Re: More Sendgrid trouble?

Kris Deugau Thu, 29 Sep 2022 07:41:49 -0700

(Please keep followups onlist)

Greg Troxel wrote:


Kris Deugau <kdeu...@vianet.ca> writes:

Is anyone else seeing intermittent FNs on mail sent through Sendgrid
where the nominal sender has a default welcomelist_* entry?

Today's spample is a Mcafee scam email, pretty clearly sent through
Intuit's Sendgrid account based on the rDNS.  On testing in my sandbox
it was only allowed through due to the stock welcomelist entry for
Intuit.

Not 100% sure whether this is a Sendgrid issue, or an Intuit issue -
I've reported the message to both of them, for whatever good it will do.


very interesting.  was this DKIM signed?



Yes:

Return-Path:<bounces+28782483-fdb3-someuser=vianet...@e.notification.intuit.com>

filterdrecv-5df9649458-lk4n8-1-63349146-3 2022-09-2818:24:06.106760561 +0000

 UTC m=+74162.886769780
Received: from Mjg3ODI0ODM (unknown) by geopod-ismtpd-2-0 (SG) with HTTP id
 JJelQZe8RUWAZNkCxHBvWQ Wed, 28 Sep 2022 18:24:05.991 +0000 (UTC)

spamd/main[22469]: spamd: result: . -18.593 -BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,EXCESSIVE_BASE64_TEXT,HTML_MESSAGE,RCVD_IN_BL_SPAMCOP_NET,SPF_HELO_NONE,SPF_PASS,T_REMOTE_IMAGE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL

(I've patched spamd to show more numeric precision in several fields foreasier log analysis.)

The Bayes result is not great, but the USER_IN_DEF_*_WL hits betweenthem account for most of that negative score anyway.


-kgd

Re: More Sendgrid trouble?

Reply via email to