Re: [mailop] Sendgrid abuse forwarding to Google - not one of your brightest ideas

[Jay Hennigan via mailop]

On 3/22/23 01:35, Hans-Martin Mosner via mailop wrote:

I tried to report a phishing spam to Sendgrid, and look what I got:

- The following addresses had permanent fatal errors -

 (reason: 552-5.7.0 This message was blocked because its content presents a 
potential)

- Transcript of session follows -
... while talking to aspmx.l.google.com.:


With the amount of spam coming from Sendgrid, do you think they even 
look at the ones that get through?


--
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid abuse forwarding to Google - not one of your brightest ideas

[Mickey Chandler via mailop]

Eh.

Sendgrid isn't a mailbox provider. Holding them to that standard of things
isn't the right way of looking at it.

For an Email Service Provider (like Sendgrid), the headers likely do have
the information to find the outgoing job where the actual messages were
built and there will be sufficient information there about the bodies (even
if it's without the precise personalization that the recipient saw) that an
abuse desk can take action if the content is important to the case.

When I was last running an ESP abuse desk, there were a very few customers
who were running things all over an API and I couldn't see the message
bodies, but I was looking for the bodies to see if there was additional
evidence (like "I found your contact information on LinkedIn") and was able
to move forward with my cases anyway.

I have grave concerns about running an ESP abuse desk on Google, but that's
from data access standpoint (i.e.: Google requires

that
they be able to monitor abuse@ for domains it's hosting in Workspaces, but
has no reasonable right to data access regarding complaints regarding
messages not sent through their infrastructure).

On Wed, Mar 22, 2023 at 5:29 AM Jaroslaw Rafa via mailop 
wrote:

> Dnia 22.03.2023 o godz. 10:01:53 Sebastian Nielsen via mailop pisze:
> > A good idea when you get this type of response, just include the full
> > headersand not the actual body of message.A competent abuse department
> > should be able to fish out a verbatim copy of the message being reported
> > in their logging systems using the headers alone.
>
> I would not trust any email provider who is able to do this - because this
> means that they are either: a) logging and storing all your emails (if they
> are able to do this even if the message is not stored in sender's mailbox);
> or b) snooping through users' mailboxes (if they are able to do this only
> if
> the message is stored in sender's mailbox, by pulling it out from there).
> --
> Regards,
>Jaroslaw Rafa
>r...@rafa.eu.org
> --
> "In a million years, when kids go to school, they're gonna know: once there
> was a Hushpuppy, and she lived with her daddy in the Bathtub."
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid abuse forwarding to Google - not one of your brightest ideas

[Sebastian Nielsen via mailop]

Thats why the systems should be able to fish out based on for example 
Message-ID, and for additional security, AES-256 encrypt the message with the 
SHA256 hash of the message ID.Of course only abuse department should have 
access to these tools.Thus you dont need to rummage through people's inboxes or 
retain cleartext copies of other peoples messages, just copy+paste message ID 
into some retrieve system and its all set.The message ID could be viewed as an 
"password" saying you are authorized to view the message.This can additionally 
be used for per-item access key in the inbox.
 Originalmeddelande Från: Jaroslaw Rafa via mailop 
 Datum: 2023-03-22  11:29  (GMT+01:00) Till: 
mailop@mailop.org Ämne: Re: [mailop] Sendgrid abuse forwarding to Google - not 
one of your brightest ideas Dnia 22.03.2023 o godz. 10:01:53 Sebastian Nielsen 
via mailop pisze:> A good idea when you get this type of response, just include 
the full> headersand not the actual body of message.A competent abuse 
department> should be able to fish out a verbatim copy of the message being 
reported> in their logging systems using the headers alone.I would not trust 
any email provider who is able to do this - because thismeans that they are 
either: a) logging and storing all your emails (if theyare able to do this even 
if the message is not stored in sender's mailbox);or b) snooping through users' 
mailboxes (if they are able to do this only ifthe message is stored in sender's 
mailbox, by pulling it out from there).-- Regards,   Jaroslaw Rafa   
r...@rafa.eu.org--"In a million years, when kids go to school, they're gonna 
know: once therewas a Hushpuppy, and she lived with her daddy in the 
Bathtub."___mailop mailing 
listmailop@mailop.orghttps://list.mailop.org/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid abuse forwarding to Google - not one of your brightest ideas

[Bill Cole via mailop]

On 2023-03-22 at 05:01:53 UTC-0400 (Wed, 22 Mar 2023 10:01:53 +0100)
Sebastian Nielsen via mailop 
is rumored to have said:

A good idea when you get this type of response, just include the full 
headersand not the actual body of message.A competent abuse department 
should be able to fish out a verbatim copy of the message being 
reported in their logging systems using the headers alone.


Not so much.

Retaining messages that have been disposed of from a SMTP standpoint is 
full of legal risks. Merely passing through a MTA does not normally 
result in a retained copy.



--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid abuse forwarding to Google - not one of your brightest ideas

[Michael Rathbun via mailop]

On Wed, 22 Mar 2023 10:01:53 +0100, Sebastian Nielsen via mailop
 wrote:

>A good idea when you get this type of response, just include the full 
>headersand not the actual body of message.A competent abuse department should 
>be able to fish out a verbatim copy of the message being reported in their 
>logging systems using the headers alone.

I only report to Sendgrid when one of their customers hits a "sudden death"
spamtrap, and then I simply send the log from the transaction.  I get a ticket
response, and later a survey request for my experiences, which I ignore.  I
also see zero repeat performances by that particular customer.

mdr
-- 
We must not confuse statistical probability with some transcendental
and utterly compelling force. 
  -- Unspiek, Baron Bodissey (Life, Volume II)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid abuse forwarding to Google - not one of your brightest ideas

[Jaroslaw Rafa via mailop]

Dnia 22.03.2023 o godz. 10:01:53 Sebastian Nielsen via mailop pisze:
> A good idea when you get this type of response, just include the full
> headersand not the actual body of message.A competent abuse department
> should be able to fish out a verbatim copy of the message being reported
> in their logging systems using the headers alone.

I would not trust any email provider who is able to do this - because this
means that they are either: a) logging and storing all your emails (if they
are able to do this even if the message is not stored in sender's mailbox);
or b) snooping through users' mailboxes (if they are able to do this only if
the message is stored in sender's mailbox, by pulling it out from there).
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid abuse forwarding to Google - not one of your brightest ideas

[Sebastian Nielsen via mailop]

A good idea when you get this type of response, just include the full 
headersand not the actual body of message.A competent abuse department should 
be able to fish out a verbatim copy of the message being reported in their 
logging systems using the headers alone.
 Originalmeddelande Från: Hans-Martin Mosner via mailop 
 Datum: 2023-03-22  09:47  (GMT+01:00) Till: mailop 
 Ämne: [mailop] Sendgrid abuse forwarding to Google - not 
one of your brightest ideas 
I tried to report a phishing spam to Sendgrid, and look what I
  got:
   - The following addresses had permanent fatal errors -

(reason: 552-5.7.0 This message was blocked because its content presents a 
potential)

   - Transcript of session follows -
... while talking to aspmx.l.google.com.:
>>> DATA
<<< 552-5.7.0 This message was blocked because its content presents a potential
<<< 552-5.7.0 security issue. Please visit
<<< 552-5.7.0  https://support.google.com/mail/?p=BlockedMessage to review our
<<< 552 5.7.0 message content and attachment content guidelines. 
t7-20020a02540700b0038a27d5a3b9si13875032jaa.5 - gsmtp
554 5.0.0 Service unavailable

Well doh, abuse reports tend to include the messages being
  reported, and those messages tend to contain bad content.
  Forwarding your abuse mail to a google mailbox isn't really a good
  idea...
Cheers,
  Hans-Martin


  

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Sendgrid abuse forwarding to Google - not one of your brightest ideas

[Hans-Martin Mosner via mailop]

I tried to report a phishing spam to Sendgrid, and look what I got:

   - The following addresses had permanent fatal errors -

(reason: 552-5.7.0 This message was blocked because its content presents a 
potential)

   - Transcript of session follows -
... while talking to aspmx.l.google.com.:

DATA

<<< 552-5.7.0 This message was blocked because its content presents a potential
<<< 552-5.7.0 security issue. Please visit
<<< 552-5.7.0https://support.google.com/mail/?p=BlockedMessage  to review our
<<< 552 5.7.0 message content and attachment content guidelines. 
t7-20020a02540700b0038a27d5a3b9si13875032jaa.5 - gsmtp
554 5.0.0 Service unavailable

Well doh, abuse reports tend to include the messages being reported, and those messages tend to contain bad content. 
Forwarding your abuse mail to a google mailbox isn't really a good idea...


Cheers,
Hans-Martin
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop