Skip to main content

Notice

Please note that most of the software linked on this forum is likely to be safe to use. If you are unsure, feel free to ask in the relevant topics, or send a private message to an administrator or moderator. To help curb the problems of false positives, or in the event that you do find actual malware, you can contribute through the article linked here.
Topic: Renew password mail is correctly treated as phishing attempt (Read 2092 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Renew password mail is correctly treated as phishing attempt

Hi there,
as you may be aware, the mail generated by the system when users request to have their password reset contains a URL to https://hydrogenaud.io/index.php?... which is in fact linked to a server in the domain sendgrid.net, which may or may not be hydrogenaudio's technical solution provider.

Apart from being a totally inacceptable behaviour from any recipient's perspective, culturally,  >:(
proper eMail clients will clearly mark these eMails as phishing attempt and thus making hydrogenaud.io forum look untrustworthy to users.  :-\

You might want to find a better solution soon.

Yours, sincerely,
blausand

Re: Renew password mail is correctly treated as phishing attempt

Reply #1
As I already announced this in another topic, this is our email sending solution.

It's either this, or half of our users don't get email at all.

Or I could slap on a subdomain to the hydrogenaud.io links through a regex filter, which will still need to be CNAMEd to point at SendGrid's servers to work, as they do not allow direct hotlinks in their messages.

But they don't get instantly spam dropped (not spam foldered) by half of the world's major mail providers!

Re: Renew password mail is correctly treated as phishing attempt

Reply #2
kode54, could you explain the technical problem? What's up with whitelisting domains, mail being silently dropped ... ?

Btw, this is the earlier post on sendgrid.
"I hear it when I see it."

Re: Renew password mail is correctly treated as phishing attempt

Reply #3
Why not just send the mail in plain text, so that the url has to be copied? Less of an annoyance than getting flagged as phishing.

Re: Renew password mail is correctly treated as phishing attempt

Reply #4
The message is plaintext. SendGrid turns it into HTML mail so they can "hide" the link wrapping. If you view it from a plaintext-only message viewer, it will contain only the gigantic decorated links.

They would helpfully claim that the reason they do this is so they can allow their customers to track when a message is delivered, read, and if/when any of the links within are clicked.

Re: Renew password mail is correctly treated as phishing attempt

Reply #5
I have found the click and open tracking features on Sendgrid and disabled them. Messages should be clean now.