Re: Freshdesk (again)

[@lbutlr]

On 17 Aug 2020, at 11:25, Philip Prindeville 
 wrote:
> I’ve been calling out phishing from the same (IP) address for 10 days without 
> any apparent (observable) action from Sendgrid.

Not a shock; they simply do not care.

> At this point I’m wondering if they have compromised relays.

It seems to me like everything is working by design.

-- 
According to the philosopher Ly Tin Weedle, chaos is found in
greatest abundance wherever order is being sought. It always
defeats order, because it is better organized.

Re: SendGrid (Was: Re: Freshdesk (again))

[Philip Prindeville]

I just add an extra 5.0 points for coming from Sendgrid now so it goes straight 
to the Junk folder.

Users can pull it out of there if they really want it.

Sendgrid is becoming to ASP’s what OVH and Softlayer are to ISP's.


> On Jun 27, 2020, at 3:56 AM, Niels Kobschätzki  wrote:
> 
> Sendgrid is such an origin for spam- and phishing-mails with certain terms 
> that I added extra meta-rules. From sendgrid and somewhere in the body is the 
> term “Amazon”? Here are your 10 points. 
> 
> Best,
> 
> Niels
> 
>> On 27. Jun 2020, at 11:32, Marc Roos  wrote:
>> 
>> 
>> 
>> I am going to make for companies like maildrop and sendgrid a hard block 
>> with reference to a page where someone can ask to be whitelisted with 
>> only an email address. In this procedure clearly stating the reason of 
>> the net block of these companies. If lots of sendgrid users are 
>> confronted with this, they will move to a better service. 
>> I can remember this fresh desk mail. I did not know where it came from. 
>> But now I know, I will complain a few million times.
>> 
>> 
>> 
>> 
>> -Original Message-
>> To: users@spamassassin.apache.org
>> Subject: SendGrid (Was: Re: Freshdesk (again))
>> 
>> Hello,
>> 
>>> On Fri, Jun 26, 2020 at 07:32:09PM -0600, Grant Taylor wrote:
>>> I've got to say, between NANOG, SDLU, and SpamAssassin, I see a LOT of 
>> 
>>> complaints about Sendgrid.
>> 
>> Also mailop. Have personally received phishing mails through SendGrid in 
>> the last 2 weeks in the name of citrix.com, microsoft.com and 
>> netflix.com. The Citrix one was to a hostmaster@ address. It's hard to 
>> comprehend how SendGrid could be doing a worse job of this, for so many 
>> months now.
>> 
>> Yet their list of legit clients is large, so they remain unblockable for 
>> me. I just wish those clients knew how little SendGrid would do to 
>> prevent their other customers sending out phishing emails in their name.
>> 
>> Cheers,
>> Andy
>> 
>> 
> 

Re: Freshdesk (again)

[Philip Prindeville]

> On Jul 7, 2020, at 3:16 AM, Raymond Dijkxhoorn  
> wrote:
> 
> Hai!
> 
 it might help to add your complaint via ab...@sendgrid.com.
> 
>>> I very much doubt it. Sendgrid's business is sending mail and they do not 
>>> care if that mail is spam or not. If enough servers block them they will go 
>>> away.
>> 
>> They do, however, apparently care about phishing - they did disable the 
>> sendgrid redirect that some phisher has been spamming at me for the last 
>> three weeks.
> 
> They definately do. I report to them and they do take them down pretty 
> quickly.
> 
> Inside SURBL we do list the abused CT links. Unfortunately SA doesnt make use 
> of the wildcarded list that SURBL delivers for a long time now.
> 
> So if you want to use it add:
> 
> util_rb_3tldct.sendgrid.net
> 
> Inside your loca.cf
> 
> And while you are at it also add:
> 
> util_rb_2tldpage.link
> 
> Bye, Raymond


Hmmm… not my experience.

I’ve been calling out phishing from the same (IP) address for 10 days without 
any apparent (observable) action from Sendgrid.

At this point I’m wondering if they have compromised relays.

-Philip