2

Recently we received an odd mail coming from adress1@company.com to address2@company.com

The problem is that address1 didn't send any email to address2. The email was sent using sendgrid. Sendgrid has to be in our SPF due to the use of freshdesk which uses their system.

I was able to recreate the situation with the following: - create a free sendgrid account with a fake email address (fake@company.com) - send a transactional email from: fake@company.com (address1@company.com) to address2@company.com. The email goes straight to spam but it stills delivered. However I would like to reject this email.

I have dkim for our principal server, and freshdesk (sendgrid), and SPF for our principal server and once again freshdesk.

I tried with dmarc to reject but the email is still being delivered. At this point I'm out of ideas and I don't know what could be missing.

If the email is sent by freshdesk then it's signed by company.com and if it's spoofed like I mentioned above it will be signed by sendgrid which is generating their own DKIM keys (apparently).

Our server runs in postfix with debian9. Thank you, Diogo Jesus

Diogo Jesus
  • 131
  • 7
  • Your question might be easier to understand if you indicated which of the placeholder domain indicates domains under your control. What did did the *SendGrid* abuse team say about your complaint anyway? – anx Jun 20 '19 at 22:47
  • @anx after 2 emails no statement were done. – Diogo Jesus Jun 24 '19 at 06:33
  • the thing is that we're not sendgrid costumers. I don't understand how they can have a such breach in their systems were they allow users to send transitional emails without even verifying their account. It's just pure nonsense. – Diogo Jesus Jun 24 '19 at 06:35

1 Answers1

2

SPF / DKIM / DMARC won't necessarily solve this problem, perhaps better to find a way of adding a header (tag) to the freshdesk emails that you can use header checks to validate if the email is genuine.

i.e.

email delivered via sendgrid and tagged with the secret freshdesk tag is genuine,

email sent via sendgrid without the tag is not and can be binned.

Allan Wallace
  • 271
  • 1
  • 4
  • I will validate this question since it was close enough to what I managed to do. Basically mails from sendgrid had a return path like 123456789mycompany@sendgrid.net and those from freshdesk were 123456789mycompany@freshdesk.mycompany So adding a sender.pcre to smtpd_recipient_restrictions with a rule to block from any mycompany@sendgrid.net fixed the issue. – Diogo Jesus Jun 24 '19 at 06:26
  • 1
    Great response and helpful to others who encounter similar, cheers! – Allan Wallace Jun 24 '19 at 17:48