Re: [mailop] SendGrid is deleting your mail

[Sebastian Nielsen via mailop]

>> They were going to get a 4xx anyway. I changed the message to *help* 
>> SendGrid.

Yes but if you can change the message for SendGrid only, you can accept the 
mail and let it through

>> Where do I find out what the IP/domain is? Is it in my mail logs,

Apparently you were able to send custom text to just SendGrid.
Then you have some rule to be able to differentiate SendGrid mail from other 
mail.
Thus you just accept it.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SendGrid is deleting your mail

[Michael Orlitzky via mailop]

On 2023-06-22 02:05:40, Sebastian Nielsen via mailop wrote:
> >> They were going to get a 4xx anyway. I changed the message to *help* 
> >> SendGrid.
> 
> Yes but if you can change the message for SendGrid only, you can
> accept the mail and let it through... Apparently you were able to
> send custom text to just SendGrid.  Then you have some rule to be
> able to differentiate SendGrid mail from other mail.  Thus you just
> accept it.

I was unclear then. I patched the mail server to change the 4xx text
that we send to everyone, but I changed it only to help SendGrid.

I have no way to know ahead of time who is using SendGrid. Some
senders, like GitHub, have dedicated servers and send us enough mail
that, over time, I have been able to whitelist all(?) of them. This
helps but is not enough:

  * I can't whitelist a server until we've lost a message from it. The
way I find out that there's a server to whitelist is that a
customer calls to let us know that he's missing an important piece
of mail from it (e.g. the Hershey Park tickets).

  * Continuing the example, GitHub is constantly adding/changing
servers. When they do, we're at risk of losing mail until we can
    whitelist the new addresses.

  * The non-dedicated SendGrid servers cannot be whitelisted, because
almost all mail from non-dedicated SendGrid servers is spam.

  * I think you're assuming that most of our 4xx errors are from the
spam filter or from overzealous action on my part to make a point;
they're not. We update kernels, reload AV signatures, have
databases go down, accidentally crash postfix during OS upgrades,
typo config files, etc. All of those result in 4xx errors and
whitelisting does nothing to help.

The bottom line is that avoiding 4xx *entirely* is impossible, even if
I could reduce them somewhat at great expense. If nothing else, then
in those unavoidable scenarios, you have to agree that SendGrid has a
responsibility not to delete important mail. But they do.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Recommendations for mail campaign services

[Brian Weir via mailop]

They are not known for having a positive reputation in general.  If you search 
the archives of this list, you will see various experiences people have had.

I have a vendor who used SendGrid to send notifications for their app to my 
agency.  The SendGrid mail server ip’s would be blacklisted with my email sec 
provider.  Vendor asks me to Whitelist all of SendGrid, I tell them to go pound 
sand due the various issues with SendGrid that exist.  Vendor gets a dedicated 
IP, problem solved.

> On May 5, 2021, at 3:43 PM, micah via mailop  wrote:
> 
> On 2021-05-05 14:43:35, Brian Weir via mailop wrote:
>> I would definitely stay away from SendGrid unless you get a dedicated IP.
> 
> Can you say more about why that is? I'm curious to know more about
> how blocked/unblocked SendGrid is
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Sendgrid and phishing

[Tim Bray via mailop]

Hi,

Anybody else seeing increase phishing through sendgrid?  They look 
fairly convincing.


A few paypals, and a few amazons.

I thought sendgrid were ok?    Has somebody leaked a big pile of 
sendgrid usernames and passwords or something?



--
Tim Bray
Huddersfield, GB
t...@kooky.org


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Gmail inboxing help

[Hans-Martin Mosner via mailop]

Am 18.02.21 um 15:22 schrieb Lauren Donovan via mailop:
> Hi Everyone,
>
> I am wondering if someone here might have some insight into an issue I am 
> experiencing with Gmail customers. Here are
> the details:
>
> 1.) When the customers click to opt-in on our form page, they are sent a 
> confirmation via a Smartertools email.
> 2.) We use SendGrid to email them in the future with newsletters, tools, and 
> other marketing information.
> 3.) We just aren't inboxing with Gmail. Never have, despite the customer 
> opting in.
>
> Questions: 
> 1.) Can anyone recommend a solution? 
> 2.) Should we be integrating SmarterTools and SendGrid so the confirmation 
> email comes directly from SendGrid, and
> thus, follow-up emails aren't from a cold, third-party sender? 
> 3.) Should confirmation emails come from SendGrid and we drop Smartertools 
> altogether?
>
> So grateful for any advice.
>
> Lauren

Not being Gmail or SendGrid, it's hard to give reliable advice.

Do you get feedback from SendGrid about SMTP reject reasons they get from 
Gmail? That might be a first hint on what to
change.

One thing you should be aware of is that SendGrid has gained a bit of a bad 
reputation recently due to their apparent
inability to curb spam and phishing mails. It is possible that this affects 
deliverability at Gmail, but without knowing
actual reject reasons this is just a guess.

Given that it's the mails sent via SendGrid that aren't delivered, it sounds 
like a bad idea to send the confirmation
requests through them as well. You might get much fewer confirmations that way 
:-)

Cheers,
Hans-Martin

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Debt Collection Client Email Servers

[Jay Hennigan via mailop]

On 3/22/24 14:58, Michael Peddemors via mailop wrote:
If they are 'dedicated', doesn't matter if they are coming from 
SendGrid, the PTR should reflect your clients domain.


host 149.72.234.90
90.234.72.149.in-addr.arpa domain name pointer 
wrqvzxrx.outbound-mail.sendgrid.net.


If Sendgrid claimed that these IPs are dedicated to you, their PTR says 
otherwise. It should reflect your sending domain. Note that Sendgrid has 
a rather poor reputation when it comes to spam exiting their network.


And given the amount of abuse of SendGrid servers, anything you can do 
to differentiate from their generic naming conventions will help you.


Or avoid Sendgrid entirely.

--
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Gmail blocking of good customer

[Benny Pedersen via mailop]

Simon Greenwood via mailop skrev den 2023-02-24 22:09:


This (which I didn't know) adds a whole different aspect to the issue
- much has been said about how email is now centralised and is almost
impractical to run as a small operator level, but if a company like
Shopify and indeed Sendgrid can't assure mail delivery because the
largest mail operators will reject mail sporadically based on
non-specific criteria, and more that someone in Christine's position
doesn't have someone they can call at Google or Microsoft or wherever,
then there's a bigger problem.


sendgrid do mistakes aswell :)

inbound is not outbound, all inbound ips could be recieving mails from 
custommers, thats fine, but question is then:


do sendgrid keep the inbound mail on this ip when sending to google ?, 
does google see mails from all ips at sendmail pr sendgrid custommer ?


who knows why this is failing ? :)

please if sendgrid is reading my silly mails, do not share ips pr 
sendgrid custommer, each custommer can have payed pr ip non shared, make 
more money, to make better service pr custommer, this advice is 100% 
free from me

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] SendGrid Abuse unresponsive

[Kyle Thorne via mailop]

Hi everyone,

Is anyone from SendGrid on-list that can help with an abuse report that has
gone unanswered?

We have two tickets with SendGrid that have *no response: *4218173 and
4278230.

This fraud account is phishing our users, so there's no reason SendGrid
shouldn't be able to suspend / ban this account.

Anyone available to help with this?
[image: VentraIP Australia logo]


*Kyle Thorne*Chief Technical Officer \\ VentraIP Australia
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Gmail inboxing help

[Andrew C Aitchison via mailop]

On Thu, 18 Feb 2021, Lauren Donovan via mailop wrote:


Hi Everyone,

I am wondering if someone here might have some insight into an issue I am
experiencing with Gmail customers. Here are the details:

1.) When the customers click to opt-in on our form page, they are sent a
confirmation via a Smartertools email.
2.) We use SendGrid to email them in the future with newsletters, tools,
and other marketing information.
3.) We just aren't inboxing with Gmail. Never have, despite the customer
opting in.

Questions:
1.) Can anyone recommend a solution?
2.) Should we be integrating SmarterTools and SendGrid so the confirmation
email comes directly from SendGrid, and thus, follow-up emails aren't from
a cold, third-party sender?
3.) Should confirmation emails come from SendGrid and we drop Smartertools
altogether?

So grateful for any advice.


What have SendGrid and Smartertools suggested ?

You are paying them, so they might be able to help; if SendGrid 
wont or can't, I'd say why are you paying them to send to Gmail ?


I don't have any experience with this, so if anyone on the list thinks
I'm asking for ponies, do say so.


--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Brielle via mailop]

On 8/5/21 9:41 AM, John Levine wrote:

It appears that Brielle via mailop  said:

There's also the matter of the lack of unsubscribe...  Has zoom
explained why they are allowing their customers to send unconfirmed
opt-out mail with no unsubscribe option?


Good point.  That's one of the few things that is specifically illegal under 
CAN SPAM.

Perhaps we can collect them all and then sue both Sendgrid and Zoom.



So, just an update...

I can confirm, for sure, that there's no actual Zoom / Sendgrid 
unsubscribe link in the spams based on the most recent spams that I 
allowed in to analyze.  Only 'unsubscribe' link (notice the quotes) is a 
highly questionable Google Forms 'unsubscribe' run by the spammer 
themselves.


In fact, and you are going to LOVE this, the spams, being sent through 
IPs with zoom RNDS, owned by Sendgrid, _don't even have any content that 
links to anything on zoom_.


All the content directs you to go to Google Forms (forms.gle) which then 
take down personal information which purports to be for the supposed 
zoom webinar.


I'm not kidding.  Zoom (by way of Sendgrid) are essentially allowing 
people to use their platform to send spam with no content linking 
directly back to Zoom - only to Google Forms (in this case).


What is going on over there, Zoom?  That's insane that you are allowing 
customers to basically use your Sendgrid account to pretty much send 
anything they want with no forced Zoom/Sendgrid unsubscribe link that 
the spammers have no control over.


--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Just how does SendGrid fail this badly?

[Philip Paeps via mailop]

On 2020-08-18 20:23:37 (+0800), Atro Tossavainen via mailop wrote:

The SendGrid account sending these yesterday is 13999362.


The one I've seen most often is 12340469 with 9789821 a close second and 
8512936 in third place.


Given that these are so blatant, I don't believe there's any point in 
reporting them to Sendgrid.  We've simply started blocking Sendgrid and 
whitelisting obvious false positives.


Philip

--
Philip Paeps
Senior Reality Engineer
Alternative Enterprises

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Intuit directly spaming

[Atro Tossavainen via mailop]

> Interesting to me Atro said this is sendgrid. I saw sendgrid format
> sender address but headers do no show any sendgrid. So now its
> harder to give due suspision on sendgrid because they give full
> infrastructure to rent for other domain like intuit?

Yes.

Full headers (munged of course) and plaintext content

https://pastebin.com/88xXcVZh

This will remain up for a week.

-- 
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
Tallinn, Estonia
tel. +372-5883-4269, http://www.koliloks.eu/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid (ugh)

[Hans-Martin Mosner via mailop]

Am 08.07.21 um 18:14 schrieb Luke via mailop:
> Just so the group is aware, our team is looking into the Zoom traffic. We 
> aren't sure what they are doing with that
> mail stream, but it doesn't look good.
>
> Both of the accounts reported by Michael have been suspended.
>
> Thanks, everyone.
>
> Luke
>
I have a hunch that some time ago (just before the increased spam via SendGrid 
started) there might have been an
unauthorized access to SendGrid customer data which allowed hackers to 
bruteforce hashed passwords and use valid
accounts to send spam and fraudulent/phishing mails. The pattern is too strong 
to be reasonably explained with singular
security breaches at individual customers.

SendGrid, if this comes close to the truth (I can only guess), please be open 
about it at least in communication to your
customers. If possible, enforce 2FA, watch for logins from unusual IP 
addresses, etc. Maybe a complete password reset
for all customers would be in order.

Repealing spam and fraud from completely bogus sources is a lot of work for us 
mail admins already, but when it comes
from presumably authentic sources it becomes incredibly difficult and prone to 
false positives.

Here's a simple example: I have a mail sample in quarantine that comes from 
"topbuildersolutions.net", apparently a
SendGrid customer, using your outgoing infrastructure (192.254.122.201), so 
it's not a simple impersonation. It purports
to be a payment reminder, with the usual phishing drill of urgency by 
threatening account termination. With a From: line
of "SendGrid ", a SendGrid logo as 
embedded png, closing line "The Billing
Operations Team at SendGrid" it looks 100% like phishing to me.

Is this from you actually?
If yes, why do you send out payment reminders using foreign domains?
If not, why do you let your customers send such mails through your system?

Your reputation is going down the drain. You should definitely realize that 
your reputation is your most valuable asset,
and it's losing value at an incredible rate.

Cheers,
Hans-Martin

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Delisting request from sendgrid customer about ip used in recent phishing campaign.

[Tim Bray via mailop]

On 11/08/2020 20:41, Matt Harris via mailop wrote:






We'd been using sendgrid in production for some stuff, but we're 
looking at changing that now because it seems like their lack of 
concern regarding abuse on their platform will lead to more and more 
deliverability issues as time goes on. It just seems like sendgrid 
doesn't care about abuse on their platform.




I think sendgrid do care.   At least some people do.   I suspect they 
are just getting accounts compromised faster than they know what to do 
with.    They read this list.


There could even be a compromise in some other software which allows 
people to easily steal sendgrid credentials.


(of course, none of this helps if you are looking at your inbox and 
seeing more phishing)



--
Tim Bray
Huddersfield, GB
t...@kooky.org
+44 7966479015

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [External] Fake fax spam from sendgrid

[Kevin A. McGrail via mailop]

On 10/19/2020 8:29 PM, John Levine via mailop wrote:
> I'm getting a steady stream of spam from Sendgrid purporting to be
> Efax messages, with what appears to be an XLS spreadsheet attached.
> The return addresses are all over the place but they all come through
> Sendgrid, e.g., 
John, Sendgrid has become a havent for malware/spammers/phishers since
Q1 this year.

Are you using spamassassin?  There is an ESP plugin and some items in
KAM.cf to combat the scurge.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SendGrid is deleting your mail

[Luke via mailop]

An alternative approach would be to admit that response handling at massive
sclae is very difficult to get 100% right. Give the sender the benefit of
the doubt that they are trying to do the right thing and attempt to reach
someone who works there to see if they can help. You could try mailop,
email geeks, maawg slack, linkedin, abuse@, support@. I bet you'd find
someone willing to help correct the issue.

I work at sendgrid and manage response handling. If someone were to reach
out with an obvious problem, I'd be willing and able to adjust our response
handling appropriately. But it definitely feels better to just assume the
worst and blast people on a community forum.

Luke

On Wed, Jun 21, 2023, 5:08 PM Sebastian Nielsen via mailop <
mailop@mailop.org> wrote:

> >> They were going to get a 4xx anyway. I changed the message to *help*
> SendGrid.
>
> Yes but if you can change the message for SendGrid only, you can accept
> the mail and let it through
>
> >> Where do I find out what the IP/domain is? Is it in my mail logs,
>
> Apparently you were able to send custom text to just SendGrid.
> Then you have some rule to be able to differentiate SendGrid mail from
> other mail.
> Thus you just accept it.
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Delisting request from sendgrid customer about ip used in recent phishing campaign.

[Hokan via mailop]

I've instituted short-term blocks of Sendgrid mail several times this year
and started another today because it looks like as much as a third of the
mail they've sent us in the past week has been evil -- mostly phishing.

This is a problem for me because some of the mail Sendgrid sends is
wanted by my users.  I'm thinking about just accepting it all and filing
it into user spam folders.

I see that the IP you mention, Benoit, is currently listed on the SBL and
Spamcop.


On Tue, Aug 11, 2020 at 04:53:46PM +0200, Benoit Panizzon via mailop wrote:
> Hi List
> 
> o1678912x138.outbound-mail.sendgrid.net [167.89.12.138] and IP under
> control of sendgrid was repeatedly involved in phishing and other spam
> since June.
> 
> It ended up being blacklisted @ SWINOG.
> 
> Now a sendgrid customers complains to us, that his emails are being
> rejected because of this listing.
> 
> But that makes me wonder: Doesn't sendgrid deal with such issues like
> asking for delisting after blocking the sender itself and re-uses
> recently (last phish received on 14. July) 'abused' ip addresses for
> other customers?
> 
> Mit freundlichen Grüssen
> 
> -Benoît Panizzon-
 
-- 
Hokan MEnet, a wholly owned subsidiary of Enet
System Administrator Department of Aerospace Engineering and Mechanics
ho...@me.umn.edu  Department of Mechanical Engineering
612.208.3105 (cell)   Department of Industrial and Systems Engineering

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Gmail blocking of good customer

[Simon Greenwood via mailop]

On 25/02/2023 12:32, Benny Pedersen via mailop wrote:

Simon Greenwood via mailop skrev den 2023-02-24 22:09:


This (which I didn't know) adds a whole different aspect to the issue
- much has been said about how email is now centralised and is almost
impractical to run as a small operator level, but if a company like
Shopify and indeed Sendgrid can't assure mail delivery because the
largest mail operators will reject mail sporadically based on
non-specific criteria, and more that someone in Christine's position
doesn't have someone they can call at Google or Microsoft or wherever,
then there's a bigger problem.


sendgrid do mistakes aswell :)

inbound is not outbound, all inbound ips could be recieving mails from 
custommers, thats fine, but question is then:


do sendgrid keep the inbound mail on this ip when sending to google ?, 
does google see mails from all ips at sendmail pr sendgrid custommer ?


who knows why this is failing ? :)

please if sendgrid is reading my silly mails, do not share ips pr 
sendgrid custommer, each custommer can have payed pr ip non shared, 
make more money, to make better service pr custommer, this advice is 
100% free from me


Dedicated IPs are a paid addon of all commercial relay providers and it 
isn't just Sendgrid who have this problem. For that matter, handling 
inbound mail is usually a paid service, so a domain's MX records don't 
necessarily match their sending IPs but this doesn't matter if the SPF 
record is configured correctly. I would assume that Shopify do have 
dedicated IPs, but shared among their customers, which still results in 
a similar problem if customers spam or at least are perceived as spamming.


Simon


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Andre van Eyssen via mailop]

On Thu, 5 Aug 2021, Hans-Martin Mosner via mailop wrote:

If you block only spammers you'd be right. But SendGrid is one of the 
sorry cases where you have spam and legit, sometimes important e-mails 
coming from the same network. Your users won't be happy if you reject 
their order confirmations or online tickets.


Blocking sendgrid would also lop off a large number of small self-hosted 
mail instances that use sendgrid for reasonable deliverability. Which 
boils down to actively punishing de-centralised mail.


--
Andre van Eyssen.  Phone: +61 417 211 788
mail: an...@purplecow.org  http://andre.purplecow.org
About & Contact:  http://www.purplecow.org/andre.html
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Delisting request from sendgrid customer about ip used in recent phishing campaign.

[Hans-Martin Mosner via mailop]

Am 11.08.20 um 16:53 schrieb Benoit Panizzon via mailop:
> Hi List
>
> o1678912x138.outbound-mail.sendgrid.net [167.89.12.138] and IP under
> control of sendgrid was repeatedly involved in phishing and other spam
> since June.
>
> It ended up being blacklisted @ SWINOG.
>
> Now a sendgrid customers complains to us, that his emails are being
> rejected because of this listing.
>
> But that makes me wonder: Doesn't sendgrid deal with such issues like
> asking for delisting after blocking the sender itself and re-uses
> recently (last phish received on 14. July) 'abused' ip addresses for
> other customers?
>
> Mit freundlichen Grüssen
>
> -Benoît Panizzon-

As far as I understood, the IP addresses are not allocated to customers (except 
in some cases where the customer domain
is being used for hostnames of big customers) but are part of a shared mail 
distribution network.

This means that blocking sendgrid IPs does on one hand affect other customers, 
and on the other hand it does not
reliably block the spammer.

Much more effective is to block based on the string of digits in the envelope 
sender address (bounces+1234567-...) which
apparently identifies the sender.

Whether the sender has been hacked or is a genuine spammer is sometimes not 
easy to see, because sendgrid does some
header obfuscation of their own, so some marks normally associated with 
spammers may also be seen in mails from
non-spammers or compromised accounts.

Cheers,
Hans-Martin



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Just how does SendGrid fail this badly?

[Al Iverson via mailop]

Huh, I'm not seeing that Sendgrid account ID in my traps at all in the
last few days. Different traps for different folks, I guess?

Cheers,
Al

On Tue, Aug 18, 2020 at 1:06 PM Luke via mailop  wrote:
>
> In the Return-Path. "bounces+1234567" the number following bounces+ is the 
> SendGrid account ID.
>
> On Tue, Aug 18, 2020 at 10:57 AM Carl Byington via mailop  
> wrote:
>>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA512
>>
>> On Tue, 2020-08-18 at 15:23 +0300, Atro Tossavainen via mailop wrote:
>> > The SendGrid account sending these yesterday is 13999362.
>>
>> Where do you find that account number in the headers? I see some from
>> today with "Upgrade (FINAL WARNING)" in the subject, but no indication
>> of any sendgrid account number.
>>
>>
>> -BEGIN PGP SIGNATURE-
>>
>> iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCXzwT2hUcY2FybEBmaXZl
>> LXRlbi1zZy5jb20ACgkQL6j7milTFsFoigCeONxnBFkM/QJI3Mky1A9XafBR+IQA
>> oIUMyZCHGvGEjasL9fCb22Njyfer
>> =+kBp
>> -END PGP SIGNATURE-
>>
>>
>>
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



-- 
Al Iverson // Wombatmail // Chicago
Song a day! https://www.wombatmail.com
Deliverability! https://spamresource.com
And DNS Tools too! https://xnnd.com

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [External] sendgrid.net

[Kevin A. McGrail via mailop]

On 9/25/2020 9:36 AM, Michael via mailop wrote:
> What's the consensus on sendgrid.net? I don't know anything about
> them, but I had the impression that they were a reputable company.
> Lately, I've noticed a lot of phishing emails coming from them. Does
> anyone just block them completely?
>
I've been very saddened.  Sendgrid was a reputable ESP that has fallen
from grace.  About 6-7 months ago, we started seeing pretty large
amounts of spam from them.  I've personally tried reaching out to Twilio
/ Sendgrid leadership to alert them to the issue.

The KAM.cf ruleset has rules that mark sendgrid higher due to the
proclivity for phishes.

Krebs as done an article on it:
https://krebsonsecurity.com/2020/08/sendgrid-under-siege-from-hacked-accounts/

mailop, the SA mailing list and others have all discussed the issue for
months.

Invaluement released a plugin / list for this issue as well - See
https://www.invaluement.com/serviceproviderdnsbl/

Until Sendgrid acknowledges and works to resolve the issue, I must
recommend that they are avoided.

Regards,

KAM


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] So, Sendgrid / Zoom, planning on actually doing anything about webinar spams?

[Brie via mailop]

Hi Sendgrid and Zoom,

We've been over this before, multiple times...  But alas, it looks like 
that you neither of you seem to care a single bit about your services 
being used to send spams that can't be unsubscribed from.


Yep, I know you, Sendgrid, told me that you'd be working on it with 
Zoom.  And, as expected, nothing ever happened and they still keep coming.


Should I just give up hoping that anything will ever be done about it 
and blacklist Sendgrid and Zoom?


Because, lets be honest here, based on what others are reporting, it 
looks like that I'd have an easier time trying to broker world peace AND 
cure cancer than it would be to get you guys to deal with abuse from 
your network.



Yep.  This message is written in anger, and I'll probably be accused of 
being unprofessional.


But, frankly, if you (Sendgrid) or them (Zoom) ain't going to do jack 
shit, then don't fucking tell me you are "working on it".




--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Delisting request from sendgrid customer about ip used in recent phishing campaign.

[Michael Orlitzky via mailop]

On 2020-08-11 16:53:46, Benoit Panizzon via mailop wrote:
> 
> Now a sendgrid customers complains to us, that his emails are being
> rejected because of this listing.
> 
> But that makes me wonder: Doesn't sendgrid deal with such issues like
> asking for delisting after blocking the sender itself and re-uses
> recently (last phish received on 14. July) 'abused' ip addresses for
> other customers?
> 

In the past few months there have been several threads on mailop and
similar lists (sdlu, spamassassin-users, nanog, ...) complaining about
how SendGrid doesn't seem to do anything at all to stop the ongoing
blatant phishing campaigns from their servers.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Just how does SendGrid fail this badly?

[Luke via mailop]

In the Return-Path. "bounces+1234567" the number following bounces+ is the
SendGrid account ID.

On Tue, Aug 18, 2020 at 10:57 AM Carl Byington via mailop 
wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On Tue, 2020-08-18 at 15:23 +0300, Atro Tossavainen via mailop wrote:
> > The SendGrid account sending these yesterday is 13999362.
>
> Where do you find that account number in the headers? I see some from
> today with "Upgrade (FINAL WARNING)" in the subject, but no indication
> of any sendgrid account number.
>
>
> -BEGIN PGP SIGNATURE-
>
> iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCXzwT2hUcY2FybEBmaXZl
> LXRlbi1zZy5jb20ACgkQL6j7milTFsFoigCeONxnBFkM/QJI3Mky1A9XafBR+IQA
> oIUMyZCHGvGEjasL9fCb22Njyfer
> =+kBp
> -END PGP SIGNATURE-
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid (ugh)

[Michael Peddemors via mailop]

On 2021-07-08 8:20 a..m., Carl Byington via mailop wrote:

On Thu, 2021-07-08 at 09:31 +0300, Atro Tossavainen via mailop wrote:

That one is Zoom.us itself.



Received: from o5.sg.zoom.us (o5.sg.zoom.us [149.72.199.144])



Received: from o12.ptr3622.sg.zoom.us (o12.ptr3622.sg.zoom.us
[167.89.93.232])


Yes, the mail arrives from systems with rdns of *.sg.zoom.us, but my
understanding is that the X-Entity-ID points to a sendgrid user. And the
headers include stuff like:

Received: by filter1889p1las1.sendgrid.net with SMTP id
filter1889p1las1-10585-60DE6FD0-E
 2021-07-02 01:45:52.506187482 + UTC m=+23969.518969155
Received: from MjEwNzk4ODQ (unknown)
 by geopod-ismtpd-3-2 (SG) with HTTP id W8YVLKQPT6CK1S2NPi9CbA

Which looks like the original submission was via a sendgrid web
interface. A reply-to address in .vn, and a subject line (google
translate from Vietnamese) of "Why real estate can make you rich?".

Just more crap that sendgrid is leaking, this time sending their
outbound spam via zoom.us servers.




Yeah, it is almost always a compromise, but hard to believe Zoom would 
not have enabled two factor authentication, or similar restrictions on 
who can use their sendgrid servers, keep thinking that their is another 
back door that abusers are using at SendGrid..


Be nice to hear from Zoom (if anyone knows a contact) on what they 
discover, since SendGrid hasn't been too transparent.


--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So, Sendgrid / Zoom, planning on actually doing anything about webinar spams?

[Atro Tossavainen via mailop]

> Yep, I know you, Sendgrid, told me that you'd be working on it with
> Zoom.  And, as expected, nothing ever happened and they still keep
> coming.

About 0.3% of the spams that Koli-Lõks spamtraps got from SendGrid
in December 2021 matched .zoom.us.

It's large enough to be noticeable, but nothing compared to the largest
single SendGrid customer in the same traps - a Taiwanese newspaper whose
emissions amounted to more than 10% of the SendGrid total over the same
time range.

The Zoom stuff is hitting both typo addresses as well as recycled ones.

> Because, lets be honest here, based on what others are reporting, it
> looks like that I'd have an easier time trying to broker world peace
> AND cure cancer than it would be to get you guys to deal with abuse
> from your network.

In our traps, SendGrid continues to be #1 of the ESPs, but only by a
smallish margin against #2, Salesforce Marketing Cloud. Mailchimp,
at #3, is way below. Our data comes from a relatively small data set
of about two thousand domain names receiving mail, but even so, it's
large enough to get *something* from more than 250 ESPs every month,
and that's just the ones we've managed to identify so far.

> But, frankly, if you (Sendgrid) or them (Zoom) ain't going to do
> jack shit, then don't fucking tell me you are "working on it".

The basic problem is allowing an ESP customer to import a list that
existed before the customer became a customer of this ESP. I can't
think of an ESP that would not allow that.

Another basic problem is allowing the addition of new addresses without
COI. I can't think of an ESP that would require strict COI.

I'd be happy to be set straight on both counts.

-- 
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
Tallinn, Estonia
tel. +372-5883-4269, http://www.koliloks.eu/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid and phishing

[Jesse Thompson via mailop]

On 6/17/20 1:50 PM, Robert L Mathews via mailop wrote:
> Several months ago I suggested (among other things) that SendGrid block
> "From" headers matching prominent domain names until the messages have
> been manually reviewed. The fact that "don't let random customers send
> mail saying it's from @microsoft.com" hasn't been implemented in that
> time frame is disappointing.

More to the point: why should *any* ESP send "From" *any* domain without having 
explicit DMARC aligned authorization via SPF or DKIM?  At the very least, an 
ESP shouldn't allow their customers use domains that have a published DMARC 
policy that would result in quarantine or reject for the ESP's mail. 

I know the answer is that small businesses commonly use freemail providers, and 
they still want to send marketing as their brand, and if the ESP takes hard 
line on authorization their prospective customer might choose to do business 
with a competing ESP... 

But maybe those freemail domains should be the exception to the rule. 

We also saw a round of phishing sent from SendGrid that was "spoofing" some 
arbitrary .com domain.  And I mean to say "spoofing" lightly, since I'm fairly 
confident that SendGrid (as would any responsible ESP) did verify their 
customer's ability to receive mail at an address within that domain, so either:

1) a mailbox was compromised and used to authorize SendGrid to use the domain
2) a SendGrid customer account was compromised and the attacker was 
piggybacking on a prior authorization.  

If the former: all the more reason to have a slightly higher bar for ESPs 
achieving domain authorization.  
If the later: much tougher challenge.

Jesse

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid (ugh)

[Brielle via mailop]

These still seem to be coming in quite consistently...  Same Zoom 
sendgrid account.


Any updates on whats going on with this, Luke?



On 7/6/21 2:44 PM, Brielle via mailop wrote:

Here's the two that they all share:

Return-path: 
Return-path: 

(original unmunged version sent directly to you, Luke)

I've got zoom messages via sendgrid being rejected via a system filter 
currently, so there should be a bit of bounce messages going back at 
Zoom/Sendgrid, but yet they still keep coming...


Shouldn't there be some sort of required unsubscribe or report link at 
the bottom of these?  I seem to remember legitimate zoom invitations and 
such all have one?  But it's been a while.


On 7/6/21 2:33 PM, Luke wrote:
If you could share the return-path of the offending message, I can 
have it looked at.


Cheers,
Luke

On Tue, Jul 6, 2021 at 11:39 AM Brielle via mailop <mailto:mailop@mailop.org>> wrote:


    Hello,

    Anyone here have a contact for Zoom in re of webinar spam being sent
    from their platform via Sendgrid owned IPs?

    I'm rather unhappy with the fact they're allowing people to spam
    with no
    unsubscribe or report feature.

    I know Sendgrid is a hot steaming pile of dog excrement these days 
when
    it comes to spam, so the lack of reporting or unsubscribe link 
doesn't

    surprise me...



    --     Brielle Bruns
    The Summit Open Source Development Group
    http://www.sosdg.org <http://www.sosdg.org>    / http://www.ahbl.org
    <http://www.ahbl.org>
    ___
    mailop mailing list
    mailop@mailop.org <mailto:mailop@mailop.org>
    https://list.mailop.org/listinfo/mailop
    <https://list.mailop.org/listinfo/mailop>







--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] SendGrid and Phishing

[Len Shneyder via mailop]

Hi All,

Appreciate the discussion. As was mentioned in another forum we are aware
of the problem—the entire time is engaged in deploying a comprehensive fix
that will prevent a wave like this in the future. Just to be perfectly
clear, there is no leak of credentials as one post suggests. In the mean
time if you want to send example/headers to ab...@sendgrid.com they are
being reviewed, you can CC me too. We will play some whackamole as we look
to implement a more thorough solution. Again, thank you all for your
vigilance and feel free to ping me.

All best,
-L

--

Message: 1
Date: Wed, 17 Jun 2020 14:00:35 +0100
From: Tim Bray 
To: mailop 
Subject: [mailop] Sendgrid and phishing
Message-ID: <1f6aca35-94ef-70a0-bd75-49a5d632d...@kooky.org>
Content-Type: text/plain; charset=utf-8; format=flowed

Hi,

Anybody else seeing increase phishing through sendgrid?  They look
fairly convincing.

A few paypals, and a few amazons.

I thought sendgrid were ok?Has somebody leaked a big pile of
sendgrid usernames and passwords or something?


--
Tim Bray
Huddersfield, GB
t...@kooky.org




--

Message: 2
Date: Wed, 17 Jun 2020 13:26:52 +
From: Faisal Misle 
To: mailop 
Subject: Re: [mailop] Sendgrid and phishing
Message-ID:



Content-Type: text/plain; charset="utf-8"

I’ve been seeing it too... Mailgun, PayPal, etc

A SG rep replied to a SDLU thread yesterday about the same issue

“We are working to get a handle on this on a few fronts. These senders in
this thread have been banned. I don't have insight into the compliance
side, but it is being worked on."

Best,
Faisal

PGP Key: [C8FD029B](
https://urldefense.com/v3/__https://pgp.faisal.ec/__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisirzN0Dvo$
 )

On Wed, Jun 17, 2020 at 8:00 AM, Tim Bray via mailop 
wrote:

> Hi,
>
> Anybody else seeing increase phishing through sendgrid? They look
> fairly convincing.
>
> A few paypals, and a few amazons.
>
> I thought sendgrid were ok? Has somebody leaked a big pile of
> sendgrid usernames and passwords or something?
>
> --
> Tim Bray
> Huddersfield, GB
> t...@kooky.org
>
> ___
> mailop mailing list
> mailop@mailop.org
>
https://urldefense.com/v3/__https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisiwA9kai4$
-- next part --
An HTML attachment was scrubbed...
URL: <
https://urldefense.com/v3/__https://chilli.nosignal.org/cgi-bin/mailman/private/mailop/attachments/20200617/df4c858b/attachment-0001.html__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisiffajxJU$
 >

--

Message: 3
Date: Wed, 17 Jun 2020 15:42:21 +0200
From: Olivier Depuydt 
To: Faisal Misle 
Cc: mailop 
Subject: Re: [mailop] Sendgrid and phishing
Message-ID:

Content-Type: text/plain; charset="utf-8"

Hello.

I received the Phishing email from the fake Paypal Support, from Sendgrid's
platform on May the 29th, on a personal email address.
I have forwarded it to Paypal's phishing support on June the 1srt.
So, this issue has weeks if you still see emails like that.

Best regards,

Olivier
Deliverability Engineer at Cheetah Digital

Le mer. 17 juin 2020 à 15:32, Faisal Misle via mailop  a
écrit :

> I’ve been seeing it too... Mailgun, PayPal, etc
>
> A SG rep replied to a SDLU thread yesterday about the same issue
>
> “We are working to get a handle on this on a few fronts. These senders in
> this thread have been banned. I don't have insight into the compliance
> side, but it is being worked on."
>
> Best,
> Faisal
>
> PGP Key: C8FD029B <
https://urldefense.com/v3/__https://pgp.faisal.ec/__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisirzN0Dvo$
 >
>
>
> On Wed, Jun 17, 2020 at 8:00 AM, Tim Bray via mailop 
> wrote:
>
> Hi,
>
> Anybody else seeing increase phishing through sendgrid?  They look
> fairly convincing.
>
> A few paypals, and a few amazons.
>
> I thought sendgrid were ok?Has somebody leaked a big pile of
> sendgrid usernames and passwords or something?
>
>
> --
> Tim Bray
> Huddersfield, GB
> t...@kooky.org
>
>
> ___
> mailop mailing list
> mailop@mailop.org
>
https://urldefense.com/v3/__https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisiwA9kai4$
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
>
https://urldefense.com/v3/__https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop__;!!NCc8flgU!LCEEi7

Re: [mailop] Intuit directly spaming

[Michael Rathbun via mailop]

On Sat, 04 Mar 2023 22:58:23 +, MRob via mailop  wrote:

>Thanks you Atro, is there popular tool for to do that in real time?

This works for me:

>mdr@LUSZ ~ $ whois AS11377
>% IANA WHOIS server
>% for more information on IANA, visit http://www.iana.org
>% This query returned 1 object
>
>refer:whois.arin.net
>
>as-block: 10240-12287
>organisation: Assigned by ARIN
>
>whois:whois.arin.net
>descr:Assigned by ARIN
>
>source:   IANA
>
># whois.arin.net
>
>ASNumber:   11377
>ASName: SENDGRID
>ASHandle:   AS11377
>RegDate:2012-06-28
>Updated:2012-06-28
>Ref:    https://rdap.arin.net/registry/autnum/11377
>
>
>OrgName:SendGrid, Inc.
[snip]

Then there's stuff like

>mdr@LUSZ ~ $ whob 167.89.99.112
>IP: 167.89.99.112
>Origin-AS: 11377
>Prefix: 167.89.96.0/20
>AS-Path: 293 3356 11377
>AS-Org-Name: SendGrid, Inc.
>Org-Name: SendGrid, Inc.
>Net-Name: SENDGRID-167-89-0-0-17
>Cache-Date: Mar 05 2023 07:26:18
>Latitude: 39.749838
>Longitude: -104.995597
>City: Denver
>Region: Colorado
>Country: United States of America
>Country-Code: US
>Route-Originated-Date: Feb 16 2023 23:12:01
>Route-Originated-TS: 1676589121

mdr
-- 
  Where there is no law, but every man
   does what is right in his own eyes,
there is the least of real liberty.
  -- HENRY M. ROBERT

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Just how does SendGrid fail this badly?

[SM via mailop]

Hello,
At 05:23 AM 18-08-2020, Atro Tossavainen via mailop wrote:

The SendGrid account sending these yesterday is 13999362.


I am receiving emails from Sendgrid about "Nedbank Credit Card 
monthly Charges eStatement".  The account is 17343945.  It looks like 
a phishing attempt.  Those emails originate from 149.72.32.249.


Regards,
S. Moonesamy 



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Sendgrid and phishing

[Faisal Misle via mailop]

I’ve been seeing it too... Mailgun, PayPal, etc

A SG rep replied to a SDLU thread yesterday about the same issue

“We are working to get a handle on this on a few fronts. These senders in
this thread have been banned. I don't have insight into the compliance
side, but it is being worked on."

Best,
Faisal

PGP Key: [C8FD029B](https://pgp.faisal.ec/)

On Wed, Jun 17, 2020 at 8:00 AM, Tim Bray via mailop  wrote:

> Hi,
>
> Anybody else seeing increase phishing through sendgrid? They look
> fairly convincing.
>
> A few paypals, and a few amazons.
>
> I thought sendgrid were ok? Has somebody leaked a big pile of
> sendgrid usernames and passwords or something?
>
> --
> Tim Bray
> Huddersfield, GB
> t...@kooky.org
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Delisting request from sendgrid customer about ip used in recent phishing campaign.

[Benoit Panizzon via mailop]

Hi List

o1678912x138.outbound-mail.sendgrid.net [167.89.12.138] and IP under
control of sendgrid was repeatedly involved in phishing and other spam
since June.

It ended up being blacklisted @ SWINOG.

Now a sendgrid customers complains to us, that his emails are being
rejected because of this listing.

But that makes me wonder: Doesn't sendgrid deal with such issues like
asking for delisting after blocking the sender itself and re-uses
recently (last phish received on 14. July) 'abused' ip addresses for
other customers?

Mit freundlichen Grüssen

-Benoît Panizzon-
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Just how does SendGrid fail this badly?

[Atro Tossavainen via mailop]

The SendGrid account sending these yesterday is 13999362.

Method: get all SendGrid mail from yesterday and today, restrict to
anything that says "quota full" in the subject, look at accounts sending.

Sample size is measured in the dozens, across about ten recipient domains.
They were all sent by the same SendGrid account.


On Tue, Aug 18, 2020 at 12:03:55PM +, Andy Smith via mailop wrote:
> 
> Received: from wrqvhkqq.outbound-mail.sendgrid.net ([149.72.1.68])
>  by chiark.greenend.org.uk (SAUCE v0.9.0)
>  with esmtp id sauce-2544-1597663-1; 17 Aug 2020 11:32:54 + (GMT)
> Message-ID: <20200817203728.96117de88be30...@chilitato.com>
> From: "chiark.greenend.org.uk" 
> Subject: chiark.greenend.org.uk quota full: (98% full)
> 
> Cheers,
> Andy
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

-- 
Atro Tossavainen, Chairman of the Board
Infinite Mho Oy, Helsinki, Finland
tel. +358-44-5000 600, http://www.infinitemho.fi/

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SendGrid, what happens when you don't address the root problem (Indeed Phishing)

[Atro Tossavainen via mailop]

> You think we would be done with SendGrid conversations two years ago..

No such thing.

> And two hours later, a phishing attempt from a SendGrid IP hit the
> spam folder...
> 
> Return-Path: 
> Received: from wrqvndzq.outbound-mail.sendgrid.net (HELO
> wrqvndzq.outbound-mail.sendgrid.net) (149.72.45.228)

Confirmed, seen here too.

> From: Verify 2FA <2...@indeed-verify.com>
> Subject: Indeed for Employers - Your Account Required 2FA Verification.
> Reply-To: 2...@indeed-verify.com

X-Entity-ID: Z9o86N06AN6V9pUxLwsPGQ==

(even though "26471268" should be more than enough)

> One more reason to flag all of SendGrid shared servers as spam?

They're definitely the biggest ESP in our spamtraps, have been
for more than a year solid.

-- 
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
Tallinn, Estonia
tel. +372-5883-4269, http://www.koliloks.eu/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid (ugh)

[Luke via mailop]

Thanks for this Hans-Martin,

This was definitely phish. Compromised account. The account was actioned
very quickly after the mail got out.

For what it's worth, 2FA *is* required now but as you probably know it is
not a silver bullet for preventing abuse. When customers expose their API
key(s) to the open web, stuff happens.

Luke

On Thu, Jul 8, 2021 at 10:46 PM Hans-Martin Mosner via mailop <
mailop@mailop.org> wrote:

> Am 08.07.21 um 18:14 schrieb Luke via mailop:
> > Just so the group is aware, our team is looking into the Zoom traffic.
> We aren't sure what they are doing with that
> > mail stream, but it doesn't look good.
> >
> > Both of the accounts reported by Michael have been suspended.
> >
> > Thanks, everyone.
> >
> > Luke
> >
> I have a hunch that some time ago (just before the increased spam via
> SendGrid started) there might have been an
> unauthorized access to SendGrid customer data which allowed hackers to
> bruteforce hashed passwords and use valid
> accounts to send spam and fraudulent/phishing mails. The pattern is too
> strong to be reasonably explained with singular
> security breaches at individual customers.
>
> SendGrid, if this comes close to the truth (I can only guess), please be
> open about it at least in communication to your
> customers. If possible, enforce 2FA, watch for logins from unusual IP
> addresses, etc. Maybe a complete password reset
> for all customers would be in order.
>
> Repealing spam and fraud from completely bogus sources is a lot of work
> for us mail admins already, but when it comes
> from presumably authentic sources it becomes incredibly difficult and
> prone to false positives.
>
> Here's a simple example: I have a mail sample in quarantine that comes
> from "topbuildersolutions.net", apparently a
> SendGrid customer, using your outgoing infrastructure (192.254.122.201),
> so it's not a simple impersonation. It purports
> to be a payment reminder, with the usual phishing drill of urgency by
> threatening account termination. With a From: line
> of "SendGrid ", a SendGrid logo as
> embedded png, closing line "The Billing
> Operations Team at SendGrid" it looks 100% like phishing to me.
>
> Is this from you actually?
> If yes, why do you send out payment reminders using foreign domains?
> If not, why do you let your customers send such mails through your system?
>
> Your reputation is going down the drain. You should definitely realize
> that your reputation is your most valuable asset,
> and it's losing value at an incredible rate.
>
> Cheers,
> Hans-Martin
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SendGrid Abuse unresponsive

[Atro Tossavainen via mailop]

On Tue, May 05, 2020 at 07:48:12AM -0700, Michael Peddemors via mailop wrote:
> Since on the topic of SendGrid..

http://mainsleaze.spambouncer.org/2019-11-to-2020-04-in-spamtraps-esps/

The trends for Salesforce and SendGrid are remarkably upwards...

-- 
Atro Tossavainen, Chairman of the Board
Infinite Mho Oy, Helsinki, Finland
tel. +358-44-5000 600, http://www.infinitemho.fi/

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Delisting request from sendgrid customer about ip used in recent phishing campaign.

[Len Shneyder via mailop]

Hello Benoit and Hokan,

Thanks for pointing this out and I'm sorry you're still seeing what sounds
like a high volume of phish. I've asked our fraud ops team to investigate
this. In the future if you could send suspicious emails to
ab...@sendgrid.com we will get this handled. Feel free to CC me when you do
this to make sure these are handled quickly.

We've instituted some self-limiting features on our front door that
should've decreased the overall volume of abuse. This is a stop gap measure
as we roll out some other countermeasures in the next few weeks. Could you
let me know if you have seen a perceptible drop in volume and velocity
between June and July when this was rolled out?

Again, I want to assure you that there is a massive effort happening here
to address the problems you are seeing. I'm happy to meet off list and
discuss this further and help you understand what we're working on if that
would be helpful. Again, thank you for your patience and please don't
hesitate to contact me when you see any of these issues arise.

Best,
-L

Len Shneyder
VP Industry Relations
[image: Twilio] <https://www.twilio.com/?utm_source=email_signature>
EMAIL l...@twilio.com
TWITTER @LenShneyder <https://twitter.com/LenShneyder>Message: 6
Date: Tue, 11 Aug 2020 16:53:46 +0200
From: Benoit Panizzon 
To: mailop@mailop.org
Subject: [mailop] Delisting request from sendgrid customer about ip
used in recent phishing campaign.
Message-ID: <20200811165346.4e775...@go.imp.ch>
Content-Type: text/plain; charset=UTF-8

Hi List

o1678912x138.outbound-mail.sendgrid.net [167.89.12.138] and IP under
control of sendgrid was repeatedly involved in phishing and other spam
since June.

It ended up being blacklisted @ SWINOG.

Now a sendgrid customers complains to us, that his emails are being
rejected because of this listing.

But that makes me wonder: Doesn't sendgrid deal with such issues like
asking for delisting after blocking the sender itself and re-uses
recently (last phish received on 14. July) 'abused' ip addresses for
other customers?

Mit freundlichen Grüssen

-Benoît Panizzon-
--
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web
https://urldefense.com/v3/__http://www.imp.ch__;!!NCc8flgU!Jyb1oWP7APkgX0rrc5NFacUfW0Yu4XeA1B6Dcl0IJWNPlcXIUaIq9196yCI$
__



--

Message: 7
Date: Tue, 11 Aug 2020 10:20:47 -0500
From: Hokan 
To: mailop@mailop.org
Subject: Re: [mailop] Delisting request from sendgrid customer about
ip used in recent phishing campaign.
Message-ID: <20200811152047.ga7...@me.umn.edu>
Content-Type: text/plain; charset=iso-8859-1

I've instituted short-term blocks of Sendgrid mail several times this year
and started another today because it looks like as much as a third of the
mail they've sent us in the past week has been evil -- mostly phishing.

This is a problem for me because some of the mail Sendgrid sends is
wanted by my users.  I'm thinking about just accepting it all and filing
it into user spam folders.

I see that the IP you mention, Benoit, is currently listed on the SBL and
Spamcop.


On Tue, Aug 11, 2020 at 04:53:46PM +0200, Benoit Panizzon via mailop wrote:
> Hi List
>
> o1678912x138.outbound-mail.sendgrid.net [167.89.12.138] and IP under
> control of sendgrid was repeatedly involved in phishing and other spam
> since June.
>
> It ended up being blacklisted @ SWINOG.
>
> Now a sendgrid customers complains to us, that his emails are being
> rejected because of this listing.
>
> But that makes me wonder: Doesn't sendgrid deal with such issues like
> asking for delisting after blocking the sender itself and re-uses
> recently (last phish received on 14. July) 'abused' ip addresses for
> other customers?
>
> Mit freundlichen Grüssen
>
> -Benoît Panizzon-

--
Hokan MEnet, a wholly owned subsidiary of
Enet
System Administrator Department of Aerospace Engineering and
Mechanics
ho...@me.umn.edu  Department of Mechanical
Engineering
612.208.3105 (cell)   Department of Industrial and Systems
Engineering



--

Subject: Digest Footer
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SendGrid is deleting your mail

[Andy Smith via mailop]

Hi,

On Fri, Jun 23, 2023 at 08:03:40PM +0200, Carsten Schiefner via mailop wrote:
> how about elaborating a bit further on the whats and whys of your setup?

Maybe some of us could learn something from that, or maybe SendGrid
would consider that to be giving an advantage to competitors. Really
what I am interested in is the justification for not even retrying
once when receiving the "450 4.3.2 Please retry immediately"
response described by the OP.

If I understand correctly, the OP had experienced missing mail from
SendGrid previously, had asked why there had not been retries on
a 4xx, and was told that SendGrid uses a complex rule set to decide
whether to actually retry for any given 4xx or 5xx. The OP then
tested that by coming up with "450 4.3.2 Please retry immediately",
which also did not receive any retries at all.

So this implies that if SendGrid sees a "450 4.3.2" response that it
does not otherwise have a special rule for (or is it any 4xx that
there is no rule for?) then discarding the mail without any retries
at all is what happens by default.

The idea of not retrying at all on certain specific 4xx responses
doesn't sit that well with me, but I can kinda sorta see why a large
sender might want to do that if they were really sure. But here
seems to be the implication that it's actually quite easy to trigger
that behaviour, unless by some stroke of bad luck "450 4.3.2 Please
retry immediately" happened to match an existing rule.

It would be useful to know if it is the case that if one uses a 4xx
response that SendGrid hasn't seen before, it's going to result in
no actual retries.

Thanks,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Debt Collection Client Email Servers

[Michael Irvine via mailop]

Thank you everyone. Is there any recommendation on other 3rd party senders that 
can be trusted instead of SendGrid. My last resort will be to setup some MTA's 
with the few free IP they have from the Datacenter. 

I also understand that the client is in the middle of a catch-22 in terms of 
sending email. I have already informed them that email will always be a best 
effort and not a guarantee. 

As for contacts other than email. Email is the last resort after all other 
avenues are attempted in the order of Snail Mail, Phone, SMS, and Social Media. 

Thanks,
 
Michael Irvine 

-Original Message-
From: mailop  On Behalf Of Jay Hennigan via mailop
Sent: Monday, March 25, 2024 1:37 PM
To: mailop@mailop.org
Subject: Re: [mailop] Debt Collection Client Email Servers

CAUTION: This email originated from outside of the organization. Do not click 
any links or open attachments unless you recognize the sender and know the 
content is safe.



On 3/22/24 14:58, Michael Peddemors via mailop wrote:
> If they are 'dedicated', doesn't matter if they are coming from 
> SendGrid, the PTR should reflect your clients domain.
>
> host 149.72.234.90
> 90.234.72.149.in-addr.arpa domain name pointer 
> wrqvzxrx.outbound-mail.sendgrid.net.

If Sendgrid claimed that these IPs are dedicated to you, their PTR says 
otherwise. It should reflect your sending domain. Note that Sendgrid has a 
rather poor reputation when it comes to spam exiting their network.

> And given the amount of abuse of SendGrid servers, anything you can do 
> to differentiate from their generic naming conventions will help you.

Or avoid Sendgrid entirely.

--
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SendGrid Abuse unresponsive

[Andy Smith via mailop]

Hello,

On Tue, May 05, 2020 at 06:00:44AM +0300, Atro Tossavainen via mailop wrote:
> Any chance SendGrid might amend its ticket system so that there would
> be autoreplies when tickets are created that showed issue numbers
> connected with the original request

It would also be great if SendGrid would include an abuse reporting
URL in the headers of each message, specific to that message, i.e.
that passes along all info that SendGrid would need to identify that
campaign/client.

Each mail does appear to include an X-SG-ID header which looks like
it might carry that sort of information, so it would be nice if there
could be a link that pre-fills an abuse report for that mail.

At present the process is to just forward the mail to
abuse@sendgrid. It's great that they accept reports that way and I'm
not suggesting that change, but a lot of the time clicking on one
link is much faster and less error prone.

MailChimp and several other ESPs do this, and it can be very
helpful.

And while I am asking for the moon on a stick, I've no idea which
side is refusing to play ball¹ but it is currently not possible to
report SendGrid emails through SpamCop. If it were possible for that
to change that would be lovely.

Cheers,
Andy

¹ There was a thread a while back about Hetzner and SpamCop where I
  had thought that an abuse address being disabled in SpamCop
  implied that the recipient did not accept SpamCop reports. In fact
  in that case it was that SpamCop didn't want to send reports to
  Hetzner. So it is not possible to determine which side made the
  decision to not allow those reports.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Sendgrid and phishing

[Benoît Panizzon via mailop]

Hi

> Anybody else seeing increase phishing through sendgrid?  They look 
> fairly convincing.
> 
> A few paypals, and a few amazons.

Add Netflix
Add Joe-Jobs

> I thought sendgrid were ok?    Has somebody leaked a big pile of 
> sendgrid usernames and passwords or something?

Yes, I contacted their abuse desk on the Netflix case - No reaction.
Redirection Service to the phishing site on their platform was still
active after a couple of days (didn't re-check recently).

Also contacted them with a GDPR Request because of the joe-job so they
would need to reveal their customer. No reaction after about one month
now.

So attempted to contact their legal department. Their website redirects
to Twilio (yes, they seem to have purchased sendgrid).

And indeed, I also have a long lasting case open with the legal team of
twilio regarding one of their customers using a swisscom mobile phone
number to send SMS spam for what looks like a loan fraud scheme.
Swisscom only has the information that Twilio is their
'Reselling' customer and doesn't know the end-customer behind Twilio.

Swiss telecommunication laws require them to identify the customer
sending those SMS: But also here: No reaction from their legal team and
ofcom has no way to put a fine on them, because they are not a
registered telco in Switzerland.

I suspect the IP Ranges of Sendgrid are bound for a global blacklisting
if they keep ignoring abusive behaviour of their customers.

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Gosh, I love sendgrid

[Mark E. Jeftovic via mailop]

On 2020-12-22 3:34 PM, John Levine via mailop wrote:
> In article  you write:
>> The only basis on which these emails should be judged is on whether
>> they're spam or malware.
> This suggests you're OK with child pornography and beheading videos so
> long as subscribers ask for them. And what about the Malware of the
> Day club?

John, I would have expected better from you. If you want to be taken
seriously, then don't make asinine mis-characterizations like this.

There are clear, existing, unambiguous laws against this, and nobody
questions any entity who not only declines to facilitate this but
actively purges it from their platforms.

Where I have a problem is the idea that infrastructure vendors should
take action against all content John Levine finds irresponsible.
Alternative views on COVID, and the vaccine, if we must get specific,
can not in any reasonable stretch be put into the same bucket as child
pornography and beheading videos. Trying to make /that/ argument is what
is really irresponsible.

> As someone else already said, Sendgrid is not the government. They
> have every right to decline to sign up undesirable customers.

Yes, sendgrid is not the government, and neither are you. As far as I
knew this thread isn't about Sendgrid refusing to take on customers who
are sending out vaccine skepticism emails. It's about /you /thinking
/Sendgrid should /not take on people who are sending out those emails. 

You aren't sendgrid, so unless it's spam, this really isn't your problem.

- mark

>
>
> R's,
> John
>
> PS: As we all know, every complex problem has an answer that is clear,
> simple, and wrong.
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
-- 
Mark E. Jeftovic 
Co-founder & CEO, easyDNS Technologies Inc.
AxisOfEasy.com <https://AxisOfEasy.com> - /For full coverage of a world
gone full cyberpunk.../
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid (ugh)

[Atro Tossavainen via mailop]

Over yesterday and today, the following X-Entity-IDs have sent us
mail that somehow related to .zoom.us:

  X-Entity-ID: ApJYVCoyRSXXkzbu3h3uow==
  X-Entity-ID: lURbVkUlQbFl9F6ROPqNUw==
  X-Entity-ID: mDhfxq9OikvIkQieTwdfQA==
  X-Entity-ID: 7mxhBNMkQ9yfwz0A5+NG7Q==

These correspond to the SendGrid user IDs

  Return-Path:  Here's the two that they all share:
> 
> Return-path: 
> Return-path: 
> 
> (original unmunged version sent directly to you, Luke)
> 
> I've got zoom messages via sendgrid being rejected via a system
> filter currently, so there should be a bit of bounce messages going
> back at Zoom/Sendgrid, but yet they still keep coming...
> 
> Shouldn't there be some sort of required unsubscribe or report link
> at the bottom of these?  I seem to remember legitimate zoom
> invitations and such all have one?  But it's been a while.
> 
> On 7/6/21 2:33 PM, Luke wrote:
> >If you could share the return-path of the offending message, I can
> >have it looked at.
> >
> >Cheers,
> >Luke
> >
> >On Tue, Jul 6, 2021 at 11:39 AM Brielle via mailop
> >mailto:mailop@mailop.org>> wrote:
> >
> >Hello,
> >
> >Anyone here have a contact for Zoom in re of webinar spam being sent
> >from their platform via Sendgrid owned IPs?
> >
> >I'm rather unhappy with the fact they're allowing people to spam
> >with no
> >unsubscribe or report feature.
> >
> >I know Sendgrid is a hot steaming pile of dog excrement these days when
> >it comes to spam, so the lack of reporting or unsubscribe link doesn't
> >surprise me...
> >
> >
> >
> >-- Brielle Bruns
> >The Summit Open Source Development Group
> >http://www.sosdg.org <http://www.sosdg.org>    / http://www.ahbl.org
> ><http://www.ahbl.org>
> >___
> >mailop mailing list
> >mailop@mailop.org <mailto:mailop@mailop.org>
> >https://list.mailop.org/listinfo/mailop
> ><https://list.mailop.org/listinfo/mailop>
> >
> 
> 
> -- 
> Brielle Bruns
> The Summit Open Source Development Group
> http://www.sosdg.org/ http://www.ahbl.org
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop

-- 
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
Tallinn, Estonia
tel. +372-5883-4269, http://www.koliloks.eu/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [External] sendgrid sending spam claiming to be chase.com

[Kevin A. McGrail via mailop]

On 12/23/2019 10:42 PM, Carl Byington via mailop wrote:
> The spam was sent with a From: header of @email.chase.com.
> _dmarc.email.chase.com. has a txt record with p=reject, so it was
> rejected here. Sendgrid - you should be able to check that at your end,
> and just not send anything that violates the dmarc restriction published
> by the ostensible sender.

Carl,

We've been seeing the same over the past few weeks as a growing threat. 
They are abusing sendgrid and the SPF records and the envelope from to
mimic some big players.  If you use Apache SpamAssassin, I'm working on
rules with KAM.cf to combat this.  Email me off list and I'll take a
look at your spamples. 

If there is a sendgrid rep on the list, please contact me as well.

Regards,

KAM


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SendGrid Abuse unresponsive

[Will Boyd via mailop]

Hi Kyle,

I've located those tickets. It looks like a colleague did reply on
Wednesday to 4218173 and the reply went to Angelo. I'm not on our abuse
team but will ping them with both ticket numbers to follow up.

Will

On Mon, May 4, 2020 at 8:20 PM Kyle Thorne via mailop 
wrote:

> Hi everyone,
>
> Is anyone from SendGrid on-list that can help with an abuse report that
> has gone unanswered?
>
> We have two tickets with SendGrid that have *no response: *4218173 and
> 4278230.
>
> This fraud account is phishing our users, so there's no reason SendGrid
> shouldn't be able to suspend / ban this account.
>
> Anyone available to help with this?
> [image: VentraIP Australia logo]
>
>
> *Kyle Thorne*Chief Technical Officer \\ VentraIP Australia
>
> ___
> mailop mailing list
> mailop@mailop.org
>
> https://urldefense.com/v3/__https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop__;!!NCc8flgU!PA5pfJG6J5H3bnL4o7HBO_4WtTKIGCsdTv88PJGyiDXQYv4DLPkFQZqSPF0AXGbKgg$
>


-- 
[image: sendgridlogo2.png] <https://sendgrid.com/>
Will Boyd
Sr. Email Deliverability Consultant
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Sendgrid is giving others anti-abuse/security advice? Wow!

[Stefano Bagnara via mailop]

On Thu, 11 Feb 2021 at 18:49, Rob McEwen via mailop  wrote:
> These questions! WOW! IS THIS FOR REAL? Don't get me wrong, I like Len 
> Shneyder
> and I think he's a good person TRYING to do the right thing - but - 
> considering what is coming
> FROM SendGrid in recent years, is this the right time to be giving OTHERS 
> anti-abuse/security
> advice? Just... wow! I think they should instead consider trying to "lead by 
> example".
> The world would certainly become a MUCH better place!
> https://martechseries.com/mts-insights/tech-bytes/len-shneyder-twilio-sendgrid/

I didn't read anti-abuse and security advices in the article.

He's just talking about how DMARC evolved and the role of social
engineering in phishing.

He's not even trying to let people guess Sendgrid is good at preventing abuses.

no "Wow" here :-)

Stefano

-- 
Stefano Bagnara
Apache James/jDKIM/jSPF
VOXmail/Mosaico.io/VoidLabs
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SendGrid is deleting your mail

[Sebastian Nielsen via mailop]

>>The RFC forbids doing that, and I argued against it

The RFC and reality is two different things. If a client don't want to retry, I 
think they are free to choose to not retry.
Why even send retry requests to SendGrid?
Just accept the email, whats the problem?

If your antivirus or mail scanning solution requires some time, buffer the 
email at your server instead.
I do understand it creates the problem of, when deciding to keep or trash the 
email, SendGrid client is long gone,
And sending back an error would create backscatter.
But then, just silently trash the email if it is deemed virus or similar.

You could try using stream scanning and then when arriving at final decision, 
let client wait for some seconds before getting an scan result.

>>These are a pair of tickets for Hershey Park that a family has been waiting 
>>on for two days:

Your fault. You rejected the email with "Please retry immediately" just to mock 
with SendGrid.
If you have the possibility to set an IP to have custom reject text, you have 
the possibility to whitelist that IP (and/or domain) so mail pass unaffected.

>>SendGrid silently deleted them. We want your mail; 

If you want their mail, then accept it? Don’t reject with stupid things like 
"Please retry" for unknown weird reasons?
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Just how does SendGrid fail this badly?

[Carl Byington via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Tue, 2020-08-18 at 15:23 +0300, Atro Tossavainen via mailop wrote:
> The SendGrid account sending these yesterday is 13999362.

Where do you find that account number in the headers? I see some from
today with "Upgrade (FINAL WARNING)" in the subject, but no indication
of any sendgrid account number.


-BEGIN PGP SIGNATURE-

iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCXzwT2hUcY2FybEBmaXZl
LXRlbi1zZy5jb20ACgkQL6j7milTFsFoigCeONxnBFkM/QJI3Mky1A9XafBR+IQA
oIUMyZCHGvGEjasL9fCb22Njyfer
=+kBp
-END PGP SIGNATURE-



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid (ugh)

[Luke via mailop]

Just so the group is aware, our team is looking into the Zoom traffic. We
aren't sure what they are doing with that mail stream, but it doesn't look
good.

Both of the accounts reported by Michael have been suspended.

Thanks, everyone.

Luke

On Thu, Jul 8, 2021 at 8:48 AM Michael Peddemors via mailop <
mailop@mailop.org> wrote:

> On 2021-07-08 8:20 a..m., Carl Byington via mailop wrote:
> > On Thu, 2021-07-08 at 09:31 +0300, Atro Tossavainen via mailop wrote:
> >> That one is Zoom.us itself.
> >
> >> Received: from o5.sg.zoom.us (o5.sg.zoom.us [149.72.199.144])
> >
> >> Received: from o12.ptr3622.sg.zoom.us (o12.ptr3622.sg.zoom.us
> >> [167.89.93.232])
> >
> > Yes, the mail arrives from systems with rdns of *.sg.zoom.us, but my
> > understanding is that the X-Entity-ID points to a sendgrid user. And the
> > headers include stuff like:
> >
> > Received: by filter1889p1las1.sendgrid.net with SMTP id
> > filter1889p1las1-10585-60DE6FD0-E
> >  2021-07-02 01:45:52.506187482 + UTC m=+23969.518969155
> > Received: from MjEwNzk4ODQ (unknown)
> >  by geopod-ismtpd-3-2 (SG) with HTTP id W8YVLKQPT6CK1S2NPi9CbA
> >
> > Which looks like the original submission was via a sendgrid web
> > interface. A reply-to address in .vn, and a subject line (google
> > translate from Vietnamese) of "Why real estate can make you rich?".
> >
> > Just more crap that sendgrid is leaking, this time sending their
> > outbound spam via zoom.us servers.
> >
>
>
> Yeah, it is almost always a compromise, but hard to believe Zoom would
> not have enabled two factor authentication, or similar restrictions on
> who can use their sendgrid servers, keep thinking that their is another
> back door that abusers are using at SendGrid..
>
> Be nice to hear from Zoom (if anyone knows a contact) on what they
> discover, since SendGrid hasn't been too transparent.
>
> --
> "Catch the Magic of Linux..."
> 
> Michael Peddemors, President/CEO LinuxMagic Inc.
> Visit us at http://www.linuxmagic.com @linuxmagic
> A Wizard IT Company - For More Info http://www.wizard.ca
> "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
> 
> 604-682-0300 Beautiful British Columbia, Canada
>
> This email and any electronic data contained are confidential and intended
> solely for the use of the individual or entity to which they are addressed.
> Please note that any views or opinions presented in this email are solely
> those of the author and are not intended to represent those of the company.
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So, Sendgrid / Zoom, planning on actually doing anything about webinar spams?

[Brie via mailop]

So, hey, yeah, Sendgrid and Zoom...

It's still going on even though it was 'being looked into'.

Why do you not respect permanent errors when delivering? My system is 
rejecting the mails, so Sendgrid's systems should be marking the mails 
as undeliverables and removing the address or flagging the list.


Today, got a new one sent directly through Zoom's systems without 
Sendgrid.  New topic but same Vietnamese spammer.



--
Return-path: 
Delivery-date: Wed, 20 Jul 2022 11:11:03 -0600
Received: from smtp-n11.zoom.us ([170.114.15.183])
	by mail.sosdg.org with utf8esmtps 
(TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_128_GCM:128) (Exim 
4.94.2-SOSDG)

id 1oEDDu-00FpyA-RT
for ; Wed, 20 Jul 2022 11:11:03 -0600
Message-ID: 
<1658337048.bvpf1sb7ennprz1yuclh1d29a5gungkt36ai4...@smtp-n11.zoom.us>

Received: from smtp-n11.zoom.us (ip-10-0-217-112.ec2.internal
 [170.114.15.183])
 by smtp-n11.zoom.us (ESMTP)
 with ESMTPSA id
 v=2.0;clid=us02;rid=WEB_a3403e86d1c0f57ec65ad13bdde3bbb4;
 Wed, 20 Jul 2022 17:10:48 +
Date: Wed, 20 Jul 2022 17:10:48 +
From: "Robocash Vietnam" 
To: "xxx" 


Valid SPF and DKIM signature.

Body has a Zoom Meeting link.

You guys ever going to do something about this?


On 1/8/22 8:44 PM, Brie wrote:

Hi Sendgrid and Zoom,

We've been over this before, multiple times...  But alas, it looks like 
that you neither of you seem to care a single bit about your services 
being used to send spams that can't be unsubscribed from.


Yep, I know you, Sendgrid, told me that you'd be working on it with 
Zoom.  And, as expected, nothing ever happened and they still keep coming.


Should I just give up hoping that anything will ever be done about it 
and blacklist Sendgrid and Zoom?


Because, lets be honest here, based on what others are reporting, it 
looks like that I'd have an easier time trying to broker world peace AND 
cure cancer than it would be to get you guys to deal with abuse from 
your network.



Yep.  This message is written in anger, and I'll probably be accused of 
being unprofessional.


But, frankly, if you (Sendgrid) or them (Zoom) ain't going to do jack 
shit, then don't fucking tell me you are "working on it".







--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SendGrid Abuse unresponsive

[Alexander Zeh via mailop]

Hello,

> It would also be great if SendGrid would include an abuse reporting
> URL in the headers of each message, specific to that message, i.e.
> that passes along all info that SendGrid would need to identify that
> campaign/client.

I’m not so sure about that, having in mind that the list-unsubscribe header 
already causes some headache on my end as some filters are checking and 
therefore „clicking“ all the URLs they find in body and header. 

Cheers,
Alex
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Sendgrid and phishing

[Michael Rathbun via mailop]

On Wed, 17 Jun 2020 14:00:35 +0100, Tim Bray via mailop 
wrote:

>Anybody else seeing increase phishing through sendgrid?  They look 
>fairly convincing.

General spam (several per week) and phishing, especially some very nicely done
"Reconfirm you Netflix payment method" at several per day.

Pointing out to users reporting these that blocking Sendgrid entirely (the
temptation arises) would take out the SG traffic that is highly desired (at
least 70%).

mdr
-- 
   "There will be more spam."
  -- Paul Vixie


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Just how does SendGrid fail this badly?

[Alan Hodgson via mailop]

On Tue, 2020-08-18 at 14:34 -0700, Carl Byington via mailop wrote:
> 
> dhl is asking folks to reject that mail, but sendgrid tries to send it
> anyway.
> 

Sendgrid doesn't seem to do any From: address authentication. They're sending
email pretending to be from all kinds of random domains.

I know they probably have customers that depend on being able to forge
addresses, but come on guys, it's 2020, you can't do that anymore.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Fake fax spam from sendgrid

[John Levine via mailop]

I'm getting a steady stream of spam from Sendgrid purporting to be
Efax messages, with what appears to be an XLS spreadsheet attached.
The return addresses are all over the place but they all come through
Sendgrid, e.g., 

Subject: E-FAX - 963554 DNW

You have a new fax! Click the attachment to view.

Caller ID: +15131711332
Date Received: 2020-10-19 08:15:38 CDT
Type: Attached in xls
Number of pages: 1
Reference #: vsshGfjF9_87575643-34844314-98773826

[ Part 2, Application/VND.MS-EXCEL (Name: "001110952.xls") 1.4 MB. ]

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Re: Sendgrid again...

[Gregory Heytings via mailop]

Bulk mail, email marketing, consumer email, enterprise email. Those are 
all different businesses. Just because a company does one thing doesn't 
mean it should be doing (or be good at) the other. 




That's correct, but in that case what Sendgrid should do is to use a 
specific subdomain for abuse reports, e.g. use ab...@abuse.sendgrid.com 
instead of ab...@sendgrid.com, and run their own mailserver on 
abuse.sendgrid.com.  If two other mail providers filter reports before 
they reach Sendgrid it defeats the purpose of an abuse contact.___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Contact for Zoom webinar spam sent via Sendgrid (ugh)

[Brielle via mailop]

Hello,

Anyone here have a contact for Zoom in re of webinar spam being sent 
from their platform via Sendgrid owned IPs?


I'm rather unhappy with the fact they're allowing people to spam with no 
unsubscribe or report feature.


I know Sendgrid is a hot steaming pile of dog excrement these days when 
it comes to spam, so the lack of reporting or unsubscribe link doesn't 
surprise me...




--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] ANNOUNCEMENT: The NEW invaluement "Service Provider DNSBLs" - 1st one for Sendgrid-spams!

[Rob McEwen via mailop]

ANNOUNCEMENT: The NEW invaluement "Service Provider DNSBLs" - 1st one 
for Sendgrid-spams!


...a collection of a new TYPE of DNSBL, with the FIRST of these having a 
focus on Sendgrid-sent spams. AND - there is a FREE version of this - 
that can be used NOW! (/well... might need a SpamAssassin rule or two! 
Your help appreciated!)/:


INFO AND INSTRUCTIONS HERE:

https://www.invaluement.com/serviceproviderdnsbl/

This provides a way to surgically block Sendgrid's WORST spammers, yet 
without the massive collateral damage that would happen if blocking 
Sendgrid domains and IP addresses. But we're NOT stopping at the phishes 
and viruses - and we're not finished! There will be some well-deserved 
economic pain, that puts the recipients' best interests at heart. 
Therefore, flagrant "cold email" spamming to recipients who don't even 
know the sender - is also being targeted - first with the absolute worst 
- and then progressing to other offenders as we make adjustments in the 
coming weeks.


-- Rob McEwen https://www.invaluement.com

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Sendgrid again...

[Gregory Heytings via mailop]

Are you sure that it was Sendgrid that blocked the message ? Looks to 
me as if ab...@sendgrid.com is hosted at gmail and it was *gmail* that 
objected to the content ...


Or am I misunderstanding something ?


No, of course you're right.

But forwarding an abuse address that is somewhat expected to receive 
problematic content to a service that tries to keep such content out of 
their users' mailboxes doesn't really look very professional, and even 
if it isn't technically Sendgrid who perform the filtering this approach 
has the effect of putting a content filter on the abuse mailbox.




Actually Sendgrid uses a double filtering: the first line of the error 
report you got ("The original message was received at Fri, 22 Jan 2021 
05:45:50 -0800 from m0099904.ppops.net [127.0.0.1]") means that the mail 
has been received and processed by Proofpoint, that forwards it to Gmail.


See also their MX records:

$ dig +short -t mx sendgrid.com
10 mxa-0023de01.gslb.pphosted.com.
10 mxb-0023de01.gslb.pphosted.com.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Gmail inboxing help

[Lauren Donovan via mailop]

Hi Everyone,

I am wondering if someone here might have some insight into an issue I am
experiencing with Gmail customers. Here are the details:

1.) When the customers click to opt-in on our form page, they are sent a
confirmation via a Smartertools email.
2.) We use SendGrid to email them in the future with newsletters, tools,
and other marketing information.
3.) We just aren't inboxing with Gmail. Never have, despite the customer
opting in.

Questions:
1.) Can anyone recommend a solution?
2.) Should we be integrating SmarterTools and SendGrid so the confirmation
email comes directly from SendGrid, and thus, follow-up emails aren't from
a cold, third-party sender?
3.) Should confirmation emails come from SendGrid and we drop Smartertools
altogether?

So grateful for any advice.

Lauren



<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=icon>
Virus-free.
www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=link>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid (ugh)

[Carl Byington via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Thu, 2021-07-08 at 09:31 +0300, Atro Tossavainen via mailop wrote:
> That one is Zoom.us itself.

> Received: from o5.sg.zoom.us (o5.sg.zoom.us [149.72.199.144])

> Received: from o12.ptr3622.sg.zoom.us (o12.ptr3622.sg.zoom.us
> [167.89.93.232])

Yes, the mail arrives from systems with rdns of *.sg.zoom.us, but my
understanding is that the X-Entity-ID points to a sendgrid user. And the
headers include stuff like:

Received: by filter1889p1las1.sendgrid.net with SMTP id
filter1889p1las1-10585-60DE6FD0-E
2021-07-02 01:45:52.506187482 + UTC m=+23969.518969155
Received: from MjEwNzk4ODQ (unknown)
by geopod-ismtpd-3-2 (SG) with HTTP id W8YVLKQPT6CK1S2NPi9CbA

Which looks like the original submission was via a sendgrid web
interface. A reply-to address in .vn, and a subject line (google
translate from Vietnamese) of "Why real estate can make you rich?".

Just more crap that sendgrid is leaking, this time sending their
outbound spam via zoom.us servers.



-BEGIN PGP SIGNATURE-

iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYOcXoxUcY2FybEBmaXZl
LXRlbi1zZy5jb20ACgkQL6j7milTFsGmiACfRob62kkNRCYmCuGVToI/xg+IjSkA
n0KwN05UTZa35wOzW7Pzkl4wbvr6
=+QB+
-END PGP SIGNATURE-


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SendGrid, what happens when you don't address the root problem (Indeed Phishing)

[Robert L Mathews via mailop]

On 4/19/22 1:46 PM, Atro Tossavainen via mailop wrote:


They're definitely the biggest ESP in our spamtraps, have been
for more than a year solid.


Yep. As most probably remember, someone from SendGrid came on the list 
for a while, made some noises about cleaning things up, and then 
disappeared.


SendGrid is still a cesspit of forged mail, phishing, and B2B "harvested 
from LinkedIn" spam. Spam complaints result in listwashing at best. They 
clearly don't care, because some very basic rules would eliminate quite 
a bit of it (like rate-limiting and spot-checking new customers who send 
from addresses at domain names registered within the last 24 hours, such 
as "indeed-verify.com").


I'm sure someone else from SendGrid will be back on here within a year 
or so claiming they've just been hired to clean things up, make a few 
more noises for a month, and disappear again.


--
Robert L Mathews
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid (ugh)

[Brielle via mailop]

Here's the two that they all share:

Return-path: 
Return-path: 

(original unmunged version sent directly to you, Luke)

I've got zoom messages via sendgrid being rejected via a system filter 
currently, so there should be a bit of bounce messages going back at 
Zoom/Sendgrid, but yet they still keep coming...


Shouldn't there be some sort of required unsubscribe or report link at 
the bottom of these?  I seem to remember legitimate zoom invitations and 
such all have one?  But it's been a while.


On 7/6/21 2:33 PM, Luke wrote:
If you could share the return-path of the offending message, I can have 
it looked at.


Cheers,
Luke

On Tue, Jul 6, 2021 at 11:39 AM Brielle via mailop <mailto:mailop@mailop.org>> wrote:


Hello,

Anyone here have a contact for Zoom in re of webinar spam being sent
from their platform via Sendgrid owned IPs?

I'm rather unhappy with the fact they're allowing people to spam
with no
unsubscribe or report feature.

I know Sendgrid is a hot steaming pile of dog excrement these days when
it comes to spam, so the lack of reporting or unsubscribe link doesn't
surprise me...



-- 
Brielle Bruns

The Summit Open Source Development Group
http://www.sosdg.org <http://www.sosdg.org>    / http://www.ahbl.org
<http://www.ahbl.org>
___
mailop mailing list
mailop@mailop.org <mailto:mailop@mailop.org>
https://list.mailop.org/listinfo/mailop
<https://list.mailop.org/listinfo/mailop>




--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Delisting request from sendgrid customer about ip used in recent phishing campaign.

[Matt Harris via mailop]

On Tue, Aug 11, 2020 at 2:21 PM Michael Orlitzky via mailop <
mailop@mailop.org> wrote:

> In the past few months there have been several threads on mailop and
> similar lists (sdlu, spamassassin-users, nanog, ...) complaining about
> how SendGrid doesn't seem to do anything at all to stop the ongoing
> blatant phishing campaigns from their servers.
>

I've received some spam from sendgrid, including another "we caught you
looking at pr0n, send us btc" just today from sendgrid at my personal email
address, and dutifully forwarded them with headers along to abuse@. What
I've never received is any sort of follow up on those reports indicating
that they were received, much less any action would be taken. Some of these
messages are spam in ways that are exceptionally obvious - things like
having the From: header set to the same address as the recipient, for
example, or matching patterns that even a junior sysadmin's spamassassin
deployment would be able to catch.

We'd been using sendgrid in production for some stuff, but we're looking at
changing that now because it seems like their lack of concern regarding
abuse on their platform will lead to more and more deliverability issues as
time goes on. It just seems like sendgrid doesn't care about abuse on their
platform.

As far as determining the difference between a compromised account that
isn't a spammer and a spammer who simply signed up for an account, this
should be relatively simple by looking at their history. Even without doing
so, the action should clearly be the same: shut down the account
immediately. There's no reason to let a legitimate user's compromised
account continue being used illicitly, and the legitimate user can be
contacted to address the issue after which time the account can be
re-enabled.

Matt Harris|Infrastructure Lead Engineer
816-256-5446|Direct
Looking for something?
Helpdesk Portal|Email Support|Billing Portal
We build and deliver end-to-end IT solutions.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] mailop Digest, Vol 12, Issue 40

[Len Shneyder via mailop]

Hi Brielle,

Can you send me a full unredacted header and I'll take a look at what's
going on. I'm sorry you didn't get a response earlier to this.

Thanks!
-L



Message: 2
> Date: Tue, 20 Jul 2021 11:35:47 -0600
> From: Brielle 
> To: mailop@mailop.org
> Subject: Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid
> (ugh)
> Message-ID: <737bf486-f945-c64b-a7ef-9575e1f6d...@2mbit.com>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> These still seem to be coming in quite consistently...  Same Zoom
> sendgrid account.
>
> Any updates on whats going on with this, Luke?
>
>
>
> On 7/6/21 2:44 PM, Brielle via mailop wrote:
> > Here's the two that they all share:
> >
> > Return-path: 
> > Return-path: 
> >
> > (original unmunged version sent directly to you, Luke)
> >
> > I've got zoom messages via sendgrid being rejected via a system filter
> > currently, so there should be a bit of bounce messages going back at
> > Zoom/Sendgrid, but yet they still keep coming...
> >
> > Shouldn't there be some sort of required unsubscribe or report link at
> > the bottom of these?  I seem to remember legitimate zoom invitations and
> > such all have one?  But it's been a while.
> >
> > On 7/6/21 2:33 PM, Luke wrote:
> >> If you could share the return-path of the offending message, I can
> >> have it looked at.
> >>
> >> Cheers,
> >> Luke
> >>
> >> On Tue, Jul 6, 2021 at 11:39 AM Brielle via mailop  >> <mailto:mailop@mailop.org>> wrote:
> >>
> >> Hello,
> >>
> >> Anyone here have a contact for Zoom in re of webinar spam being sent
> >> from their platform via Sendgrid owned IPs?
> >>
> >> I'm rather unhappy with the fact they're allowing people to spam
> >> with no
> >> unsubscribe or report feature.
> >>
> >> I know Sendgrid is a hot steaming pile of dog excrement these days
> >> when
> >> it comes to spam, so the lack of reporting or unsubscribe link
> >> doesn't
> >> surprise me...
> >>
> >>
> >>
> Len Shneyder
> VP Industry Relations
> [image: Twilio] <https://www.twilio.com/?utm_source=email_signature>
> EMAIL l...@twilio.com
> TWITTER @LenShneyder <https://twitter.com/LenShneyder>
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So, Sendgrid / Zoom, planning on actually doing anything about webinar spams?

[Noel Butler via mailop]

On 09/01/2022 13:44, Brie via mailop wrote:


Hi Sendgrid and Zoom,

We've been over this before, multiple times...  But alas, it looks like 
that you neither of you seem to care a single bit about your services 
being used to send spams that can't be unsubscribed from.


Yep, I know you, Sendgrid, told me that you'd be working on it with 
Zoom.  And, as expected, nothing ever happened and they still keep 
coming.


Should I just give up hoping that anything will ever be done about it 
and blacklist Sendgrid and Zoom?


Because, lets be honest here, based on what others are reporting, it 
looks like that I'd have an easier time trying to broker world peace 
AND cure cancer than it would be to get you guys to deal with abuse 
from your network.


Yep.  This message is written in anger, and I'll probably be accused of 
being unprofessional.


But, frankly, if you (Sendgrid) or them (Zoom) ain't going to do jack 
shit, then don't fucking tell me you are "working on it".





Actually, I think you put it rather nicely, much more polite than I 
would, but how long has sendgrid been around, they still cant figure out 
how to add the auto submitted header so their junk doesnt get all those 
vacation replies, so you probably got years before they do anything.


Both of those slack arse companies have been blocked for 30 days here on 
and off a few times, no doubt they will be again because yep, their care 
factor = zero.


--
Regards,
Noel Butler

This Email, including attachments, may contain legally privileged 
information, therefore at all times remains confidential and subject to 
copyright protected under international law. You may not disseminate 
this message without the authors express written authority to do so.   
If you are not the intended recipient, please notify the sender then 
delete all copies of this message including attachments immediately. 
Confidentiality, copyright, and legal privilege are not waived or lost 
by reason of the mistaken delivery of this message.___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Sendgrid is giving others anti-abuse/security advice? Wow!

[Rob McEwen via mailop]

These questions! WOW! IS THIS FOR REAL? Don't get me wrong, I like Len 
Shneyder and I think he's a good person TRYING to do the right thing - 
but - considering what is coming FROM SendGrid in recent years, is this 
the right time to be giving OTHERS anti-abuse/security advice? Just... 
wow! I think they should instead consider trying to "lead by example". 
The world would certainly become a MUCH better place!
https://martechseries.com/mts-insights/tech-bytes/len-shneyder-twilio-sendgrid/ 



-- Rob McEwen, invaluement

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Gmail blocking of good customer

[John Levine via mailop]

It appears that Kelly Molloy via mailop  said:
>On Fri, Feb 24, 2023 at 7:14 PM Matt Palmer via mailop
> wrote:
>> That's something to talk to your ESP about.  They're in charge of retrying.
>
>Christine *is* the ESP.

She's at Shopify, but Sendgrid is the ESP.

Perhaps she can confirm with Sendgrid that they're not retrying 4xx and so
are losing customer mail.

Given how much mail I get from Sendgrid that should not have been sent in the
first place, I'm not inclined to push too hard on that point.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SendGrid is deleting your mail

[Michael Orlitzky via mailop]

On 2023-06-22 00:32:37, Sebastian Nielsen via mailop wrote:
> Why even send retry requests to SendGrid?
> Just accept the email, whats the problem?
> 
> If your antivirus or mail scanning solution requires some time,
> buffer the email at your server instead. I do understand it creates
> the problem of, when deciding to keep or trash the email, SendGrid
> client is long gone, And sending back an error would create
> backscatter.  But then, just silently trash the email if it is
> deemed virus or similar.

If your spam filter is perfect this can work. Otherwise, silently
deleting mail is not nice for our customers, is not nice for the
senders, and is illegal in some places.


> You could try using stream scanning and then when arriving at final
> decision, let client wait for some seconds before getting an scan
> result.

We already do this, and I don't see how it's relevant. The transaction
can still time out, and there are lots of other reasons why we might
send a 4xx.


> >>These are a pair of tickets for Hershey Park that a family has been waiting 
> >>on for two days:
> 
> Your fault. You rejected the email with "Please retry immediately" just to 
> mock with SendGrid.

They were going to get a 4xx anyway. I changed the message to *help*
SendGrid.


> If you have the possibility to set an IP to have custom reject text,
> you have the possibility to whitelist that IP (and/or domain) so
> mail pass unaffected.

Where do I find out what the IP/domain is? Is it in my mail logs,
*after* they've deleted the message? Durr
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SendGrid Abuse unresponsive

[Atro Tossavainen via mailop]

On Mon, May 04, 2020 at 08:49:32PM -0600, Will Boyd via mailop wrote:
> Hi Kyle,
> 
> I've located those tickets. It looks like a colleague did reply on
> Wednesday to 4218173 and the reply went to Angelo. I'm not on our abuse
> team but will ping them with both ticket numbers to follow up.

Thanks Will for picking up.

Any chance SendGrid might amend its ticket system so that there would
be autoreplies when tickets are created that showed issue numbers
connected with the original request, and/or that any further
correspondence would similarly include anything from the initial
conversation? As it stands, I receive "We resolved #78493284309284930"
and I have no way to tell what #78493284309284930 was on.

> 
> Will
> 
> On Mon, May 4, 2020 at 8:20 PM Kyle Thorne via mailop 
> wrote:
> 
> > Hi everyone,
> >
> > Is anyone from SendGrid on-list that can help with an abuse report that
> > has gone unanswered?
> >
> > We have two tickets with SendGrid that have *no response: *4218173 and
> > 4278230.
> >
> > This fraud account is phishing our users, so there's no reason SendGrid
> > shouldn't be able to suspend / ban this account.
> >
> > Anyone available to help with this?
> > [image: VentraIP Australia logo]
> >
> >
> > *Kyle Thorne*Chief Technical Officer \\ VentraIP Australia
> >
> > ___
> > mailop mailing list
> > mailop@mailop.org
> >
> > https://urldefense.com/v3/__https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop__;!!NCc8flgU!PA5pfJG6J5H3bnL4o7HBO_4WtTKIGCsdTv88PJGyiDXQYv4DLPkFQZqSPF0AXGbKgg$
> >
> 
> 
> -- 
> [image: sendgridlogo2.png] <https://sendgrid.com/>
> Will Boyd
> Sr. Email Deliverability Consultant

> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


-- 
Atro Tossavainen, Chairman of the Board
Infinite Mho Oy, Helsinki, Finland
tel. +358-44-5000 600, http://www.infinitemho.fi/

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SendGrid Abuse unresponsive

[Atro Tossavainen via mailop]

On Tue, May 05, 2020 at 02:15:07PM +, Andy Smith via mailop wrote:
> Hello,
> 
> On Tue, May 05, 2020 at 06:00:44AM +0300, Atro Tossavainen via mailop wrote:
> > Any chance SendGrid might amend its ticket system so that there would
> > be autoreplies when tickets are created that showed issue numbers
> > connected with the original request
> 
> It would also be great if SendGrid would include an abuse reporting
> URL in the headers of each message, specific to that message, i.e.
> that passes along all info that SendGrid would need to identify that
> campaign/client.

Personally, just the user ID that is in the envelope-from is fine
for me. I usually have spamtrap stuff to report and I am not planning
to click on any links that would reveal the receiving address.

> At present the process is to just forward the mail to
> abuse@sendgrid. It's great that they accept reports that way and I'm
> not suggesting that change, but a lot of the time clicking on one
> link is much faster and less error prone.

For those who don't have a problem with the ESP listwashing on behalf
of the spammy sender, sure.

>   implied that the recipient did not accept SpamCop reports. In fact
>   in that case it was that SpamCop didn't want to send reports to
>   Hetzner. So it is not possible to determine which side made the
>   decision to not allow those reports.

Did I say it yet that Hetzner is worse than useless?

-- 
Atro Tossavainen, Chairman of the Board
Infinite Mho Oy, Helsinki, Finland
tel. +358-44-5000 600, http://www.infinitemho.fi/

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Sendgrid is giving others anti-abuse/security advice? Wow!

[Camille - Clean Mailbox via mailop]

+1 :)

> Le 13 févr. 2021 à 01:21, Stefano Bagnara via mailop  a 
> écrit :
> 
> On Thu, 11 Feb 2021 at 18:49, Rob McEwen via mailop  
> wrote:
>> These questions! WOW! IS THIS FOR REAL? Don't get me wrong, I like Len 
>> Shneyder
>> and I think he's a good person TRYING to do the right thing - but - 
>> considering what is coming
>> FROM SendGrid in recent years, is this the right time to be giving OTHERS 
>> anti-abuse/security
>> advice? Just... wow! I think they should instead consider trying to "lead by 
>> example".
>> The world would certainly become a MUCH better place!
>> https://martechseries.com/mts-insights/tech-bytes/len-shneyder-twilio-sendgrid/
> 
> I didn't read anti-abuse and security advices in the article.
> 
> He's just talking about how DMARC evolved and the role of social
> engineering in phishing.
> 
> He's not even trying to let people guess Sendgrid is good at preventing 
> abuses.
> 
> no "Wow" here :-)
> 
> Stefano
> 
> -- 
> Stefano Bagnara
> Apache James/jDKIM/jSPF
> VOXmail/Mosaico.io/VoidLabs
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] mailop Digest, Vol 12, Issue 40

[Atro Tossavainen via mailop]

On Tue, Jul 20, 2021 at 01:09:16PM -0700, Len Shneyder via mailop wrote:
> Hi Brielle,
> 
> Can you send me a full unredacted header and I'll take a look at what's
> going on. I'm sorry you didn't get a response earlier to this.

I know I'm not Brielle but I'd like to confirm that Zoom is sending quite
a bit to our spamtraps too.

Unredacted headers are not forthcoming as we're not interested in
revealing spamtraps.

I should also say that I find it offensive for SendGrid support employees
to ask for the same in support responses, which seems to be the new normal
these days. An ESP does not need to know who was spammed in order to take
a look into the matter.

You do need to know which one of your customers is being discussed, and
that information I have no problem handing out. The overwhelmingly most
common X-Entity-ID in .zoom.us emissions from SendGrid is

X-Entity-ID: 7mxhBNMkQ9yfwz0A5+NG7Q==

for which the corresponding user ID number is

Return-Path: https://www.mail-archive.com/mailop@mailop.org/msg10376.html

but have to keep coming back to the topic. I conclude it's not because
ZenDesk doesn't support doing that. I have ideas about what else it
could be, but I would love it if I was wrong on all of them.

> 
> Thanks!
> -L
> 
> 
> 
> Message: 2
> > Date: Tue, 20 Jul 2021 11:35:47 -0600
> > From: Brielle 
> > To: mailop@mailop.org
> > Subject: Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid
> > (ugh)
> > Message-ID: <737bf486-f945-c64b-a7ef-9575e1f6d...@2mbit.com>
> > Content-Type: text/plain; charset=UTF-8; format=flowed
> >
> > These still seem to be coming in quite consistently...  Same Zoom
> > sendgrid account.
> >
> > Any updates on whats going on with this, Luke?
> >
> >
> >
> > On 7/6/21 2:44 PM, Brielle via mailop wrote:
> > > Here's the two that they all share:
> > >
> > > Return-path: 
> > > Return-path: 
> > >
> > > (original unmunged version sent directly to you, Luke)
> > >
> > > I've got zoom messages via sendgrid being rejected via a system filter
> > > currently, so there should be a bit of bounce messages going back at
> > > Zoom/Sendgrid, but yet they still keep coming...
> > >
> > > Shouldn't there be some sort of required unsubscribe or report link at
> > > the bottom of these?  I seem to remember legitimate zoom invitations and
> > > such all have one?  But it's been a while.
> > >
> > > On 7/6/21 2:33 PM, Luke wrote:
> > >> If you could share the return-path of the offending message, I can
> > >> have it looked at.
> > >>
> > >> Cheers,
> > >> Luke
> > >>
> > >> On Tue, Jul 6, 2021 at 11:39 AM Brielle via mailop  > >> <mailto:mailop@mailop.org>> wrote:
> > >>
> > >> Hello,
> > >>
> > >> Anyone here have a contact for Zoom in re of webinar spam being sent
> > >> from their platform via Sendgrid owned IPs?
> > >>
> > >> I'm rather unhappy with the fact they're allowing people to spam
> > >> with no
> > >> unsubscribe or report feature.
> > >>
> > >> I know Sendgrid is a hot steaming pile of dog excrement these days
> > >> when
> > >> it comes to spam, so the lack of reporting or unsubscribe link
> > >> doesn't
> > >> surprise me...
> > >>
> > >>
> > >>
> > Len Shneyder
> > VP Industry Relations
> > [image: Twilio] <https://www.twilio.com/?utm_source=email_signature>
> > EMAIL l...@twilio.com
> > TWITTER @LenShneyder <https://twitter.com/LenShneyder>
> >

> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop


-- 
Atro Tossavainen, Chairman of the Board
Infinite Mho Oy, Helsinki, Finland
tel. +358-44-5000 600, http://www.infinitemho.fi/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SendGrid is deleting your mail

[Michael Orlitzky via mailop]

On Sat, 2023-06-24 at 08:42 +, Andy Smith via mailop wrote:
> 
> In the specific case at hand it seems that the OP is greylisting
> SendGrid for being on some sort of blocklist, and the specific
> mention of "blacklist" in the 4xx response is hitting a SendGrid
> heuristic that says "don't bother to retry these", so messages are
> actually being lost. I think it has implications beyond greylisting.
> 

We're not greylisting them for being on a blacklist, they'd just get
rejected in that case. The blacklist text is there for the people who
get a 5xx reject.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid abuse forwarding to Google - not one of your brightest ideas

[Jay Hennigan via mailop]

On 3/22/23 01:35, Hans-Martin Mosner via mailop wrote:

I tried to report a phishing spam to Sendgrid, and look what I got:

- The following addresses had permanent fatal errors -

 (reason: 552-5.7.0 This message was blocked because its content presents a 
potential)

- Transcript of session follows -
... while talking to aspmx.l.google.com.:


With the amount of spam coming from Sendgrid, do you think they even 
look at the ones that get through?


--
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Re: Sendgrid again...

[Grant Taylor via mailop]

On 1/22/21 10:51 AM, Gregory Heytings via mailop wrote:
That's correct, but in that case what Sendgrid should do is to use a 
specific subdomain for abuse reports, e.g. use ab...@abuse.sendgrid.com 
instead of ab...@sendgrid.com, and run their own mailserver on 
abuse.sendgrid.com.  If two other mail providers filter reports before 
they reach Sendgrid it defeats the purpose of an abuse contact.


Drive by comment:

1)  What about standardizing on something like 
(@)unfiltered.example.net, and
2)  Configuring @example.net with an auto-responder (very early in 
the stack) stating to use #1.




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Mystery SPF softfail at gmail.

[Luke Martinez]

Hey team,

I've got an interesting SPF softfail occurring for one of our senders.

This softfail is readily repeatable and seems to be isolated to this single
sender.

All necessary records are in place, and their mail passes SPF at all major
inbox providers other than gmail.

Last resort seems to be a DNS lookup failure on Gmail's side. Can anyone
see if I'm missing something silly?

Thanks for your time!

Below is a full header:



> Delivered-To: luke.marti...@sendgrid.com
> Received: by 10.37.10.5 with SMTP id 5csp545399ybk;
> Tue, 17 Nov 2015 06:47:00 -0800 (PST)
> X-Received: by 10.107.10.233 with SMTP id
> 102mr38147900iok.31.1447771620037;
> Tue, 17 Nov 2015 06:47:00 -0800 (PST)
> Return-Path:  sendgrid@email.domain.com>
> Received: from o1.mail_sg1.DOMAIN.com (o1.mail_sg1.DOMAIN.com.
> [167.89.67.186])
> by mx.google.com with ESMTPS id
> f11si24972237ioj.131.2015.11.17.06.46.59
> for 
> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
> Tue, 17 Nov 2015 06:46:59 -0800 (PST)
> Received-SPF: softfail (google.com: best guess record for domain of
> transitioning bounces+2035510-7255-luke.martinez=
> sendgrid@email.domain.com does not designate 167.89.67.186 as
> permitted sender) client-ip=167.89.67.186;
> Authentication-Results: mx.google.com;
>spf=softfail (google.com: best guess record for domain of
> transitioning bounces+2035510-7255-luke.martinez=
> sendgrid@email.domain.com does not designate 167.89.67.186 as
> permitted sender) smtp.mailfrom=bounces+2035510-7255-luke.martinez=
> sendgrid@email.domain.com;
>dkim=pass header.i=@DOMAIN.com;
>dmarc=pass (p=NONE dis=NONE) header.from=DOMAIN.com
> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=DOMAIN.com;
>   h=content-type:from:mime-version:subject:to; s=m1;
>   bh=9pEwAB7wqoG5R88T7P/hW0cn0vg=; b=nU5wIVQOhrCw9obvdFNePBXYVtVRZ
>   w4ZRkebUzg+gPmeOPPPVY97NnYUJvg0wSX4nxgoBZCeORxpfQgPGlurZbL4cbNDH
>   kVZJ85hrHCCNxe2mgqSj6WPES1BppblBwLeeCi3I4/YVMrZInckQ+EoBX/JtV+H8
>   f1E8xty32c/sSQ=
> Received: by filter0494p1mdw1.sendgrid.net with SMTP id
> filter0494p1mdw1.32759.564B3DCA2A
> 2015-11-17 14:46:34.302768619 + UTC
> Received: from MjAzNTUxMA (o16789125x222.outbound-mail.sendgrid.net
> [167.89.125.222])
>   by ismtpd0006p1iad1.sendgrid.net (SG) with HTTP id
> Qc2SQ2SmT1GH_bTla6DiMg
>   for ; Tue, 17 Nov 2015 14:46:34.248 +
> (UTC)
> Content-Type: multipart/alternative;
> boundary=3a3da2a7878431dd1b945889881ae3216018141f8c0222fd3cf0d5daa3b3


-- 

Luke Martinez
SendGrid Deliverability Consultant
520.400.5693
___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] SendGrid Abuse unresponsive

[Luke via mailop]

The very first reply to this thread was from a SendGrid representative.
They generally respond pretty quickly any time they are mentioned here.

Luke

On Mon, May 11, 2020 at 11:24 AM Brielle via mailop 
wrote:

> On 5/11/2020 11:45 AM, Matt V via mailop wrote:
> > On 2020-05-05 11:09 p.m., Andy Smith via mailop wrote:
> >
> > I've been told by at least one Sendgrid person that they have requested
> > membership to the list and are awaiting administrator approvals...
> >
> >
>
> Better late than never I guess...
>
> --
> Brielle Bruns
> The Summit Open Source Development Group
> http://www.sosdg.org/ http://www.ahbl.org
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Sendgrid and phishing

[Alan Hodgson via mailop]

On Wed, 2020-06-17 at 08:55 -0500, Michael Rathbun via mailop wrote:
> On Wed, 17 Jun 2020 14:00:35 +0100, Tim Bray via mailop w
> rote:
> > Anybody else seeing increase phishing through sendgrid?  They look fairly
> > convincing.
> 
> General spam (several per week) and phishing, especially some very nicely
> done"Reconfirm you Netflix payment method" at several per day.
> Pointing out to users reporting these that blocking Sendgrid entirely
> (thetemptation arises) would take out the SG traffic that is highly desired
> (atleast 70%).

Yeah. Tempting though. I got a dozen phishes literally From: 
supp...@amazon.com from them a few weeks ago.

Just zero attempt to authenticate senders it seems.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Sendgrid again...

[Hans-Martin Mosner via mailop]

Am 22.01.21 um 15:22 schrieb Andrew C Aitchison via mailop:
>
> Are you sure that it was Sendgrid that blocked the message ?
> Looks to me as if ab...@sendgrid.com is hosted at gmail and
> it was *gmail* that objected to the content ...
>
> Or am I misunderstanding something ? 

No, of course you're right.

But forwarding an abuse address that is somewhat expected to receive 
problematic content to a service that tries to keep
such content out of their users' mailboxes doesn't really look very 
professional, and even if it isn't technically
Sendgrid who perform the filtering this approach has the effect of putting a 
content filter on the abuse mailbox.

Cheers,
Hans-Martin

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] [OFFLIST] Re: Delisting request from sendgrid customer about ip used in recent phishing campaign.

[Michael Peddemors via mailop]

Hi Len,

We have been extremely busy over here, so I haven't had a chance to 
circle back around, but for the record, volumes are still excessive, and 
our team is detected malicious, easily identifiable spam on a regular 
basis..


Received: from o2.hv1nn.shared.sendgrid.net (HELO 
o2.hv1nn.shared.sendgrid.net) (167.89.100.17)


From: "Mail Server" 


X-SG-EID: 
vCX7tmYXiV6kNiEMv3qHLBZRLdYJGTdPfZ+ASpLC2jlG9kE530AO6U3R7PsFrIheAMiGeiDLpIrmnS


RtlTY9CPxuYA7jT9E8Ee9Z81oSV3MmJC7ZUECs1XZlAETd6NeSOstLUJ7UQ4jo2Ys24TNjIMqW8x/S

5g6P+GvuzeFiLbRUsQ/krrt44O8WIQGsu5Nn5EjdhrjVbxRlhfjWywOToii0B5jLVHVGPl61bljt1M
 U=

Do you want to circle around to talking about how we can create 
automated reports of these for your company?


On 2020-08-11 9:22 a.m., Len Shneyder via mailop wrote:

Hello Benoit and Hokan,

Thanks for pointing this out and I'm sorry you're still seeing what 
sounds like a high volume of phish. I've asked our fraud ops team to 
investigate this. In the future if you could send suspicious emails to 
ab...@sendgrid.com <mailto:ab...@sendgrid.com> we will get this handled. 
Feel free to CC me when you do this to make sure these are handled quickly.


We've instituted some self-limiting features on our front door that 
should've decreased the overall volume of abuse. This is a stop gap 
measure as we roll out some other countermeasures in the next few weeks. 
Could you let me know if you have seen a perceptible drop in volume and 
velocity between June and July when this was rolled out?


Again, I want to assure you that there is a massive effort happening 
here to address the problems you are seeing. I'm happy to meet off list 
and discuss this further and help you understand what we're working on 
if that would be helpful. Again, thank you for your patience and please 
don't hesitate to contact me when you see any of these issues arise.


Best,
-L

Len Shneyder
VP Industry Relations
Twilio <https://www.twilio.com/?utm_source=email_signature>
EMAIL   l...@twilio.com <mailto:l...@twilio.com>
TWITTER @LenShneyder <https://twitter.com/LenShneyder>

Message: 6
Date: Tue, 11 Aug 2020 16:53:46 +0200
From: Benoit Panizzon <mailto:benoit.paniz...@imp.ch>>

To: mailop@mailop.org <mailto:mailop@mailop.org>
Subject: [mailop] Delisting request from sendgrid customer about ip
         used in recent phishing campaign.
Message-ID: <20200811165346.4e775...@go.imp.ch 
<mailto:20200811165346.4e775...@go.imp.ch>>

Content-Type: text/plain; charset=UTF-8

Hi List

o1678912x138.outbound-mail.sendgrid.net 
<http://o1678912x138.outbound-mail.sendgrid.net/> [167.89.12.138] and IP 
under

control of sendgrid was repeatedly involved in phishing and other spam
since June.

It ended up being blacklisted @ SWINOG.

Now a sendgrid customers complains to us, that his emails are being
rejected because of this listing.

But that makes me wonder: Doesn't sendgrid deal with such issues like
asking for delisting after blocking the sender itself and re-uses
recently (last phish received on 14. July) 'abused' ip addresses for
other customers?

Mit freundlichen Grüssen

-Benoît Panizzon-
--
I m p r o W a r e   A G    -    Leiter Commerce Kunden
__

Zurlindenstrasse 29             Tel  +41 61 826 93 00
CH-4133 Pratteln                Fax  +41 61 826 93 01
Schweiz                         Web 
https://urldefense.com/v3/__http://www.imp.ch__;!!NCc8flgU!Jyb1oWP7APkgX0rrc5NFacUfW0Yu4XeA1B6Dcl0IJWNPlcXIUaIq9196yCI$

__



--

Message: 7
Date: Tue, 11 Aug 2020 10:20:47 -0500
From: Hokan mailto:ho...@me.umn.edu>>
To: mailop@mailop.org <mailto:mailop@mailop.org>
Subject: Re: [mailop] Delisting request from sendgrid customer about
         ip used in recent phishing campaign.
Message-ID: <20200811152047.ga7...@me.umn.edu 
<mailto:20200811152047.ga7...@me.umn.edu>>

Content-Type: text/plain; charset=iso-8859-1

I've instituted short-term blocks of Sendgrid mail several times this year
and started another today because it looks like as much as a third of the
mail they've sent us in the past week has been evil -- mostly phishing.

This is a problem for me because some of the mail Sendgrid sends is
wanted by my users.  I'm thinking about just accepting it all and filing
it into user spam folders.

I see that the IP you mention, Benoit, is currently listed on the SBL and
Spamcop.


On Tue, Aug 11, 2020 at 04:53:46PM +0200, Benoit Panizzon via mailop wrote:

Hi List

o1678912x138.outbound-mail.sendgrid.net 
<http://o1678912x138.outbound-mail.sendgrid.net/> [167.89.12.138] and IP 
under

control of sendgrid was repeatedly involved in phishing and other spam
since June.

It ended up being blacklisted @ SWINOG.

Now a sendgrid customers complains to us, that 

Re: [mailop] Gmail marking email from me as spam

[Jaroslaw Rafa via mailop]

Dnia  7.10.2019 o godz. 10:43:14 Scott Techlist via mailop pisze:
> 
> What about relaying outbound mail via services like Sendgrid?  Not sure it
> that will make it better, or worse since they send marketing stuff.  And
> Google probably looking at the source server headers anyway.

Myself I hate Sendgrid, as their sending servers behave in a way that's
incompatible with greylisting. I use greylisting on my server and I have to
constantly add domains that use Sendgrid to exceptions list, otherwise I
can't receive mail from them.

The issue is, when a message is greylisted, the greylisting daemon
expects that the sending server will retry after a few minutes *from the
same IP address*.
What Sendgrid does, they retry *immediately* and *from a completely
different IP address*, which only causes another entry in the greylisting
database to be initiated. After a few such unsuccessful attempts they give
up on delivering mail, so it never reaches me as the recipient.

Some time ago I tried to contact them about the issue, but it seems that
they even don't understand it at all...
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Just how does SendGrid fail this badly?

[Ángel via mailop]

On 2020-08-20 at 09:35 +0200, Hans-Martin Mosner via mailop wrote:
> Am 20.08.20 um 09:10 schrieb Benoit Panizzon via mailop:
> >
> > Return-Path: 
> >
> > Does the c581 part also belong to the account id?
> No, it's a short hash to verify that bounces were indeed caused by
> mails actually sent from sendgrid. For example,
>  and  +6019856-0d96-@sg.e.doodle.com> are doodle notifications
> sent to two different mail addresses. I don't know whether the time
> also takes part in the hash computation (as in SRS).

I see the same later part when the destination is the same recipient,
hours and even months later, so the time isn't computed there.
I thought that it might be an index of the "subscriber" into the
customer list.

The same account, spammed by different sendgrid accounts, has different
suffixes, but that's not surprising.

I don't get much sendgrid spam when compared with other people, but
today it was quite prolific:

17045745 - "you have been gifted $5 MILLION USD From Mr. Bill Gates" +
"CONGRATULATION TO YOU" (20 Italian billionaries donating money)
9364509 - "To prevent your email from closing, please verify your account 
details below"
13001617 - This is a plain-spam account. Today it was for
recharge-mobile.co spam, which mixes with a shop of earrings, bracelets, etc. 


Best regards


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [External] sendgrid.net

[Anne P. Mitchell, Esq. via mailop]

> I've been very saddened.  Sendgrid was a reputable ESP that has fallen
> from grace.  About 6-7 months ago, we started seeing pretty large
> amounts of spam from them.

Exactly - this tracks with the timeline when a) they ceased being certified by 
us, b)  certain key people who *had* been involved with making sure that 
SendGrid did the right thing left, and then c) they were acquired by Twilio.  
Acquisitions of reputable players in the email space generally lead to a 
decline in how white hat they are, because of course the acquirers are almost 
always only (or at least primarily) interested in a return on their $ 
investment (witness Habeas).

>  I've personally tried reaching out to Twilio / Sendgrid leadership to alert 
> them to the issue.

I did as well, and was assured that they have a unit whose task it is to ensure 
all Sendgrid/Twilio communications are "wanted, secure and legal."  

Sigh.

Anne

--
Anne P. Mitchell,  Attorney at Law
CEO, SuretyMail Email Reputation Certification
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
Advisor, Governor's Innovation Response Team Task Force
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)





___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] I understand less and less why I accept any mail at all from Sendgrid

[Michael Peddemors via mailop]

On 2022-08-15 17:42, Stuart Henderson via mailop wrote:

yes yes, but the point is that Twilio SendGrid are allowing their services
to be used by whoever is sending this. With a website saying things like
"We take trust and security seriously" and "With the industry’s largest
team of delivery experts monitoring your sender reputation" they don't
pick up on this?


hehehe.. had a SendGrid user complain that they had to report the shared 
IP on one of our reputation lists after a couple days, since SendGrid 
didn't bother removing it..


Always wonder how they don't notice when they are listed?  Are they just 
listed at too many places to deal with? hehehe



--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Gmail blocking of good customer

[Benny Pedersen via mailop]

Matt Palmer via mailop skrev den 2023-02-25 01:01:

[Fixed TOFU]

On Fri, Feb 24, 2023 at 03:57:00PM -0500, Christine Borgia via mailop 
wrote:
On Fri, Feb 24, 2023 at 1:09 PM Benny Pedersen via mailop 


wrote:

> Christine Borgia via mailop skrev den 2023-02-24 17:17:
>
> >>> 421 4.7.0 [149.72.90.158 15] Our system has detected that this
>
> > If someone could reach out to me, I'd greatly appreciate it. I'm not
> > sure what to advise this customer except to say that email may not
> > work for their business model.
>
> note 421 4.7.0 ?
>
> this is softfails not hardfails, so mail in queue will try next 5 days
> to deliver it, if that expire it would be returned to sender

It is transient, but they are blocks and are not retried. Weird, 
right?


That's something to talk to your ESP about.  They're in charge of 
retrying.


in this case esp is sendgrid, with will not as i see it accept msg if 
google tempfails it ? :=)


in postfix its proxy content filter, that is not the problem of 
tempfails for the sender to sendgrid, same will happend if i stop fuglu 
here


or it could simple be sendgrid validate recipients but never succed with 
it on google ?


time to wake up for sendgrid :)
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SendGrid Abuse unresponsive

[Chris via mailop]

I'm seeing a very significant drop off of sendgrid-originated spam. 
Couple of minor phish/419 in the past 24 hours.


Anybody else?

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Just how does SendGrid fail this badly?

[Carl Byington via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Tue, 2020-08-18 at 12:03 +, Andy Smith via mailop wrote:
> From: "chiark.greenend.org.uk" 

So sendgrid account 15204622 was sending mail as:

Received: from dhl.com (unknown)
by ismtpd0005p1lon1.sendgrid.net (SG)
with ESMTP id 0c6xV8agQF6yK8GOsXvJLw
for <$munged>;
Tue, 18 Aug 2020 05:18:02.219 + (UTC)
From: DHL 
Subject: Shipment for $munged

They allow outbound mail with a from: header in dlh.com, even though:

dig _dmarc.dhl.com txt +short
reject.valimail.dmarc.dhl.com.
"v=DMARC1; p=reject; fo=0; rua=mailto:dmarc-
repo...@dhl.com,mailto:dmarc_agg@vali.email;";

dhl is asking folks to reject that mail, but sendgrid tries to send it
anyway.



-BEGIN PGP SIGNATURE-

iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCXzxJQxUcY2FybEBmaXZl
LXRlbi1zZy5jb20ACgkQL6j7milTFsF+zwCeIBJRw3/ZgyaPCN/kJlrI/GwJUQAA
n1iFbtwcnyTT5DMfm6iD6GDY78BM
=LLN0
-END PGP SIGNATURE-



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Gosh, I love sendgrid

[Mark Fletcher via mailop]

On Mon, Dec 21, 2020 at 9:53 PM Rob McEwen via mailop 
wrote:

>
> The moment "spam" gets away from "consent" and goes into "content"
> (specifically *legal* content) - there are enormous problems - because
> it then becomes one person's often very subjective opinion - against
> another' subjective opinion - about the content. So I 100% strongly
> disagree with this opinion that Sendgrid should be the political
> "thought police" for LEGAL content that is sent from their platform.


I've never understood this line of thinking. Sendgrid is not the
government. It's a company. If you disagree with whatever choices they make
about how they run their company, you can go somewhere else.

Mark
(whose service most definitely does not allow some types of legal content)
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Seeing broken Content-Type headers from sendgrid

[Ryan Harris via mailop]

Hello Tobi,

Your friendly sendgrid community member here. Could you send me headers off
list? Would love to see what you are experiencing.

Thanks for your help.


Ryan

On Mon, Apr 29, 2019, 6:02 AM Tobi via mailop  wrote:

> We're currently seeing quite a bunch of messages from
> no-re...@sendgrid.net which contain broken Content-Type headers like
>
> > Content-Type: multipart/report; report-type=delivery-status;
> > Date: Mon, 29 Apr 2019 10:09:15 UTC
> >  boundary="2821519d3987dfb8"
> > Content-Transfer-Encoding: binary
>
> boundary belongs to Content-Type.
> This will cause problems with any message parsing application that
> expects proper mime structure.
>
> Anyone else seeing such broken headers from sendgrid?
>
> --
> tobi
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [External] Re: SendGrid Abuse unresponsive

[Kevin A. McGrail via mailop]

On 5/5/2020 5:50 PM, Carl Byington via mailop wrote:
> On Tue, 2020-05-05 at 07:48 -0700, Michael Peddemors via mailop wrote:
> > This is a little too obvious, and while historically SendGrid ran a
> > tight ship, and got a little lee way from spam auditors.. it's getting
> > very bad, and going on for too long.. risking loosing any preferential
> > treatment..
>
> It is bad enough that our local spamassassin rules add 5 points if the
> message is dkim signed by sendgrid.net.
>
We have rules for sendgrid as well in KAM.cf due to the prevalence for
abuse.  If you are using Apache SpamAssassin and the KAM.cf ruleset
(https://mcgrail.com/downloads/KAM.cf), I'd love to see spamples that
get through.

Regards,

KAM


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SendGrid Abuse unresponsive

[Carl Byington via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Tue, 2020-05-05 at 15:06 -0700, Jay Hennigan via mailop wrote:
> On 5/5/20 14:30, Blake Hudson via mailop wrote:
> > Been getting a variety of Amex scams for several weeks via SendGrid.
> > Wish they had a better reporting mechanism.

> The reporting mechanism is fine. There just isn't anyone who cares on
> the other end of it.

It also seems that there is NO outbound spam filtering at all. Consider
this one, a standard lottery commission spam:

Subject: Claim Winning Now!
From: Elizabeth 
Date: Sun, 10 May 2020 18:42:30 + (UTC)
Reply-To: mallettte...@yahoo.com

Really sendgrid - you allow a From: header of xx@yy ??


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEAREKAAYFAl64WAYACgkQL6j7milTFsG+OgCcDLWxhx92xN9Uuc/Nxg0Y344S
ufoAn3Z+togXTmc3S2tyAgvIwu1CJbZE
=qP1n
-END PGP SIGNATURE-



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Just how does SendGrid fail this badly?

[Hans-Martin Mosner via mailop]

It's in the envelope sender, which your mail system probably doesn't 
preserve when it stores mail. Traditional mbox format has it in the 'From ' 
line.


Cheers,
Hans-Martin

Am 18. August 2020 20:03:46 schrieb Carl Byington via mailop 
:



-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Tue, 2020-08-18 at 15:23 +0300, Atro Tossavainen via mailop wrote:

The SendGrid account sending these yesterday is 13999362.


Where do you find that account number in the headers? I see some from
today with "Upgrade (FINAL WARNING)" in the subject, but no indication
of any sendgrid account number.


-BEGIN PGP SIGNATURE-

iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCXzwT2hUcY2FybEBmaXZl
LXRlbi1zZy5jb20ACgkQL6j7milTFsFoigCeONxnBFkM/QJI3Mky1A9XafBR+IQA
oIUMyZCHGvGEjasL9fCb22Njyfer
=+kBp
-END PGP SIGNATURE-



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Gosh, I love sendgrid

[Jay Hennigan via mailop]

On 12/21/20 18:55, John Levine via mailop wrote:


Also, while the Skokie march was phenomenally offensive, at that time
there was no issue of physical harm or injury from the march. But now,
when antivax nonsense persuades people who would otherwise get
vaccinated that they shouldn't, they or people they infect may die.


And, it's spam. Regardless of the offensiveness or danger of the 
conTent, there was no conSent.



The politest term I have for Sendgrid's actions here is deeply irresponsible.


Agreed, but not solely because of the content of the message. It, like 
much of what comes from Sendgrid, is bulk unsolicited email. Sendgrid 
are spammers. It doesn't matter whether they spam encouraging or 
discouraging COVID vaccination, it's still spam.


--
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid again...

[Jay Hennigan via mailop]

On 1/22/21 06:38, Hans-Martin Mosner via mailop wrote:


But forwarding an abuse address that is somewhat expected to receive 
problematic content to a service that tries to keep
such content out of their users' mailboxes doesn't really look very 
professional, and even if it isn't technically
Sendgrid who perform the filtering this approach has the effect of putting a 
content filter on the abuse mailbox.


You're assuming that Sendgrid actually cares about or reads abuse 
complaints in the first place. The spam is a steady flow, nothing new. 
In Sendgrid's case, filtering abuse complaints through Google may well 
be by design. They just as well could have used Mailinator considering 
the amount of attention they give complaints of abuse.


--
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid is giving others anti-abuse/security advice? Wow!

[Noel Butler via mailop]

On 12/02/2021 04:26, Stefano Bagnara via mailop wrote:


On Thu, 11 Feb 2021 at 18:49, Rob McEwen via mailop

He's not even trying to let people guess Sendgrid is good at preventing 
abuses.


Why would he? because they are not good at it, sendgrid are blocked 
here, have been for w months


--
Regards,
Noel Butler

This Email, including attachments, may contain legally privileged 
information, therefore at all times remains confidential and subject to 
copyright protected under international law. You may not disseminate 
this message without the authors express written authority to do so.   
If you are not the intended recipient, please notify the sender then 
delete all copies of this message including attachments immediately. 
Confidentiality, copyright, and legal privilege are not waived or lost 
by reason of the mistaken delivery of this message.___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid (ugh)

[Luke via mailop]

If you could share the return-path of the offending message, I can have it
looked at.

Cheers,
Luke

On Tue, Jul 6, 2021 at 11:39 AM Brielle via mailop 
wrote:

> Hello,
>
> Anyone here have a contact for Zoom in re of webinar spam being sent
> from their platform via Sendgrid owned IPs?
>
> I'm rather unhappy with the fact they're allowing people to spam with no
> unsubscribe or report feature.
>
> I know Sendgrid is a hot steaming pile of dog excrement these days when
> it comes to spam, so the lack of reporting or unsubscribe link doesn't
> surprise me...
>
>
>
> --
> Brielle Bruns
> The Summit Open Source Development Group
> http://www.sosdg.org/ http://www.ahbl.org
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SendGrid Abuse unresponsive

[Atro Tossavainen via mailop]

On Thu, May 21, 2020 at 09:29:02AM -0400, Chris via mailop wrote:
> Atro, what was Y axis?  Individual emails?  10's?  100's?

More than that. Still only a drop in the ocean when it comes to an ESP
that sends billions a day, of course. We are no Microsoft or Google.

> And you just seemed to say that it was all sendgrid, not taking into
> account whether it was spam or not.  Correct?

Any mail received at our spamtraps, of whose composition you might
have a fairly decent idea, identified as being sent by SendGrid. As
I said and you quoted it back at me, 

>> So, it bears to be remembered that the graph I shared is of the total
>> number of mail detected as SendGrid only, with absolutely no comment
>> on which customers it was or whether the mail was legit ESP customer
>> mail or in any manner any stuff that an ESP would normally not expect
>> to be sending in the first place.

So, as to whether it was spam or not: you have to indicate your definition
of spam first, and then it becomes possible to at least attempt to have
that conversation with respect to this data.

-- 
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
Tallinn, Estonia
tel. +372-5883-4269, http://www.koliloks.eu/

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [External] sendgrid.net

[Jay Hennigan via mailop]

On 9/25/20 11:50, Anne P. Mitchell, Esq. via mailop wrote:



I've been very saddened.  Sendgrid was a reputable ESP that has fallen
from grace.  About 6-7 months ago, we started seeing pretty large
amounts of spam from them.


Exactly - this tracks with the timeline when a) they ceased being certified by 
us, b)  certain key people who *had* been involved with making sure that 
SendGrid did the right thing left, and then c) they were acquired by Twilio.  
Acquisitions of reputable players in the email space generally lead to a 
decline in how white hat they are, because of course the acquirers are almost 
always only (or at least primarily) interested in a return on their $ 
investment (witness Habeas).


If, after months of abuse, receivers continue to take the attitude that 
the relatively small amount of wanted mail coming from Sendgrid is an 
obstacle to a complete block, we are simply acting as enablers and there 
is no incentive for them to get a handle on the problem.


IMHO, Sendgrid doesn't consider it to be a problem, they consider it to 
be a feature. As long as the spammers' and phishers' checks don't bounce 
they're happy to accommodate them. As long as the rest of the Internet 
continues to take their abuse, they will continue to dish it out.


--
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop