmFbKXirplWlcEo7iw3oiiUcVpREbcdELBXZ8MiiKIPil6T7if1FH2oBhwKnbyzjiUxo3uIlxos0Yr-xV-3ZA_h5o4JifaCzIFwNYxzT3hqapJw6njG_wUCUfT9z8McN5CzkKNjQc4WxwiMuld1JJbyzB5tjNjAHAht1wirqjrrFBHoG
9m2B9eqqIeckhXlTMCaQ3jJBMnLpcnAQ0_wLVL-Ua2U5SX1cXm1n6JorUlG27yxJvUItjuWXE99NnN9qImyxlaWg0Sk-OFOA76cLP5hVv10Vb_BMw5cwVcHLI5cKs5PEHUAX8ua4pV3fLgWR6TERaT8XpKcZhkiBtDD9kmleAOCgfSnjpvlyvFkJAPsoiibP-WhJNDmKE8FP25gZ2qp8nLaffDtB-mnu2rs2dD0XFijEcX-QvOPrqh35JhkYl2_NgXb8yiH8L45RRqqDKQprOF9cdvyeV5Q4P7DBvm8rynoSBWaMTGK5EVWIKI66IJPU5MFNCzoKp1WMbnIH-7EVIVwu6EIh4Zf1RHHWqj9kMABWHUx_FUAxtKJCV-t8IrT2T46yiZ4W5StTXvvKFti9h3fjm5FZnoOlKzmv-2LsBGN_nBQ8t4BLgFUVe-MeSYIwUzWUqs1W-vLqDIu5K-ZLZTuKv2Scr_Zsmf69w3sItxrz7AdHoj4xqjGa6cvtack98IyRV6WY5bSVoQyDC3vgSCQWZ7rNyWwr7QnXVgtMpEA0fEGomlkAVRfJYBv-zQ2UfQDlov0zc8hIprZ3mVS-QdzW7TXh6web9yjkoscnc46UaB_4Z-W7-cZy6lACb10DLrShERY6f4buraANSARHo9TXZAfgHFk7Mg==
 )
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop