Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid (ugh)

2021-07-07 Thread Luke via mailop
If you could share the return-path of the offending message, I can have it looked at. Cheers, Luke On Tue, Jul 6, 2021 at 11:39 AM Brielle via mailop wrote: > Hello, > > Anyone here have a contact for Zoom in re of webinar spam being sent > from their platform via Sendgrid owned IPs? > > I'm

Re: [mailop] Cyren status regularly flapping back to Suspicious

2021-07-07 Thread Alessandro Vesely via mailop
On Tue 06/Jul/2021 20:28:16 +0200 Florian Effenberger via mailop wrote: Alessandro Vesely via mailop wrote on 06.07.21 at 18:38: I tried https://www.cyren.com/security-center/cyren-ip-reputation-check-gate and it says "No Risk" for 188.34.176.133 and "Please enter a valid IP" for

Re: [mailop] Hen and egg problem with Talos

2021-07-07 Thread Jay Hennigan via mailop
On 7/7/21 13:08, Michael Peddemors via mailop wrote: [snip] You should consider adding some AUTH protections of course, to mitigate compromised accounts, and better detection/rate limiters for when they do. Encourage transparent 2FA, and options like country auth restrictions, blocking AUTH

Re: [mailop] Hen and egg problem with Talos

2021-07-07 Thread Thomas Walter via mailop
On 07.07.21 22:08, Michael Peddemors via mailop wrote: > Start by including the IP(s) you are discussing ;) mx-out-01.fh-muenster.de [185.149.214.63] mx-out-02.fh-muenster.de [212.201.120.206] > Compromised accounts are indeed the bane of the responsible > administrator, and as you can see.. the

Re: [mailop] Hen and egg problem with Talos

2021-07-07 Thread Thomas Walter via mailop
On 07.07.21 23:12, Jay Hennigan via mailop wrote: >> Encourage transparent 2FA, and options like country auth restrictions, >> blocking AUTH from cloud providers/hosting companies known for being a >> haven for those types of attacks, (should make a blog post on best >> practices for

[mailop] Hen and egg problem with Talos

2021-07-07 Thread Thomas Walter via mailop
Hey guys, I have to take the walk of shame and report a spam outbreak on my systems because of a phished user account and a loophole in the rate limiting we do. As soon as we got notifed, we stopped and cleaned the queues, blocked the user, investigated the cause and fixed the rate limiting

Re: [mailop] Today in Sendgrid, was Contact for Zoom webinar spam sent via Sendgrid (ugh)

2021-07-07 Thread John Levine via mailop
It appears that Luke via mailop said: >-=-=-=-=-=- >-=-=-=-=-=- > >If you could share the return-path of the offending message, I can have it >looked at. I have a banking phish from dorfj-emigrant@dr.com sent to nob...@johnlevine.com and an invitation from m...@ippodogallery.com to an art

Re: [mailop] Hen and egg problem with Talos

2021-07-07 Thread Michael Peddemors via mailop
Start by including the IP(s) you are discussing ;) Compromised accounts are indeed the bane of the responsible administrator, and as you can see.. the rate limiting systems ARE essential, you are unlikely to suffer a reputation issue, if only a few escape (unless they have REALLY bad content,

Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid (ugh)

2021-07-07 Thread Carl Byington via mailop
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2021-07-06 at 23:59 +0300, Atro Tossavainen via mailop wrote: > X-Entity-ID: 7mxhBNMkQ9yfwz0A5+NG7Q== > Return-Path: https://list.mailop.org/listinfo/mailop