Hi All, Appreciate the discussion. As was mentioned in another forum we are aware of the problem—the entire time is engaged in deploying a comprehensive fix that will prevent a wave like this in the future. Just to be perfectly clear, there is no leak of credentials as one post suggests. In the mean time if you want to send example/headers to ab...@sendgrid.com they are being reviewed, you can CC me too. We will play some whackamole as we look to implement a more thorough solution. Again, thank you all for your vigilance and feel free to ping me.
All best, -L ---------------------------------------------------------------------- Message: 1 Date: Wed, 17 Jun 2020 14:00:35 +0100 From: Tim Bray <t...@kooky.org> To: mailop <mailop@mailop.org> Subject: [mailop] Sendgrid and phishing Message-ID: <1f6aca35-94ef-70a0-bd75-49a5d632d...@kooky.org> Content-Type: text/plain; charset=utf-8; format=flowed Hi, Anybody else seeing increase phishing through sendgrid? They look fairly convincing. A few paypals, and a few amazons. I thought sendgrid were ok? Has somebody leaked a big pile of sendgrid usernames and passwords or something? -- Tim Bray Huddersfield, GB t...@kooky.org ------------------------------ Message: 2 Date: Wed, 17 Jun 2020 13:26:52 +0000 From: Faisal Misle <m...@faisal.ec> To: mailop <mailop@mailop.org> Subject: Re: [mailop] Sendgrid and phishing Message-ID: <f_Gd1DhU_bLIfRSSSjOp1OVLSLS7WDVZ1nvtzWTSO08zOORbvIrR6mPFBxqPhxGpDfUyWYMPNpdjaeZyn6FaIytKhiCcjVx2Hcc7g3mZaRQ=@ faisal.ec> Content-Type: text/plain; charset="utf-8" I’ve been seeing it too... Mailgun, PayPal, etc A SG rep replied to a SDLU thread yesterday about the same issue “We are working to get a handle on this on a few fronts. These senders in this thread have been banned. I don't have insight into the compliance side, but it is being worked on." Best, Faisal PGP Key: [C8FD029B]( https://urldefense.com/v3/__https://pgp.faisal.ec/__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisirzN0Dvo$ ) On Wed, Jun 17, 2020 at 8:00 AM, Tim Bray via mailop <mailop@mailop.org> wrote: > Hi, > > Anybody else seeing increase phishing through sendgrid? They look > fairly convincing. > > A few paypals, and a few amazons. > > I thought sendgrid were ok? Has somebody leaked a big pile of > sendgrid usernames and passwords or something? > > -- > Tim Bray > Huddersfield, GB > t...@kooky.org > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://urldefense.com/v3/__https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisiwA9kai4$ -------------- next part -------------- An HTML attachment was scrubbed... URL: < https://urldefense.com/v3/__https://chilli.nosignal.org/cgi-bin/mailman/private/mailop/attachments/20200617/df4c858b/attachment-0001.html__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisiffajxJU$ > ------------------------------ Message: 3 Date: Wed, 17 Jun 2020 15:42:21 +0200 From: Olivier Depuydt <olivier.depu...@cheetahdigital.com> To: Faisal Misle <m...@faisal.ec> Cc: mailop <mailop@mailop.org> Subject: Re: [mailop] Sendgrid and phishing Message-ID: <CAMsHy6asEeoGt8_BsYMxjM=CT2=g2hfwkfaknc4zygs07zs...@mail.gmail.com> Content-Type: text/plain; charset="utf-8" Hello. I received the Phishing email from the fake Paypal Support, from Sendgrid's platform on May the 29th, on a personal email address. I have forwarded it to Paypal's phishing support on June the 1srt. So, this issue has weeks if you still see emails like that. Best regards, Olivier Deliverability Engineer at Cheetah Digital Le mer. 17 juin 2020 à 15:32, Faisal Misle via mailop <mailop@mailop.org> a écrit : > I’ve been seeing it too... Mailgun, PayPal, etc > > A SG rep replied to a SDLU thread yesterday about the same issue > > “We are working to get a handle on this on a few fronts. These senders in > this thread have been banned. I don't have insight into the compliance > side, but it is being worked on." > > Best, > Faisal > > PGP Key: C8FD029B < https://urldefense.com/v3/__https://pgp.faisal.ec/__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisirzN0Dvo$ > > > > On Wed, Jun 17, 2020 at 8:00 AM, Tim Bray via mailop <mailop@mailop.org> > wrote: > > Hi, > > Anybody else seeing increase phishing through sendgrid? They look > fairly convincing. > > A few paypals, and a few amazons. > > I thought sendgrid were ok? Has somebody leaked a big pile of > sendgrid usernames and passwords or something? > > > -- > Tim Bray > Huddersfield, GB > t...@kooky.org > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://urldefense.com/v3/__https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisiwA9kai4$ > > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://urldefense.com/v3/__https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisiwA9kai4$ > -- Olivier Depuydt Site Reliability Engineer Web < https://urldefense.com/v3/__https://cheetahdigital.com__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisiJa-Dlk0$ > | Blog < https://urldefense.com/v3/__http://cheetahdigital.com/blog__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisir_UAnE8$ > | Linkedin < https://urldefense.com/v3/__http://www.linkedin.com/company/cheetahdigital/__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisisPXd94E$ > | Twitter < https://urldefense.com/v3/__https://www.twitter.com/Cheetah_Digital/__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisiLOSsinQ$ > | Facebook < https://urldefense.com/v3/__https://www.facebook.com/CheetahDigital/__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisiVzdrDh4$ > < https://urldefense.com/v3/__https://drive.google.com/open?id=1S8f5JdCzLVfN44u3V9m8zcNbvjxZO-nt__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisiDM7HIZs$ > < https://urldefense.com/v3/__https://drive.google.com/open?id=1S8f5JdCzLVfN44u3V9m8zcNbvjxZO-nt__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisiDM7HIZs$ > < https://urldefense.com/v3/__https://drive.google.com/uc?export=view&id=1S8f5JdCzLVfN44u3V9m8zcNbvjxZO-nt__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisiGQpQdEg$ > < https://urldefense.com/v3/__https://drive.google.com/uc?export=view&id=1S8f5JdCzLVfN44u3V9m8zcNbvjxZO-nt__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisiGQpQdEg$ > < https://urldefense.com/v3/__https://drive.google.com/uc?export=view&id=1S8f5JdCzLVfN44u3V9m8zcNbvjxZO-nt__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisiGQpQdEg$ > < https://urldefense.com/v3/__https://drive.google.com/uc?export=view&id=17Ecb7eDIeJeAx4qb9jJNqASt2tCTiuD6__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisifP4tHMU$ > < https://urldefense.com/v3/__https://drive.google.com/uc?export=view&id=17Ecb7eDIeJeAx4qb9jJNqASt2tCTiuD6__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisifP4tHMU$ > < https://urldefense.com/v3/__https://drive.google.com/uc?export=view&id=17Ecb7eDIeJeAx4qb9jJNqASt2tCTiuD6__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisifP4tHMU$ > < https://urldefense.com/v3/__https://cheetahdigital.com__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisiJa-Dlk0$ > < https://urldefense.com/v3/__https://cheetahdigital.com__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisiJa-Dlk0$ > < https://urldefense.com/v3/__https://cheetahdigital.com__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisiJa-Dlk0$ > < https://urldefense.com/v3/__https://cheetahdigital.com__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisiJa-Dlk0$ > -------------- next part -------------- An HTML attachment was scrubbed... URL: < https://urldefense.com/v3/__https://chilli.nosignal.org/cgi-bin/mailman/private/mailop/attachments/20200617/2c2db36c/attachment-0001.html__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisiXPe9ZJQ$ > ------------------------------ Message: 4 Date: Wed, 17 Jun 2020 06:45:30 -0700 From: Michael Peddemors <mich...@linuxmagic.com> To: mailop@mailop.org Subject: Re: [mailop] Sendgrid and phishing Message-ID: <c7e2778a-4fd3-bd92-8d32-c2460433b...@linuxmagic.com> Content-Type: text/plain; charset=utf-8; format=flowed Going on two months since first reported, and last weekend was really high counts of new Send Grid IP(s) sending obvious phishing.. On 2020-06-17 6:26 a.m., Faisal Misle via mailop wrote: > I’ve been seeing it too... Mailgun, PayPal, etc > > A SG rep replied to a SDLU thread yesterday about the same issue > > “We are working to get a handle on this on a few fronts. These senders in > this thread have been banned. I don't have insight into the compliance > side, but it is being worked on." > > Best, > Faisal > > PGP Key: C8FD029B < https://urldefense.com/v3/__https://pgp.faisal.ec/__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisirzN0Dvo$ > > > > On Wed, Jun 17, 2020 at 8:00 AM, Tim Bray via mailop <mailop@mailop.org > <mailto:mailop@mailop.org>> wrote: >> Hi, >> >> Anybody else seeing increase phishing through sendgrid? They look >> fairly convincing. >> >> A few paypals, and a few amazons. >> >> I thought sendgrid were ok? Has somebody leaked a big pile of >> sendgrid usernames and passwords or something? >> >> >> -- >> Tim Bray >> Huddersfield, GB >> t...@kooky.org >> >> >> _______________________________________________ >> mailop mailing list >> mailop@mailop.org >> https://urldefense.com/v3/__https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisiwA9kai4$ > > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://urldefense.com/v3/__https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisiwA9kai4$ > Len Shneyder VP Industry Relations [image: Twilio] <https://www.twilio.com/?utm_source=email_signature> EMAIL l...@twilio.com TWITTER @LenShneyder <https://twitter.com/LenShneyder>
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
