PC Tech Thread

The "via" naming convention in Gmail means that sendgrid.info was used as the Mail From / Envelope Sender domain, changepromo.de being the Header From in the above example (this happens when you use Sendgrid without setting custom domain authentication; see also sendgrid.net, or are using Sendgrid to maliciously spoof a domain). There is a a rule you can set to block all messages with a similar format (which will also include some legit messages from people who just haven't set up custom authentication in their Sendgrid platform). But, not all spam will come from Sendgrid.

I will look when on my laptop what the rule settings are in Gmail that would do this.

I checked and Gmail only allows filters on the Header From, not the Mail From. As @HatBeard says, just keep reporting as Spam and you might see some improvement on the heuristic filters.

@Greenbank Sendgrid are less of an issue than they used to be since they brought in two factor. It used to be that high reputation, compromised accounts were rife with phishing, so were hard to spot/block using heuristic means. Since the change, only the crappy freebie instances are really being used, which come with low/minimal reputation and most filters will block most attacks. But, as good as Google is a lot of the time, they will make a change somewhere and overnight you'll get flooded. Complain and then at some point they'll issue a silent fix and say "what are you talking about, I see no issue". I have one client where they are actively allowing spoofing of a protected domain from a very specific .cz anonymous mailer tool to Gmail accounts. Told them about it and they just said, "yeah, that's intentional". Fuckers.