Jesse, > On Oct 5, 2020, at 4:37 PM, Jesse Thompson via mailop <mailop@mailop.org> > wrote: > > On 9/25/20 11:26 AM, Jay Hennigan via mailop wrote: >> Even before the phishing became overwhelming they were a significant source >> of spam, primarily "targeted" via purchased lists. For at least the past six >> months the phishing has been overwhelming. While they claim to be working on >> the problem the evidence shows otherwise. > > That's because, IMO, it's a fallacy to assume that compromised accounts are > mostly due to phishing. Password reuse combined with automation by > credential stuffers is the main culprit. > > Organizations need to diversify their focus a little away from inbound > threats and towards (1) multi-factor/higher-trust authentication and (2) > aggressively resetting passwords based on suspicious login activity. > > I would bet that Sendgrid knows this, but they are challenged with both, > given the type of users they deal with. >
I’m not sure about SendGrid per say, but Twilio is mainly an API provider, so full OAUTH, private keys, et al, as I’m a customer of their SMS, phone service, et al. As far as I know SendGrid is the same, but not saying that hacked websites, floating private keys, and the such are not common. We saw a huge amount of traffic when Mandrill first got bought out by MailChimp, but that was fixed pretty quickly from what I remember. ( Good job on that one ;) ) Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
