Re: [mailop] SendGrid is deleting your mail
>> They were going to get a 4xx anyway. I changed the message to *help* >> SendGrid. Yes but if you can change the message for SendGrid only, you can accept the mail and let it through >> Where do I find out what the IP/domain is? Is it in my mail logs, Apparently you were able to send custom text to just SendGrid. Then you have some rule to be able to differentiate SendGrid mail from other mail. Thus you just accept it. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] SendGrid is deleting your mail
On 2023-06-22 02:05:40, Sebastian Nielsen via mailop wrote: > >> They were going to get a 4xx anyway. I changed the message to *help* > >> SendGrid. > > Yes but if you can change the message for SendGrid only, you can > accept the mail and let it through... Apparently you were able to > send custom text to just SendGrid. Then you have some rule to be > able to differentiate SendGrid mail from other mail. Thus you just > accept it. I was unclear then. I patched the mail server to change the 4xx text that we send to everyone, but I changed it only to help SendGrid. I have no way to know ahead of time who is using SendGrid. Some senders, like GitHub, have dedicated servers and send us enough mail that, over time, I have been able to whitelist all(?) of them. This helps but is not enough: * I can't whitelist a server until we've lost a message from it. The way I find out that there's a server to whitelist is that a customer calls to let us know that he's missing an important piece of mail from it (e.g. the Hershey Park tickets). * Continuing the example, GitHub is constantly adding/changing servers. When they do, we're at risk of losing mail until we can whitelist the new addresses. * The non-dedicated SendGrid servers cannot be whitelisted, because almost all mail from non-dedicated SendGrid servers is spam. * I think you're assuming that most of our 4xx errors are from the spam filter or from overzealous action on my part to make a point; they're not. We update kernels, reload AV signatures, have databases go down, accidentally crash postfix during OS upgrades, typo config files, etc. All of those result in 4xx errors and whitelisting does nothing to help. The bottom line is that avoiding 4xx *entirely* is impossible, even if I could reduce them somewhat at great expense. If nothing else, then in those unavoidable scenarios, you have to agree that SendGrid has a responsibility not to delete important mail. But they do. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Recommendations for mail campaign services
They are not known for having a positive reputation in general. If you search the archives of this list, you will see various experiences people have had. I have a vendor who used SendGrid to send notifications for their app to my agency. The SendGrid mail server ip’s would be blacklisted with my email sec provider. Vendor asks me to Whitelist all of SendGrid, I tell them to go pound sand due the various issues with SendGrid that exist. Vendor gets a dedicated IP, problem solved. > On May 5, 2021, at 3:43 PM, micah via mailop wrote: > > On 2021-05-05 14:43:35, Brian Weir via mailop wrote: >> I would definitely stay away from SendGrid unless you get a dedicated IP. > > Can you say more about why that is? I'm curious to know more about > how blocked/unblocked SendGrid is > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Sendgrid and phishing
Hi, Anybody else seeing increase phishing through sendgrid? They look fairly convincing. A few paypals, and a few amazons. I thought sendgrid were ok? Has somebody leaked a big pile of sendgrid usernames and passwords or something? -- Tim Bray Huddersfield, GB t...@kooky.org ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Gmail inboxing help
Am 18.02.21 um 15:22 schrieb Lauren Donovan via mailop: > Hi Everyone, > > I am wondering if someone here might have some insight into an issue I am > experiencing with Gmail customers. Here are > the details: > > 1.) When the customers click to opt-in on our form page, they are sent a > confirmation via a Smartertools email. > 2.) We use SendGrid to email them in the future with newsletters, tools, and > other marketing information. > 3.) We just aren't inboxing with Gmail. Never have, despite the customer > opting in. > > Questions: > 1.) Can anyone recommend a solution? > 2.) Should we be integrating SmarterTools and SendGrid so the confirmation > email comes directly from SendGrid, and > thus, follow-up emails aren't from a cold, third-party sender? > 3.) Should confirmation emails come from SendGrid and we drop Smartertools > altogether? > > So grateful for any advice. > > Lauren Not being Gmail or SendGrid, it's hard to give reliable advice. Do you get feedback from SendGrid about SMTP reject reasons they get from Gmail? That might be a first hint on what to change. One thing you should be aware of is that SendGrid has gained a bit of a bad reputation recently due to their apparent inability to curb spam and phishing mails. It is possible that this affects deliverability at Gmail, but without knowing actual reject reasons this is just a guess. Given that it's the mails sent via SendGrid that aren't delivered, it sounds like a bad idea to send the confirmation requests through them as well. You might get much fewer confirmations that way :-) Cheers, Hans-Martin ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Debt Collection Client Email Servers
On 3/22/24 14:58, Michael Peddemors via mailop wrote: If they are 'dedicated', doesn't matter if they are coming from SendGrid, the PTR should reflect your clients domain. host 149.72.234.90 90.234.72.149.in-addr.arpa domain name pointer wrqvzxrx.outbound-mail.sendgrid.net. If Sendgrid claimed that these IPs are dedicated to you, their PTR says otherwise. It should reflect your sending domain. Note that Sendgrid has a rather poor reputation when it comes to spam exiting their network. And given the amount of abuse of SendGrid servers, anything you can do to differentiate from their generic naming conventions will help you. Or avoid Sendgrid entirely. -- Jay Hennigan - j...@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Gmail blocking of good customer
Simon Greenwood via mailop skrev den 2023-02-24 22:09: This (which I didn't know) adds a whole different aspect to the issue - much has been said about how email is now centralised and is almost impractical to run as a small operator level, but if a company like Shopify and indeed Sendgrid can't assure mail delivery because the largest mail operators will reject mail sporadically based on non-specific criteria, and more that someone in Christine's position doesn't have someone they can call at Google or Microsoft or wherever, then there's a bigger problem. sendgrid do mistakes aswell :) inbound is not outbound, all inbound ips could be recieving mails from custommers, thats fine, but question is then: do sendgrid keep the inbound mail on this ip when sending to google ?, does google see mails from all ips at sendmail pr sendgrid custommer ? who knows why this is failing ? :) please if sendgrid is reading my silly mails, do not share ips pr sendgrid custommer, each custommer can have payed pr ip non shared, make more money, to make better service pr custommer, this advice is 100% free from me ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] SendGrid Abuse unresponsive
Hi everyone, Is anyone from SendGrid on-list that can help with an abuse report that has gone unanswered? We have two tickets with SendGrid that have *no response: *4218173 and 4278230. This fraud account is phishing our users, so there's no reason SendGrid shouldn't be able to suspend / ban this account. Anyone available to help with this? [image: VentraIP Australia logo] *Kyle Thorne*Chief Technical Officer \\ VentraIP Australia ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Gmail inboxing help
On Thu, 18 Feb 2021, Lauren Donovan via mailop wrote: Hi Everyone, I am wondering if someone here might have some insight into an issue I am experiencing with Gmail customers. Here are the details: 1.) When the customers click to opt-in on our form page, they are sent a confirmation via a Smartertools email. 2.) We use SendGrid to email them in the future with newsletters, tools, and other marketing information. 3.) We just aren't inboxing with Gmail. Never have, despite the customer opting in. Questions: 1.) Can anyone recommend a solution? 2.) Should we be integrating SmarterTools and SendGrid so the confirmation email comes directly from SendGrid, and thus, follow-up emails aren't from a cold, third-party sender? 3.) Should confirmation emails come from SendGrid and we drop Smartertools altogether? So grateful for any advice. What have SendGrid and Smartertools suggested ? You are paying them, so they might be able to help; if SendGrid wont or can't, I'd say why are you paying them to send to Gmail ? I don't have any experience with this, so if anyone on the list thinks I'm asking for ponies, do say so. -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?
On 8/5/21 9:41 AM, John Levine wrote: It appears that Brielle via mailop said: There's also the matter of the lack of unsubscribe... Has zoom explained why they are allowing their customers to send unconfirmed opt-out mail with no unsubscribe option? Good point. That's one of the few things that is specifically illegal under CAN SPAM. Perhaps we can collect them all and then sue both Sendgrid and Zoom. So, just an update... I can confirm, for sure, that there's no actual Zoom / Sendgrid unsubscribe link in the spams based on the most recent spams that I allowed in to analyze. Only 'unsubscribe' link (notice the quotes) is a highly questionable Google Forms 'unsubscribe' run by the spammer themselves. In fact, and you are going to LOVE this, the spams, being sent through IPs with zoom RNDS, owned by Sendgrid, _don't even have any content that links to anything on zoom_. All the content directs you to go to Google Forms (forms.gle) which then take down personal information which purports to be for the supposed zoom webinar. I'm not kidding. Zoom (by way of Sendgrid) are essentially allowing people to use their platform to send spam with no content linking directly back to Zoom - only to Google Forms (in this case). What is going on over there, Zoom? That's insane that you are allowing customers to basically use your Sendgrid account to pretty much send anything they want with no forced Zoom/Sendgrid unsubscribe link that the spammers have no control over. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Just how does SendGrid fail this badly?
On 2020-08-18 20:23:37 (+0800), Atro Tossavainen via mailop wrote: The SendGrid account sending these yesterday is 13999362. The one I've seen most often is 12340469 with 9789821 a close second and 8512936 in third place. Given that these are so blatant, I don't believe there's any point in reporting them to Sendgrid. We've simply started blocking Sendgrid and whitelisting obvious false positives. Philip -- Philip Paeps Senior Reality Engineer Alternative Enterprises ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Intuit directly spaming
> Interesting to me Atro said this is sendgrid. I saw sendgrid format > sender address but headers do no show any sendgrid. So now its > harder to give due suspision on sendgrid because they give full > infrastructure to rent for other domain like intuit? Yes. Full headers (munged of course) and plaintext content https://pastebin.com/88xXcVZh This will remain up for a week. -- Atro Tossavainen, Founder, Partner Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635) Tallinn, Estonia tel. +372-5883-4269, http://www.koliloks.eu/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid (ugh)
Am 08.07.21 um 18:14 schrieb Luke via mailop: > Just so the group is aware, our team is looking into the Zoom traffic. We > aren't sure what they are doing with that > mail stream, but it doesn't look good. > > Both of the accounts reported by Michael have been suspended. > > Thanks, everyone. > > Luke > I have a hunch that some time ago (just before the increased spam via SendGrid started) there might have been an unauthorized access to SendGrid customer data which allowed hackers to bruteforce hashed passwords and use valid accounts to send spam and fraudulent/phishing mails. The pattern is too strong to be reasonably explained with singular security breaches at individual customers. SendGrid, if this comes close to the truth (I can only guess), please be open about it at least in communication to your customers. If possible, enforce 2FA, watch for logins from unusual IP addresses, etc. Maybe a complete password reset for all customers would be in order. Repealing spam and fraud from completely bogus sources is a lot of work for us mail admins already, but when it comes from presumably authentic sources it becomes incredibly difficult and prone to false positives. Here's a simple example: I have a mail sample in quarantine that comes from "topbuildersolutions.net", apparently a SendGrid customer, using your outgoing infrastructure (192.254.122.201), so it's not a simple impersonation. It purports to be a payment reminder, with the usual phishing drill of urgency by threatening account termination. With a From: line of "SendGrid ", a SendGrid logo as embedded png, closing line "The Billing Operations Team at SendGrid" it looks 100% like phishing to me. Is this from you actually? If yes, why do you send out payment reminders using foreign domains? If not, why do you let your customers send such mails through your system? Your reputation is going down the drain. You should definitely realize that your reputation is your most valuable asset, and it's losing value at an incredible rate. Cheers, Hans-Martin ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Delisting request from sendgrid customer about ip used in recent phishing campaign.
On 11/08/2020 20:41, Matt Harris via mailop wrote: We'd been using sendgrid in production for some stuff, but we're looking at changing that now because it seems like their lack of concern regarding abuse on their platform will lead to more and more deliverability issues as time goes on. It just seems like sendgrid doesn't care about abuse on their platform. I think sendgrid do care. At least some people do. I suspect they are just getting accounts compromised faster than they know what to do with. They read this list. There could even be a compromise in some other software which allows people to easily steal sendgrid credentials. (of course, none of this helps if you are looking at your inbox and seeing more phishing) -- Tim Bray Huddersfield, GB t...@kooky.org +44 7966479015 ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] [External] Fake fax spam from sendgrid
On 10/19/2020 8:29 PM, John Levine via mailop wrote: > I'm getting a steady stream of spam from Sendgrid purporting to be > Efax messages, with what appears to be an XLS spreadsheet attached. > The return addresses are all over the place but they all come through > Sendgrid, e.g., John, Sendgrid has become a havent for malware/spammers/phishers since Q1 this year. Are you using spamassassin? There is an ESP plugin and some items in KAM.cf to combat the scurge. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] SendGrid is deleting your mail
An alternative approach would be to admit that response handling at massive sclae is very difficult to get 100% right. Give the sender the benefit of the doubt that they are trying to do the right thing and attempt to reach someone who works there to see if they can help. You could try mailop, email geeks, maawg slack, linkedin, abuse@, support@. I bet you'd find someone willing to help correct the issue. I work at sendgrid and manage response handling. If someone were to reach out with an obvious problem, I'd be willing and able to adjust our response handling appropriately. But it definitely feels better to just assume the worst and blast people on a community forum. Luke On Wed, Jun 21, 2023, 5:08 PM Sebastian Nielsen via mailop < mailop@mailop.org> wrote: > >> They were going to get a 4xx anyway. I changed the message to *help* > SendGrid. > > Yes but if you can change the message for SendGrid only, you can accept > the mail and let it through > > >> Where do I find out what the IP/domain is? Is it in my mail logs, > > Apparently you were able to send custom text to just SendGrid. > Then you have some rule to be able to differentiate SendGrid mail from > other mail. > Thus you just accept it. > > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop > ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Delisting request from sendgrid customer about ip used in recent phishing campaign.
I've instituted short-term blocks of Sendgrid mail several times this year and started another today because it looks like as much as a third of the mail they've sent us in the past week has been evil -- mostly phishing. This is a problem for me because some of the mail Sendgrid sends is wanted by my users. I'm thinking about just accepting it all and filing it into user spam folders. I see that the IP you mention, Benoit, is currently listed on the SBL and Spamcop. On Tue, Aug 11, 2020 at 04:53:46PM +0200, Benoit Panizzon via mailop wrote: > Hi List > > o1678912x138.outbound-mail.sendgrid.net [167.89.12.138] and IP under > control of sendgrid was repeatedly involved in phishing and other spam > since June. > > It ended up being blacklisted @ SWINOG. > > Now a sendgrid customers complains to us, that his emails are being > rejected because of this listing. > > But that makes me wonder: Doesn't sendgrid deal with such issues like > asking for delisting after blocking the sender itself and re-uses > recently (last phish received on 14. July) 'abused' ip addresses for > other customers? > > Mit freundlichen Grüssen > > -Benoît Panizzon- -- Hokan MEnet, a wholly owned subsidiary of Enet System Administrator Department of Aerospace Engineering and Mechanics ho...@me.umn.edu Department of Mechanical Engineering 612.208.3105 (cell) Department of Industrial and Systems Engineering ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Gmail blocking of good customer
On 25/02/2023 12:32, Benny Pedersen via mailop wrote: Simon Greenwood via mailop skrev den 2023-02-24 22:09: This (which I didn't know) adds a whole different aspect to the issue - much has been said about how email is now centralised and is almost impractical to run as a small operator level, but if a company like Shopify and indeed Sendgrid can't assure mail delivery because the largest mail operators will reject mail sporadically based on non-specific criteria, and more that someone in Christine's position doesn't have someone they can call at Google or Microsoft or wherever, then there's a bigger problem. sendgrid do mistakes aswell :) inbound is not outbound, all inbound ips could be recieving mails from custommers, thats fine, but question is then: do sendgrid keep the inbound mail on this ip when sending to google ?, does google see mails from all ips at sendmail pr sendgrid custommer ? who knows why this is failing ? :) please if sendgrid is reading my silly mails, do not share ips pr sendgrid custommer, each custommer can have payed pr ip non shared, make more money, to make better service pr custommer, this advice is 100% free from me Dedicated IPs are a paid addon of all commercial relay providers and it isn't just Sendgrid who have this problem. For that matter, handling inbound mail is usually a paid service, so a domain's MX records don't necessarily match their sending IPs but this doesn't matter if the SPF record is configured correctly. I would assume that Shopify do have dedicated IPs, but shared among their customers, which still results in a similar problem if customers spam or at least are perceived as spamming. Simon ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?
On Thu, 5 Aug 2021, Hans-Martin Mosner via mailop wrote: If you block only spammers you'd be right. But SendGrid is one of the sorry cases where you have spam and legit, sometimes important e-mails coming from the same network. Your users won't be happy if you reject their order confirmations or online tickets. Blocking sendgrid would also lop off a large number of small self-hosted mail instances that use sendgrid for reasonable deliverability. Which boils down to actively punishing de-centralised mail. -- Andre van Eyssen. Phone: +61 417 211 788 mail: an...@purplecow.org http://andre.purplecow.org About & Contact: http://www.purplecow.org/andre.html ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Delisting request from sendgrid customer about ip used in recent phishing campaign.
Am 11.08.20 um 16:53 schrieb Benoit Panizzon via mailop: > Hi List > > o1678912x138.outbound-mail.sendgrid.net [167.89.12.138] and IP under > control of sendgrid was repeatedly involved in phishing and other spam > since June. > > It ended up being blacklisted @ SWINOG. > > Now a sendgrid customers complains to us, that his emails are being > rejected because of this listing. > > But that makes me wonder: Doesn't sendgrid deal with such issues like > asking for delisting after blocking the sender itself and re-uses > recently (last phish received on 14. July) 'abused' ip addresses for > other customers? > > Mit freundlichen Grüssen > > -Benoît Panizzon- As far as I understood, the IP addresses are not allocated to customers (except in some cases where the customer domain is being used for hostnames of big customers) but are part of a shared mail distribution network. This means that blocking sendgrid IPs does on one hand affect other customers, and on the other hand it does not reliably block the spammer. Much more effective is to block based on the string of digits in the envelope sender address (bounces+1234567-...) which apparently identifies the sender. Whether the sender has been hacked or is a genuine spammer is sometimes not easy to see, because sendgrid does some header obfuscation of their own, so some marks normally associated with spammers may also be seen in mails from non-spammers or compromised accounts. Cheers, Hans-Martin ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Just how does SendGrid fail this badly?
Huh, I'm not seeing that Sendgrid account ID in my traps at all in the last few days. Different traps for different folks, I guess? Cheers, Al On Tue, Aug 18, 2020 at 1:06 PM Luke via mailop wrote: > > In the Return-Path. "bounces+1234567" the number following bounces+ is the > SendGrid account ID. > > On Tue, Aug 18, 2020 at 10:57 AM Carl Byington via mailop > wrote: >> >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA512 >> >> On Tue, 2020-08-18 at 15:23 +0300, Atro Tossavainen via mailop wrote: >> > The SendGrid account sending these yesterday is 13999362. >> >> Where do you find that account number in the headers? I see some from >> today with "Upgrade (FINAL WARNING)" in the subject, but no indication >> of any sendgrid account number. >> >> >> -BEGIN PGP SIGNATURE- >> >> iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCXzwT2hUcY2FybEBmaXZl >> LXRlbi1zZy5jb20ACgkQL6j7milTFsFoigCeONxnBFkM/QJI3Mky1A9XafBR+IQA >> oIUMyZCHGvGEjasL9fCb22Njyfer >> =+kBp >> -END PGP SIGNATURE- >> >> >> >> ___ >> mailop mailing list >> mailop@mailop.org >> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- Al Iverson // Wombatmail // Chicago Song a day! https://www.wombatmail.com Deliverability! https://spamresource.com And DNS Tools too! https://xnnd.com ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] [External] sendgrid.net
On 9/25/2020 9:36 AM, Michael via mailop wrote: > What's the consensus on sendgrid.net? I don't know anything about > them, but I had the impression that they were a reputable company. > Lately, I've noticed a lot of phishing emails coming from them. Does > anyone just block them completely? > I've been very saddened. Sendgrid was a reputable ESP that has fallen from grace. About 6-7 months ago, we started seeing pretty large amounts of spam from them. I've personally tried reaching out to Twilio / Sendgrid leadership to alert them to the issue. The KAM.cf ruleset has rules that mark sendgrid higher due to the proclivity for phishes. Krebs as done an article on it: https://krebsonsecurity.com/2020/08/sendgrid-under-siege-from-hacked-accounts/ mailop, the SA mailing list and others have all discussed the issue for months. Invaluement released a plugin / list for this issue as well - See https://www.invaluement.com/serviceproviderdnsbl/ Until Sendgrid acknowledges and works to resolve the issue, I must recommend that they are avoided. Regards, KAM ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] So, Sendgrid / Zoom, planning on actually doing anything about webinar spams?
Hi Sendgrid and Zoom, We've been over this before, multiple times... But alas, it looks like that you neither of you seem to care a single bit about your services being used to send spams that can't be unsubscribed from. Yep, I know you, Sendgrid, told me that you'd be working on it with Zoom. And, as expected, nothing ever happened and they still keep coming. Should I just give up hoping that anything will ever be done about it and blacklist Sendgrid and Zoom? Because, lets be honest here, based on what others are reporting, it looks like that I'd have an easier time trying to broker world peace AND cure cancer than it would be to get you guys to deal with abuse from your network. Yep. This message is written in anger, and I'll probably be accused of being unprofessional. But, frankly, if you (Sendgrid) or them (Zoom) ain't going to do jack shit, then don't fucking tell me you are "working on it". -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Delisting request from sendgrid customer about ip used in recent phishing campaign.
On 2020-08-11 16:53:46, Benoit Panizzon via mailop wrote: > > Now a sendgrid customers complains to us, that his emails are being > rejected because of this listing. > > But that makes me wonder: Doesn't sendgrid deal with such issues like > asking for delisting after blocking the sender itself and re-uses > recently (last phish received on 14. July) 'abused' ip addresses for > other customers? > In the past few months there have been several threads on mailop and similar lists (sdlu, spamassassin-users, nanog, ...) complaining about how SendGrid doesn't seem to do anything at all to stop the ongoing blatant phishing campaigns from their servers. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Just how does SendGrid fail this badly?
In the Return-Path. "bounces+1234567" the number following bounces+ is the SendGrid account ID. On Tue, Aug 18, 2020 at 10:57 AM Carl Byington via mailop wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On Tue, 2020-08-18 at 15:23 +0300, Atro Tossavainen via mailop wrote: > > The SendGrid account sending these yesterday is 13999362. > > Where do you find that account number in the headers? I see some from > today with "Upgrade (FINAL WARNING)" in the subject, but no indication > of any sendgrid account number. > > > -BEGIN PGP SIGNATURE- > > iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCXzwT2hUcY2FybEBmaXZl > LXRlbi1zZy5jb20ACgkQL6j7milTFsFoigCeONxnBFkM/QJI3Mky1A9XafBR+IQA > oIUMyZCHGvGEjasL9fCb22Njyfer > =+kBp > -END PGP SIGNATURE- > > > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid (ugh)
On 2021-07-08 8:20 a..m., Carl Byington via mailop wrote: On Thu, 2021-07-08 at 09:31 +0300, Atro Tossavainen via mailop wrote: That one is Zoom.us itself. Received: from o5.sg.zoom.us (o5.sg.zoom.us [149.72.199.144]) Received: from o12.ptr3622.sg.zoom.us (o12.ptr3622.sg.zoom.us [167.89.93.232]) Yes, the mail arrives from systems with rdns of *.sg.zoom.us, but my understanding is that the X-Entity-ID points to a sendgrid user. And the headers include stuff like: Received: by filter1889p1las1.sendgrid.net with SMTP id filter1889p1las1-10585-60DE6FD0-E 2021-07-02 01:45:52.506187482 + UTC m=+23969.518969155 Received: from MjEwNzk4ODQ (unknown) by geopod-ismtpd-3-2 (SG) with HTTP id W8YVLKQPT6CK1S2NPi9CbA Which looks like the original submission was via a sendgrid web interface. A reply-to address in .vn, and a subject line (google translate from Vietnamese) of "Why real estate can make you rich?". Just more crap that sendgrid is leaking, this time sending their outbound spam via zoom.us servers. Yeah, it is almost always a compromise, but hard to believe Zoom would not have enabled two factor authentication, or similar restrictions on who can use their sendgrid servers, keep thinking that their is another back door that abusers are using at SendGrid.. Be nice to hear from Zoom (if anyone knows a contact) on what they discover, since SendGrid hasn't been too transparent. -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] So, Sendgrid / Zoom, planning on actually doing anything about webinar spams?
> Yep, I know you, Sendgrid, told me that you'd be working on it with > Zoom. And, as expected, nothing ever happened and they still keep > coming. About 0.3% of the spams that Koli-Lõks spamtraps got from SendGrid in December 2021 matched .zoom.us. It's large enough to be noticeable, but nothing compared to the largest single SendGrid customer in the same traps - a Taiwanese newspaper whose emissions amounted to more than 10% of the SendGrid total over the same time range. The Zoom stuff is hitting both typo addresses as well as recycled ones. > Because, lets be honest here, based on what others are reporting, it > looks like that I'd have an easier time trying to broker world peace > AND cure cancer than it would be to get you guys to deal with abuse > from your network. In our traps, SendGrid continues to be #1 of the ESPs, but only by a smallish margin against #2, Salesforce Marketing Cloud. Mailchimp, at #3, is way below. Our data comes from a relatively small data set of about two thousand domain names receiving mail, but even so, it's large enough to get *something* from more than 250 ESPs every month, and that's just the ones we've managed to identify so far. > But, frankly, if you (Sendgrid) or them (Zoom) ain't going to do > jack shit, then don't fucking tell me you are "working on it". The basic problem is allowing an ESP customer to import a list that existed before the customer became a customer of this ESP. I can't think of an ESP that would not allow that. Another basic problem is allowing the addition of new addresses without COI. I can't think of an ESP that would require strict COI. I'd be happy to be set straight on both counts. -- Atro Tossavainen, Founder, Partner Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635) Tallinn, Estonia tel. +372-5883-4269, http://www.koliloks.eu/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Sendgrid and phishing
On 6/17/20 1:50 PM, Robert L Mathews via mailop wrote: > Several months ago I suggested (among other things) that SendGrid block > "From" headers matching prominent domain names until the messages have > been manually reviewed. The fact that "don't let random customers send > mail saying it's from @microsoft.com" hasn't been implemented in that > time frame is disappointing. More to the point: why should *any* ESP send "From" *any* domain without having explicit DMARC aligned authorization via SPF or DKIM? At the very least, an ESP shouldn't allow their customers use domains that have a published DMARC policy that would result in quarantine or reject for the ESP's mail. I know the answer is that small businesses commonly use freemail providers, and they still want to send marketing as their brand, and if the ESP takes hard line on authorization their prospective customer might choose to do business with a competing ESP... But maybe those freemail domains should be the exception to the rule. We also saw a round of phishing sent from SendGrid that was "spoofing" some arbitrary .com domain. And I mean to say "spoofing" lightly, since I'm fairly confident that SendGrid (as would any responsible ESP) did verify their customer's ability to receive mail at an address within that domain, so either: 1) a mailbox was compromised and used to authorize SendGrid to use the domain 2) a SendGrid customer account was compromised and the attacker was piggybacking on a prior authorization. If the former: all the more reason to have a slightly higher bar for ESPs achieving domain authorization. If the later: much tougher challenge. Jesse ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid (ugh)
These still seem to be coming in quite consistently... Same Zoom sendgrid account. Any updates on whats going on with this, Luke? On 7/6/21 2:44 PM, Brielle via mailop wrote: Here's the two that they all share: Return-path: Return-path: (original unmunged version sent directly to you, Luke) I've got zoom messages via sendgrid being rejected via a system filter currently, so there should be a bit of bounce messages going back at Zoom/Sendgrid, but yet they still keep coming... Shouldn't there be some sort of required unsubscribe or report link at the bottom of these? I seem to remember legitimate zoom invitations and such all have one? But it's been a while. On 7/6/21 2:33 PM, Luke wrote: If you could share the return-path of the offending message, I can have it looked at. Cheers, Luke On Tue, Jul 6, 2021 at 11:39 AM Brielle via mailop <mailto:mailop@mailop.org>> wrote: Hello, Anyone here have a contact for Zoom in re of webinar spam being sent from their platform via Sendgrid owned IPs? I'm rather unhappy with the fact they're allowing people to spam with no unsubscribe or report feature. I know Sendgrid is a hot steaming pile of dog excrement these days when it comes to spam, so the lack of reporting or unsubscribe link doesn't surprise me... -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org <http://www.sosdg.org> / http://www.ahbl.org <http://www.ahbl.org> ___ mailop mailing list mailop@mailop.org <mailto:mailop@mailop.org> https://list.mailop.org/listinfo/mailop <https://list.mailop.org/listinfo/mailop> -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] SendGrid and Phishing
Hi All, Appreciate the discussion. As was mentioned in another forum we are aware of the problem—the entire time is engaged in deploying a comprehensive fix that will prevent a wave like this in the future. Just to be perfectly clear, there is no leak of credentials as one post suggests. In the mean time if you want to send example/headers to ab...@sendgrid.com they are being reviewed, you can CC me too. We will play some whackamole as we look to implement a more thorough solution. Again, thank you all for your vigilance and feel free to ping me. All best, -L -- Message: 1 Date: Wed, 17 Jun 2020 14:00:35 +0100 From: Tim Bray To: mailop Subject: [mailop] Sendgrid and phishing Message-ID: <1f6aca35-94ef-70a0-bd75-49a5d632d...@kooky.org> Content-Type: text/plain; charset=utf-8; format=flowed Hi, Anybody else seeing increase phishing through sendgrid? They look fairly convincing. A few paypals, and a few amazons. I thought sendgrid were ok?Has somebody leaked a big pile of sendgrid usernames and passwords or something? -- Tim Bray Huddersfield, GB t...@kooky.org -- Message: 2 Date: Wed, 17 Jun 2020 13:26:52 + From: Faisal Misle To: mailop Subject: Re: [mailop] Sendgrid and phishing Message-ID: Content-Type: text/plain; charset="utf-8" I’ve been seeing it too... Mailgun, PayPal, etc A SG rep replied to a SDLU thread yesterday about the same issue “We are working to get a handle on this on a few fronts. These senders in this thread have been banned. I don't have insight into the compliance side, but it is being worked on." Best, Faisal PGP Key: [C8FD029B]( https://urldefense.com/v3/__https://pgp.faisal.ec/__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisirzN0Dvo$ ) On Wed, Jun 17, 2020 at 8:00 AM, Tim Bray via mailop wrote: > Hi, > > Anybody else seeing increase phishing through sendgrid? They look > fairly convincing. > > A few paypals, and a few amazons. > > I thought sendgrid were ok? Has somebody leaked a big pile of > sendgrid usernames and passwords or something? > > -- > Tim Bray > Huddersfield, GB > t...@kooky.org > > ___ > mailop mailing list > mailop@mailop.org > https://urldefense.com/v3/__https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisiwA9kai4$ -- next part -- An HTML attachment was scrubbed... URL: < https://urldefense.com/v3/__https://chilli.nosignal.org/cgi-bin/mailman/private/mailop/attachments/20200617/df4c858b/attachment-0001.html__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisiffajxJU$ > -- Message: 3 Date: Wed, 17 Jun 2020 15:42:21 +0200 From: Olivier Depuydt To: Faisal Misle Cc: mailop Subject: Re: [mailop] Sendgrid and phishing Message-ID: Content-Type: text/plain; charset="utf-8" Hello. I received the Phishing email from the fake Paypal Support, from Sendgrid's platform on May the 29th, on a personal email address. I have forwarded it to Paypal's phishing support on June the 1srt. So, this issue has weeks if you still see emails like that. Best regards, Olivier Deliverability Engineer at Cheetah Digital Le mer. 17 juin 2020 à 15:32, Faisal Misle via mailop a écrit : > I’ve been seeing it too... Mailgun, PayPal, etc > > A SG rep replied to a SDLU thread yesterday about the same issue > > “We are working to get a handle on this on a few fronts. These senders in > this thread have been banned. I don't have insight into the compliance > side, but it is being worked on." > > Best, > Faisal > > PGP Key: C8FD029B < https://urldefense.com/v3/__https://pgp.faisal.ec/__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisirzN0Dvo$ > > > > On Wed, Jun 17, 2020 at 8:00 AM, Tim Bray via mailop > wrote: > > Hi, > > Anybody else seeing increase phishing through sendgrid? They look > fairly convincing. > > A few paypals, and a few amazons. > > I thought sendgrid were ok?Has somebody leaked a big pile of > sendgrid usernames and passwords or something? > > > -- > Tim Bray > Huddersfield, GB > t...@kooky.org > > > ___ > mailop mailing list > mailop@mailop.org > https://urldefense.com/v3/__https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisiwA9kai4$ > > > > ___ > mailop mailing list > mailop@mailop.org > https://urldefense.com/v3/__https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop__;!!NCc8flgU!LCEEi7
Re: [mailop] Intuit directly spaming
On Sat, 04 Mar 2023 22:58:23 +, MRob via mailop wrote: >Thanks you Atro, is there popular tool for to do that in real time? This works for me: >mdr@LUSZ ~ $ whois AS11377 >% IANA WHOIS server >% for more information on IANA, visit http://www.iana.org >% This query returned 1 object > >refer:whois.arin.net > >as-block: 10240-12287 >organisation: Assigned by ARIN > >whois:whois.arin.net >descr:Assigned by ARIN > >source: IANA > ># whois.arin.net > >ASNumber: 11377 >ASName: SENDGRID >ASHandle: AS11377 >RegDate:2012-06-28 >Updated:2012-06-28 >Ref: https://rdap.arin.net/registry/autnum/11377 > > >OrgName:SendGrid, Inc. [snip] Then there's stuff like >mdr@LUSZ ~ $ whob 167.89.99.112 >IP: 167.89.99.112 >Origin-AS: 11377 >Prefix: 167.89.96.0/20 >AS-Path: 293 3356 11377 >AS-Org-Name: SendGrid, Inc. >Org-Name: SendGrid, Inc. >Net-Name: SENDGRID-167-89-0-0-17 >Cache-Date: Mar 05 2023 07:26:18 >Latitude: 39.749838 >Longitude: -104.995597 >City: Denver >Region: Colorado >Country: United States of America >Country-Code: US >Route-Originated-Date: Feb 16 2023 23:12:01 >Route-Originated-TS: 1676589121 mdr -- Where there is no law, but every man does what is right in his own eyes, there is the least of real liberty. -- HENRY M. ROBERT ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Just how does SendGrid fail this badly?
Hello, At 05:23 AM 18-08-2020, Atro Tossavainen via mailop wrote: The SendGrid account sending these yesterday is 13999362. I am receiving emails from Sendgrid about "Nedbank Credit Card monthly Charges eStatement". The account is 17343945. It looks like a phishing attempt. Those emails originate from 149.72.32.249. Regards, S. Moonesamy ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Sendgrid and phishing
I’ve been seeing it too... Mailgun, PayPal, etc A SG rep replied to a SDLU thread yesterday about the same issue “We are working to get a handle on this on a few fronts. These senders in this thread have been banned. I don't have insight into the compliance side, but it is being worked on." Best, Faisal PGP Key: [C8FD029B](https://pgp.faisal.ec/) On Wed, Jun 17, 2020 at 8:00 AM, Tim Bray via mailop wrote: > Hi, > > Anybody else seeing increase phishing through sendgrid? They look > fairly convincing. > > A few paypals, and a few amazons. > > I thought sendgrid were ok? Has somebody leaked a big pile of > sendgrid usernames and passwords or something? > > -- > Tim Bray > Huddersfield, GB > t...@kooky.org > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Delisting request from sendgrid customer about ip used in recent phishing campaign.
Hi List o1678912x138.outbound-mail.sendgrid.net [167.89.12.138] and IP under control of sendgrid was repeatedly involved in phishing and other spam since June. It ended up being blacklisted @ SWINOG. Now a sendgrid customers complains to us, that his emails are being rejected because of this listing. But that makes me wonder: Doesn't sendgrid deal with such issues like asking for delisting after blocking the sender itself and re-uses recently (last phish received on 14. July) 'abused' ip addresses for other customers? Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Just how does SendGrid fail this badly?
The SendGrid account sending these yesterday is 13999362. Method: get all SendGrid mail from yesterday and today, restrict to anything that says "quota full" in the subject, look at accounts sending. Sample size is measured in the dozens, across about ten recipient domains. They were all sent by the same SendGrid account. On Tue, Aug 18, 2020 at 12:03:55PM +, Andy Smith via mailop wrote: > > Received: from wrqvhkqq.outbound-mail.sendgrid.net ([149.72.1.68]) > by chiark.greenend.org.uk (SAUCE v0.9.0) > with esmtp id sauce-2544-1597663-1; 17 Aug 2020 11:32:54 + (GMT) > Message-ID: <20200817203728.96117de88be30...@chilitato.com> > From: "chiark.greenend.org.uk" > Subject: chiark.greenend.org.uk quota full: (98% full) > > Cheers, > Andy > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- Atro Tossavainen, Chairman of the Board Infinite Mho Oy, Helsinki, Finland tel. +358-44-5000 600, http://www.infinitemho.fi/ ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] SendGrid, what happens when you don't address the root problem (Indeed Phishing)
> You think we would be done with SendGrid conversations two years ago.. No such thing. > And two hours later, a phishing attempt from a SendGrid IP hit the > spam folder... > > Return-Path: > Received: from wrqvndzq.outbound-mail.sendgrid.net (HELO > wrqvndzq.outbound-mail.sendgrid.net) (149.72.45.228) Confirmed, seen here too. > From: Verify 2FA <2...@indeed-verify.com> > Subject: Indeed for Employers - Your Account Required 2FA Verification. > Reply-To: 2...@indeed-verify.com X-Entity-ID: Z9o86N06AN6V9pUxLwsPGQ== (even though "26471268" should be more than enough) > One more reason to flag all of SendGrid shared servers as spam? They're definitely the biggest ESP in our spamtraps, have been for more than a year solid. -- Atro Tossavainen, Founder, Partner Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635) Tallinn, Estonia tel. +372-5883-4269, http://www.koliloks.eu/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid (ugh)
Thanks for this Hans-Martin, This was definitely phish. Compromised account. The account was actioned very quickly after the mail got out. For what it's worth, 2FA *is* required now but as you probably know it is not a silver bullet for preventing abuse. When customers expose their API key(s) to the open web, stuff happens. Luke On Thu, Jul 8, 2021 at 10:46 PM Hans-Martin Mosner via mailop < mailop@mailop.org> wrote: > Am 08.07.21 um 18:14 schrieb Luke via mailop: > > Just so the group is aware, our team is looking into the Zoom traffic. > We aren't sure what they are doing with that > > mail stream, but it doesn't look good. > > > > Both of the accounts reported by Michael have been suspended. > > > > Thanks, everyone. > > > > Luke > > > I have a hunch that some time ago (just before the increased spam via > SendGrid started) there might have been an > unauthorized access to SendGrid customer data which allowed hackers to > bruteforce hashed passwords and use valid > accounts to send spam and fraudulent/phishing mails. The pattern is too > strong to be reasonably explained with singular > security breaches at individual customers. > > SendGrid, if this comes close to the truth (I can only guess), please be > open about it at least in communication to your > customers. If possible, enforce 2FA, watch for logins from unusual IP > addresses, etc. Maybe a complete password reset > for all customers would be in order. > > Repealing spam and fraud from completely bogus sources is a lot of work > for us mail admins already, but when it comes > from presumably authentic sources it becomes incredibly difficult and > prone to false positives. > > Here's a simple example: I have a mail sample in quarantine that comes > from "topbuildersolutions.net", apparently a > SendGrid customer, using your outgoing infrastructure (192.254.122.201), > so it's not a simple impersonation. It purports > to be a payment reminder, with the usual phishing drill of urgency by > threatening account termination. With a From: line > of "SendGrid ", a SendGrid logo as > embedded png, closing line "The Billing > Operations Team at SendGrid" it looks 100% like phishing to me. > > Is this from you actually? > If yes, why do you send out payment reminders using foreign domains? > If not, why do you let your customers send such mails through your system? > > Your reputation is going down the drain. You should definitely realize > that your reputation is your most valuable asset, > and it's losing value at an incredible rate. > > Cheers, > Hans-Martin > > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop > ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] SendGrid Abuse unresponsive
On Tue, May 05, 2020 at 07:48:12AM -0700, Michael Peddemors via mailop wrote: > Since on the topic of SendGrid.. http://mainsleaze.spambouncer.org/2019-11-to-2020-04-in-spamtraps-esps/ The trends for Salesforce and SendGrid are remarkably upwards... -- Atro Tossavainen, Chairman of the Board Infinite Mho Oy, Helsinki, Finland tel. +358-44-5000 600, http://www.infinitemho.fi/ ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Delisting request from sendgrid customer about ip used in recent phishing campaign.
Hello Benoit and Hokan, Thanks for pointing this out and I'm sorry you're still seeing what sounds like a high volume of phish. I've asked our fraud ops team to investigate this. In the future if you could send suspicious emails to ab...@sendgrid.com we will get this handled. Feel free to CC me when you do this to make sure these are handled quickly. We've instituted some self-limiting features on our front door that should've decreased the overall volume of abuse. This is a stop gap measure as we roll out some other countermeasures in the next few weeks. Could you let me know if you have seen a perceptible drop in volume and velocity between June and July when this was rolled out? Again, I want to assure you that there is a massive effort happening here to address the problems you are seeing. I'm happy to meet off list and discuss this further and help you understand what we're working on if that would be helpful. Again, thank you for your patience and please don't hesitate to contact me when you see any of these issues arise. Best, -L Len Shneyder VP Industry Relations [image: Twilio] <https://www.twilio.com/?utm_source=email_signature> EMAIL l...@twilio.com TWITTER @LenShneyder <https://twitter.com/LenShneyder>Message: 6 Date: Tue, 11 Aug 2020 16:53:46 +0200 From: Benoit Panizzon To: mailop@mailop.org Subject: [mailop] Delisting request from sendgrid customer about ip used in recent phishing campaign. Message-ID: <20200811165346.4e775...@go.imp.ch> Content-Type: text/plain; charset=UTF-8 Hi List o1678912x138.outbound-mail.sendgrid.net [167.89.12.138] and IP under control of sendgrid was repeatedly involved in phishing and other spam since June. It ended up being blacklisted @ SWINOG. Now a sendgrid customers complains to us, that his emails are being rejected because of this listing. But that makes me wonder: Doesn't sendgrid deal with such issues like asking for delisting after blocking the sender itself and re-uses recently (last phish received on 14. July) 'abused' ip addresses for other customers? Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web https://urldefense.com/v3/__http://www.imp.ch__;!!NCc8flgU!Jyb1oWP7APkgX0rrc5NFacUfW0Yu4XeA1B6Dcl0IJWNPlcXIUaIq9196yCI$ __ -- Message: 7 Date: Tue, 11 Aug 2020 10:20:47 -0500 From: Hokan To: mailop@mailop.org Subject: Re: [mailop] Delisting request from sendgrid customer about ip used in recent phishing campaign. Message-ID: <20200811152047.ga7...@me.umn.edu> Content-Type: text/plain; charset=iso-8859-1 I've instituted short-term blocks of Sendgrid mail several times this year and started another today because it looks like as much as a third of the mail they've sent us in the past week has been evil -- mostly phishing. This is a problem for me because some of the mail Sendgrid sends is wanted by my users. I'm thinking about just accepting it all and filing it into user spam folders. I see that the IP you mention, Benoit, is currently listed on the SBL and Spamcop. On Tue, Aug 11, 2020 at 04:53:46PM +0200, Benoit Panizzon via mailop wrote: > Hi List > > o1678912x138.outbound-mail.sendgrid.net [167.89.12.138] and IP under > control of sendgrid was repeatedly involved in phishing and other spam > since June. > > It ended up being blacklisted @ SWINOG. > > Now a sendgrid customers complains to us, that his emails are being > rejected because of this listing. > > But that makes me wonder: Doesn't sendgrid deal with such issues like > asking for delisting after blocking the sender itself and re-uses > recently (last phish received on 14. July) 'abused' ip addresses for > other customers? > > Mit freundlichen Grüssen > > -Benoît Panizzon- -- Hokan MEnet, a wholly owned subsidiary of Enet System Administrator Department of Aerospace Engineering and Mechanics ho...@me.umn.edu Department of Mechanical Engineering 612.208.3105 (cell) Department of Industrial and Systems Engineering -- Subject: Digest Footer ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] SendGrid is deleting your mail
Hi, On Fri, Jun 23, 2023 at 08:03:40PM +0200, Carsten Schiefner via mailop wrote: > how about elaborating a bit further on the whats and whys of your setup? Maybe some of us could learn something from that, or maybe SendGrid would consider that to be giving an advantage to competitors. Really what I am interested in is the justification for not even retrying once when receiving the "450 4.3.2 Please retry immediately" response described by the OP. If I understand correctly, the OP had experienced missing mail from SendGrid previously, had asked why there had not been retries on a 4xx, and was told that SendGrid uses a complex rule set to decide whether to actually retry for any given 4xx or 5xx. The OP then tested that by coming up with "450 4.3.2 Please retry immediately", which also did not receive any retries at all. So this implies that if SendGrid sees a "450 4.3.2" response that it does not otherwise have a special rule for (or is it any 4xx that there is no rule for?) then discarding the mail without any retries at all is what happens by default. The idea of not retrying at all on certain specific 4xx responses doesn't sit that well with me, but I can kinda sorta see why a large sender might want to do that if they were really sure. But here seems to be the implication that it's actually quite easy to trigger that behaviour, unless by some stroke of bad luck "450 4.3.2 Please retry immediately" happened to match an existing rule. It would be useful to know if it is the case that if one uses a 4xx response that SendGrid hasn't seen before, it's going to result in no actual retries. Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Debt Collection Client Email Servers
Thank you everyone. Is there any recommendation on other 3rd party senders that can be trusted instead of SendGrid. My last resort will be to setup some MTA's with the few free IP they have from the Datacenter. I also understand that the client is in the middle of a catch-22 in terms of sending email. I have already informed them that email will always be a best effort and not a guarantee. As for contacts other than email. Email is the last resort after all other avenues are attempted in the order of Snail Mail, Phone, SMS, and Social Media. Thanks, Michael Irvine -Original Message- From: mailop On Behalf Of Jay Hennigan via mailop Sent: Monday, March 25, 2024 1:37 PM To: mailop@mailop.org Subject: Re: [mailop] Debt Collection Client Email Servers CAUTION: This email originated from outside of the organization. Do not click any links or open attachments unless you recognize the sender and know the content is safe. On 3/22/24 14:58, Michael Peddemors via mailop wrote: > If they are 'dedicated', doesn't matter if they are coming from > SendGrid, the PTR should reflect your clients domain. > > host 149.72.234.90 > 90.234.72.149.in-addr.arpa domain name pointer > wrqvzxrx.outbound-mail.sendgrid.net. If Sendgrid claimed that these IPs are dedicated to you, their PTR says otherwise. It should reflect your sending domain. Note that Sendgrid has a rather poor reputation when it comes to spam exiting their network. > And given the amount of abuse of SendGrid servers, anything you can do > to differentiate from their generic naming conventions will help you. Or avoid Sendgrid entirely. -- Jay Hennigan - j...@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] SendGrid Abuse unresponsive
Hello, On Tue, May 05, 2020 at 06:00:44AM +0300, Atro Tossavainen via mailop wrote: > Any chance SendGrid might amend its ticket system so that there would > be autoreplies when tickets are created that showed issue numbers > connected with the original request It would also be great if SendGrid would include an abuse reporting URL in the headers of each message, specific to that message, i.e. that passes along all info that SendGrid would need to identify that campaign/client. Each mail does appear to include an X-SG-ID header which looks like it might carry that sort of information, so it would be nice if there could be a link that pre-fills an abuse report for that mail. At present the process is to just forward the mail to abuse@sendgrid. It's great that they accept reports that way and I'm not suggesting that change, but a lot of the time clicking on one link is much faster and less error prone. MailChimp and several other ESPs do this, and it can be very helpful. And while I am asking for the moon on a stick, I've no idea which side is refusing to play ball¹ but it is currently not possible to report SendGrid emails through SpamCop. If it were possible for that to change that would be lovely. Cheers, Andy ¹ There was a thread a while back about Hetzner and SpamCop where I had thought that an abuse address being disabled in SpamCop implied that the recipient did not accept SpamCop reports. In fact in that case it was that SpamCop didn't want to send reports to Hetzner. So it is not possible to determine which side made the decision to not allow those reports. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Sendgrid and phishing
Hi > Anybody else seeing increase phishing through sendgrid? They look > fairly convincing. > > A few paypals, and a few amazons. Add Netflix Add Joe-Jobs > I thought sendgrid were ok? Has somebody leaked a big pile of > sendgrid usernames and passwords or something? Yes, I contacted their abuse desk on the Netflix case - No reaction. Redirection Service to the phishing site on their platform was still active after a couple of days (didn't re-check recently). Also contacted them with a GDPR Request because of the joe-job so they would need to reveal their customer. No reaction after about one month now. So attempted to contact their legal department. Their website redirects to Twilio (yes, they seem to have purchased sendgrid). And indeed, I also have a long lasting case open with the legal team of twilio regarding one of their customers using a swisscom mobile phone number to send SMS spam for what looks like a loan fraud scheme. Swisscom only has the information that Twilio is their 'Reselling' customer and doesn't know the end-customer behind Twilio. Swiss telecommunication laws require them to identify the customer sending those SMS: But also here: No reaction from their legal team and ofcom has no way to put a fine on them, because they are not a registered telco in Switzerland. I suspect the IP Ranges of Sendgrid are bound for a global blacklisting if they keep ignoring abusive behaviour of their customers. -- Mit freundlichen Grüssen -Benoît Panizzon- @ HomeOffice und normal erreichbar -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Gosh, I love sendgrid
On 2020-12-22 3:34 PM, John Levine via mailop wrote: > In article you write: >> The only basis on which these emails should be judged is on whether >> they're spam or malware. > This suggests you're OK with child pornography and beheading videos so > long as subscribers ask for them. And what about the Malware of the > Day club? John, I would have expected better from you. If you want to be taken seriously, then don't make asinine mis-characterizations like this. There are clear, existing, unambiguous laws against this, and nobody questions any entity who not only declines to facilitate this but actively purges it from their platforms. Where I have a problem is the idea that infrastructure vendors should take action against all content John Levine finds irresponsible. Alternative views on COVID, and the vaccine, if we must get specific, can not in any reasonable stretch be put into the same bucket as child pornography and beheading videos. Trying to make /that/ argument is what is really irresponsible. > As someone else already said, Sendgrid is not the government. They > have every right to decline to sign up undesirable customers. Yes, sendgrid is not the government, and neither are you. As far as I knew this thread isn't about Sendgrid refusing to take on customers who are sending out vaccine skepticism emails. It's about /you /thinking /Sendgrid should /not take on people who are sending out those emails. You aren't sendgrid, so unless it's spam, this really isn't your problem. - mark > > > R's, > John > > PS: As we all know, every complex problem has an answer that is clear, > simple, and wrong. > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop -- Mark E. Jeftovic Co-founder & CEO, easyDNS Technologies Inc. AxisOfEasy.com <https://AxisOfEasy.com> - /For full coverage of a world gone full cyberpunk.../ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid (ugh)
Over yesterday and today, the following X-Entity-IDs have sent us mail that somehow related to .zoom.us: X-Entity-ID: ApJYVCoyRSXXkzbu3h3uow== X-Entity-ID: lURbVkUlQbFl9F6ROPqNUw== X-Entity-ID: mDhfxq9OikvIkQieTwdfQA== X-Entity-ID: 7mxhBNMkQ9yfwz0A5+NG7Q== These correspond to the SendGrid user IDs Return-Path: Here's the two that they all share: > > Return-path: > Return-path: > > (original unmunged version sent directly to you, Luke) > > I've got zoom messages via sendgrid being rejected via a system > filter currently, so there should be a bit of bounce messages going > back at Zoom/Sendgrid, but yet they still keep coming... > > Shouldn't there be some sort of required unsubscribe or report link > at the bottom of these? I seem to remember legitimate zoom > invitations and such all have one? But it's been a while. > > On 7/6/21 2:33 PM, Luke wrote: > >If you could share the return-path of the offending message, I can > >have it looked at. > > > >Cheers, > >Luke > > > >On Tue, Jul 6, 2021 at 11:39 AM Brielle via mailop > >mailto:mailop@mailop.org>> wrote: > > > >Hello, > > > >Anyone here have a contact for Zoom in re of webinar spam being sent > >from their platform via Sendgrid owned IPs? > > > >I'm rather unhappy with the fact they're allowing people to spam > >with no > >unsubscribe or report feature. > > > >I know Sendgrid is a hot steaming pile of dog excrement these days when > >it comes to spam, so the lack of reporting or unsubscribe link doesn't > >surprise me... > > > > > > > >-- Brielle Bruns > >The Summit Open Source Development Group > >http://www.sosdg.org <http://www.sosdg.org> / http://www.ahbl.org > ><http://www.ahbl.org> > >___ > >mailop mailing list > >mailop@mailop.org <mailto:mailop@mailop.org> > >https://list.mailop.org/listinfo/mailop > ><https://list.mailop.org/listinfo/mailop> > > > > > -- > Brielle Bruns > The Summit Open Source Development Group > http://www.sosdg.org/ http://www.ahbl.org > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop -- Atro Tossavainen, Founder, Partner Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635) Tallinn, Estonia tel. +372-5883-4269, http://www.koliloks.eu/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [External] sendgrid sending spam claiming to be chase.com
On 12/23/2019 10:42 PM, Carl Byington via mailop wrote: > The spam was sent with a From: header of @email.chase.com. > _dmarc.email.chase.com. has a txt record with p=reject, so it was > rejected here. Sendgrid - you should be able to check that at your end, > and just not send anything that violates the dmarc restriction published > by the ostensible sender. Carl, We've been seeing the same over the past few weeks as a growing threat. They are abusing sendgrid and the SPF records and the envelope from to mimic some big players. If you use Apache SpamAssassin, I'm working on rules with KAM.cf to combat this. Email me off list and I'll take a look at your spamples. If there is a sendgrid rep on the list, please contact me as well. Regards, KAM ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] SendGrid Abuse unresponsive
Hi Kyle, I've located those tickets. It looks like a colleague did reply on Wednesday to 4218173 and the reply went to Angelo. I'm not on our abuse team but will ping them with both ticket numbers to follow up. Will On Mon, May 4, 2020 at 8:20 PM Kyle Thorne via mailop wrote: > Hi everyone, > > Is anyone from SendGrid on-list that can help with an abuse report that > has gone unanswered? > > We have two tickets with SendGrid that have *no response: *4218173 and > 4278230. > > This fraud account is phishing our users, so there's no reason SendGrid > shouldn't be able to suspend / ban this account. > > Anyone available to help with this? > [image: VentraIP Australia logo] > > > *Kyle Thorne*Chief Technical Officer \\ VentraIP Australia > > ___ > mailop mailing list > mailop@mailop.org > > https://urldefense.com/v3/__https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop__;!!NCc8flgU!PA5pfJG6J5H3bnL4o7HBO_4WtTKIGCsdTv88PJGyiDXQYv4DLPkFQZqSPF0AXGbKgg$ > -- [image: sendgridlogo2.png] <https://sendgrid.com/> Will Boyd Sr. Email Deliverability Consultant ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Sendgrid is giving others anti-abuse/security advice? Wow!
On Thu, 11 Feb 2021 at 18:49, Rob McEwen via mailop wrote: > These questions! WOW! IS THIS FOR REAL? Don't get me wrong, I like Len > Shneyder > and I think he's a good person TRYING to do the right thing - but - > considering what is coming > FROM SendGrid in recent years, is this the right time to be giving OTHERS > anti-abuse/security > advice? Just... wow! I think they should instead consider trying to "lead by > example". > The world would certainly become a MUCH better place! > https://martechseries.com/mts-insights/tech-bytes/len-shneyder-twilio-sendgrid/ I didn't read anti-abuse and security advices in the article. He's just talking about how DMARC evolved and the role of social engineering in phishing. He's not even trying to let people guess Sendgrid is good at preventing abuses. no "Wow" here :-) Stefano -- Stefano Bagnara Apache James/jDKIM/jSPF VOXmail/Mosaico.io/VoidLabs ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] SendGrid is deleting your mail
>>The RFC forbids doing that, and I argued against it The RFC and reality is two different things. If a client don't want to retry, I think they are free to choose to not retry. Why even send retry requests to SendGrid? Just accept the email, whats the problem? If your antivirus or mail scanning solution requires some time, buffer the email at your server instead. I do understand it creates the problem of, when deciding to keep or trash the email, SendGrid client is long gone, And sending back an error would create backscatter. But then, just silently trash the email if it is deemed virus or similar. You could try using stream scanning and then when arriving at final decision, let client wait for some seconds before getting an scan result. >>These are a pair of tickets for Hershey Park that a family has been waiting >>on for two days: Your fault. You rejected the email with "Please retry immediately" just to mock with SendGrid. If you have the possibility to set an IP to have custom reject text, you have the possibility to whitelist that IP (and/or domain) so mail pass unaffected. >>SendGrid silently deleted them. We want your mail; If you want their mail, then accept it? Don’t reject with stupid things like "Please retry" for unknown weird reasons? ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Just how does SendGrid fail this badly?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2020-08-18 at 15:23 +0300, Atro Tossavainen via mailop wrote: > The SendGrid account sending these yesterday is 13999362. Where do you find that account number in the headers? I see some from today with "Upgrade (FINAL WARNING)" in the subject, but no indication of any sendgrid account number. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCXzwT2hUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFoigCeONxnBFkM/QJI3Mky1A9XafBR+IQA oIUMyZCHGvGEjasL9fCb22Njyfer =+kBp -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid (ugh)
Just so the group is aware, our team is looking into the Zoom traffic. We aren't sure what they are doing with that mail stream, but it doesn't look good. Both of the accounts reported by Michael have been suspended. Thanks, everyone. Luke On Thu, Jul 8, 2021 at 8:48 AM Michael Peddemors via mailop < mailop@mailop.org> wrote: > On 2021-07-08 8:20 a..m., Carl Byington via mailop wrote: > > On Thu, 2021-07-08 at 09:31 +0300, Atro Tossavainen via mailop wrote: > >> That one is Zoom.us itself. > > > >> Received: from o5.sg.zoom.us (o5.sg.zoom.us [149.72.199.144]) > > > >> Received: from o12.ptr3622.sg.zoom.us (o12.ptr3622.sg.zoom.us > >> [167.89.93.232]) > > > > Yes, the mail arrives from systems with rdns of *.sg.zoom.us, but my > > understanding is that the X-Entity-ID points to a sendgrid user. And the > > headers include stuff like: > > > > Received: by filter1889p1las1.sendgrid.net with SMTP id > > filter1889p1las1-10585-60DE6FD0-E > > 2021-07-02 01:45:52.506187482 + UTC m=+23969.518969155 > > Received: from MjEwNzk4ODQ (unknown) > > by geopod-ismtpd-3-2 (SG) with HTTP id W8YVLKQPT6CK1S2NPi9CbA > > > > Which looks like the original submission was via a sendgrid web > > interface. A reply-to address in .vn, and a subject line (google > > translate from Vietnamese) of "Why real estate can make you rich?". > > > > Just more crap that sendgrid is leaking, this time sending their > > outbound spam via zoom.us servers. > > > > > Yeah, it is almost always a compromise, but hard to believe Zoom would > not have enabled two factor authentication, or similar restrictions on > who can use their sendgrid servers, keep thinking that their is another > back door that abusers are using at SendGrid.. > > Be nice to hear from Zoom (if anyone knows a contact) on what they > discover, since SendGrid hasn't been too transparent. > > -- > "Catch the Magic of Linux..." > > Michael Peddemors, President/CEO LinuxMagic Inc. > Visit us at http://www.linuxmagic.com @linuxmagic > A Wizard IT Company - For More Info http://www.wizard.ca > "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. > > 604-682-0300 Beautiful British Columbia, Canada > > This email and any electronic data contained are confidential and intended > solely for the use of the individual or entity to which they are addressed. > Please note that any views or opinions presented in this email are solely > those of the author and are not intended to represent those of the company. > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop > ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] So, Sendgrid / Zoom, planning on actually doing anything about webinar spams?
So, hey, yeah, Sendgrid and Zoom... It's still going on even though it was 'being looked into'. Why do you not respect permanent errors when delivering? My system is rejecting the mails, so Sendgrid's systems should be marking the mails as undeliverables and removing the address or flagging the list. Today, got a new one sent directly through Zoom's systems without Sendgrid. New topic but same Vietnamese spammer. -- Return-path: Delivery-date: Wed, 20 Jul 2022 11:11:03 -0600 Received: from smtp-n11.zoom.us ([170.114.15.183]) by mail.sosdg.org with utf8esmtps (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_128_GCM:128) (Exim 4.94.2-SOSDG) id 1oEDDu-00FpyA-RT for ; Wed, 20 Jul 2022 11:11:03 -0600 Message-ID: <1658337048.bvpf1sb7ennprz1yuclh1d29a5gungkt36ai4...@smtp-n11.zoom.us> Received: from smtp-n11.zoom.us (ip-10-0-217-112.ec2.internal [170.114.15.183]) by smtp-n11.zoom.us (ESMTP) with ESMTPSA id v=2.0;clid=us02;rid=WEB_a3403e86d1c0f57ec65ad13bdde3bbb4; Wed, 20 Jul 2022 17:10:48 + Date: Wed, 20 Jul 2022 17:10:48 + From: "Robocash Vietnam" To: "xxx" Valid SPF and DKIM signature. Body has a Zoom Meeting link. You guys ever going to do something about this? On 1/8/22 8:44 PM, Brie wrote: Hi Sendgrid and Zoom, We've been over this before, multiple times... But alas, it looks like that you neither of you seem to care a single bit about your services being used to send spams that can't be unsubscribed from. Yep, I know you, Sendgrid, told me that you'd be working on it with Zoom. And, as expected, nothing ever happened and they still keep coming. Should I just give up hoping that anything will ever be done about it and blacklist Sendgrid and Zoom? Because, lets be honest here, based on what others are reporting, it looks like that I'd have an easier time trying to broker world peace AND cure cancer than it would be to get you guys to deal with abuse from your network. Yep. This message is written in anger, and I'll probably be accused of being unprofessional. But, frankly, if you (Sendgrid) or them (Zoom) ain't going to do jack shit, then don't fucking tell me you are "working on it". -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] SendGrid Abuse unresponsive
Hello, > It would also be great if SendGrid would include an abuse reporting > URL in the headers of each message, specific to that message, i.e. > that passes along all info that SendGrid would need to identify that > campaign/client. I’m not so sure about that, having in mind that the list-unsubscribe header already causes some headache on my end as some filters are checking and therefore „clicking“ all the URLs they find in body and header. Cheers, Alex ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Sendgrid and phishing
On Wed, 17 Jun 2020 14:00:35 +0100, Tim Bray via mailop wrote: >Anybody else seeing increase phishing through sendgrid? They look >fairly convincing. General spam (several per week) and phishing, especially some very nicely done "Reconfirm you Netflix payment method" at several per day. Pointing out to users reporting these that blocking Sendgrid entirely (the temptation arises) would take out the SG traffic that is highly desired (at least 70%). mdr -- "There will be more spam." -- Paul Vixie ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Just how does SendGrid fail this badly?
On Tue, 2020-08-18 at 14:34 -0700, Carl Byington via mailop wrote: > > dhl is asking folks to reject that mail, but sendgrid tries to send it > anyway. > Sendgrid doesn't seem to do any From: address authentication. They're sending email pretending to be from all kinds of random domains. I know they probably have customers that depend on being able to forge addresses, but come on guys, it's 2020, you can't do that anymore. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Fake fax spam from sendgrid
I'm getting a steady stream of spam from Sendgrid purporting to be Efax messages, with what appears to be an XLS spreadsheet attached. The return addresses are all over the place but they all come through Sendgrid, e.g., Subject: E-FAX - 963554 DNW You have a new fax! Click the attachment to view. Caller ID: +15131711332 Date Received: 2020-10-19 08:15:38 CDT Type: Attached in xls Number of pages: 1 Reference #: vsshGfjF9_87575643-34844314-98773826 [ Part 2, Application/VND.MS-EXCEL (Name: "001110952.xls") 1.4 MB. ] ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Sendgrid again...
Bulk mail, email marketing, consumer email, enterprise email. Those are all different businesses. Just because a company does one thing doesn't mean it should be doing (or be good at) the other. That's correct, but in that case what Sendgrid should do is to use a specific subdomain for abuse reports, e.g. use ab...@abuse.sendgrid.com instead of ab...@sendgrid.com, and run their own mailserver on abuse.sendgrid.com. If two other mail providers filter reports before they reach Sendgrid it defeats the purpose of an abuse contact.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Contact for Zoom webinar spam sent via Sendgrid (ugh)
Hello, Anyone here have a contact for Zoom in re of webinar spam being sent from their platform via Sendgrid owned IPs? I'm rather unhappy with the fact they're allowing people to spam with no unsubscribe or report feature. I know Sendgrid is a hot steaming pile of dog excrement these days when it comes to spam, so the lack of reporting or unsubscribe link doesn't surprise me... -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] ANNOUNCEMENT: The NEW invaluement "Service Provider DNSBLs" - 1st one for Sendgrid-spams!
ANNOUNCEMENT: The NEW invaluement "Service Provider DNSBLs" - 1st one for Sendgrid-spams! ...a collection of a new TYPE of DNSBL, with the FIRST of these having a focus on Sendgrid-sent spams. AND - there is a FREE version of this - that can be used NOW! (/well... might need a SpamAssassin rule or two! Your help appreciated!)/: INFO AND INSTRUCTIONS HERE: https://www.invaluement.com/serviceproviderdnsbl/ This provides a way to surgically block Sendgrid's WORST spammers, yet without the massive collateral damage that would happen if blocking Sendgrid domains and IP addresses. But we're NOT stopping at the phishes and viruses - and we're not finished! There will be some well-deserved economic pain, that puts the recipients' best interests at heart. Therefore, flagrant "cold email" spamming to recipients who don't even know the sender - is also being targeted - first with the absolute worst - and then progressing to other offenders as we make adjustments in the coming weeks. -- Rob McEwen https://www.invaluement.com ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Sendgrid again...
Are you sure that it was Sendgrid that blocked the message ? Looks to me as if ab...@sendgrid.com is hosted at gmail and it was *gmail* that objected to the content ... Or am I misunderstanding something ? No, of course you're right. But forwarding an abuse address that is somewhat expected to receive problematic content to a service that tries to keep such content out of their users' mailboxes doesn't really look very professional, and even if it isn't technically Sendgrid who perform the filtering this approach has the effect of putting a content filter on the abuse mailbox. Actually Sendgrid uses a double filtering: the first line of the error report you got ("The original message was received at Fri, 22 Jan 2021 05:45:50 -0800 from m0099904.ppops.net [127.0.0.1]") means that the mail has been received and processed by Proofpoint, that forwards it to Gmail. See also their MX records: $ dig +short -t mx sendgrid.com 10 mxa-0023de01.gslb.pphosted.com. 10 mxb-0023de01.gslb.pphosted.com. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Gmail inboxing help
Hi Everyone, I am wondering if someone here might have some insight into an issue I am experiencing with Gmail customers. Here are the details: 1.) When the customers click to opt-in on our form page, they are sent a confirmation via a Smartertools email. 2.) We use SendGrid to email them in the future with newsletters, tools, and other marketing information. 3.) We just aren't inboxing with Gmail. Never have, despite the customer opting in. Questions: 1.) Can anyone recommend a solution? 2.) Should we be integrating SmarterTools and SendGrid so the confirmation email comes directly from SendGrid, and thus, follow-up emails aren't from a cold, third-party sender? 3.) Should confirmation emails come from SendGrid and we drop Smartertools altogether? So grateful for any advice. Lauren <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=icon> Virus-free. www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=link> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid (ugh)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2021-07-08 at 09:31 +0300, Atro Tossavainen via mailop wrote: > That one is Zoom.us itself. > Received: from o5.sg.zoom.us (o5.sg.zoom.us [149.72.199.144]) > Received: from o12.ptr3622.sg.zoom.us (o12.ptr3622.sg.zoom.us > [167.89.93.232]) Yes, the mail arrives from systems with rdns of *.sg.zoom.us, but my understanding is that the X-Entity-ID points to a sendgrid user. And the headers include stuff like: Received: by filter1889p1las1.sendgrid.net with SMTP id filter1889p1las1-10585-60DE6FD0-E 2021-07-02 01:45:52.506187482 + UTC m=+23969.518969155 Received: from MjEwNzk4ODQ (unknown) by geopod-ismtpd-3-2 (SG) with HTTP id W8YVLKQPT6CK1S2NPi9CbA Which looks like the original submission was via a sendgrid web interface. A reply-to address in .vn, and a subject line (google translate from Vietnamese) of "Why real estate can make you rich?". Just more crap that sendgrid is leaking, this time sending their outbound spam via zoom.us servers. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYOcXoxUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsGmiACfRob62kkNRCYmCuGVToI/xg+IjSkA n0KwN05UTZa35wOzW7Pzkl4wbvr6 =+QB+ -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] SendGrid, what happens when you don't address the root problem (Indeed Phishing)
On 4/19/22 1:46 PM, Atro Tossavainen via mailop wrote: They're definitely the biggest ESP in our spamtraps, have been for more than a year solid. Yep. As most probably remember, someone from SendGrid came on the list for a while, made some noises about cleaning things up, and then disappeared. SendGrid is still a cesspit of forged mail, phishing, and B2B "harvested from LinkedIn" spam. Spam complaints result in listwashing at best. They clearly don't care, because some very basic rules would eliminate quite a bit of it (like rate-limiting and spot-checking new customers who send from addresses at domain names registered within the last 24 hours, such as "indeed-verify.com"). I'm sure someone else from SendGrid will be back on here within a year or so claiming they've just been hired to clean things up, make a few more noises for a month, and disappear again. -- Robert L Mathews ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid (ugh)
Here's the two that they all share: Return-path: Return-path: (original unmunged version sent directly to you, Luke) I've got zoom messages via sendgrid being rejected via a system filter currently, so there should be a bit of bounce messages going back at Zoom/Sendgrid, but yet they still keep coming... Shouldn't there be some sort of required unsubscribe or report link at the bottom of these? I seem to remember legitimate zoom invitations and such all have one? But it's been a while. On 7/6/21 2:33 PM, Luke wrote: If you could share the return-path of the offending message, I can have it looked at. Cheers, Luke On Tue, Jul 6, 2021 at 11:39 AM Brielle via mailop <mailto:mailop@mailop.org>> wrote: Hello, Anyone here have a contact for Zoom in re of webinar spam being sent from their platform via Sendgrid owned IPs? I'm rather unhappy with the fact they're allowing people to spam with no unsubscribe or report feature. I know Sendgrid is a hot steaming pile of dog excrement these days when it comes to spam, so the lack of reporting or unsubscribe link doesn't surprise me... -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org <http://www.sosdg.org> / http://www.ahbl.org <http://www.ahbl.org> ___ mailop mailing list mailop@mailop.org <mailto:mailop@mailop.org> https://list.mailop.org/listinfo/mailop <https://list.mailop.org/listinfo/mailop> -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Delisting request from sendgrid customer about ip used in recent phishing campaign.
On Tue, Aug 11, 2020 at 2:21 PM Michael Orlitzky via mailop < mailop@mailop.org> wrote: > In the past few months there have been several threads on mailop and > similar lists (sdlu, spamassassin-users, nanog, ...) complaining about > how SendGrid doesn't seem to do anything at all to stop the ongoing > blatant phishing campaigns from their servers. > I've received some spam from sendgrid, including another "we caught you looking at pr0n, send us btc" just today from sendgrid at my personal email address, and dutifully forwarded them with headers along to abuse@. What I've never received is any sort of follow up on those reports indicating that they were received, much less any action would be taken. Some of these messages are spam in ways that are exceptionally obvious - things like having the From: header set to the same address as the recipient, for example, or matching patterns that even a junior sysadmin's spamassassin deployment would be able to catch. We'd been using sendgrid in production for some stuff, but we're looking at changing that now because it seems like their lack of concern regarding abuse on their platform will lead to more and more deliverability issues as time goes on. It just seems like sendgrid doesn't care about abuse on their platform. As far as determining the difference between a compromised account that isn't a spammer and a spammer who simply signed up for an account, this should be relatively simple by looking at their history. Even without doing so, the action should clearly be the same: shut down the account immediately. There's no reason to let a legitimate user's compromised account continue being used illicitly, and the legitimate user can be contacted to address the issue after which time the account can be re-enabled. Matt Harris|Infrastructure Lead Engineer 816-256-5446|Direct Looking for something? Helpdesk Portal|Email Support|Billing Portal We build and deliver end-to-end IT solutions. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] mailop Digest, Vol 12, Issue 40
Hi Brielle, Can you send me a full unredacted header and I'll take a look at what's going on. I'm sorry you didn't get a response earlier to this. Thanks! -L Message: 2 > Date: Tue, 20 Jul 2021 11:35:47 -0600 > From: Brielle > To: mailop@mailop.org > Subject: Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid > (ugh) > Message-ID: <737bf486-f945-c64b-a7ef-9575e1f6d...@2mbit.com> > Content-Type: text/plain; charset=UTF-8; format=flowed > > These still seem to be coming in quite consistently... Same Zoom > sendgrid account. > > Any updates on whats going on with this, Luke? > > > > On 7/6/21 2:44 PM, Brielle via mailop wrote: > > Here's the two that they all share: > > > > Return-path: > > Return-path: > > > > (original unmunged version sent directly to you, Luke) > > > > I've got zoom messages via sendgrid being rejected via a system filter > > currently, so there should be a bit of bounce messages going back at > > Zoom/Sendgrid, but yet they still keep coming... > > > > Shouldn't there be some sort of required unsubscribe or report link at > > the bottom of these? I seem to remember legitimate zoom invitations and > > such all have one? But it's been a while. > > > > On 7/6/21 2:33 PM, Luke wrote: > >> If you could share the return-path of the offending message, I can > >> have it looked at. > >> > >> Cheers, > >> Luke > >> > >> On Tue, Jul 6, 2021 at 11:39 AM Brielle via mailop >> <mailto:mailop@mailop.org>> wrote: > >> > >> Hello, > >> > >> Anyone here have a contact for Zoom in re of webinar spam being sent > >> from their platform via Sendgrid owned IPs? > >> > >> I'm rather unhappy with the fact they're allowing people to spam > >> with no > >> unsubscribe or report feature. > >> > >> I know Sendgrid is a hot steaming pile of dog excrement these days > >> when > >> it comes to spam, so the lack of reporting or unsubscribe link > >> doesn't > >> surprise me... > >> > >> > >> > Len Shneyder > VP Industry Relations > [image: Twilio] <https://www.twilio.com/?utm_source=email_signature> > EMAIL l...@twilio.com > TWITTER @LenShneyder <https://twitter.com/LenShneyder> > ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] So, Sendgrid / Zoom, planning on actually doing anything about webinar spams?
On 09/01/2022 13:44, Brie via mailop wrote: Hi Sendgrid and Zoom, We've been over this before, multiple times... But alas, it looks like that you neither of you seem to care a single bit about your services being used to send spams that can't be unsubscribed from. Yep, I know you, Sendgrid, told me that you'd be working on it with Zoom. And, as expected, nothing ever happened and they still keep coming. Should I just give up hoping that anything will ever be done about it and blacklist Sendgrid and Zoom? Because, lets be honest here, based on what others are reporting, it looks like that I'd have an easier time trying to broker world peace AND cure cancer than it would be to get you guys to deal with abuse from your network. Yep. This message is written in anger, and I'll probably be accused of being unprofessional. But, frankly, if you (Sendgrid) or them (Zoom) ain't going to do jack shit, then don't fucking tell me you are "working on it". Actually, I think you put it rather nicely, much more polite than I would, but how long has sendgrid been around, they still cant figure out how to add the auto submitted header so their junk doesnt get all those vacation replies, so you probably got years before they do anything. Both of those slack arse companies have been blocked for 30 days here on and off a few times, no doubt they will be again because yep, their care factor = zero. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Sendgrid is giving others anti-abuse/security advice? Wow!
These questions! WOW! IS THIS FOR REAL? Don't get me wrong, I like Len Shneyder and I think he's a good person TRYING to do the right thing - but - considering what is coming FROM SendGrid in recent years, is this the right time to be giving OTHERS anti-abuse/security advice? Just... wow! I think they should instead consider trying to "lead by example". The world would certainly become a MUCH better place! https://martechseries.com/mts-insights/tech-bytes/len-shneyder-twilio-sendgrid/ -- Rob McEwen, invaluement ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Gmail blocking of good customer
It appears that Kelly Molloy via mailop said: >On Fri, Feb 24, 2023 at 7:14 PM Matt Palmer via mailop > wrote: >> That's something to talk to your ESP about. They're in charge of retrying. > >Christine *is* the ESP. She's at Shopify, but Sendgrid is the ESP. Perhaps she can confirm with Sendgrid that they're not retrying 4xx and so are losing customer mail. Given how much mail I get from Sendgrid that should not have been sent in the first place, I'm not inclined to push too hard on that point. R's, John ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] SendGrid is deleting your mail
On 2023-06-22 00:32:37, Sebastian Nielsen via mailop wrote: > Why even send retry requests to SendGrid? > Just accept the email, whats the problem? > > If your antivirus or mail scanning solution requires some time, > buffer the email at your server instead. I do understand it creates > the problem of, when deciding to keep or trash the email, SendGrid > client is long gone, And sending back an error would create > backscatter. But then, just silently trash the email if it is > deemed virus or similar. If your spam filter is perfect this can work. Otherwise, silently deleting mail is not nice for our customers, is not nice for the senders, and is illegal in some places. > You could try using stream scanning and then when arriving at final > decision, let client wait for some seconds before getting an scan > result. We already do this, and I don't see how it's relevant. The transaction can still time out, and there are lots of other reasons why we might send a 4xx. > >>These are a pair of tickets for Hershey Park that a family has been waiting > >>on for two days: > > Your fault. You rejected the email with "Please retry immediately" just to > mock with SendGrid. They were going to get a 4xx anyway. I changed the message to *help* SendGrid. > If you have the possibility to set an IP to have custom reject text, > you have the possibility to whitelist that IP (and/or domain) so > mail pass unaffected. Where do I find out what the IP/domain is? Is it in my mail logs, *after* they've deleted the message? Durr ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] SendGrid Abuse unresponsive
On Mon, May 04, 2020 at 08:49:32PM -0600, Will Boyd via mailop wrote: > Hi Kyle, > > I've located those tickets. It looks like a colleague did reply on > Wednesday to 4218173 and the reply went to Angelo. I'm not on our abuse > team but will ping them with both ticket numbers to follow up. Thanks Will for picking up. Any chance SendGrid might amend its ticket system so that there would be autoreplies when tickets are created that showed issue numbers connected with the original request, and/or that any further correspondence would similarly include anything from the initial conversation? As it stands, I receive "We resolved #78493284309284930" and I have no way to tell what #78493284309284930 was on. > > Will > > On Mon, May 4, 2020 at 8:20 PM Kyle Thorne via mailop > wrote: > > > Hi everyone, > > > > Is anyone from SendGrid on-list that can help with an abuse report that > > has gone unanswered? > > > > We have two tickets with SendGrid that have *no response: *4218173 and > > 4278230. > > > > This fraud account is phishing our users, so there's no reason SendGrid > > shouldn't be able to suspend / ban this account. > > > > Anyone available to help with this? > > [image: VentraIP Australia logo] > > > > > > *Kyle Thorne*Chief Technical Officer \\ VentraIP Australia > > > > ___ > > mailop mailing list > > mailop@mailop.org > > > > https://urldefense.com/v3/__https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop__;!!NCc8flgU!PA5pfJG6J5H3bnL4o7HBO_4WtTKIGCsdTv88PJGyiDXQYv4DLPkFQZqSPF0AXGbKgg$ > > > > > -- > [image: sendgridlogo2.png] <https://sendgrid.com/> > Will Boyd > Sr. Email Deliverability Consultant > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- Atro Tossavainen, Chairman of the Board Infinite Mho Oy, Helsinki, Finland tel. +358-44-5000 600, http://www.infinitemho.fi/ ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] SendGrid Abuse unresponsive
On Tue, May 05, 2020 at 02:15:07PM +, Andy Smith via mailop wrote: > Hello, > > On Tue, May 05, 2020 at 06:00:44AM +0300, Atro Tossavainen via mailop wrote: > > Any chance SendGrid might amend its ticket system so that there would > > be autoreplies when tickets are created that showed issue numbers > > connected with the original request > > It would also be great if SendGrid would include an abuse reporting > URL in the headers of each message, specific to that message, i.e. > that passes along all info that SendGrid would need to identify that > campaign/client. Personally, just the user ID that is in the envelope-from is fine for me. I usually have spamtrap stuff to report and I am not planning to click on any links that would reveal the receiving address. > At present the process is to just forward the mail to > abuse@sendgrid. It's great that they accept reports that way and I'm > not suggesting that change, but a lot of the time clicking on one > link is much faster and less error prone. For those who don't have a problem with the ESP listwashing on behalf of the spammy sender, sure. > implied that the recipient did not accept SpamCop reports. In fact > in that case it was that SpamCop didn't want to send reports to > Hetzner. So it is not possible to determine which side made the > decision to not allow those reports. Did I say it yet that Hetzner is worse than useless? -- Atro Tossavainen, Chairman of the Board Infinite Mho Oy, Helsinki, Finland tel. +358-44-5000 600, http://www.infinitemho.fi/ ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Sendgrid is giving others anti-abuse/security advice? Wow!
+1 :) > Le 13 févr. 2021 à 01:21, Stefano Bagnara via mailop a > écrit : > > On Thu, 11 Feb 2021 at 18:49, Rob McEwen via mailop > wrote: >> These questions! WOW! IS THIS FOR REAL? Don't get me wrong, I like Len >> Shneyder >> and I think he's a good person TRYING to do the right thing - but - >> considering what is coming >> FROM SendGrid in recent years, is this the right time to be giving OTHERS >> anti-abuse/security >> advice? Just... wow! I think they should instead consider trying to "lead by >> example". >> The world would certainly become a MUCH better place! >> https://martechseries.com/mts-insights/tech-bytes/len-shneyder-twilio-sendgrid/ > > I didn't read anti-abuse and security advices in the article. > > He's just talking about how DMARC evolved and the role of social > engineering in phishing. > > He's not even trying to let people guess Sendgrid is good at preventing > abuses. > > no "Wow" here :-) > > Stefano > > -- > Stefano Bagnara > Apache James/jDKIM/jSPF > VOXmail/Mosaico.io/VoidLabs > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] mailop Digest, Vol 12, Issue 40
On Tue, Jul 20, 2021 at 01:09:16PM -0700, Len Shneyder via mailop wrote: > Hi Brielle, > > Can you send me a full unredacted header and I'll take a look at what's > going on. I'm sorry you didn't get a response earlier to this. I know I'm not Brielle but I'd like to confirm that Zoom is sending quite a bit to our spamtraps too. Unredacted headers are not forthcoming as we're not interested in revealing spamtraps. I should also say that I find it offensive for SendGrid support employees to ask for the same in support responses, which seems to be the new normal these days. An ESP does not need to know who was spammed in order to take a look into the matter. You do need to know which one of your customers is being discussed, and that information I have no problem handing out. The overwhelmingly most common X-Entity-ID in .zoom.us emissions from SendGrid is X-Entity-ID: 7mxhBNMkQ9yfwz0A5+NG7Q== for which the corresponding user ID number is Return-Path: https://www.mail-archive.com/mailop@mailop.org/msg10376.html but have to keep coming back to the topic. I conclude it's not because ZenDesk doesn't support doing that. I have ideas about what else it could be, but I would love it if I was wrong on all of them. > > Thanks! > -L > > > > Message: 2 > > Date: Tue, 20 Jul 2021 11:35:47 -0600 > > From: Brielle > > To: mailop@mailop.org > > Subject: Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid > > (ugh) > > Message-ID: <737bf486-f945-c64b-a7ef-9575e1f6d...@2mbit.com> > > Content-Type: text/plain; charset=UTF-8; format=flowed > > > > These still seem to be coming in quite consistently... Same Zoom > > sendgrid account. > > > > Any updates on whats going on with this, Luke? > > > > > > > > On 7/6/21 2:44 PM, Brielle via mailop wrote: > > > Here's the two that they all share: > > > > > > Return-path: > > > Return-path: > > > > > > (original unmunged version sent directly to you, Luke) > > > > > > I've got zoom messages via sendgrid being rejected via a system filter > > > currently, so there should be a bit of bounce messages going back at > > > Zoom/Sendgrid, but yet they still keep coming... > > > > > > Shouldn't there be some sort of required unsubscribe or report link at > > > the bottom of these? I seem to remember legitimate zoom invitations and > > > such all have one? But it's been a while. > > > > > > On 7/6/21 2:33 PM, Luke wrote: > > >> If you could share the return-path of the offending message, I can > > >> have it looked at. > > >> > > >> Cheers, > > >> Luke > > >> > > >> On Tue, Jul 6, 2021 at 11:39 AM Brielle via mailop > >> <mailto:mailop@mailop.org>> wrote: > > >> > > >> Hello, > > >> > > >> Anyone here have a contact for Zoom in re of webinar spam being sent > > >> from their platform via Sendgrid owned IPs? > > >> > > >> I'm rather unhappy with the fact they're allowing people to spam > > >> with no > > >> unsubscribe or report feature. > > >> > > >> I know Sendgrid is a hot steaming pile of dog excrement these days > > >> when > > >> it comes to spam, so the lack of reporting or unsubscribe link > > >> doesn't > > >> surprise me... > > >> > > >> > > >> > > Len Shneyder > > VP Industry Relations > > [image: Twilio] <https://www.twilio.com/?utm_source=email_signature> > > EMAIL l...@twilio.com > > TWITTER @LenShneyder <https://twitter.com/LenShneyder> > > > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop -- Atro Tossavainen, Chairman of the Board Infinite Mho Oy, Helsinki, Finland tel. +358-44-5000 600, http://www.infinitemho.fi/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] SendGrid is deleting your mail
On Sat, 2023-06-24 at 08:42 +, Andy Smith via mailop wrote: > > In the specific case at hand it seems that the OP is greylisting > SendGrid for being on some sort of blocklist, and the specific > mention of "blacklist" in the 4xx response is hitting a SendGrid > heuristic that says "don't bother to retry these", so messages are > actually being lost. I think it has implications beyond greylisting. > We're not greylisting them for being on a blacklist, they'd just get rejected in that case. The blacklist text is there for the people who get a 5xx reject. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Sendgrid abuse forwarding to Google - not one of your brightest ideas
On 3/22/23 01:35, Hans-Martin Mosner via mailop wrote: I tried to report a phishing spam to Sendgrid, and look what I got: - The following addresses had permanent fatal errors - (reason: 552-5.7.0 This message was blocked because its content presents a potential) - Transcript of session follows - ... while talking to aspmx.l.google.com.: With the amount of spam coming from Sendgrid, do you think they even look at the ones that get through? -- Jay Hennigan - j...@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Sendgrid again...
On 1/22/21 10:51 AM, Gregory Heytings via mailop wrote: That's correct, but in that case what Sendgrid should do is to use a specific subdomain for abuse reports, e.g. use ab...@abuse.sendgrid.com instead of ab...@sendgrid.com, and run their own mailserver on abuse.sendgrid.com. If two other mail providers filter reports before they reach Sendgrid it defeats the purpose of an abuse contact. Drive by comment: 1) What about standardizing on something like (@)unfiltered.example.net, and 2) Configuring @example.net with an auto-responder (very early in the stack) stating to use #1. -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Mystery SPF softfail at gmail.
Hey team, I've got an interesting SPF softfail occurring for one of our senders. This softfail is readily repeatable and seems to be isolated to this single sender. All necessary records are in place, and their mail passes SPF at all major inbox providers other than gmail. Last resort seems to be a DNS lookup failure on Gmail's side. Can anyone see if I'm missing something silly? Thanks for your time! Below is a full header: > Delivered-To: luke.marti...@sendgrid.com > Received: by 10.37.10.5 with SMTP id 5csp545399ybk; > Tue, 17 Nov 2015 06:47:00 -0800 (PST) > X-Received: by 10.107.10.233 with SMTP id > 102mr38147900iok.31.1447771620037; > Tue, 17 Nov 2015 06:47:00 -0800 (PST) > Return-Path: sendgrid@email.domain.com> > Received: from o1.mail_sg1.DOMAIN.com (o1.mail_sg1.DOMAIN.com. > [167.89.67.186]) > by mx.google.com with ESMTPS id > f11si24972237ioj.131.2015.11.17.06.46.59 > for > (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); > Tue, 17 Nov 2015 06:46:59 -0800 (PST) > Received-SPF: softfail (google.com: best guess record for domain of > transitioning bounces+2035510-7255-luke.martinez= > sendgrid@email.domain.com does not designate 167.89.67.186 as > permitted sender) client-ip=167.89.67.186; > Authentication-Results: mx.google.com; >spf=softfail (google.com: best guess record for domain of > transitioning bounces+2035510-7255-luke.martinez= > sendgrid@email.domain.com does not designate 167.89.67.186 as > permitted sender) smtp.mailfrom=bounces+2035510-7255-luke.martinez= > sendgrid@email.domain.com; >dkim=pass header.i=@DOMAIN.com; >dmarc=pass (p=NONE dis=NONE) header.from=DOMAIN.com > DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=DOMAIN.com; > h=content-type:from:mime-version:subject:to; s=m1; > bh=9pEwAB7wqoG5R88T7P/hW0cn0vg=; b=nU5wIVQOhrCw9obvdFNePBXYVtVRZ > w4ZRkebUzg+gPmeOPPPVY97NnYUJvg0wSX4nxgoBZCeORxpfQgPGlurZbL4cbNDH > kVZJ85hrHCCNxe2mgqSj6WPES1BppblBwLeeCi3I4/YVMrZInckQ+EoBX/JtV+H8 > f1E8xty32c/sSQ= > Received: by filter0494p1mdw1.sendgrid.net with SMTP id > filter0494p1mdw1.32759.564B3DCA2A > 2015-11-17 14:46:34.302768619 + UTC > Received: from MjAzNTUxMA (o16789125x222.outbound-mail.sendgrid.net > [167.89.125.222]) > by ismtpd0006p1iad1.sendgrid.net (SG) with HTTP id > Qc2SQ2SmT1GH_bTla6DiMg > for ; Tue, 17 Nov 2015 14:46:34.248 + > (UTC) > Content-Type: multipart/alternative; > boundary=3a3da2a7878431dd1b945889881ae3216018141f8c0222fd3cf0d5daa3b3 -- Luke Martinez SendGrid Deliverability Consultant 520.400.5693 ___ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
Re: [mailop] SendGrid Abuse unresponsive
The very first reply to this thread was from a SendGrid representative. They generally respond pretty quickly any time they are mentioned here. Luke On Mon, May 11, 2020 at 11:24 AM Brielle via mailop wrote: > On 5/11/2020 11:45 AM, Matt V via mailop wrote: > > On 2020-05-05 11:09 p.m., Andy Smith via mailop wrote: > > > > I've been told by at least one Sendgrid person that they have requested > > membership to the list and are awaiting administrator approvals... > > > > > > Better late than never I guess... > > -- > Brielle Bruns > The Summit Open Source Development Group > http://www.sosdg.org/ http://www.ahbl.org > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Sendgrid and phishing
On Wed, 2020-06-17 at 08:55 -0500, Michael Rathbun via mailop wrote: > On Wed, 17 Jun 2020 14:00:35 +0100, Tim Bray via mailop w > rote: > > Anybody else seeing increase phishing through sendgrid? They look fairly > > convincing. > > General spam (several per week) and phishing, especially some very nicely > done"Reconfirm you Netflix payment method" at several per day. > Pointing out to users reporting these that blocking Sendgrid entirely > (thetemptation arises) would take out the SG traffic that is highly desired > (atleast 70%). Yeah. Tempting though. I got a dozen phishes literally From: supp...@amazon.com from them a few weeks ago. Just zero attempt to authenticate senders it seems. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Sendgrid again...
Am 22.01.21 um 15:22 schrieb Andrew C Aitchison via mailop: > > Are you sure that it was Sendgrid that blocked the message ? > Looks to me as if ab...@sendgrid.com is hosted at gmail and > it was *gmail* that objected to the content ... > > Or am I misunderstanding something ? No, of course you're right. But forwarding an abuse address that is somewhat expected to receive problematic content to a service that tries to keep such content out of their users' mailboxes doesn't really look very professional, and even if it isn't technically Sendgrid who perform the filtering this approach has the effect of putting a content filter on the abuse mailbox. Cheers, Hans-Martin ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] [OFFLIST] Re: Delisting request from sendgrid customer about ip used in recent phishing campaign.
Hi Len, We have been extremely busy over here, so I haven't had a chance to circle back around, but for the record, volumes are still excessive, and our team is detected malicious, easily identifiable spam on a regular basis.. Received: from o2.hv1nn.shared.sendgrid.net (HELO o2.hv1nn.shared.sendgrid.net) (167.89.100.17) From: "Mail Server" X-SG-EID: vCX7tmYXiV6kNiEMv3qHLBZRLdYJGTdPfZ+ASpLC2jlG9kE530AO6U3R7PsFrIheAMiGeiDLpIrmnS RtlTY9CPxuYA7jT9E8Ee9Z81oSV3MmJC7ZUECs1XZlAETd6NeSOstLUJ7UQ4jo2Ys24TNjIMqW8x/S 5g6P+GvuzeFiLbRUsQ/krrt44O8WIQGsu5Nn5EjdhrjVbxRlhfjWywOToii0B5jLVHVGPl61bljt1M U= Do you want to circle around to talking about how we can create automated reports of these for your company? On 2020-08-11 9:22 a.m., Len Shneyder via mailop wrote: Hello Benoit and Hokan, Thanks for pointing this out and I'm sorry you're still seeing what sounds like a high volume of phish. I've asked our fraud ops team to investigate this. In the future if you could send suspicious emails to ab...@sendgrid.com <mailto:ab...@sendgrid.com> we will get this handled. Feel free to CC me when you do this to make sure these are handled quickly. We've instituted some self-limiting features on our front door that should've decreased the overall volume of abuse. This is a stop gap measure as we roll out some other countermeasures in the next few weeks. Could you let me know if you have seen a perceptible drop in volume and velocity between June and July when this was rolled out? Again, I want to assure you that there is a massive effort happening here to address the problems you are seeing. I'm happy to meet off list and discuss this further and help you understand what we're working on if that would be helpful. Again, thank you for your patience and please don't hesitate to contact me when you see any of these issues arise. Best, -L Len Shneyder VP Industry Relations Twilio <https://www.twilio.com/?utm_source=email_signature> EMAIL l...@twilio.com <mailto:l...@twilio.com> TWITTER @LenShneyder <https://twitter.com/LenShneyder> Message: 6 Date: Tue, 11 Aug 2020 16:53:46 +0200 From: Benoit Panizzon <mailto:benoit.paniz...@imp.ch>> To: mailop@mailop.org <mailto:mailop@mailop.org> Subject: [mailop] Delisting request from sendgrid customer about ip used in recent phishing campaign. Message-ID: <20200811165346.4e775...@go.imp.ch <mailto:20200811165346.4e775...@go.imp.ch>> Content-Type: text/plain; charset=UTF-8 Hi List o1678912x138.outbound-mail.sendgrid.net <http://o1678912x138.outbound-mail.sendgrid.net/> [167.89.12.138] and IP under control of sendgrid was repeatedly involved in phishing and other spam since June. It ended up being blacklisted @ SWINOG. Now a sendgrid customers complains to us, that his emails are being rejected because of this listing. But that makes me wonder: Doesn't sendgrid deal with such issues like asking for delisting after blocking the sender itself and re-uses recently (last phish received on 14. July) 'abused' ip addresses for other customers? Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web https://urldefense.com/v3/__http://www.imp.ch__;!!NCc8flgU!Jyb1oWP7APkgX0rrc5NFacUfW0Yu4XeA1B6Dcl0IJWNPlcXIUaIq9196yCI$ __ -- Message: 7 Date: Tue, 11 Aug 2020 10:20:47 -0500 From: Hokan mailto:ho...@me.umn.edu>> To: mailop@mailop.org <mailto:mailop@mailop.org> Subject: Re: [mailop] Delisting request from sendgrid customer about ip used in recent phishing campaign. Message-ID: <20200811152047.ga7...@me.umn.edu <mailto:20200811152047.ga7...@me.umn.edu>> Content-Type: text/plain; charset=iso-8859-1 I've instituted short-term blocks of Sendgrid mail several times this year and started another today because it looks like as much as a third of the mail they've sent us in the past week has been evil -- mostly phishing. This is a problem for me because some of the mail Sendgrid sends is wanted by my users. I'm thinking about just accepting it all and filing it into user spam folders. I see that the IP you mention, Benoit, is currently listed on the SBL and Spamcop. On Tue, Aug 11, 2020 at 04:53:46PM +0200, Benoit Panizzon via mailop wrote: Hi List o1678912x138.outbound-mail.sendgrid.net <http://o1678912x138.outbound-mail.sendgrid.net/> [167.89.12.138] and IP under control of sendgrid was repeatedly involved in phishing and other spam since June. It ended up being blacklisted @ SWINOG. Now a sendgrid customers complains to us, that
Re: [mailop] Gmail marking email from me as spam
Dnia 7.10.2019 o godz. 10:43:14 Scott Techlist via mailop pisze: > > What about relaying outbound mail via services like Sendgrid? Not sure it > that will make it better, or worse since they send marketing stuff. And > Google probably looking at the source server headers anyway. Myself I hate Sendgrid, as their sending servers behave in a way that's incompatible with greylisting. I use greylisting on my server and I have to constantly add domains that use Sendgrid to exceptions list, otherwise I can't receive mail from them. The issue is, when a message is greylisted, the greylisting daemon expects that the sending server will retry after a few minutes *from the same IP address*. What Sendgrid does, they retry *immediately* and *from a completely different IP address*, which only causes another entry in the greylisting database to be initiated. After a few such unsuccessful attempts they give up on delivering mail, so it never reaches me as the recipient. Some time ago I tried to contact them about the issue, but it seems that they even don't understand it at all... -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Just how does SendGrid fail this badly?
On 2020-08-20 at 09:35 +0200, Hans-Martin Mosner via mailop wrote: > Am 20.08.20 um 09:10 schrieb Benoit Panizzon via mailop: > > > > Return-Path: > > > > Does the c581 part also belong to the account id? > No, it's a short hash to verify that bounces were indeed caused by > mails actually sent from sendgrid. For example, > and +6019856-0d96-@sg.e.doodle.com> are doodle notifications > sent to two different mail addresses. I don't know whether the time > also takes part in the hash computation (as in SRS). I see the same later part when the destination is the same recipient, hours and even months later, so the time isn't computed there. I thought that it might be an index of the "subscriber" into the customer list. The same account, spammed by different sendgrid accounts, has different suffixes, but that's not surprising. I don't get much sendgrid spam when compared with other people, but today it was quite prolific: 17045745 - "you have been gifted $5 MILLION USD From Mr. Bill Gates" + "CONGRATULATION TO YOU" (20 Italian billionaries donating money) 9364509 - "To prevent your email from closing, please verify your account details below" 13001617 - This is a plain-spam account. Today it was for recharge-mobile.co spam, which mixes with a shop of earrings, bracelets, etc. Best regards ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] [External] sendgrid.net
> I've been very saddened. Sendgrid was a reputable ESP that has fallen > from grace. About 6-7 months ago, we started seeing pretty large > amounts of spam from them. Exactly - this tracks with the timeline when a) they ceased being certified by us, b) certain key people who *had* been involved with making sure that SendGrid did the right thing left, and then c) they were acquired by Twilio. Acquisitions of reputable players in the email space generally lead to a decline in how white hat they are, because of course the acquirers are almost always only (or at least primarily) interested in a return on their $ investment (witness Habeas). > I've personally tried reaching out to Twilio / Sendgrid leadership to alert > them to the issue. I did as well, and was assured that they have a unit whose task it is to ensure all Sendgrid/Twilio communications are "wanted, secure and legal." Sigh. Anne -- Anne P. Mitchell, Attorney at Law CEO, SuretyMail Email Reputation Certification Dean of Cyberlaw & Cybersecurity, Lincoln Law School Advisor, Governor's Innovation Response Team Task Force Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Board of Directors, Denver Internet Exchange Chair Emeritus, Asilomar Microcomputer Workshop Former Counsel: Mail Abuse Prevention System (MAPS) ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] I understand less and less why I accept any mail at all from Sendgrid
On 2022-08-15 17:42, Stuart Henderson via mailop wrote: yes yes, but the point is that Twilio SendGrid are allowing their services to be used by whoever is sending this. With a website saying things like "We take trust and security seriously" and "With the industry’s largest team of delivery experts monitoring your sender reputation" they don't pick up on this? hehehe.. had a SendGrid user complain that they had to report the shared IP on one of our reputation lists after a couple days, since SendGrid didn't bother removing it.. Always wonder how they don't notice when they are listed? Are they just listed at too many places to deal with? hehehe -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Gmail blocking of good customer
Matt Palmer via mailop skrev den 2023-02-25 01:01: [Fixed TOFU] On Fri, Feb 24, 2023 at 03:57:00PM -0500, Christine Borgia via mailop wrote: On Fri, Feb 24, 2023 at 1:09 PM Benny Pedersen via mailop wrote: > Christine Borgia via mailop skrev den 2023-02-24 17:17: > > >>> 421 4.7.0 [149.72.90.158 15] Our system has detected that this > > > If someone could reach out to me, I'd greatly appreciate it. I'm not > > sure what to advise this customer except to say that email may not > > work for their business model. > > note 421 4.7.0 ? > > this is softfails not hardfails, so mail in queue will try next 5 days > to deliver it, if that expire it would be returned to sender It is transient, but they are blocks and are not retried. Weird, right? That's something to talk to your ESP about. They're in charge of retrying. in this case esp is sendgrid, with will not as i see it accept msg if google tempfails it ? :=) in postfix its proxy content filter, that is not the problem of tempfails for the sender to sendgrid, same will happend if i stop fuglu here or it could simple be sendgrid validate recipients but never succed with it on google ? time to wake up for sendgrid :) ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] SendGrid Abuse unresponsive
I'm seeing a very significant drop off of sendgrid-originated spam. Couple of minor phish/419 in the past 24 hours. Anybody else? ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Just how does SendGrid fail this badly?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2020-08-18 at 12:03 +, Andy Smith via mailop wrote: > From: "chiark.greenend.org.uk" So sendgrid account 15204622 was sending mail as: Received: from dhl.com (unknown) by ismtpd0005p1lon1.sendgrid.net (SG) with ESMTP id 0c6xV8agQF6yK8GOsXvJLw for <$munged>; Tue, 18 Aug 2020 05:18:02.219 + (UTC) From: DHL Subject: Shipment for $munged They allow outbound mail with a from: header in dlh.com, even though: dig _dmarc.dhl.com txt +short reject.valimail.dmarc.dhl.com. "v=DMARC1; p=reject; fo=0; rua=mailto:dmarc- repo...@dhl.com,mailto:dmarc_agg@vali.email;"; dhl is asking folks to reject that mail, but sendgrid tries to send it anyway. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCXzxJQxUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsF+zwCeIBJRw3/ZgyaPCN/kJlrI/GwJUQAA n1iFbtwcnyTT5DMfm6iD6GDY78BM =LLN0 -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Gosh, I love sendgrid
On Mon, Dec 21, 2020 at 9:53 PM Rob McEwen via mailop wrote: > > The moment "spam" gets away from "consent" and goes into "content" > (specifically *legal* content) - there are enormous problems - because > it then becomes one person's often very subjective opinion - against > another' subjective opinion - about the content. So I 100% strongly > disagree with this opinion that Sendgrid should be the political > "thought police" for LEGAL content that is sent from their platform. I've never understood this line of thinking. Sendgrid is not the government. It's a company. If you disagree with whatever choices they make about how they run their company, you can go somewhere else. Mark (whose service most definitely does not allow some types of legal content) ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Seeing broken Content-Type headers from sendgrid
Hello Tobi, Your friendly sendgrid community member here. Could you send me headers off list? Would love to see what you are experiencing. Thanks for your help. Ryan On Mon, Apr 29, 2019, 6:02 AM Tobi via mailop wrote: > We're currently seeing quite a bunch of messages from > no-re...@sendgrid.net which contain broken Content-Type headers like > > > Content-Type: multipart/report; report-type=delivery-status; > > Date: Mon, 29 Apr 2019 10:09:15 UTC > > boundary="2821519d3987dfb8" > > Content-Transfer-Encoding: binary > > boundary belongs to Content-Type. > This will cause problems with any message parsing application that > expects proper mime structure. > > Anyone else seeing such broken headers from sendgrid? > > -- > tobi > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] [External] Re: SendGrid Abuse unresponsive
On 5/5/2020 5:50 PM, Carl Byington via mailop wrote: > On Tue, 2020-05-05 at 07:48 -0700, Michael Peddemors via mailop wrote: > > This is a little too obvious, and while historically SendGrid ran a > > tight ship, and got a little lee way from spam auditors.. it's getting > > very bad, and going on for too long.. risking loosing any preferential > > treatment.. > > It is bad enough that our local spamassassin rules add 5 points if the > message is dkim signed by sendgrid.net. > We have rules for sendgrid as well in KAM.cf due to the prevalence for abuse. If you are using Apache SpamAssassin and the KAM.cf ruleset (https://mcgrail.com/downloads/KAM.cf), I'd love to see spamples that get through. Regards, KAM ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] SendGrid Abuse unresponsive
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2020-05-05 at 15:06 -0700, Jay Hennigan via mailop wrote: > On 5/5/20 14:30, Blake Hudson via mailop wrote: > > Been getting a variety of Amex scams for several weeks via SendGrid. > > Wish they had a better reporting mechanism. > The reporting mechanism is fine. There just isn't anyone who cares on > the other end of it. It also seems that there is NO outbound spam filtering at all. Consider this one, a standard lottery commission spam: Subject: Claim Winning Now! From: Elizabeth Date: Sun, 10 May 2020 18:42:30 + (UTC) Reply-To: mallettte...@yahoo.com Really sendgrid - you allow a From: header of xx@yy ?? -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAl64WAYACgkQL6j7milTFsG+OgCcDLWxhx92xN9Uuc/Nxg0Y344S ufoAn3Z+togXTmc3S2tyAgvIwu1CJbZE =qP1n -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Just how does SendGrid fail this badly?
It's in the envelope sender, which your mail system probably doesn't preserve when it stores mail. Traditional mbox format has it in the 'From ' line. Cheers, Hans-Martin Am 18. August 2020 20:03:46 schrieb Carl Byington via mailop : -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2020-08-18 at 15:23 +0300, Atro Tossavainen via mailop wrote: The SendGrid account sending these yesterday is 13999362. Where do you find that account number in the headers? I see some from today with "Upgrade (FINAL WARNING)" in the subject, but no indication of any sendgrid account number. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCXzwT2hUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFoigCeONxnBFkM/QJI3Mky1A9XafBR+IQA oIUMyZCHGvGEjasL9fCb22Njyfer =+kBp -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Gosh, I love sendgrid
On 12/21/20 18:55, John Levine via mailop wrote: Also, while the Skokie march was phenomenally offensive, at that time there was no issue of physical harm or injury from the march. But now, when antivax nonsense persuades people who would otherwise get vaccinated that they shouldn't, they or people they infect may die. And, it's spam. Regardless of the offensiveness or danger of the conTent, there was no conSent. The politest term I have for Sendgrid's actions here is deeply irresponsible. Agreed, but not solely because of the content of the message. It, like much of what comes from Sendgrid, is bulk unsolicited email. Sendgrid are spammers. It doesn't matter whether they spam encouraging or discouraging COVID vaccination, it's still spam. -- Jay Hennigan - j...@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Sendgrid again...
On 1/22/21 06:38, Hans-Martin Mosner via mailop wrote: But forwarding an abuse address that is somewhat expected to receive problematic content to a service that tries to keep such content out of their users' mailboxes doesn't really look very professional, and even if it isn't technically Sendgrid who perform the filtering this approach has the effect of putting a content filter on the abuse mailbox. You're assuming that Sendgrid actually cares about or reads abuse complaints in the first place. The spam is a steady flow, nothing new. In Sendgrid's case, filtering abuse complaints through Google may well be by design. They just as well could have used Mailinator considering the amount of attention they give complaints of abuse. -- Jay Hennigan - j...@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Sendgrid is giving others anti-abuse/security advice? Wow!
On 12/02/2021 04:26, Stefano Bagnara via mailop wrote: On Thu, 11 Feb 2021 at 18:49, Rob McEwen via mailop He's not even trying to let people guess Sendgrid is good at preventing abuses. Why would he? because they are not good at it, sendgrid are blocked here, have been for w months -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid (ugh)
If you could share the return-path of the offending message, I can have it looked at. Cheers, Luke On Tue, Jul 6, 2021 at 11:39 AM Brielle via mailop wrote: > Hello, > > Anyone here have a contact for Zoom in re of webinar spam being sent > from their platform via Sendgrid owned IPs? > > I'm rather unhappy with the fact they're allowing people to spam with no > unsubscribe or report feature. > > I know Sendgrid is a hot steaming pile of dog excrement these days when > it comes to spam, so the lack of reporting or unsubscribe link doesn't > surprise me... > > > > -- > Brielle Bruns > The Summit Open Source Development Group > http://www.sosdg.org/ http://www.ahbl.org > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop > ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] SendGrid Abuse unresponsive
On Thu, May 21, 2020 at 09:29:02AM -0400, Chris via mailop wrote: > Atro, what was Y axis? Individual emails? 10's? 100's? More than that. Still only a drop in the ocean when it comes to an ESP that sends billions a day, of course. We are no Microsoft or Google. > And you just seemed to say that it was all sendgrid, not taking into > account whether it was spam or not. Correct? Any mail received at our spamtraps, of whose composition you might have a fairly decent idea, identified as being sent by SendGrid. As I said and you quoted it back at me, >> So, it bears to be remembered that the graph I shared is of the total >> number of mail detected as SendGrid only, with absolutely no comment >> on which customers it was or whether the mail was legit ESP customer >> mail or in any manner any stuff that an ESP would normally not expect >> to be sending in the first place. So, as to whether it was spam or not: you have to indicate your definition of spam first, and then it becomes possible to at least attempt to have that conversation with respect to this data. -- Atro Tossavainen, Founder, Partner Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635) Tallinn, Estonia tel. +372-5883-4269, http://www.koliloks.eu/ ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] [External] sendgrid.net
On 9/25/20 11:50, Anne P. Mitchell, Esq. via mailop wrote: I've been very saddened. Sendgrid was a reputable ESP that has fallen from grace. About 6-7 months ago, we started seeing pretty large amounts of spam from them. Exactly - this tracks with the timeline when a) they ceased being certified by us, b) certain key people who *had* been involved with making sure that SendGrid did the right thing left, and then c) they were acquired by Twilio. Acquisitions of reputable players in the email space generally lead to a decline in how white hat they are, because of course the acquirers are almost always only (or at least primarily) interested in a return on their $ investment (witness Habeas). If, after months of abuse, receivers continue to take the attitude that the relatively small amount of wanted mail coming from Sendgrid is an obstacle to a complete block, we are simply acting as enablers and there is no incentive for them to get a handle on the problem. IMHO, Sendgrid doesn't consider it to be a problem, they consider it to be a feature. As long as the spammers' and phishers' checks don't bounce they're happy to accommodate them. As long as the rest of the Internet continues to take their abuse, they will continue to dish it out. -- Jay Hennigan - j...@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop