Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Confusion if steemit's email is legit or not #367

Open
Jolly-Pirate opened this issue Jun 8, 2018 · 2 comments
Open

Confusion if steemit's email is legit or not #367

Jolly-Pirate opened this issue Jun 8, 2018 · 2 comments

Comments

@Jolly-Pirate
Copy link

Jolly-Pirate commented Jun 8, 2018
edited
Loading

Some users may be confused when receiving emails at protonmail.com (and probably other email services). Here's what one user said:

I may have received a phishing scam email for my account verification and have no way to tell if it is legitimate or not. It came from "[email protected]", but does not have the "via sendgrid.net" after it and Protonmail flagged it. However the timing seems legitimate because I have been waiting about 2 weeks and the confirmation link to finish setting up the account does have "sendgrid.net" in the address with numbers and letters before it and after it, so the link might be legitimate? Any help would be greatly appreciated.

The emails are going into the spam folder with a high score. Also there were reports of this message about the emails: This email has failed its domain's authentication requirements. It may be spoofed or improperly forwarded!

I checked the SPF record and it's lacking the sendgrid.net entry.
v=spf1 ip4:167.89.30.199 include:servers.mcsv.net include:_spf.google.com include:spf.sendinblue.com mx ~all

The SPF record should be corrected to reduce the spam score.

https://sendgrid.com/docs/Glossary/spf.html

Here's an email header sample:

Return-Path: <bounces+3137752-c0b8-********[email protected]>
X-Original-To: ********@protonmail.com
Delivered-To: ********@protonmail.com
Received: from o1678930x199.outbound-mail.sendgrid.net
 (o1678930x199.outbound-mail.sendgrid.net [167.89.30.199]) (using TLSv1.2 with cipher
 ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by
 mail9i.protonmail.ch (Postfix) with ESMTPS id 655E92906 for <********@protonmail.com>; Thu,
  7 Jun 2018 23:23:07 +0000 (UTC)
Received: by filter0593p1iad2.sendgrid.net with SMTP id filter0593p1iad2-19901-5B19BE59-30
        2018-06-07 23:23:05.963142056 +0000 UTC
Received: from MzEzNzc1Mg (ec2-54-87-228-55.compute-1.amazonaws.com [54.87.228.55]) by
 ismtpd0033p1mdw1.sendgrid.net (SG) with HTTP id jlOnWONCTjmJGjl8lIPvOA Thu, 07 Jun 2018
 23:23:05.944 +0000 (UTC)
Authentication-Results: mail9i.protonmail.ch; dmarc=fail (p=none dis=none)
 header.from=steemit.com
Authentication-Results: mail9i.protonmail.ch; spf=pass
 smtp.mailfrom=bounces+3137752-c0b8-********[email protected]
Authentication-Results: mail9i.protonmail.ch; dkim=pass (1024-bit key)
 header.d=sendgrid.net [email protected] header.b="C165oLBD"
Dkim-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=sendgrid.net;
  h=from:mime-version:to:content-type:subject; s=smtpapi;
  bh=cMhousMxJAxzxesLNVB73PEKogs=; b=C165oLBDuS5Fug3yCynX/YktLTyvX
 o4rRlBnM4+w7ZUoytJLMLCpmLmVruDG7b9JzLfnfCTbgnBXgy1bToGHc7dU/EaJO
 xk8R5l+Ks1SNDlVQeK+YVbQ6TYkBa0/2aGEE3TWPxhHQ3R16H8p+42NSfuztJXOz vecnWVxjePZLmQ=
Date: Thu, 07 Jun 2018 23:23:05 +0000 (UTC)
From: "Steemit" <[email protected]>
Mime-Version: 1.0
To: ********@protonmail.com
Message-Id: <[email protected]>
Content-Type: text/html
Subject: One last step to set up your account
X-Sg-Eid: K5z1v5PSizJFtDAoPOvFdUxysQzwJVYv4CK7VW7nF7jGVP8xVo74rZwrGgjUYPG7ewzxFhgYxTEDAF
 P9rwLm8Li4znexVr/ObHo541AE5+RibYNoTfM2k7+ckmBJtO+CA2UXReDyRdzhYnkrAxTaxyTEhDfu
 RASCAKzgLoB1Zwd0Lh3mk9v0IYB8UClavWLL1lj32VtkirzM6P/aw+IqkoZqmqv+6egp1vS+EMm1Z/ U=
X-Spam-Flag: YES
X-Spam-Status: Yes, score=5.8 required=4.0 tests=DKIM_SIGNED,DKIM_VALID,
 HDRS_LCASE_IMGONLY,HEADER_FROM_DIFFERENT_DOMAINS,HTML_IMAGE_ONLY_20,
 HTML_MESSAGE,HTTPS_HTTP_MISMATCH,SPF_PASS,T_DKIMWL_WL_MED,URIBL_GREY autolearn=no
 autolearn_force=no version=3.4.0
X-Spam-Report: *
  2.0 URIBL_GREY Contains an URL listed in the URIBL *
      [URIs: sendgrid.net] *
  0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail *
      domains are different * -0.0 SPF_PASS SPF: sender matches SPF record *
  2.0 HTTPS_HTTP_MISMATCH BODY: No description available. *
  1.5 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words *
  0.0 HTML_MESSAGE BODY: HTML included in message *
  0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily *
      valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature *
  0.0 HDRS_LCASE_IMGONLY Odd capitalization of message headers + *
      image-only HTML * -0.0 T_DKIMWL_WL_MED DKIMwl.org - Whitelisted Medium sender
X-Spam-Level: *****
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on maili.protonmail.ch
X-Pm-Origin: external
X-Pm-Content-Encryption: on-delivery
X-Pm-Transfer-Encryption: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)

Sendgrid is often used by spammers, ideally steemit.com should run its own email server with proper configuration (SPF, DMARC, DKIM).
@Gandalf-the-Grey
Copy link

The SPF record should be corrected to reduce the spam score.

There's an issue but it's somewhere else. SPF record is fine (you've checked wrong one). One of solution is to use whitelabeling within sendgrid.

@Jolly-Pirate
Copy link
Author

That was the SPF record for steemit.com used in the email; what else is there?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Jolly-Pirate @Gandalf-the-Grey