Author Archives: David Campbell

About David Campbell

David Campbell is the Chief Security Officer at SendGrid. He is a veteran and visionary in the rapidly evolving field of cyber security. He has nearly two decades of experience providing realistic security assessment and business-focused remediation assistance to organizations ranging from startups to public companies.

David Campbell on Twitter David Campbell on Google+

Articles Posted by David


Update on Security Incident and Additional Security Measures

Posted on (0 Comments)

What Happened On April 8, the SendGrid account of a Bitcoin-related customer was compromised and used to send phishing emails. We initially believed that this account takeover was an isolated incident and worked with our customer to help them recover control of their account and minimize the damage of the attack. After further investigation in collaboration with law enforcement and FireEye’s (Mandiant) Incident Response Team, we became aware that a SendGrid employee’s account had been compromised by a cyber criminal and used to access several of our internal systems on three separate dates in February and March 2015. These systems

READ MORE »

Update on Recent BTC Attack: What Users Can Do To Prevent Attacks

Posted on (0 Comments)

Yesterday afternoon, the SendGrid account of a Bitcoin-related customer was compromised and used to send a phish, baiting them to transfer Bitcoins to multiple bad actor accounts, promising interest payments. We worked with the customer to help them recover control of their account and to minimize the damage of the attack. This incident was an isolated attack on one SendGrid customer. A NYT Bits Blog post has reported that users of other Bitcoin-related businesses have been targeted this week with phishing attacks via other email service providers as well. SendGrid encourages ALL of our customers to enable two-factor authentication, which can

READ MORE »

End-to-End Email Encryption with S/MIME

Posted on (0 Comments)

In our last post, we provided an overview on the differences between transport layer and end-to-end encryption. We also provided some options for performing end-to-end email encryption, namely S/MIME and PGP/GPG. In this post, we will provide step-by-step instructions for configuring S/MIME on OSX’s Mail.app as well as the ubiquitous iOS that powers your iPhone, iPad, etc. S/MIME relies on the public PKI, so in order to use it we first need to request a certificate from a publicly trusted certificate authority. StartCom provides free (as in beer) certificates that can be used to vouch for the identity of a

READ MORE »

Paranoid Email: End-to-End Crypto Primer

Posted on (0 Comments)

SendGrid recently announced support for TLS encryption for all the email we send as part of #ResetTheNet. While this is a huge step forward for stopping bulk surveillance (spying on everybody), it does little to stop targeted surveillance (spying on a particular person of interest). Bulk Targeted vs. Targeted Surveillance SMTP with TLS protects “data in motion,” meaning that when you submit email to SendGrid using TLS, it is encrypted from your mail server to our mail servers. We then process your message, and send it onward to its recipients. If your recipients’ mail server supports TLS, we will send the message

READ MORE »

SendGrid and the Future of Email Security

Posted on (0 Comments)

UPDATED: 5 June 2014, 16:00 MDT to reflect Hotmail’s new TLS support! Here at SendGrid, we get a lot of questions about email security. Recent revelations about widespread nation state dragnet surveillance have raised awareness about email security to new levels. We are excited to announce, that effective today, all email sent via SendGrid will utilize opportunistic encryption using TLS. For a long time now we have supported encryption for submitting messages to SendGrid, either via our HTTPS API, implicit SMTP-SSL, or SMTP with STARTTLS. Now when we deliver your message to its recipient we will attempt to negotiate a

READ MORE »