[mailop] Sendgrid spam of the day -- crypto.com phish

2021-12-31 Thread John R Levine via mailop 

For full headers see http://spample.iecc.com/eam/23683557

R's,
John
-- Forwarded message --
Date: Fri, 31 Dec 2021 20:36:03
From: Crypto.com 
To: i...@taugh.com
Subject: Case ID 23045 -Important Notice: Update Your Account


[8fGHc0PkvWohUASUVORK5CYII=]

Dear Valued Customer,

We need your help resolving an issue with your account Thus, we have 
temporarily limited what you can do with your account until the issue is
resolved.

We understand it may be frustrating not to have full access to your account. We 
want to work with you to get your account back to normal as quickly
as possible.

we just need some more information about your account or latest transactions

Signin


[wOiaohJxQ4ALABJRU5ErkJggg==]


Crypto.‌com
Blog
App
Exchange
[0mjBE6HZp4K5v8a0yHn2l6YAvVOKWlrTmBW0NReWVb73z7d+DcNR9mxUxRFURRFURRFURRFURRFkeIfjS9wMMPxVGkASUVORK5CYII=]
[ZvpBEal58LABJRU5ErkJggg==]
[i4NcpdSCAElFTkSuQmCC]
[j0mXXMufsAElFTkSuQmCC]
[92++x9gBJRU5ErkJggg==]
[wFBQUFBQUFBQUFBQUFBQVnxD+nNitl9LEuSABJRU5ErkJggg==]
[9VQ7D8PYJv8BJI4C6XpQKPUASUVORK5CYII=]
[gHQO0i8xRfY1ABJRU5ErkJggg==]
Contact us at:

contact‌@crypto.‌com

Copyright © 2021 Crypto.‌com, All Rights Reserved.


Crypto.‌com
U‌nit 15‌06-‌7 1‌5/‌F P‌acific P‌laza, 4‌10-‌41‌8 D‌es Vo‌eux R‌oad W‌est, 
H‌ong K‌ong

If you no longer wish to receive promotional communications from Crypto.‌com, 
please click here.
(you will no longer receive emails from us about updates and exclusive 
privileges/promotions)



[open?upn=rojQG26eAcf4GkAb-2FyFQAZwk55TQvR0RJfEiRLCZlOKwhfSqOVGh5NdQdcZjD-2Fp6I9psdg851hMnLzMDeazatb99lFbrpuk8VFjzewDY94wZ8dDE1t7sDA1XxcWGHrX9nWLL
5f3wguoGqKUNiDU0AQhnqrCBlKnAGJKFibIcXWDmprzwJtZxVBlLW1eRXNi-2B1ll3I8zmc5BoEoKH26WGbA-3D-3D]
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Sendgrid spam of the day

2021-12-11 Thread John R Levine via mailop 
Sent to an address that has never been real but has been getting a lot of 
spam recently, touting insurance via one of those fake review sites that 
collects affiliate fees.


Full copy here: http://spample.iecc.com/sys/23681598

Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

-- Forwarded message --
Date: Sat, 11 Dec 2021 11:03:42
From: Liberty Mutual Insurance 
Reply-To: no-re...@smartfinancehome.com
To: john...@zeusprod.com
Subject: Here's how to only pay for what you need.

Spring RateCut

https://www.smartfinancecentral.com/click.php?source=liberty_mutual&s1=liberty_mutual&s2=&uid=234578

Can we help you cut your rate?

You could save $947.
 Only pay for what you need with customized insurance from Liberty Mutual.

Get my customized quote 
https://www.smartfinancecentral.com/click.php?source=liberty_mutual&s1=liberty_mutual&s2=&uid=234578

or call 1-844-764-0144 
https://www.smartfinancecentral.com/click.php?source=liberty_mutual&s1=liberty_mutual_mi&s2=&uid=234578

Savings validated by new customers who switched to Liberty Mutual between 
1/2020-10/2020 and participated in a countrywide survey. Savings may vary. 
Comparison does not apply in MA.

Coverage provided and underwritten by Liberty Mutual Insurance Company or its 
subsidiaries or affiliates, 175 Berkeley Street, Boston, MA 02116 USA. Equal 
Housing Insurer. Learn more about our privacy policy at 
libertymutual.com/privacy 
https://www.libertymutualgroup.com/about-lm/corporate-information/privacy-policy.

©2021 Liberty Mutual Insurance

This email was sent to you on behalf of Liberty Mutual by a third-party 
marketing company. You are receiving email from this third-party marketing 
company because you have previously expressed your interest in receiving 
commercial email through a site or sites associated with them.

This email message contains information regarding products and services offered 
by Liberty Mutual Insurance Company. If you do not wish to receive email 
messages from Liberty Mutual that are advertising or promotional in nature, 
please unsubscribe here https://pages.email-libertymutual.com/tp-unsubscribe.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid spam of the day

2021-10-24 Thread Larry M. Smith via mailop 

On 10/20/2021 6:56 AM, Michael Orlitzky via mailop wrote:

On 2021-10-19 16:41:40, John R Levine via mailop wrote:

Fake USPS spam, sent to my father who I am pretty sure has not ordered anything
lately since he is dead.


Tragically, we lose most of these because they still haven't figured
out how to retry a 4xx.


I guess this is better than when I saw them sending the same message 
over and over again after 5xx.


Or, even when I saw them trying to issue StartTLS after 'HELO' (not 'EHLO')

.. There are days when I'm left scratching my head after watching 
Sendgrid's SMTP conversations.




___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid spam of the day

2021-10-21 Thread Luke via mailop 
That's a fair question and an accurate observation. However I do believe it
is mostly correlative. Shortly after the acquisition is when bad guys
really ramped up their efforts against us. No doubt that the
reorganization had negative impact on enforcement. But i can promise you it
isnt entirely the result of new corporate overlords saying we need to send
spam because it makes money. All that said, actions speak louder than
words. We'll see if we can make a dent in the next few months.

On Thu, Oct 21, 2021 at 5:24 AM Michael Orlitzky via mailop <
mailop@mailop.org> wrote:

> On 2021-10-20 18:12:32, Luke via mailop wrote:
> > For clarification, it has been 12 years. But point taken. Thanks.
> >
>
> The causal relationship may be me editorializing, but prior to the
> Twilio acquisition, I held no strong opinions about SendGrid and
> that's probably the best that can be said of any large ESP.
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid spam of the day

2021-10-21 Thread Michael Orlitzky via mailop 
On 2021-10-20 18:12:32, Luke via mailop wrote:
> For clarification, it has been 12 years. But point taken. Thanks.
>

The causal relationship may be me editorializing, but prior to the
Twilio acquisition, I held no strong opinions about SendGrid and
that's probably the best that can be said of any large ESP.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid spam of the day

2021-10-20 Thread Luke via mailop 
For clarification, it has been 12 years. But point taken. Thanks.

On Wed, Oct 20, 2021 at 6:01 PM Michael Orlitzky via mailop <
mailop@mailop.org> wrote:

> On Wed, 2021-10-20 at 10:46 -0700, Luke wrote:
> > Thanks, John. The account in question is being looked at as we speak.
> > It should be terminated shortly.
> >
> > Michael, do you have an example of a 4xx we aren't properly handling?
> > Would love to take a look and adjust handling.
> >
>
> Are you finally going to stop allowing the same criminals to sign up
> and send the same textbook scams from the same obviously-forged domains
> after two years? If not, then I prefer the status quo.
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid spam of the day

2021-10-20 Thread Michael Orlitzky via mailop 
On Wed, 2021-10-20 at 10:46 -0700, Luke wrote:
> Thanks, John. The account in question is being looked at as we speak.
> It should be terminated shortly.
> 
> Michael, do you have an example of a 4xx we aren't properly handling?
> Would love to take a look and adjust handling.
> 

Are you finally going to stop allowing the same criminals to sign up
and send the same textbook scams from the same obviously-forged domains
after two years? If not, then I prefer the status quo.



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid spam of the day

2021-10-20 Thread Luke via mailop 
Thanks, John. The account in question is being looked at as we speak. It
should be terminated shortly.

Michael, do you have an example of a 4xx we aren't properly handling? Would
love to take a look and adjust handling.

Luke

On Wed, Oct 20, 2021 at 5:08 AM Michael Orlitzky via mailop <
mailop@mailop.org> wrote:

> On 2021-10-19 16:41:40, John R Levine via mailop wrote:
> > Fake USPS spam, sent to my father who I am pretty sure has not ordered
> anything
> > lately since he is dead.
>
> Tragically, we lose most of these because they still haven't figured
> out how to retry a 4xx.
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid spam of the day (John R Levine)

2021-10-20 Thread Michael Peddemors via mailop 
For the record, it was and still is SendGrid that can't seem to get a 
handle on compromised accounts, used for phishing, but after the long 
success with that platform, other ESP's are being targeted as well.


Eg...

Received: from o53.p38.mailjet.com (HELO o53.p38.mailjet.com) 
(185.250.237.53)

From: No_reply Server 
Subject: De-activation notice for 

If you are an ESP, and you leak phishing or malware, you WILL end up on 
an RBL.. there is no 'too big to block' get out of jail free for these 
kinds of issues, and you generally have the budget to do a better job.


And if you REALLY can't get a handle on it, don't be afraid to consult 
an outside source.. if the rest of the world can detect those, you 
should be able to do it before it leaves your infrastructure.


I don't think anyone has too much sympathy given the valuation of ESP's 
these days..


Yes, for some email providers, they MIGHT get it in the ear when their 
user can't get their favorite newsletter from a shared service, but 
there is more understanding now that ESP's have to do more.


On 2021-10-20 6:18 a.m., Edgaras | SENDER via mailop wrote:
This is more widespread than just Sendgrid. We noticed an increase in 
various "postal service" phishing / scam attempts in the past couple of 
months, and they try to impersonate not only USPS, buth DHL (in German 
and English languages), Royal Mail, La Poste (French) and some others.


Most accounts that attempt this sort of scam are registered via various 
VPN services' ranges, however we noticed a few that were registered 
directly from IP addresses in Morocco. They are also trying email / 
password combinations from public leaks to try and take over legitimate 
accounts.


If anyone is interested in sharing knowledge about this gang and working 
on prevention together, reach me off list, as these list messages are 
public.



Sender  Edgar Vaitkevičius, founder / CEO
ed...@sender.net 


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid spam of the day (John R Levine)

2021-10-20 Thread Edgaras | SENDER via mailop 
This is more widespread than just Sendgrid. We noticed an increase in
various "postal service" phishing / scam attempts in the past couple of
months, and they try to impersonate not only USPS, buth DHL (in German and
English languages), Royal Mail, La Poste (French) and some others.

Most accounts that attempt this sort of scam are registered via various VPN
services' ranges, however we noticed a few that were registered directly
from IP addresses in Morocco. They are also trying email / password
combinations from public leaks to try and take over legitimate accounts.

If anyone is interested in sharing knowledge about this gang and working on
prevention together, reach me off list, as these list messages are public.


[image: Sender] Edgar Vaitkevičius, founder / CEO
ed...@sender.net
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid spam of the day

2021-10-20 Thread Michael Orlitzky via mailop 
On 2021-10-19 16:41:40, John R Levine via mailop wrote:
> Fake USPS spam, sent to my father who I am pretty sure has not ordered 
> anything 
> lately since he is dead.

Tragically, we lose most of these because they still haven't figured
out how to retry a 4xx.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop