Hey @SendGrid
1. Why do you allow a customer to place a different customer's domain in the mail's From header?
and/or
2. Why do you share DKIM keys between customers? If you used differing ones, DKIM verification would have failed here https://twitter.com/glenmaddern/status/1278333730977918976
Hey @github

Why do you have DMARC disabled on your domain?
We saw fraudsters doing the same thing a little while ago at @monzo. We turned on strict DMARC to fix it; GitHub should do the same; it protects against other types of attack
But realistically Sendgrid are being negligent here in not preventing these sorts of cross customer attacks

They're in a privileged position as an SPF/DKIM permitted sender for people's domains; they should be doing better for their customers
(I'm not aware of if either Mailgun or Amazon SES allow these sorts of things to take place; Sendgrid are at fault here)
You can follow @erincandescent.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more