• Sendgrid

    From Dave Platt@21:1/5 to All on Thu Aug 20 10:39:49 2020
    Is there any good reason to accept mail from Sendgrid/Twilio? Enough legitimate customers to warrant ever letting their email through the
    shields?

    They're getting very close to my three-strikes line at this point:

    - Multiple "phishing" emails sent through their service. Most of
    these have been the recently-common ones claiming to be from
    my domain's email service team, claiming that I need to log in
    and reauthorize my account / unlock delivery of some blocked
    emails / upgrade my account for more storage / etc. Since I run
    my own email servers, that's rather doubtful.

    - Twilio/Sendgrid makes it easy for their customers to upload mailing
    lists and do mailing runs. Don't see any sort of confirmed opt-in
    requirements. They're clearly marketing the ability to do
    "promotional" email campaigns i.e. spamming.

    - No good abuse-reporting mechanism - in fact I'm far from certain that
    they have even a not-very-good abuse-reporting mechanism. They have
    channels for their customers to contact them for support, but little
    or nothing for abuse reporting.

    - They claim to monitor emailings to prevent abuse, but the recent spate
    of obvious phishing spams leads me to doubt that this is effective.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From David Ritz@21:1/5 to Dave Platt on Thu Aug 20 16:41:10 2020
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    On Thursday, 20 August 2020 10:39 -0700,
    in article <54p21h-h9v.ln1@coop.radagast.org>,
    Dave Platt <dplatt@coop.radagast.org> wrote:

    On Thursday, 20 August 2020 10:39 -0700, Dave Platt wrote:

    Is there any good reason to accept mail from Sendgrid/Twilio?
    Enough legitimate customers to warrant ever letting their email
    through the shields?

    https://www.spamhaus.org/sbl/listings/sendgrid.com

    </quote>
    Found 96 SBL listings for IPs under the responsibility of
    sendgrid.com
    </quote>

    - --
    David Ritz <dritz@mindspring.com>
    Be kind to animals; kiss a shark.

    -----BEGIN PGP SIGNATURE-----

    iF0EARECAB0WIQSc0FU3XAVGYDjSGUhSvCmZGhLe6wUCXz7t9gAKCRBSvCmZGhLe 6yESAJ9+slZ1WqoWclpse9WnCjickH/v2QCfSBXwo38HmhQn13RQM6Qx1OEm4fg=
    =vyAC
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Scott Dorsey@21:1/5 to Dave Platt on Thu Aug 20 23:34:46 2020
    Dave Platt <dplatt@coop.radagast.org> wrote:
    Is there any good reason to accept mail from Sendgrid/Twilio? Enough >legitimate customers to warrant ever letting their email through the
    shields?

    I don't think so. Just about everything I have seen through their service
    has been a scam. They -do- disconnect quickly, but they seem to just get
    new scammers when they disconnect the last set. Maybe the same ones all over for all I know.
    --scott
    --
    "C'est un Nagra. C'est suisse, et tres, tres precis."

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Post To Usenet@21:1/5 to Dave Platt on Thu Aug 20 18:29:46 2020
    On 2020-08-20 11:39 a.m., Dave Platt wrote:
    Is there any good reason to accept mail from Sendgrid/Twilio? Enough legitimate customers to warrant ever letting their email through the
    shields?

    They're getting very close to my three-strikes line at this point:

    - Multiple "phishing" emails sent through their service. Most of
    these have been the recently-common ones claiming to be from
    my domain's email service team, claiming that I need to log in
    and reauthorize my account / unlock delivery of some blocked
    emails / upgrade my account for more storage / etc. Since I run
    my own email servers, that's rather doubtful.

    - Twilio/Sendgrid makes it easy for their customers to upload mailing
    lists and do mailing runs. Don't see any sort of confirmed opt-in
    requirements. They're clearly marketing the ability to do
    "promotional" email campaigns i.e. spamming.

    - No good abuse-reporting mechanism - in fact I'm far from certain that
    they have even a not-very-good abuse-reporting mechanism. They have
    channels for their customers to contact them for support, but little
    or nothing for abuse reporting.

    - They claim to monitor emailings to prevent abuse, but the recent spate
    of obvious phishing spams leads me to doubt that this is effective.





    Absolutely no good reason Sendgrid are a bunch of scumbags who get paid
    to allow these scammers to send out these spam emails though their
    "service".

    They are extremely spam friendly and try and list wash when you make
    a complaint and don't do much about the actual spammer themselves and
    allow them to continue spewing garbage out from their network.

    These guys are absolute scumbags I get constant phishing emails from sendgrid.com

    Block em they are pure scum that are extremely spam friendly.


    I have gotten spam coming a lot of their IP blocks. They just shuffle
    the spammer around when you complain and the spam still continues.

    Exact IPs owned by Sendgrid.com / sendgrid.net that I have personally
    gotten spam from lately are

    208.117.55.132 (Aug 1 2020)
    149.72.194.202 (July 31 and July 25 2020) AS11377
    149.72.50.164 (July 17 2020)
    149.72.242.228 (July 17 2020)
    198.37.154.211 (July 14 2020) AS11377
    50.31.55.12 (May 24 2020)

    I have gotten multiples spams from some of these IPs as well.

    And this is only a quick scan of my abuse folder as well I may have
    missed some.




    All of this is as of today's day Aug 20 2020.

    https://www.abuseipdb.com/check/208.117.55.132 (reported 27 times) https://www.abuseipdb.com/check/149.72.194.202 (2 reports) https://www.abuseipdb.com/check/149.72.50.164 (2 reports) https://www.abuseipdb.com/check/149.72.242.228 (3 reports) https://www.abuseipdb.com/check/198.37.154.211 (1 report) https://www.abuseipdb.com/check/50.31.55.12 (1 report)


    https://www.spamhaus.org/sbl/listings/sendgrid.com

    "Found 96 SBL listings for IPs under the responsibility of sendgrid.com"
    As of August 20 2020.


    https://www.spamhaus.org/sbl/listings/sendgrid.com




    SBL493001
    149.72.71.170/32 sendgrid.com
    20-Aug-2020 06:48 GMT
    8/19/2020: New Malware & Phish Emitters! (Take 4)


    SBL493000
    149.72.203.17/32 sendgrid.com
    20-Aug-2020 06:48 GMT
    8/19/2020: New Malware & Phish Emitters! (Take 4)


    SBL492999
    149.72.32.236/32 sendgrid.com
    20-Aug-2020 06:48 GMT
    8/19/2020: New Malware & Phish Emitters! (Take 4)


    SBL492988
    149.72.193.137/32 sendgrid.com
    20-Aug-2020 05:11 GMT
    Spam source @149.72.193.137


    SBL492987
    168.245.13.24/32 sendgrid.com
    20-Aug-2020 04:38 GMT
    8/19/2020: New Malware & Phish Emitters! (Take 3)


    SBL492986
    149.72.224.171/32 sendgrid.com
    20-Aug-2020 04:38 GMT
    8/19/2020: New Malware & Phish Emitters! (Take 3)


    SBL492985
    149.72.230.22/32 sendgrid.com
    20-Aug-2020 04:37 GMT
    8/19/2020: New Malware & Phish Emitters! (Take 3)


    SBL492971
    198.37.158.96/32 sendgrid.com
    19-Aug-2020 21:27 GMT
    8/19/2020: New Malware & Phish Emitters!


    SBL492970
    168.245.0.44/32 sendgrid.com
    19-Aug-2020 21:26 GMT
    8/19/2020: New Malware & Phish Emitters!


    SBL492969
    149.72.135.164/32 sendgrid.com
    19-Aug-2020 21:26 GMT
    8/19/2020: New Malware & Phish Emitters!


    SBL492968
    149.72.93.207/32 sendgrid.com
    19-Aug-2020 21:26 GMT
    8/19/2020: New Malware & Phish Emitters!


    SBL492967
    149.72.90.203/32 sendgrid.com
    19-Aug-2020 21:26 GMT
    8/19/2020: New Malware & Phish Emitters!


    SBL492966
    149.72.74.137/32 sendgrid.com
    19-Aug-2020 21:26 GMT
    8/19/2020: New Malware & Phish Emitters!


    SBL492965
    50.31.63.246/32 sendgrid.com
    19-Aug-2020 21:26 GMT
    8/19/2020: New Malware & Phish Emitters!


    SBL492964
    149.72.193.43/32 sendgrid.com
    19-Aug-2020 21:25 GMT
    8/19/2020: New Malware & Phish Emitters!


    SBL492951
    167.89.105.219/32 sendgrid.com
    19-Aug-2020 17:47 GMT
    Spam source @167.89.105.219


    SBL492917
    149.72.65.176/32 sendgrid.com
    19-Aug-2020 13:30 GMT
    Spam source @149.72.65.176


    SBL492906
    149.72.137.94/32 sendgrid.com
    19-Aug-2020 11:45 GMT
    Sendgrid spam source


    SBL492883
    149.72.130.238/32 sendgrid.com
    19-Aug-2020 07:49 GMT
    8/18/2020: New Malware & Phish Emitters! (Take #3)


    SBL492882
    149.72.55.150/32 sendgrid.com
    19-Aug-2020 07:49 GMT
    8/18/2020: New Malware & Phish Emitters! (Take #3)


    SBL492865
    167.89.100.242/32 sendgrid.com
    19-Aug-2020 04:01 GMT
    8/18/2020: New Phish Emitters! (Take 2)


    SBL492864
    167.89.99.13/32 sendgrid.com
    19-Aug-2020 04:00 GMT
    8/18/2020: New Phish Emitters! (Take 2)


    SBL492863
    167.89.22.134/32 sendgrid.com
    19-Aug-2020 04:00 GMT
    8/18/2020: New Phish Emitters! (Take 2)


    SBL492862
    167.89.16.17/32 sendgrid.com
    19-Aug-2020 04:00 GMT
    8/18/2020: New Phish Emitters! (Take 2)


    SBL492861
    167.89.10.181/32 sendgrid.com
    19-Aug-2020 04:00 GMT
    8/18/2020: New Phish Emitters! (Take 2)


    SBL492859
    149.72.243.234/32 sendgrid.com
    19-Aug-2020 03:59 GMT
    8/18/2020: New Phish Emitters! (Take 2)


    SBL492857
    149.72.225.177/32 sendgrid.com
    19-Aug-2020 03:59 GMT
    8/18/2020: New Phish Emitters! (Take 2)


    SBL492856
    149.72.161.84/32 sendgrid.com
    19-Aug-2020 03:58 GMT
    8/18/2020: New Phish Emitters! (Take 2)


    SBL492855
    149.72.94.234/32 sendgrid.com
    19-Aug-2020 03:58 GMT
    8/18/2020: New Phish Emitters! (Take 2)


    SBL492853
    149.72.37.171/32 sendgrid.com
    19-Aug-2020 03:58 GMT
    8/18/2020: New Phish Emitters! (Take 2)


    SBL492852
    149.72.25.161/32 sendgrid.com
    19-Aug-2020 03:58 GMT
    8/18/2020: New Phish Emitters! (Take 2)


    SBL492851
    50.31.63.70/32 sendgrid.com
    19-Aug-2020 03:58 GMT
    8/18/2020: New Phish Emitters! (Take 2)


    SBL492850
    50.31.60.24/32 sendgrid.com
    19-Aug-2020 03:57 GMT
    8/18/2020: New Phish Emitters! (Take 2)


    SBL492849
    192.254.123.167/32 sendgrid.com
    19-Aug-2020 03:57 GMT
    8/18/2020: New Phish Emitters! (Take 2)


    SBL492848
    192.254.123.97/32 sendgrid.com
    19-Aug-2020 03:57 GMT
    8/18/2020: New Phish Emitters! (Take 2)


    SBL492841
    168.245.0.37/32 sendgrid.com
    18-Aug-2020 22:28 GMT
    8/18/2020: New Phish Emitters!


    SBL492840
    149.72.245.154/32 sendgrid.com
    18-Aug-2020 22:28 GMT
    8/18/2020: New Phish Emitters!


    SBL492839
    149.72.224.171/32 sendgrid.com
    18-Aug-2020 22:28 GMT
    8/18/2020: New Phish Emitters!


    SBL492838
    149.72.89.152/32 sendgrid.com
    18-Aug-2020 22:28 GMT
    8/18/2020: New Phish Emitters!


    SBL492837
    149.72.87.202/32 sendgrid.com
    18-Aug-2020 22:27 GMT
    8/18/2020: New Phish Emitters!


    SBL492836
    149.72.31.47/32 sendgrid.com
    18-Aug-2020 22:27 GMT
    8/18/2020: New Phish Emitters!


    SBL492835
    50.31.60.24/32 sendgrid.com
    18-Aug-2020 22:27 GMT
    8/18/2020: New Phish Emitters!


    SBL492834
    192.254.123.97/32 sendgrid.com
    18-Aug-2020 22:27 GMT
    8/18/2020: New Phish Emitters!


    SBL492748
    149.72.35.93/32 sendgrid.com
    18-Aug-2020 10:20 GMT
    Spam source @149.72.35.93


    SBL492713
    168.245.75.167/32 sendgrid.com
    17-Aug-2020 19:40 GMT
    Phish Emitters! (Multiple shared Sendgrid.net IP addresses, compromised customer IP addresses!)


    SBL492712
    168.245.19.44/32 sendgrid.com
    17-Aug-2020 19:40 GMT
    Phish Emitters! (Multiple shared Sendgrid.net IP addresses, compromised customer IP addresses!)


    SBL492711
    167.89.100.172/32 sendgrid.com
    17-Aug-2020 19:40 GMT
    Phish Emitters! (Multiple shared Sendgrid.net IP addresses, compromised customer IP addresses!)


    SBL492710
    167.89.100.171/32 sendgrid.com
    17-Aug-2020 19:40 GMT
    Phish Emitters! (Multiple shared Sendgrid.net IP addresses, compromised customer IP addresses!)


    SBL492709
    167.89.100.168/32 sendgrid.com
    17-Aug-2020 19:40 GMT
    Phish Emitters! (Multiple shared Sendgrid.net IP addresses, compromised customer IP addresses!)


    SBL492708
    167.89.100.167/32 sendgrid.com
    17-Aug-2020 19:40 GMT
    Phish Emitters! (Multiple shared Sendgrid.net IP addresses, compromised customer IP addresses!)


    SBL492707
    149.72.228.117/32 sendgrid.com
    17-Aug-2020 19:39 GMT
    Phish Emitters! (Multiple shared Sendgrid.net IP addresses, compromised customer IP addresses!)


    SBL492706
    149.72.223.28/32 sendgrid.com
    17-Aug-2020 19:39 GMT
    Phish Emitters! (Multiple shared Sendgrid.net IP addresses, compromised customer IP addresses!)


    SBL492705
    149.72.211.231/32 sendgrid.com
    17-Aug-2020 19:39 GMT
    Phish Emitters! (Multiple shared Sendgrid.net IP addresses, compromised customer IP addresses!)


    SBL492704
    149.72.149.241/32 sendgrid.com
    17-Aug-2020 19:38 GMT
    Phish Emitters! (Multiple shared Sendgrid.net IP addresses, compromised customer IP addresses!)


    SBL492703
    149.72.27.219/32 sendgrid.com
    17-Aug-2020 19:38 GMT
    Phish Emitters! (Multiple shared Sendgrid.net IP addresses, compromised customer IP addresses!)


    SBL492702
    149.72.24.112/32 sendgrid.com
    17-Aug-2020 19:38 GMT
    Phish Emitters! (Multiple shared Sendgrid.net IP addresses, compromised customer IP addresses!)


    SBL492701
    50.31.63.183/32 sendgrid.com
    17-Aug-2020 19:38 GMT
    Phish Emitters! (Multiple shared Sendgrid.net IP addresses, compromised customer IP addresses!)


    SBL492700
    168.245.19.44/32 sendgrid.com
    17-Aug-2020 19:37 GMT
    Phish Emitters! (Multiple shared Sendgrid.net IP addresses, compromised customer IP addresses!)


    SBL492697
    50.31.54.177/32 sendgrid.com
    17-Aug-2020 19:36 GMT
    Phish Emitters! (Multiple shared Sendgrid.net IP addresses, compromised customer IP addresses!)


    SBL492596
    149.72.43.67/32 sendgrid.com
    16-Aug-2020 07:14 GMT
    Sendgrid sourced phishing spam. 419


    SBL492595
    149.72.79.58/32 sendgrid.com
    16-Aug-2020 07:10 GMT
    Sendgrid sourced phishing spam. 419 + others.


    SBL492455
    168.245.10.116/32 sendgrid.com
    14-Aug-2020 05:26 GMT
    Spam source @168.245.10.116


    SBL492408
    168.245.77.60/32 sendgrid.com
    13-Aug-2020 12:22 GMT
    Spam source @168.245.77.60


    SBL492303
    149.72.68.197/32 sendgrid.com
    12-Aug-2020 02:29 GMT
    Sendgrid sourced phishing spam.


    SBL491571
    149.72.94.135/32 sendgrid.com
    01-Aug-2020 17:59 GMT
    Spam origination - SendGrid


    SBL491570
    149.72.25.51/32 sendgrid.com
    01-Aug-2020 17:57 GMT
    Spam origination - SendGrid


    SBL491387
    167.89.12.138/32 sendgrid.com
    30-Jul-2020 06:59 GMT
    Sendgrid sourced phishing spam.


    SBL491110
    149.72.67.240/32 sendgrid.com
    25-Jul-2020 19:31 GMT



    SBL490678
    149.72.66.95/32 sendgrid.com
    19-Jul-2020 03:39 GMT
    Sendgrid sourced phishing spam.


    SBL490653
    149.72.85.40/32 sendgrid.com
    18-Jul-2020 02:17 GMT
    Sendgrid sourced phishing spam.


    SBL490333
    149.72.149.164/32 sendgrid.com
    11-Jul-2020 09:44 GMT
    Sendgrid sourced phishing spam. Canadian Pharmacy!


    SBL490109
    149.72.241.194/32 sendgrid.com
    08-Jul-2020 04:47 GMT
    Sendgrid sourced phishing spam.


    SBL489241
    167.89.21.240/32 sendgrid.com
    01-Jul-2020 23:41 GMT
    tradelines spamming from sendgrid.


    SBL489202
    149.72.233.242/32 sendgrid.com
    01-Jul-2020 09:03 GMT
    Abused / misconfigured newsletter service (listbombing)


    SBL487745
    167.89.59.38/32 sendgrid.com
    13-Jun-2020 06:56 GMT
    Abused / misconfigured newsletter service (listbombing)


    SBL482677
    167.89.27.251/32 sendgrid.com
    03-Apr-2020 11:53 GMT
    Abused / misconfigured newsletter service (listbombing)


    SBL480617
    167.89.37.139/32 sendgrid.com
    05-Mar-2020 19:39 GMT
    Abused / misconfigured newsletter service (listbombing)


    SBL479783
    167.89.6.167/32 sendgrid.com
    25-Feb-2020 07:14 GMT
    Abused / misconfigured newsletter service (listbombing)


    SBL477873
    167.89.24.144/32 sendgrid.com
    13-Feb-2020 11:48 GMT
    Abused / misconfigured newsletter service (listbombing)


    SBL477571
    167.89.26.174/32 sendgrid.com
    07-Feb-2020 12:56 GMT
    Abused / misconfigured newsletter service (listbombing)


    SBL475006
    167.89.15.150/32 sendgrid.com
    19-Jan-2020 07:02 GMT
    Abused / misconfigured newsletter service (listbombing) [2nd listing]


    SBL468942
    149.72.131.237/32 sendgrid.com
    12-Dec-2019 05:44 GMT
    Abused / misconfigured newsletter service (listbombing)


    SBL465872
    168.245.56.110/32 sendgrid.com
    26-Nov-2019 05:28 GMT
    Abused / misconfigured newsletter service (listbombing)


    SBL463625
    167.89.99.112/32 sendgrid.com
    05-Nov-2019 07:26 GMT
    Abused / misconfigured newsletter service (listbombing)


    SBL462648
    198.37.151.106/32 sendgrid.com
    21-Oct-2019 17:52 GMT
    Abused / misconfigured newsletter service (listbombing)


    SBL455113
    167.89.47.221/32 sendgrid.com
    24-Jul-2019 15:42 GMT
    Abused / misconfigured newsletter service (listbombing) [2nd listing]


    SBL453544
    167.89.33.84/32 sendgrid.com
    09-Jul-2019 06:02 GMT
    Abused / misconfigured newsletter service (listbombing)


    SBL451865
    167.89.30.232/32 sendgrid.com
    24-Jun-2019 15:07 GMT
    Abused / misconfigured newsletter service (listbombing)


    SBL451580
    167.89.26.52/32 sendgrid.com
    21-Jun-2019 14:59 GMT
    Abused / misconfigured newsletter service (listbombing)


    SBL451250
    167.89.103.78/32 sendgrid.com
    17-Jun-2019 19:03 GMT
    Abused / misconfigured newsletter service (listbombing)


    SBL450243
    149.72.129.60/32 sendgrid.com
    14-Jun-2019 19:15 GMT
    Abused / misconfigured newsletter service (listbombing)


    SBL447221
    167.89.77.247/32 sendgrid.com
    15-May-2019 10:09 GMT
    Abused / misconfigured newsletter service (listbombing)


    SBL447105
    149.72.129.57/32 sendgrid.com
    14-May-2019 09:19 GMT
    Abused / misconfigured newsletter service (listbombing)


    SBL445184
    149.72.157.203/32 sendgrid.com
    29-Apr-2019 16:42 GMT
    Abused / misconfigured newsletter service (listbombing)


    SBL430946
    192.254.114.80/32 sendgrid.com
    22-Jan-2019 16:51 GMT
    Abused / misconfigured newsletter service (listbombing)


    SBL430045
    167.89.23.6/32 sendgrid.com
    15-Jan-2019 05:52 GMT
    Abused / misconfigured newsletter service (listbombing)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From tjoen@21:1/5 to Dave Platt on Fri Aug 21 08:44:34 2020
    On 8/20/20 7:39 PM, Dave Platt wrote:
    Is there any good reason to accept mail from Sendgrid/Twilio? Enough legitimate customers to warrant ever letting their email through the
    shields?

    Found only two in 2016:
    $ grep sendgrid spam*
    spam2016:16 167.89.76.163=sendgrid.com;52.7.252.72=amazonaws.com
    oceanrider,com,au/1/=166.62.28.142=godaddy.com
    spam2016:jul15 167.89.33.214=sendgrid.com;52.7.252.72=amazonaws.com
    alderferandassociates,com/eb=23.229.231.37=godaddy.com(a)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Sam@21:1/5 to Dave Platt on Fri Aug 21 06:48:22 2020
    This is a MIME GnuPG-signed message. If you see this text, it means that
    your E-mail or Usenet software does not support MIME signed messages.
    The Internet standard for MIME PGP messages, RFC 2015, was published in 1996. To open this message correctly you will need to install E-mail or Usenet software that supports modern Internet standards.

    Dave Platt writes:

    Is there any good reason to accept mail from Sendgrid/Twilio? Enough legitimate customers to warrant ever letting their email through the
    shields?

    They do have /some/ non-spamming customers. I know that.

    But all I've gotten from them is ransomware. I'm fairly certain that all the recent flurry of "please here to verify your e-mail account" type of shotgun spamming is an attempted ransomware infection, and that's all I got from sendgrid before I dropped these on the floor:

    168.245.0.0/17
    149.72.0.0/16
    198.37.144.0/20

    They do seem to have outgoing mail servers co-hosted on other networks. I'm waiting until I get spam from those, then complain to the hosting providers
    and see what happens.



    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCAAdFiEEMWrVnbBKLOeG9ifkazpiviedvyUFAl8/pnYACgkQazpivied vyX/GRAArGWgc6Z6oaJ7tH5n86aATGQOS0yjAMrWcedwVCRX/C9ydD7rljwxDBFf aqQM66Oh8RZ82JrIojPxYds2vpMk4gLYTtkpcBhDF1dTe7SjO2jrg4OWySbbJk3w QvmWm2e6v4XW5qZVxmn883KPndYhEE+YVyZxSjRNc1TLuPhBANSZOh3H4FlnhXzM lk6Mo0dyMPk5n5vS+ZDK7pZ++YZJLN1lF3nibkjHmKvcaFUQWspmx9ZsbE21BRr/ ia2lh/4pK/042eAdwTS21F8YqZ0UaWOyiLok46EVGgAoi2OiOyIhRNtFodNeh5dQ EC3CBFnqxmTz1xQeozaUEAc1bP2+7ob6T4vbMstvB1ytYO5px0ei3PjHZ+GlxH6q B0qqh82iY8eAPH9f0LYZS8rBt27SH/AQa5ackuxqG/5kBtlFhICylSZxHyVH2b58 G0RgKbpYnjkEJpea2y42/wZwoYavO00OCO/Q1d+uvpuIpJijwbOOvVgy+FV6i9Ol cvldbkRwX62VNyOR26A21KR5nunhsmBLrEwKzSMvUKBDtJ5mEUclqag3YB+5ILmm Yj4LA5n7d1hM4yepWZVvsHo2nNRGPIlr8ieuNyQ/FlfQLkLte6V8441x9k1Vn9KR BWr/RoMWP9Mz3tgbNKDvkZ62A4SwOtgo+LhsSpojSVLWGPaf77U=
    =2CNX
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Post To Usenet@21:1/5 to Sam on Fri Aug 21 09:57:42 2020
    On 2020-08-21 4:48 a.m., Sam wrote:
    Dave Platt writes:

    Is there any good reason to accept mail from Sendgrid/Twilio?  Enough
    legitimate customers to warrant ever letting their email through the
    shields?

    They do have /some/ non-spamming customers. I know that.

    But all I've gotten from them is ransomware. I'm fairly certain that all
    the recent flurry of "please here to verify your e-mail account" type of shotgun spamming is an attempted ransomware infection, and that's all I
    got from sendgrid before I dropped these on the floor:

    168.245.0.0/17
    149.72.0.0/16
    198.37.144.0/20

    They do seem to have outgoing mail servers co-hosted on other networks.
    I'm waiting until I get spam from those, then complain to the hosting providers and see what happens.



    why wait beat the rush and block these IP blocks too.

    Yes I have gotten spam from these IPs which are listed as being owned
    by other networks.

    208.117.55.132 (steadfast.net) (o1.f.az.sendgrid.net)
    50.31.55.12 AS11377 (steadfast.net) (o1.send.sumall.com)


    sendgrid has the IP range of
    208.117.48.0 - 208.117.63.255 for this block
    50.31.32.0 - 50.31.63.255 (50.31.32.0/19)

    https://whois.arin.net/rest/net/NET-208-117-48-0-1/pft?s=208.117.55.132 https://whois.arin.net/rest/net/NET-50-31-32-0-1/pft?s=50.31.55.12



    And if you really want to block sendgrid.com this comes from the record
    for sendgrid.com

    sendgrid.com MX (Mail Exchanger) Priority: 10 mxa-0023de01.gslb.pphosted.com
    sendgrid.com MX (Mail Exchanger) Priority: 10
    mxb-0023de01.gslb.pphosted.com


    148.163.153.13/32 and 148.163.149.14/32 at least.


    And for sendgrid.net

    sendgrid.net MX (Mail Exchanger) Priority: 20 mx2.sendgrid.net
    sendgrid.net MX (Mail Exchanger) Priority: 10 mx.sendgrid.net



    mx.sendgrid.net 167.89.118.48, 167.89.123.50
    mx2.sendgrid.net 167.89.123.50, 167.89.118.48

    Looks like sendgrid.net has the block 167.89.0.0/17

    You will probably want to drop the ones I mentioned above too.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Sam@21:1/5 to Post To Usenet on Fri Aug 21 22:53:03 2020
    This is a MIME GnuPG-signed message. If you see this text, it means that
    your E-mail or Usenet software does not support MIME signed messages.
    The Internet standard for MIME PGP messages, RFC 2015, was published in 1996. To open this message correctly you will need to install E-mail or Usenet software that supports modern Internet standards.

    Post To Usenet writes:

    why wait beat the rush and block these IP blocks too.

    Yes I have gotten spam from these IPs which are listed as being owned
    by other networks.

    208.117.55.132 (steadfast.net) (o1.f.az.sendgrid.net)
    50.31.55.12 AS11377 (steadfast.net) (o1.send.sumall.com)

    I'm waiting to see if I get spam from these IPs, first. If I do, I'm going
    to nastygram steadfast.net first, and see what they do. There's a small
    chance of causing trouble for sendgrid, this way. I have no prior experience with steadfast, so I'll give them a chance to boot sendgrid, first.


    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCAAdFiEEMWrVnbBKLOeG9ifkazpiviedvyUFAl9AiI8ACgkQazpivied vyXT0hAArMKHb0tPywsJlnUueGup5E1J3MRporhuuhSiDDjAFZSbHD1pdSwBBGkB SGNT8mk06L3UcgpUWT5abSshiiSI7F9ugPjy+pGEeAMxnKw5uLU13KKRjZRW60BC oqPbUd7/n8RCH3HFPw8DPjeSzsrUduEAe04fP8rIHbAMriR+Iew2wshuXW/kSWE/ dC66FaGwgsCF4mrR5PC35Pb8uosr8ea3d4hyXl0Sq00SbptaEkBTkzDdjuPL6sJz KzhudaggMipAeCy5dbiSxdRaI+UoOZN2QAREwJj3NGJKfeZ4xoVQQcqWT7kZ59DJ XOCyIwtOFfo3xN3Yxx852H7ipkS4V7Hu6+q8wlKwsZLdVz19KzrkLfEUHr8sj2Jr jmBUVEZk8nTT2pRmlu8i3NayeSKdut5GPzNmSZr2oUL3QmtCs6SOJ0d7RueW2Fg1 46aq3LGblhP87rPoRxhvjzz+yiwfL0reUxgwf9Uu1uuNtl/KTO8yQPqiGSieHj0H O6Br8AWbSUDng0R2hXxVn1/sAM3wNWsfWmyakiTwDrgfsXb9/FNFDwNKsxYC29/5 tAltVpvfsrFX9H2sDZcU3NauS3Yoa8l0PhA3HRz40iFHzVpJY7B/zQn0EeBxxpKS hbP0iAoVQ59dooaEG1QZQVXp//zyLebYXgM97AhYaH/WuaiL8Yg=
    =oX3m
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Post To Usenet@21:1/5 to Sam on Fri Aug 21 22:36:13 2020
    On 2020-08-21 8:53 p.m., Sam wrote:
    Post To Usenet writes:

    why wait beat the rush and block these IP blocks too.

    Yes I have gotten spam from these IPs which are listed as being owned
    by other networks.

    208.117.55.132 (steadfast.net) (o1.f.az.sendgrid.net)
    50.31.55.12 AS11377 (steadfast.net)  (o1.send.sumall.com)

    I'm waiting to see if I get spam from these IPs, first. If I do, I'm
    going to nastygram steadfast.net first, and see what they do. There's a
    small chance of causing trouble for sendgrid, this way. I have no prior experience with steadfast, so I'll give them a chance to boot sendgrid, first.


    I can tell you that steadfast.net won't boot em I already gave them that chance. I emailed their abuse department they are still on there.

    But it is up to you but I am telling you that steadfast.net seems to do nothing. Cheers

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)