But now it is Sendgrid tomorrow it is some other company, fact is were stuck with this trend of spammers outsourcing their spam trying to mix it with legitimate email.
Legitimate clients are not aware of this and use these companies because of whatever ill advised reason. I am thinking about documenting this behaviour on 'my' hosting pages so people can read and be aware of this. I think if everyone does this, legitimate clients will stay away from these businesses. And if they stay away from these businesses, it is for 'smaller' providers easier to manage (eg. blanket block the whole owned range) -----Original Message----- To: users@spamassassin.apache.org Subject: Re: blacklisting the likes of sendgrid, mailgun, mailchimp etc. > https://krebsonsecurity.com/2020/08/sendgrid-under-siege-from-hacked-a > ccounts/ > also sheds light on the issue too. <shrug>. SendGrid knows (or should konw) that it has compromised accounts. It could find out what some of them are for free by downloading Rob's list of 25 or so compromised accounts. It could find out what some of the other 400 are for $15 each, and could find out what some of the major offenders are for $400 each. Let's see, 400 compromised accounts times $400 is $16,000 dollars. SendGrid or Twillio can't afford a $16,000 cash outlay to find the account names of the major compromised accounts? Their head of security probably gets that much a month in salary and bonuses. It would be a trivial expense. So what could they do once they knew which acocunts are compromised? Are they helpless, and can only wring their hands and issue press releases saying They Have A Plan? No. They can SHUT THE DAMN ACCOUNTS DOWN. Issue refunds to the owners if they feel generous. Tell the owners to open new accounts with 2FA. But they won't do this, because they get their money from sending spam. Loren
