undefined | Better HN

0 pointsbtgeekboy3y ago0 comments

If I have a business and I use a company like sendgrid, I have credentials to use that service. If some employee has access to that account (such as to send newsletters), and that employee’s credentials were lost or stolen, that doesn’t seems suspicious at all.

I don’t have any inside info here, but it makes sense. And as a namecheap customer, I see no reason to panic at this time.

0 comments

citrin_ru3y ago

Employees should use 2FA for their accounts and Sendgrid seems to offer this; for password stored in sending applications one can use combination of password and IP ACLs but I don't know if SendGrid allows to set IP ACLs for senders. While 2FA is not a panacea it significantly reduces rick.

One can send newsletters using a subdomain like news.acmecorp.com and have Sendgrid's IPs in SPF record only for this subdomain and not for the main domains (though most recipient would not notice change from say @acmecorp.com to @news.acmecorp.com).

OJFord3y ago

You wouldn't claim 'the issue was with a 3rd party provider' though.

j / k navigate · click thread line to collapse

0 pointsbtgeekboy3y ago0 comments

I don’t have any inside info here, but it makes sense. And as a namecheap customer, I see no reason to panic at this time.

0 comments

citrin_ru3y ago

OJFord3y ago

You wouldn't claim 'the issue was with a 3rd party provider' though.

j / k navigate · click thread line to collapse