[mailop] Sendgrid and phishing

Hi, Anybody else seeing increase phishing through sendgrid?  They look fairly convincing. A few paypals, and a few amazons. I thought sendgrid were ok?    Has somebody leaked a big pile of sendgrid usernames and passwords or something? -- Tim Bray Huddersfield, GB t...@kooky.org ___

Re: [mailop] Sendgrid and phishing

I’ve been seeing it too... Mailgun, PayPal, etc A SG rep replied to a SDLU thread yesterday about the same issue “We are working to get a handle on this on a few fronts. These senders in this thread have been banned. I don't have insight into the compliance side, but it is being worked on." Best

Re: [mailop] Sendgrid and phishing

Hello. I received the Phishing email from the fake Paypal Support, from Sendgrid's platform on May the 29th, on a personal email address. I have forwarded it to Paypal's phishing support on June the 1srt. So, this issue has weeks if you still see emails like that. Best regards, Olivier Deliverab

Re: [mailop] Sendgrid and phishing

Going on two months since first reported, and last weekend was really high counts of new Send Grid IP(s) sending obvious phishing.. On 2020-06-17 6:26 a.m., Faisal Misle via mailop wrote: I’ve been seeing it too... Mailgun, PayPal, etc A SG rep replied to a SDLU thread yesterday about the sa

Re: [mailop] Sendgrid and phishing

On Wed, 17 Jun 2020 14:00:35 +0100, Tim Bray via mailop wrote: >Anybody else seeing increase phishing through sendgrid?  They look >fairly convincing. General spam (several per week) and phishing, especially some very nicely done "Reconfirm you Netflix payment method" at several per day. Point

[mailop] [NOTICE] Significant Uptick in Traffic from a Japanese Network

A significant activity alert was detected over night. IDC Frontier Inc. 164.46.0.0 - 164.46.255.255 It appears that maybe someone removed port 25 blocking on egress? Or changed some filtering mechanism? Any comments? Return-Path: Received: (qmail 12711 invoked from network); 17 Jun 2020 13:21

Re: [mailop] [NOTICE] Significant Uptick in Traffic from a Japanese Network

I've just checked our traps and we also saw a big spike in traffic from this range but has been tapering off throughout the day. Based on all the samples that I've looked at, they're all showing authenticated SMTP along with some other tell-tale signs, so maybe they've had a massive breach of

[mailop] SendGrid and Phishing

//urldefense.com/v3/__https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop__;!!NCc8flgU!LCEEi7RfsCuEjrw27F8pRz20vWUwhLqE6Acf7Hdq_1y72yJGxisiwA9kai4$ -- next part -- An HTML attachment was scrubbed... URL: < https://urldefense.com/v3/__https://chilli.nosignal.org/cgi-bin/

Re: [mailop] Sendgrid and phishing

On Wed, 2020-06-17 at 08:55 -0500, Michael Rathbun via mailop wrote: > On Wed, 17 Jun 2020 14:00:35 +0100, Tim Bray via mailop w > rote: > > Anybody else seeing increase phishing through sendgrid? They look fairly > > convincing. > > General spam (several per week) and phishing, especially some v

Re: [mailop] [NOTICE] Significant Uptick in Traffic from a Japanese Network

Possibly .. (massive breach) and for the record, an uptick from other Japanese providers as well.. On 2020-06-17 7:51 a.m., Steve Freegard via mailop wrote: I've just checked our traps and we also saw a big spike in traffic from this range but has been tapering off throughout the day. Based o

Re: [mailop] Sendgrid and phishing

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2020-06-17 at 08:55 -0500, Michael Rathbun via mailop wrote: > > Pointing out to users reporting these that blocking Sendgrid > entirely > (the temptation arises) would take out the SG traffic that is highly > desired (at least 70%). Two mon

Re: [mailop] Sendgrid and phishing

On 6/17/20 10:22 AM, Carl Byington via mailop wrote: > In the last 24 hours: Yeah, I see phishing attempts that we rejected for DMARC failures like: Received: from microsoft.com (unknown) by ismtpd0004p1lon1.sendgrid.net (SG) with ESMTP id PP-Z30gTRGS8qMv1NXRDhA for ; Tue, 16 Jun 2020 06:55

[mailop] SPF strict / DMARC interaction / "big" provider behavior...

Hello all, Apologies in advance if this is off-topic for this list. I hope it doesn’t stir too much of a hornet nest :) I run my own personal mail server, Linux, usual open source bits… One of my many layers/checks for inbound is SPF. Insofar as I reject at the “front door” (SMTP connection

Re: [mailop] SPF strict / DMARC interaction / "big" provider behavior...

In article <3e229a32-88db-4fdb-b67a-c68d0b65e...@gmail.com> you write: >SPF. Insofar as I reject at the “front door” (SMTP connection) if SPF fails >(example is a domain using >“-all”). I would imagine this is pretty vanilla so far compared to other >folks. To be blunt, it is among hobby mail

[mailop] Cryptic Earthlink rejection message

host mx03.oxsus-vadesecure.net [147.135.97.26] SMTP error from remote mail server after end of data: 550 5.7.1 Message rejected - OXSUS0001_507 Anyone know what this means? (Besides the obvious.) Googling "OXSUS0001_507" yields nothing. It's coming from mail sent to Earthlink.net and r

Re: [mailop] SPF strict / DMARC interaction / "big" provider behavior...

Am 17.06.20 um 21:15 schrieb vom513 via mailop: > I know the ultimate answer is “do what makes sense for me” - but I’d love > some feedback from folks here on what they consider best practice etc. Also > please help me with my understanding of SPF / DMARC interactions (especially > with regard

Re: [mailop] Cryptic Earthlink rejection message

I am not familiar with the error message, but you might want to submit your sending IP address here: https://abuse.vadesecure.com/ and see that results in you getting any sort of useful reply. Cheers, Al Iverson On Wed, Jun 17, 2020 at 2:40 PM Russell Clemings via mailop wrote: > > host mx03

Re: [mailop] Cryptic Earthlink rejection message

Ill reply off list. From: mailop on behalf of Russell Clemings via mailop Reply-To: Russell Clemings Date: Wednesday, June 17, 2020 at 1:44 PM To: mailop Subject: [mailop] Cryptic Earthlink rejection message host mx03.oxsus-vadesecure.net [147.135.97.26] SMTP error from remote

Re: [mailop] SPF strict / DMARC interaction / "big" provider behavior...

In article <2e5fef36-789f-61c2-41d6-dba139fc8...@heeg.de> you write: >I'm pretty wary of SPF, especially since it just breaks mail forwarding which >some of our users like to do to >consolidate all mail in one mailbox. I know they should not do this, ... People have been forwarding mail about as

Re: [mailop] SPF strict / DMARC interaction / "big" provider behavior...

On 17 Jun 2020, at 15:15, vom513 via mailop wrote: My understanding for the longest time is that an SPF policy of “-all” is a strong statement and should be honored as such. A lot of people believed that a long time ago. However, those of us running systems that handle a substantial quantity

Re: [mailop] SendGrid and Phishing

On 17/06/2020 16:01, Len Shneyder via mailop wrote: Hi All, Appreciate the discussion. As was mentioned in another forum we are aware of the problem—the entire time is engaged in deploying a comprehensive fix that will prevent a wave like this in the future. Just to be perfectly clear, there

Re: [mailop] SendGrid and Phishing

Yep, that's strange. It should kick off an autoresponder. I'll look into that. If you have fresh headers you can share with me I'd appreciate it. Thank you very much! -L Len Shneyder VP Industry Relations [image: Twilio] EMAIL l...@twilio.co

Re: [mailop] Sendgrid and phishing

On 6/17/20 1:50 PM, Robert L Mathews via mailop wrote: > Several months ago I suggested (among other things) that SendGrid block > "From" headers matching prominent domain names until the messages have > been manually reviewed. The fact that "don't let random customers send > mail saying it's from

Re: [mailop] SendGrid and Phishing

I’ve had mixed luck... sometimes it auto replies, sometimes it doesn’t. I sometimes wonder if their Proofpoint gateway is quarantining them - or if they added a bypass rule for their abuse mailbox (as it should be) Best, Faisal PGP Key: [C8FD029B](https://pgp.faisal.ec/) On Wed, Jun 17, 2020 a

Re: [mailop] SendGrid and Phishing

Something is a little off with the auto-responder we tested it last week and it was working, just ran a test now and nothing yet so we'll dig into that. In the meantime we are receiving anything you send to ab...@sendgrid.com Len Shneyder VP Industry Relations [image: Twilio]

Re: [mailop] SPF strict / DMARC interaction / "big" provider behavior...

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2020-06-17 at 16:45 -0400, Bill Cole via mailop wrote: > > This problem is part of why DMARC was developed. Very few people are > adequately confident of their understanding of DMARC and of its > reliability to make it the root cause of mail

Re: [mailop] Microsoft Outlook "Modern Authentication"?

A bit late, sorry. On Tue, Jun 2, 2020, at 04:55, Ken O'Driscoll via mailop wrote: > On Thu, 2020-05-28 at 13:35 -0600, Daniele Nicolodi via mailop wrote: >> Does anyone know if there is any alternative to Outlook to access >> >> Exchange Online mailboxes that require modern authentication? > >

Re: [mailop] Sendgrid and phishing

Hi > Anybody else seeing increase phishing through sendgrid?  They look > fairly convincing. > > A few paypals, and a few amazons. Add Netflix Add Joe-Jobs > I thought sendgrid were ok?    Has somebody leaked a big pile of > sendgrid usernames and passwords or something? Yes, I contacted the