Jump to content

Can you please unblock our domain?


Devin

Recommended Posts

We have gotten reports from one of our clients that the links in our emails are being blocked by Malwarebytes. The domain we use is send.applicantemail.com (among others, but this is the one that is being blocked). This domain is configured with our sendgrid account to handle links that we include in our company's emails. Here is an example link:

hxxp://send.applicantemail.com/wf/click?upn=KkiEVc0b0OBdAwobH95V5iM6CFg8sOl8foEtGAiI4xatVlaeZmHehIzjsbzFe0aSzTTbgFvl7WIy-2BICJoKgOny76X4fq1PpYTaL3zITUpIdtRn9gzYUwYKUH-2Fliol-2Bkq_VXvCmP-2FmDmFxeE-2FjQeLwQYtMYk4t16bp977cjyb6QJmgPxTNSVe4GD-2FgLoa0I6iaRrKPzzhwzIqNhWOB-2Fgzrzg5qeZP7DFqSQHCAZNHQEcquAdEXYxdsvtmI24CvcnUDlUF8xIKMCWzD8HKx010o3ZfkADLG5lF014TFUULKIwC-2BaXhJW0Mx5j7-2BCvuWJyUmM3XFnoz9nwaZq71Aa6Gb0Vh8Kt1ROXgvTC6YL-2BHHJFQ-3D

Please see attached the screenshots she shared with us showing the blocks.

Please let me know if you need any more info from me. If you have any information on why our domain is being considered to have a trojan, that would be very helpful to know as well.

Thank you!!

image.png

Screenshot from 2020-06-25 17-09-55.png

Edited by TeMerc
disabled live link
Link to post
Share on other sites

  • Staff
14 hours ago, Devin said:

We have gotten reports from one of our clients that the links in our emails are being blocked by Malwarebytes. The domain we use is send.applicantemail.com (among others, but this is the one that is being blocked). This domain is configured with our sendgrid account to handle links that we include in our company's emails. Here is an example link:

hxxp://send.applicantemail.com/wf/click?upn=KkiEVc0b0OBdAwobH95V5iM6CFg8sOl8foEtGAiI4xatVlaeZmHehIzjsbzFe0aSzTTbgFvl7WIy-2BICJoKgOny76X4fq1PpYTaL3zITUpIdtRn9gzYUwYKUH-2Fliol-2Bkq_VXvCmP-2FmDmFxeE-2FjQeLwQYtMYk4t16bp977cjyb6QJmgPxTNSVe4GD-2FgLoa0I6iaRrKPzzhwzIqNhWOB-2Fgzrzg5qeZP7DFqSQHCAZNHQEcquAdEXYxdsvtmI24CvcnUDlUF8xIKMCWzD8HKx010o3ZfkADLG5lF014TFUULKIwC-2BaXhJW0Mx5j7-2BCvuWJyUmM3XFnoz9nwaZq71Aa6Gb0Vh8Kt1ROXgvTC6YL-2BHHJFQ-3D

Please see attached the screenshots she shared with us showing the blocks.

Please let me know if you need any more info from me. If you have any information on why our domain is being considered to have a trojan, that would be very helpful to know as well.

Thank you!!

image.png

Screenshot from 2020-06-25 17-09-55.png

Hello-

Thanks for telling us about this block. The IP range has abuse reports from AbuseIPDB and blacklisted in RiskIQ:

https://www.abuseipdb.com/check/167.89.118.52

 

Link to post
Share on other sites

2 minutes ago, TeMerc said:

Hello-

Thanks for telling us about this block. The IP range has abuse reports from AbuseIPDB and blacklisted in RiskIQ:

https://www.abuseipdb.com/check/167.89.118.52

 

Thank you TeMerc! I was not finding the IP or domain on any blacklists but the ones I was checking obviously didn't include RiskIQ. I suspect one of the other Sendgrid customers that are sharing this IP with us are doing nefarious things. Let me report this to Sendgrid and see if they can change our domain to a different IP. Thanks!

Link to post
Share on other sites

1 hour ago, TeMerc said:

Hello-

Thanks for telling us about this block. The IP range has abuse reports from AbuseIPDB and blacklisted in RiskIQ:

https://www.abuseipdb.com/check/167.89.118.52

 

HI TeMarc. I just talked to SendGrid support. Our emails are now coming from a new subdomain that is setup differently, rather than send.applicantemail.com. However, links included in those emails will continue to use send.applicantemail.com which is pointed at sendgrid.net (167.89.118.52) via a CNAME DNS entry. Therefore our links are still pointed at the IP address that is blacklisted by AbuseIPDB & RiskIQ. The support person thinks that now that the emails are coming from a properly configured subdomain that it will resolve this issue. Is that your understanding? If not, and any links that point to 167.89.118.52 are being blocked by Malwarebytes, that would mean that all SendGrid customers are having their email links blocked by Malwarebytes. Could this really be the case? I'm working with my account reps to have our customer try a new email with a newly generated send.applicantemail.com link to see if it still gets blocked and I will report back.

Thank you so much for your help.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.