Re: [mailop] Weekly Update on SpamAuditor reports

2020-04-19 Thread Carl Byington via mailop 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Fri, 2020-04-17 at 09:28 -0700, Michael Peddemors via mailop wrote:
> * SendGrid compromised accounts sending phishing

> Seeing a lot more cases of this occurring again, mostly phishing
> attacks.

Yup.

IP: wrqvbqzd.outbound-mail.sendgrid.net :::149.72.180.237
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sendgrid.net;
From: "Wells Fargo Online" <$probablyfor...@stmartinsepiscopal.org>

Really sendgrid - you cannot detect that on your outbound servers??

It has gotten bad enough that we have some accounts here that are
blacklisting the d=sendgrid.net dkim signature. Anything you sign gets
rejected by those accounts during the smtp transaction.


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEAREKAAYFAl6cfxcACgkQL6j7milTFsFI0ACfeNF3S6w5dbPFgXxGsTgqmRaI
sAcAn1v5PDs75RJJwnFqV2kmOs0Scuwp
=C9Vp
-END PGP SIGNATURE-



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Weekly Update on SpamAuditor reports

2020-04-17 Thread Michael Peddemors via mailop 
About to go into another weekend, so a good time to post an update on 
what our spam auditing team is seeing in the wild this week.


* SendGrid compromised accounts sending phishing

Seeing a lot more cases of this occurring again, mostly phishing attacks.

* Amazon forged domain spam.. seeing hundreds of new IP(s) every day all 
week, and they don't seem to have a handle on this problem


* COVID Spammers, sad to say most reports are from the very big 
providers, eg o365 and gmail.


* Hetzner Spammers, large number of IP(s) being reported every day this 
week, looks like once again poor vetting of new customers


* New Shady Russian Networks coming on line

* Spam volumes have spiked in the last two weeks again

Most of this looks like either the typical email compromise(s), or the 
throwaway freemail addresses offering SEO or offshore services, and the 
normal spattering of Nigerian spam, Lotto spam etc, but does show the 
hackers are doing a good job of email compromises.  Spam from IoT 
devices continues to decline, as spammers move to new methods.


* Botnet activity used in brute force attacks has dropped in volume, 
with one notable exception, the Windows infections on older Windows 7 
installations, mostly from China/Asia sources.


Hope everyone can find a way to get out in the sun this weekend, and 
still keep up your social distancing, maybe it is time to learn how to golf?


-- Michael --




--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop