On 2026-07-03 at 06:03 +0200, Marco Moock wrote:
> Am 02.07.26 um 12:24 schrieb Benoit Panizzon:
> > Data from that breach starts increasingly being used by Twilio Sendgrid
> > customers for advertising.
> 
> A rather normal situation. Twilio Sendgrid is a company that does not 
> care about it or intentionally operates their service for such 
> "customers". I contacted the abuse department various times - never got 
> a response about the case, but some blabla nonsense in some cases.


Well, even though Free had its responsibility by not implementing
appropriate security controls (and was thus fined 42 millions — which
still seems cheap for losing data of 42 millions of customers), whoever
stole them is the main culprit, and there _should_ be a police case for
that.

If it can be demonstrated beyond doubt that the data indeed comes from
that breach, that should be investigated.
Oh, I know: All parties will have "legally acquired the data from
someone else". And it will come to a halt
from mixed jurisdictions rather sooner than later.

Were companies held responsible for the of their sourced databases,
they would be much more cautious.

I'm not saying it's SendGrid's fault if they have customers using
illegally obtained lìsts, but if they got certain subsidiary
responsability for what they did for their bad-apples-customers-gone-
missing, they would more carefully vet their customers beforehand to
ensure they can really be held accountable for the million emails they
are about to blast.


On 2026-07-03 at 18:50 -0500, Jarland Donnell wrote:
> There was a period for a bit there where I think several people 
> internally did legitimately care. The problem is, none of us are
> brave 
> enough to block Sendgrid completely, thus creating no financial 
> justification for a competent and equipped abuse team. It's tough in 
> that kind of environment, telling your bosses that you need more 
> resources to handle a problem that isn't costing the business
> anything.

And thus, that would align the financial incentives, since a well-
greased abuse team would reduce the number of fines supported by the
company.


_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop

Reply via email to