They might not care about phishing as much as you'd like them to. But they do care about phishing.
All of your suggestions are good ones. Some of them are even "trivial" as you put it. The fact that they haven't bothered with any of these things after years > of this tells you everything you need to know. > Well. I guess that's that. On Wed, Feb 26, 2020 at 10:58 AM Robert L Mathews via mailop < mailop@mailop.org> wrote: > On 2/26/20 5:22 AM, Luke via mailop wrote: > > > > They also have no process in place for verifying From addresses. With > > their API, you can put whatever you want in the From field. Clearly not > > ideal, but they arent unique in this regard. All in all, considering the > > amount of email SendGrid sends, the scale of the phishing problem is > > remarkably small. > > I strongly disagree with this. I get the most blatant phishing messages, > sometimes sent to obvious role addresses, and reporting it as being > received at one address (out of several) has historically caused that > address to get listwashed while the mail continues to the others. > > This morning I looked at a fraction of my inbound Sendgrid mail and > found these DMARC rejection failures: > > --------------------------------------------------------------- > > Received: from dhl.com (unknown [104.152.185.247]) > by ismtpd0077p1mdw1.sendgrid.net (SG) with ESMTP id > WDd40e6kS0yDqUPUjLyFpg > From: dhlsen...@dhl.com > Subject: [Newsletters] DHL Shipment Successful : Air Waybill no 4449826931 > > Received: from wellsfargo.com > (ec2-3-12-148-177.us-east-2.compute.amazonaws.com [3.12.148.177]) > by ismtpd0039p1iad2.sendgrid.net (SG) > From: Wells Fargo <noreply-al...@wellsfargo.com> > Subject: Warning: Account Temporary Blocked > > Received: from WIN-JM5NDCQFSU3 (unknown [193.56.28.63]) > by ismtpd0001p1lon1.sendgrid.net (SG) > From: "Chase Online" <no-re...@alertsp.chase.com> > Subject: Your Online Informations are Outdated. Update Now > > Received: from MTQzMTI5NzY (unknown [35.175.22.107]) by > ismtpd0011p1iad2.sendgrid.net (SG) > From: "supp...@chase.com" <ap...@prockish.com> > Subject: [Card Fraud Prevention] Activity On Your Debit or ATM Card On > 02/27/2020 [MAIL ID:4435446] > > Received: from WIN-JM5NDCQFSU3 (unknown [193.56.28.63]) > by ismtpd0004p1lon1.sendgrid.net (SG) with ESMTP id > Rmde0K91SFiqiUueuaNLbg > From: "Chase Online" <sm...@chaseonline.chase.com> > Subject: Online Alert. > > --------------------------------------------------------------- > > And this is just the blatant phishing (there's much more non-phishing > spam). > > This is not the sign of a company that cares about phishing. > > Adding a "will this message trigger a DMARC reject" filter on outgoing > mail would be trivial. Adding a filter that flags "@wellsfargo.com" and > other frequently phished domain names in the From header would be > trivial. Adding a filter that flags mail runs with a high percentage > sent to "support@", "info@", "sales@", and "billing@" would be trivial. > > The fact that they haven't bothered with any of these things after years > of this tells you everything you need to know. > > -- > Robert L Mathews, Tiger Technologies, http://www.tigertech.net/ > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
