Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SpamAssassin>
  3. users
Detecting SendGrid shared IPs
pedrod_marco at yahoo
Jul 16, 2020, 12:18 AM
Post #1 of 8 (1083 views)
Permalink
Is there any way to know whether a Sendgrid IP is shared or dedicated?
Thanks in advance!

--------Pedro
RE: Detecting SendGrid shared IPs [ In reply to ]
M.Roos at f1-outsourcing
Jul 16, 2020, 12:27 AM
Post #2 of 8 (1083 views)
Permalink
Blacklist all and just whitelist email addresses you want to receive
from.



-----Original Message-----
From: Pedro David Marco [mailto:pedrod_marco@yahoo.com]
Sent: donderdag 16 juli 2020 9:18
To: Users
Subject: Detecting SendGrid shared IPs

Is there any way to know whether a Sendgrid IP is shared or dedicated?

Thanks in advance!


--------
Pedro
Re:Detecting SendGrid shared IPs [ In reply to ]
me at junc
Jul 16, 2020, 5:10 AM
Post #3 of 8 (1081 views)
Permalink
Why?

----------------
From: Pedro David Marco <pedrod_marco@yahoo.com>
Date: Thu, Jul 16, 2020 at 09:18 AM
Subject: Detecting SendGrid shared IPs
To: Users <users@spamassassin.apache.org>

>
Is there any way to know whether a Sendgrid IP is shared or dedicated?

Thanks in advance!


--------
Pedro
Re: Detecting SendGrid shared IPs [ In reply to ]
riccardo.alfieri at spamteq
Jul 16, 2020, 6:25 AM
Post #4 of 8 (1081 views)
Permalink
Bumping a little the score for shared IPs? Could make sense..

On 16/07/20 14:10, me@junc.eu wrote:
> Why?
>
> ----------------
> From: Pedro David Marco <pedrod_marco@yahoo.com>
> Date: Thu, Jul 16, 2020 at 09:18 AM
> Subject: Detecting SendGrid shared IPs
> To: Users <users@spamassassin.apache.org>
>
> Is there any way to know whether a Sendgrid IP is shared or dedicated?
>
> Thanks in advance!
>
>
> --------
> Pedro

--
Best regards,
Riccardo Alfieri

Spamhaus Technology
https://www.spamhaustech.com/
Re: Detecting SendGrid shared IPs [ In reply to ]
pedrod_marco at yahoo
Jul 16, 2020, 6:32 AM
Post #5 of 8 (1081 views)
Permalink
>On Thursday, July 16, 2020, 03:26:08 PM GMT+2, Riccardo Alfieri <riccardo.alfieri@spamteq.com> wrote:
>Bumping a little the score for shared IPs? Could make sense..

Exactly...


-----Pedro
Re: Detecting SendGrid shared IPs [ In reply to ]
kdeugau at vianet
Jul 16, 2020, 8:07 AM
Post #6 of 8 (1081 views)
Permalink
Pedro David Marco wrote:
> Is there any way to know whether a Sendgrid IP is shared or dedicated?

Use the FCrDNS data and one or another of the X-Spam-Relays metaheaders.
It should be possible to quickly refine these to "good enough", if
they're not already (watch for word wrap):

header SENDGRID_SHARED_1 X-Spam-Relays-Untrusted =~ /^\[[^\]]+
rdns=[\w\d.]+\.shared\.sendgrid\.net /

header SENDGRID_SHARED_2 X-Spam-Relays-Untrusted =~ /^\[[^\]]+
rdns=[\w\d.]+.outbound-mail.sendgrid.net /

I suspect the second matches a somewhat different slice of their
services than you're asking about, but I can't say I can really tell the
difference from the outside.

-kgd
Re: Detecting SendGrid shared IPs [ In reply to ]
rwmaillists at googlemail
Jul 17, 2020, 5:13 AM
Post #7 of 8 (1073 views)
Permalink
On Thu, 16 Jul 2020 11:07:46 -0400
Kris Deugau wrote:

> Pedro David Marco wrote:
> > Is there any way to know whether a Sendgrid IP is shared or
> > dedicated?
>
> Use the FCrDNS data and one or another of the X-Spam-Relays
> metaheaders. It should be possible to quickly refine these to "good
> enough", if they're not already (watch for word wrap):
>
> header SENDGRID_SHARED_1 X-Spam-Relays-Untrusted =~ /^\[[^\]]+
> rdns=[\w\d.]+\.shared\.sendgrid\.net /
>
> header SENDGRID_SHARED_2 X-Spam-Relays-Untrusted =~ /^\[[^\]]+
> rdns=[\w\d.]+.outbound-mail.sendgrid.net /
>
> I suspect the second matches a somewhat different slice of their
> services than you're asking about, but I can't say I can really tell
> the difference from the outside.


What I'm seeing is that in most sendgrid emails the last-external
rDNS has the customer's own domain e.g.

X-Spam-Relays-External: [ ip=208.117.49.194 rdns=o10.em.spotify.com

The IP address there belongs to sendgrid.

sendgrid.net doesn't then show in the X-Spam-Relays-* headers because
it's in a header like this:

Received: by filter2092p1mdw1.sendgrid.net with SMTP ...

a format that SA deliberately skips when parsing received headers.

The obvious interpretation that "shared" is shared and "outbound-mail"
is sendgrid's own email doesn't seen to be correct. I have both
forms in third-party email.

Also I'm seeing that senders with their own dedicated IP addresses
sometimes use shared addresses too.

Although it looks easy to distinguish between shared and dedicated
addresses it doesn't seem like a useful indicator to me.
Re: Detecting SendGrid shared IPs [ In reply to ]
ricky.boone at gmail
Jul 17, 2020, 5:44 PM
Post #8 of 8 (1073 views)
Permalink
Looks like I might have replied to Kris and not the maillist. Sorry if
this shows up twice.

Made a couple adjustments to the two patterns and merged them into one if
anyone is interested.

/^\[[^\]]+
(?:helo|rdns)=[\w\d.]+\.(?:outbound-e?mail|shared)\.sendgrid\.net /


On Thu, Jul 16, 2020 at 11:07 AM Kris Deugau <kdeugau@vianet.ca> wrote:

> Pedro David Marco wrote:
> > Is there any way to know whether a Sendgrid IP is shared or dedicated?
>
> Use the FCrDNS data and one or another of the X-Spam-Relays metaheaders.
> It should be possible to quickly refine these to "good enough", if
> they're not already (watch for word wrap):
>
> header SENDGRID_SHARED_1 X-Spam-Relays-Untrusted =~ /^\[[^\]]+
> rdns=[\w\d.]+\.shared\.sendgrid\.net /
>
> header SENDGRID_SHARED_2 X-Spam-Relays-Untrusted =~ /^\[[^\]]+
> rdns=[\w\d.]+.outbound-mail.sendgrid.net /
>
> I suspect the second matches a somewhat different slice of their
> services than you're asking about, but I can't say I can really tell the
> difference from the outside.
>
> -kgd
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal