On Tue, Aug 11, 2020 at 2:21 PM Michael Orlitzky via mailop < mailop@mailop.org> wrote:
> In the past few months there have been several threads on mailop and > similar lists (sdlu, spamassassin-users, nanog, ...) complaining about > how SendGrid doesn't seem to do anything at all to stop the ongoing > blatant phishing campaigns from their servers. > I've received some spam from sendgrid, including another "we caught you looking at pr0n, send us btc" just today from sendgrid at my personal email address, and dutifully forwarded them with headers along to abuse@. What I've never received is any sort of follow up on those reports indicating that they were received, much less any action would be taken. Some of these messages are spam in ways that are exceptionally obvious - things like having the From: header set to the same address as the recipient, for example, or matching patterns that even a junior sysadmin's spamassassin deployment would be able to catch. We'd been using sendgrid in production for some stuff, but we're looking at changing that now because it seems like their lack of concern regarding abuse on their platform will lead to more and more deliverability issues as time goes on. It just seems like sendgrid doesn't care about abuse on their platform. As far as determining the difference between a compromised account that isn't a spammer and a spammer who simply signed up for an account, this should be relatively simple by looking at their history. Even without doing so, the action should clearly be the same: shut down the account immediately. There's no reason to let a legitimate user's compromised account continue being used illicitly, and the legitimate user can be contacted to address the issue after which time the account can be re-enabled. Matt Harris|Infrastructure Lead Engineer 816-256-5446|Direct Looking for something? Helpdesk Portal|Email Support|Billing Portal We build and deliver end-to-end IT solutions.
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
