Interesting for sure. For me I saw the issue start to really get noticed
last February.
I think there might be correlation with a hack on their platform too.
I reached out to Twilio leadership with nothing but crickets too.
Here is a great cyber security reporter and an article from August 2020
Kevin A. McGrail wrote:
And that rule is probably designed to hit legitimate sendgrid emails.
They have become a hacker and spammer haven over the last year and a
half approximately.
Damned straight. I'd say more like 2.5 years, maybe 1.5 pre-pandemic years.
SendGrid -> novel (at thie time
> Perhaps it's because Return-Path is null?
> Return-Path: <>
That's a different problem, apparently with your MTA->SA glue. The fact
that something added a non-null "X-Envelope-From:" header and something
(else?) added a null "Return-Path:" header indicates fundamental
breakage. Whether SA is se
On 2021-05-20 at 18:24:51 UTC-0400 (Thu, 20 May 2021 18:24:51 -0400)
Alex
is rumored to have said:
I'm noticing what I think are a lot of false positives for this
rule.
In what way is this a false positive? Looks like a correct positive
to
me.
Because it was a legitimate email with an inv
- Message from Alan Hodgson -
Date: Thu, 20 May 2021 13:48:48 -0700
From: Alan Hodgson
Subject: Re: KAM_SENDGRID and SPF_HELO_NONE
To: users@spamassassin.apache.org
And yes, SPF falls back to testing the HELO host if the envelope sender is
empty (which should only occur
On 2021-05-20 22:12, Alex wrote:
Is it even possible for a sendgrid client to control their SPF record,
let alone SPF HELO?
no, all next hop will change envelope sender
and sendgrid breaks dkim
Perhaps it's because Return-Path is null?
Return-Path: <>
return path <> would not give spf fai
Hi,
> > I have an email that matched KAM_SENDGRID because it also matched
> > SPF_HELO_NONE, despite it apparently being a legitimate sendgrid
> > email. This is from SA trunk.
I only meant it as a reference for the version of SA (and SPF.pm)
that's being used, in case it was necessary.
> > X-En
On 2021-05-20 at 16:12:40 UTC-0400 (Thu, 20 May 2021 16:12:40 -0400)
Alex
is rumored to have said:
Hi,
I have an email that matched KAM_SENDGRID because it also matched
SPF_HELO_NONE, despite it apparently being a legitimate sendgrid
email. This is from SA trunk.
KAM_SENDGRID is NOT from "SA
And that rule is probably designed to hit legitimate sendgrid emails.
They have become a hacker and spammer haven over the last year and a half
approximately.
On Thu, May 20, 2021, 16:49 Alan Hodgson wrote:
> On Thu, 2021-05-20 at 16:12 -0400, Alex wrote:
>
>
> X-Envelope-From:
> >
>
>
On Thu, 2021-05-20 at 16:12 -0400, Alex wrote:
>
> X-Envelope-From:
>
>
>
> Perhaps it's because Return-Path is null?
> Return-Path: <>
Return-Path is supposed to be where your MTA stores the envelope sender. That
it doesn't match is probably a problem.
And yes, SPF falls back to tes
Hi,
I have an email that matched KAM_SENDGRID because it also matched
SPF_HELO_NONE, despite it apparently being a legitimate sendgrid
email. This is from SA trunk.
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1
11 matches
Mail list logo
