Am 11.08.20 um 18:22 schrieb Len Shneyder via mailop: > Hello Benoit and Hokan, > > Thanks for pointing this out and I'm sorry you're still seeing what sounds > like a high volume of phish. I've asked our > fraud ops team to investigate this. In the future if you could send > suspicious emails to ab...@sendgrid.com > <mailto:ab...@sendgrid.com> we will get this handled. Feel free to CC me when > you do this to make sure these are > handled quickly. > Mails to abuse@ should be handled quickly without being CC'd to a VP. It's the abuse desks job to stop abuse ASAP. If they are understaffed or don't have authority to stop spamming senders then there's an organizational problem that can not be solved by handling abuse reports from the VP's seat. > We've instituted some self-limiting features on our front door that should've > decreased the overall volume of abuse. > This is a stop gap measure as we roll out some other countermeasures in the > next few weeks. Could you let me know if > you have seen a perceptible drop in volume and velocity between June and July > when this was rolled out?
I don't do statistics, but it does not feel like the problem is under control yet. I've already communicated some ideas to Will Boyd over on the SDLU list. The first thing you need to do is to know your customers. Don't send out mails on behalf of someone you don't really know, period. Apparently some customers themselves are victims of hacks now, so that alone would not help. Additional technical steps to be taken are limiting the names and domains that may appear in the From: header lines to fixed lists (maybe restrictive regular expression patterns) per customer, and limit the IP ranges from where each customer may inject mails. Some customers seem to employ auto-mailing from web forms. Sorry, that was a nice idea a decade ago, it's not anymore. Web subscriptions and inquiries should be checked and followed up by a human or at least some pretty well trained AI engine. From the mail body samples I've seen, it looks like target links go through Sendgrid's own redirection services. This makes filtering on suspicious link domains harder for us, but should make it easier for Sendgrid. Only accept link destinations that are clearly controlled by the customer or very public information such as Wikipedia links etc. Google searches? Links to link shorteners? Nope. And last but not least, let customers post a bond which is forfeited when spam is sent via their account. It might educate them on the value of IT security. > > Again, I want to assure you that there is a massive effort happening here to > address the problems you are seeing. I'm > happy to meet off list and discuss this further and help you understand what > we're working on if that would be > helpful. Again, thank you for your patience and please don't hesitate to > contact me when you see any of these issues > arise. > > Best, > -L Please don't take my repeated and sometimes sarcastic criticism as destructive. I am aware of the value that ESPs can have for small organisations which need to send out mails to large numbers of interested recipients, even though I'd personally always run a mailing list manager on machines under my own control. But the spam and phishing emitted by Sendgrid is already hurting the value of your company significantly, it's high time that effective measures are taken. And taking this off-list is not a viable option. If you want to regain trust you need to do it in the open. Cheers, Hans-Martin
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
