Kevin A. McGrail wrote:
And that rule is probably designed to hit legitimate sendgrid emails.
They have become a hacker and spammer haven over the last year and a
half approximately.
Damned straight. I'd say more like 2.5 years, maybe 1.5 pre-pandemic years.
SendGrid -> novel (at thie time) Positive Delivery company.
SendGrid -> API opens up for quazi-spam/newsletter delivery..
SendGrid -> adds support for smaller ISPs and their infected customers.
For my part, I made some changes to my rules in CHAOS to differentiate
between the occurrence of a SendGrid header versus encapsulated SendGrid
headers like you'll get when larger mail systems populate the References
header for forwarding. Respectively, the rules set are JR_SGRID_DIRECT
and JR_SGRID_FWD. At least that seems to be a little more effective for
Comcast and BellSouth mail systems.
You just haven't lived until you've seen endless mailserver rejects
issued to SendGrid and SendGrid Partners who are sending you Aaron
Smith Sextortions or Emotet variants. If I'm a hostile, nation-state
actor, I probably already have an account with SendGrid.
Nobody should be using SendGrid; NEVER, EVER. One thing is certain, if
this matter is NOT addressed by the mail admins on this list, it WILL BE
addressed by the US Department of Commerce.
What started out as an interesting project has become a National
Security risk.
-- Jared Hall