Interesting for sure. For me I saw the issue start to really get noticed last February.
I think there might be correlation with a hack on their platform too. I reached out to Twilio leadership with nothing but crickets too. Here is a great cyber security reporter and an article from August 2020: https://krebsonsecurity.com/2020/08/sendgrid-under-siege-from-hacked-accounts/ What's amazing to me is how much they've done to fix the problem oh wait they've done nothing... -KAM On Fri, May 21, 2021, 08:28 Jared Hall <ja...@jaredsec.com> wrote: > Kevin A. McGrail wrote: > > And that rule is probably designed to hit legitimate sendgrid emails. > > > > They have become a hacker and spammer haven over the last year and a > > half approximately. > > > Damned straight. I'd say more like 2.5 years, maybe 1.5 pre-pandemic > years. > > SendGrid -> novel (at thie time) Positive Delivery company. > SendGrid -> API opens up for quazi-spam/newsletter delivery.. > SendGrid -> adds support for smaller ISPs and their infected customers. > > For my part, I made some changes to my rules in CHAOS to differentiate > between the occurrence of a SendGrid header versus encapsulated SendGrid > headers like you'll get when larger mail systems populate the References > header for forwarding. Respectively, the rules set are JR_SGRID_DIRECT > and JR_SGRID_FWD. At least that seems to be a little more effective for > Comcast and BellSouth mail systems. > > You just haven't lived until you've seen endless mailserver rejects > issued to SendGrid and SendGrid Partners who are sending you Aaron > Smith Sextortions or Emotet variants. If I'm a hostile, nation-state > actor, I probably already have an account with SendGrid. > > Nobody should be using SendGrid; NEVER, EVER. One thing is certain, if > this matter is NOT addressed by the mail admins on this list, it WILL BE > addressed by the US Department of Commerce. > > What started out as an interesting project has become a National > Security risk. > > > -- Jared Hall > > > > > > >
