If you can post some headers, I can likely tell you how this sender got onto our system and how quickly they were shut down. I am certain they didn't tell us "Hey, we are Swisscom."
Luke On Thu, Feb 16, 2017 at 1:37 AM, Benoit Panizzon <benoit.paniz...@imp.ch> wrote: > Hi all > > I am wondering how such an incident could happen. > > Yesterday several of our customers (and also several of our support > contact email addresses) got very carefully crafted and very authentic > looking fake email invoice notifications from Swisscom. > > The 'online invoice' link points to a file containing malware. A > warning has been issued via the medias in switzerland, to inform the > population not to download that invoice which a swisscom customer can > hardly distinguish from a real one. > > Obviously sendgrid got abused in several ways: > > * Hosting the Malware > * Sending Emails with Valid DKIM Signature > * Valid SPF Sender > > They reacted fast, as of today, they have removed the malware from > their site. > > Is it really that easy to go to sendgrid and tell them 'Hey we are > Swisscom and want to send email invoices to all our customers, please > provide mass-email and hosting services to us? > > Doesn't anyone at sendgrind raises an eyebrow and think, hey wouldn't > swisscom send such emails over their own infrastructure? Shouldn't we > verify with swisscom, if this request is authentic? > > Kind regards > > -BenoƮt Panizzon- > -- > I m p r o W a r e A G - Leiter Commerce Kunden > ______________________________________________________ > > Zurlindenstrasse 29 Tel +41 61 826 93 00 > CH-4133 Pratteln Fax +41 61 826 93 01 > Schweiz Web http://www.imp.ch > ______________________________________________________ > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > -- Luke Martinez Team Lead | Email Delivery 520.400.5693
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop