Am 08.07.21 um 18:14 schrieb Luke via mailop: > Just so the group is aware, our team is looking into the Zoom traffic. We > aren't sure what they are doing with that > mail stream, but it doesn't look good. > > Both of the accounts reported by Michael have been suspended. > > Thanks, everyone. > > Luke > I have a hunch that some time ago (just before the increased spam via SendGrid started) there might have been an unauthorized access to SendGrid customer data which allowed hackers to bruteforce hashed passwords and use valid accounts to send spam and fraudulent/phishing mails. The pattern is too strong to be reasonably explained with singular security breaches at individual customers.
SendGrid, if this comes close to the truth (I can only guess), please be open about it at least in communication to your customers. If possible, enforce 2FA, watch for logins from unusual IP addresses, etc. Maybe a complete password reset for all customers would be in order. Repealing spam and fraud from completely bogus sources is a lot of work for us mail admins already, but when it comes from presumably authentic sources it becomes incredibly difficult and prone to false positives. Here's a simple example: I have a mail sample in quarantine that comes from "topbuildersolutions.net", apparently a SendGrid customer, using your outgoing infrastructure (192.254.122.201), so it's not a simple impersonation. It purports to be a payment reminder, with the usual phishing drill of urgency by threatening account termination. With a From: line of "SendGrid <notificat...@topbuildersolutions.net>", a SendGrid logo as embedded png, closing line "The Billing Operations Team at SendGrid" it looks 100% like phishing to me. Is this from you actually? If yes, why do you send out payment reminders using foreign domains? If not, why do you let your customers send such mails through your system? Your reputation is going down the drain. You should definitely realize that your reputation is your most valuable asset, and it's losing value at an incredible rate. Cheers, Hans-Martin _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
