I am wondering how such an incident could happen.
Yesterday several of our customers (and also several of our support
contact email addresses) got very carefully crafted and very authentic
looking fake email invoice notifications from Swisscom.
The 'online invoice' link points to a file containing malware. A
warning has been issued via the medias in switzerland, to inform the
population not to download that invoice which a swisscom customer can
hardly distinguish from a real one.
Obviously sendgrid got abused in several ways:
* Hosting the Malware
* Sending Emails with Valid DKIM Signature
* Valid SPF Sender
They reacted fast, as of today, they have removed the malware from
Is it really that easy to go to sendgrid and tell them 'Hey we are
Swisscom and want to send email invoices to all our customers, please
provide mass-email and hosting services to us?
Doesn't anyone at sendgrind raises an eyebrow and think, hey wouldn't
swisscom send such emails over their own infrastructure? Shouldn't we
verify with swisscom, if this request is authentic?
I m p r o W a r e A G - Leiter Commerce Kunden
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
mailop mailing list