You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Grant Taylor <gt...@tnetconsulting.net> on 2020/06/27 00:44:23 UTC
Freshdesk (again)
I received an automated email from Freshdesk about five minutes after my
post to the SpamAssassin mailing list earlier this afternoon.
I found an old thread about Freshdesk in the SpamAssassin Users archive
[1]. This supports (confirms to me) that this is what happens.
I object to this type of behavior and would like for whomever is doing
it to be unsubscribed from the SpamAssassin Users mailing list on principal.
Maybe give them one chance to come forward, admit the error of their
ways, and to promise to cease and desist immediately.
[1]
https://mail-archives.apache.org/mod_mbox/spamassassin-users/201710.mbox/thread
--
Grant. . . .
unix || die
Re: Freshdesk (again)
Posted by Pedro David Marco <pe...@yahoo.com>.
If they only have some IPs addresses instead of millions of them, for sure they would care!!!!!!!!!!!!!!
----Pedro.
>On Monday, August 17, 2020, 08:52:24 PM GMT+2, @lbutlr <kr...@kreme.com> wrote:
>On 17 Aug 2020, at 11:25, Philip Prindeville <ph...@redfish-solutions.com> wrote:
> I’ve been calling out phishing from the same (IP) address for 10 days without any apparent (observable) action from Sendgrid.
>Not a shock; they simply do not care.
>> At this point I’m wondering if they have compromised relays.
>It seems to me like everything is working by design.
Re: Freshdesk (again)
Posted by "@lbutlr" <kr...@kreme.com>.
On 17 Aug 2020, at 11:25, Philip Prindeville <ph...@redfish-solutions.com> wrote:
> I’ve been calling out phishing from the same (IP) address for 10 days without any apparent (observable) action from Sendgrid.
Not a shock; they simply do not care.
> At this point I’m wondering if they have compromised relays.
It seems to me like everything is working by design.
--
According to the philosopher Ly Tin Weedle, chaos is found in
greatest abundance wherever order is being sought. It always
defeats order, because it is better organized.
Re: Freshdesk (again)
Posted by Philip Prindeville <ph...@redfish-solutions.com>.
> On Jul 7, 2020, at 3:16 AM, Raymond Dijkxhoorn <ra...@prolocation.net> wrote:
>
> Hai!
>
>>>> it might help to add your complaint via abuse@sendgrid.com.
>
>>> I very much doubt it. Sendgrid's business is sending mail and they do not care if that mail is spam or not. If enough servers block them they will go away.
>>
>> They do, however, apparently care about phishing - they did disable the sendgrid redirect that some phisher has been spamming at me for the last three weeks.
>
> They definately do. I report to them and they do take them down pretty quickly.
>
> Inside SURBL we do list the abused CT links. Unfortunately SA doesnt make use of the wildcarded list that SURBL delivers for a long time now.
>
> So if you want to use it add:
>
> util_rb_3tld ct.sendgrid.net
>
> Inside your loca.cf
>
> And while you are at it also add:
>
> util_rb_2tld page.link
>
> Bye, Raymond
Hmmm… not my experience.
I’ve been calling out phishing from the same (IP) address for 10 days without any apparent (observable) action from Sendgrid.
At this point I’m wondering if they have compromised relays.
-Philip
Re: Freshdesk (again)
Posted by Raymond Dijkxhoorn <ra...@prolocation.net>.
Ha!
> >We report abuse to many organisations, including, but not limited to company's like sendgrid.
> We are so tired af reporting abuse with no answer at all, that we
> stopped reporting problems time ago.... :-( as Marc Roos has said...
> we are not paid for it !
Understand completely.
> Ironically... we han run into problems a couple of times for reporting
> abuses... probable someone considering you are "suggesting" they are
> not doing their job...
I know at least sendgrid is very much aware of whats going on.
> If Sendgrid reacts to the reports, bravo for them!
And again i can understand the sentiment. ... :-)
Bye, Raymond
Re: Freshdesk (again)
Posted by Pedro David Marco <pe...@yahoo.com>.
>On Tuesday, July 7, 2020, 11:24:10 AM GMT+2, Raymond Dijkxhoorn <ra...@prolocation.net> wrote:
>Hello Marc,
>I hear you. And dont worry about that ;) rather have a clean inbox and so do more people.
>We report abuse to many organisations, including, but not limited to company's like sendgrid.
>Raymond Dijkxhoorn - SURBL
We are so tired af reporting abuse with no answer at all, that we stopped reporting problems time ago.... :-(as Marc Roos has said... we are not paid for it !
Ironically... we han run into problems a couple of times for reporting abuses... probable someone considering you are "suggesting" they are not doing their job...
If Sendgrid reacts to the reports, bravo for them!
----
Pedro
RE: Freshdesk (again)
Posted by Raymond Dijkxhoorn <ra...@prolocation.net>.
Hello Marc,
>>> They definately do. I report to them and they do take them down
>>> pretty quickly.
> Make sure you get paid for doing this every time. Because you are doing
> the work that they should be doing.
I hear you. And dont worry about that ;)
I rather have a clean inbox and so do more people.
We report abuse to many organisations, including, but not limited to
company's like sendgrid.
Raymond Dijkxhoorn - SURBL
RE: Freshdesk (again)
Posted by Marc Roos <M....@f1-outsourcing.eu>.
>> They definately do. I report to them and they do take them down
pretty quickly.
Make sure you get paid for doing this every time. Because you are doing
the work that they should be doing.
Re: Freshdesk (again)
Posted by Raymond Dijkxhoorn <ra...@prolocation.net>.
Hai!
>>> it might help to add your complaint via abuse@sendgrid.com.
>> I very much doubt it. Sendgrid's business is sending mail and they do not
>> care if that mail is spam or not. If enough servers block them they will go
>> away.
>
> They do, however, apparently care about phishing - they did disable the
> sendgrid redirect that some phisher has been spamming at me for the last
> three weeks.
They definately do. I report to them and they do take them down pretty
quickly.
Inside SURBL we do list the abused CT links. Unfortunately SA doesnt make
use of the wildcarded list that SURBL delivers for a long time now.
So if you want to use it add:
util_rb_3tld ct.sendgrid.net
Inside your loca.cf
And while you are at it also add:
util_rb_2tld page.link
Bye, Raymond
Re: Freshdesk (again)
Posted by John Hardin <jh...@impsec.org>.
On Sat, 27 Jun 2020, @lbutlr wrote:
> On 26 Jun 2020, at 19:01, Bill Cole <sa...@billmail.scconsult.com> wrote:
>> it might help to add your complaint via abuse@sendgrid.com.
>
> I very much doubt it. Sendgrid's business is sending mail and they do not care if that mail is spam or not. If enough servers block them they will go away.
They do, however, apparently care about phishing - they did disable the
sendgrid redirect that some phisher has been spamming at me for the last
three weeks.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
It is a testament to the effectiveness of government schools that
people angry at government actions will burn down a used book
store, a tire dealership and a bar owned by a black ex-firefighter.
-----------------------------------------------------------------------
7 days until the 244th anniversary of the Declaration of Independence
Re: Freshdesk (again)
Posted by "@lbutlr" <kr...@kreme.com>.
On 26 Jun 2020, at 19:01, Bill Cole <sa...@billmail.scconsult.com> wrote:
> it might help to add your complaint via abuse@sendgrid.com.
I very much doubt it. Sendgrid's business is sending mail and they do not care if that mail is spam or not. If enough servers block them they will go away.
--
Don't be too sure I'm as crooked as I'm supposed to be. ~ Sam Spade
Re: SendGrid (Was: Re: Freshdesk (again))
Posted by Loren Wilton <lw...@earthlink.net>.
> money should not make the emails go around, like wize no pressident should
> be elected by money
Well, no judge nor congressman should be elected by money either. But we
changed the rules some dacades back and legalized bribery, specifically in
the payment of money to elect your favorite candidate. So, as functionally
implemented in the current US Govenrment, all elected officials *should* be
elected by money, because that is the law.
But that is very off topic, hopefully.
Loren
Re: SendGrid (Was: Re: Freshdesk (again))
Posted by Benny Pedersen <me...@junc.eu>.
Marc Roos skrev den 2020-08-24 09:05:
>> Very disappointed with sendgrid's fall from grace.
> I saw once some video about angel investment, where some guy says
> something like "get the money as fast as possible from your clients
> pocket into yours". I would say there is little grace to be found.
as the old gold diggers in america, there was lots to be found if
digging long enough
with email its diffrent
>> Their phishing/spam/malware and legit user mix is a nightmare.
> This is the just common business model, others applying this to.
so lets change the rules :=)
money should not make the emails go around, like wize no pressident
should be elected by money
thanks for Esp plugin btw
RE: SendGrid (Was: Re: Freshdesk (again))
Posted by Marc Roos <M....@f1-outsourcing.eu>.
> Very disappointed with sendgrid's fall from grace.
I saw once some video about angel investment, where some guy says
something like "get the money as fast as possible from your clients
pocket into yours". I would say there is little grace to be found.
> Their phishing/spam/malware and legit user mix is a nightmare.
This is the just common business model, others applying this to.
Re: SendGrid (Was: Re: Freshdesk (again))
Posted by "Kevin A. McGrail" <km...@apache.org>.
Very disappointed with sendgrid's fall from grace. Their
phishing/spam/malware and legit user mix is a nightmare. Rob at
Invaluement is working on some tech to help that and I am helping him with
that. You'll also find sendgrid rules in KAM.cf for this purpose too.
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171
On Mon, Aug 17, 2020 at 1:42 PM Philip Prindeville <
philipp_subx@redfish-solutions.com> wrote:
> I just add an extra 5.0 points for coming from Sendgrid now so it goes
> straight to the Junk folder.
>
> Users can pull it out of there if they really want it.
>
> Sendgrid is becoming to ASP’s what OVH and Softlayer are to ISP's.
>
>
> > On Jun 27, 2020, at 3:56 AM, Niels Kobschätzki <ni...@kobschaetzki.net>
> wrote:
> >
> > Sendgrid is such an origin for spam- and phishing-mails with certain
> terms that I added extra meta-rules. From sendgrid and somewhere in the
> body is the term “Amazon”? Here are your 10 points.
> >
> > Best,
> >
> > Niels
> >
> >> On 27. Jun 2020, at 11:32, Marc Roos <M....@f1-outsourcing.eu> wrote:
> >>
> >>
> >>
> >> I am going to make for companies like maildrop and sendgrid a hard
> block
> >> with reference to a page where someone can ask to be whitelisted with
> >> only an email address. In this procedure clearly stating the reason of
> >> the net block of these companies. If lots of sendgrid users are
> >> confronted with this, they will move to a better service.
> >> I can remember this fresh desk mail. I did not know where it came from.
> >> But now I know, I will complain a few million times.
> >>
> >>
> >>
> >>
> >> -----Original Message-----
> >> To: users@spamassassin.apache.org
> >> Subject: SendGrid (Was: Re: Freshdesk (again))
> >>
> >> Hello,
> >>
> >>> On Fri, Jun 26, 2020 at 07:32:09PM -0600, Grant Taylor wrote:
> >>> I've got to say, between NANOG, SDLU, and SpamAssassin, I see a LOT of
> >>
> >>> complaints about Sendgrid.
> >>
> >> Also mailop. Have personally received phishing mails through SendGrid
> in
> >> the last 2 weeks in the name of citrix.com, microsoft.com and
> >> netflix.com. The Citrix one was to a hostmaster@ address. It's hard to
> >> comprehend how SendGrid could be doing a worse job of this, for so many
> >> months now.
> >>
> >> Yet their list of legit clients is large, so they remain unblockable
> for
> >> me. I just wish those clients knew how little SendGrid would do to
> >> prevent their other customers sending out phishing emails in their name.
> >>
> >> Cheers,
> >> Andy
> >>
> >>
> >
>
>
Re: SendGrid (Was: Re: Freshdesk (again))
Posted by Philip Prindeville <ph...@redfish-solutions.com>.
I just add an extra 5.0 points for coming from Sendgrid now so it goes straight to the Junk folder.
Users can pull it out of there if they really want it.
Sendgrid is becoming to ASP’s what OVH and Softlayer are to ISP's.
> On Jun 27, 2020, at 3:56 AM, Niels Kobschätzki <ni...@kobschaetzki.net> wrote:
>
> Sendgrid is such an origin for spam- and phishing-mails with certain terms that I added extra meta-rules. From sendgrid and somewhere in the body is the term “Amazon”? Here are your 10 points.
>
> Best,
>
> Niels
>
>> On 27. Jun 2020, at 11:32, Marc Roos <M....@f1-outsourcing.eu> wrote:
>>
>>
>>
>> I am going to make for companies like maildrop and sendgrid a hard block
>> with reference to a page where someone can ask to be whitelisted with
>> only an email address. In this procedure clearly stating the reason of
>> the net block of these companies. If lots of sendgrid users are
>> confronted with this, they will move to a better service.
>> I can remember this fresh desk mail. I did not know where it came from.
>> But now I know, I will complain a few million times.
>>
>>
>>
>>
>> -----Original Message-----
>> To: users@spamassassin.apache.org
>> Subject: SendGrid (Was: Re: Freshdesk (again))
>>
>> Hello,
>>
>>> On Fri, Jun 26, 2020 at 07:32:09PM -0600, Grant Taylor wrote:
>>> I've got to say, between NANOG, SDLU, and SpamAssassin, I see a LOT of
>>
>>> complaints about Sendgrid.
>>
>> Also mailop. Have personally received phishing mails through SendGrid in
>> the last 2 weeks in the name of citrix.com, microsoft.com and
>> netflix.com. The Citrix one was to a hostmaster@ address. It's hard to
>> comprehend how SendGrid could be doing a worse job of this, for so many
>> months now.
>>
>> Yet their list of legit clients is large, so they remain unblockable for
>> me. I just wish those clients knew how little SendGrid would do to
>> prevent their other customers sending out phishing emails in their name.
>>
>> Cheers,
>> Andy
>>
>>
>
Re: SendGrid (Was: Re: Freshdesk (again))
Posted by Niels Kobschätzki <ni...@kobschaetzki.net>.
Sendgrid is such an origin for spam- and phishing-mails with certain terms that I added extra meta-rules. From sendgrid and somewhere in the body is the term “Amazon”? Here are your 10 points.
Best,
Niels
> On 27. Jun 2020, at 11:32, Marc Roos <M....@f1-outsourcing.eu> wrote:
>
>
>
> I am going to make for companies like maildrop and sendgrid a hard block
> with reference to a page where someone can ask to be whitelisted with
> only an email address. In this procedure clearly stating the reason of
> the net block of these companies. If lots of sendgrid users are
> confronted with this, they will move to a better service.
> I can remember this fresh desk mail. I did not know where it came from.
> But now I know, I will complain a few million times.
>
>
>
>
> -----Original Message-----
> To: users@spamassassin.apache.org
> Subject: SendGrid (Was: Re: Freshdesk (again))
>
> Hello,
>
>> On Fri, Jun 26, 2020 at 07:32:09PM -0600, Grant Taylor wrote:
>> I've got to say, between NANOG, SDLU, and SpamAssassin, I see a LOT of
>
>> complaints about Sendgrid.
>
> Also mailop. Have personally received phishing mails through SendGrid in
> the last 2 weeks in the name of citrix.com, microsoft.com and
> netflix.com. The Citrix one was to a hostmaster@ address. It's hard to
> comprehend how SendGrid could be doing a worse job of this, for so many
> months now.
>
> Yet their list of legit clients is large, so they remain unblockable for
> me. I just wish those clients knew how little SendGrid would do to
> prevent their other customers sending out phishing emails in their name.
>
> Cheers,
> Andy
>
>
RE: SendGrid (Was: Re: Freshdesk (again))
Posted by Marc Roos <M....@f1-outsourcing.eu>.
I am going to make for companies like maildrop and sendgrid a hard block
with reference to a page where someone can ask to be whitelisted with
only an email address. In this procedure clearly stating the reason of
the net block of these companies. If lots of sendgrid users are
confronted with this, they will move to a better service.
I can remember this fresh desk mail. I did not know where it came from.
But now I know, I will complain a few million times.
-----Original Message-----
To: users@spamassassin.apache.org
Subject: SendGrid (Was: Re: Freshdesk (again))
Hello,
On Fri, Jun 26, 2020 at 07:32:09PM -0600, Grant Taylor wrote:
> I've got to say, between NANOG, SDLU, and SpamAssassin, I see a LOT of
> complaints about Sendgrid.
Also mailop. Have personally received phishing mails through SendGrid in
the last 2 weeks in the name of citrix.com, microsoft.com and
netflix.com. The Citrix one was to a hostmaster@ address. It's hard to
comprehend how SendGrid could be doing a worse job of this, for so many
months now.
Yet their list of legit clients is large, so they remain unblockable for
me. I just wish those clients knew how little SendGrid would do to
prevent their other customers sending out phishing emails in their name.
Cheers,
Andy
SendGrid (Was: Re: Freshdesk (again))
Posted by Andy Smith <an...@strugglers.net>.
Hello,
On Fri, Jun 26, 2020 at 07:32:09PM -0600, Grant Taylor wrote:
> I've got to say, between NANOG, SDLU, and SpamAssassin, I see a LOT of
> complaints about Sendgrid.
Also mailop. Have personally received phishing mails through
SendGrid in the last 2 weeks in the name of citrix.com,
microsoft.com and netflix.com. The Citrix one was to a hostmaster@
address. It's hard to comprehend how SendGrid could be doing a worse
job of this, for so many months now.
Yet their list of legit clients is large, so they remain unblockable
for me. I just wish those clients knew how little SendGrid would do
to prevent their other customers sending out phishing emails in
their name.
Cheers,
Andy
Re: Freshdesk (again)
Posted by Grant Taylor <gt...@tnetconsulting.net>.
On 6/26/20 7:01 PM, Bill Cole wrote:
> I had a similar event 6/30 and poked them about it via both a public
> Tweet & a complaint to Sendgrid. Both entities responded *claiming* that
> they were looking into the problem. Assuming that yours also came via
> Sendgrid, it might help to add your complaint via abuse@sendgrid.com.
I looked after your message and sure enough, the message did come via
Sendgrid.
I've got to say, between NANOG, SDLU, and SpamAssassin, I see a LOT of
complaints about Sendgrid.
> They had their chance 2+ years ago and appear to have resumed the
> obnoxious practice. They need to be gone.
Agreed.
--
Grant. . . .
unix || die
Re: Freshdesk (again)
Posted by "Kevin A. McGrail" <km...@apache.org>.
I have reached out to the CISO/CIO and the two members of the company on
this list about the issue.
Regards,
KAM
Re: Freshdesk (again)
Posted by Bill Cole <sa...@billmail.scconsult.com>.
On 26 Jun 2020, at 20:44, Grant Taylor wrote:
> I received an automated email from Freshdesk about five minutes after
> my post to the SpamAssassin mailing list earlier this afternoon.
I had a similar event 6/30 and poked them about it via both a public
Tweet & a complaint to Sendgrid. Both entities responded *claiming* that
they were looking into the problem. Assuming that yours also came via
Sendgrid, it might help to add your complaint via abuse@sendgrid.com.
> I found an old thread about Freshdesk in the SpamAssassin Users
> archive [1]. This supports (confirms to me) that this is what
> happens.
>
> I object to this type of behavior and would like for whomever is doing
> it to be unsubscribed from the SpamAssassin Users mailing list on
> principal.
>
> Maybe give them one chance to come forward, admit the error of their
> ways, and to promise to cease and desist immediately.
They had their chance 2+ years ago and appear to have resumed the
obnoxious practice. They need to be gone.