Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid (ugh)

Thu, 08 Jul 2021 08:49:28 -0700 

On 2021-07-08 8:20 a..m., Carl Byington via mailop wrote:

On Thu, 2021-07-08 at 09:31 +0300, Atro Tossavainen via mailop wrote:

That one is Zoom.us itself.



Received: from o5.sg.zoom.us (o5.sg.zoom.us [149.72.199.144])



Received: from o12.ptr3622.sg.zoom.us (o12.ptr3622.sg.zoom.us
[167.89.93.232])


Yes, the mail arrives from systems with rdns of *.sg.zoom.us, but my
understanding is that the X-Entity-ID points to a sendgrid user. And the
headers include stuff like:

Received: by filter1889p1las1.sendgrid.net with SMTP id
filter1889p1las1-10585-60DE6FD0-E
         2021-07-02 01:45:52.506187482 +0000 UTC m=+23969.518969155
Received: from MjEwNzk4ODQ (unknown)
         by geopod-ismtpd-3-2 (SG) with HTTP id W8YVLKQPT6CK1S2NPi9CbA

Which looks like the original submission was via a sendgrid web
interface. A reply-to address in .vn, and a subject line (google
translate from Vietnamese) of "Why real estate can make you rich?".

Just more crap that sendgrid is leaking, this time sending their
outbound spam via zoom.us servers.





Yeah, it is almost always a compromise, but hard to believe Zoom would 
not have enabled two factor authentication, or similar restrictions on 
who can use their sendgrid servers, keep thinking that their is another 
back door that abusers are using at SendGrid..



Be nice to hear from Zoom (if anyone knows a contact) on what they 
discover, since SendGrid hasn't been too transparent.


--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop






















					Reply via email to