All Vendors
email_delivery

SendGrid

SendGrid exhibits behavioral biometrics, cross-domain synchronization, and consent bypass in email delivery infrastructure. While email platform appears transactional, runtime shows tracking components syncing across domains before consent resolution.

68 IOCs1 detections100% pre-consent1 sites
70
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what SendGrid discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

1 detection across 1 site100% pre-consent activity
CRITICAL

Pre-Consent Activity

SendGrid was observed loading and executing before user consent was obtained on 100% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

email_tracking

MODERATE
They Claim

Pending claims extraction

Observed Behavior

Runtime shows email tracking with cross-domain sync before consent

Customer Impact

What This Means For You

Marketing teams gain email delivery with engagement tracking but expose data through cross-domain sync (Broker). Legal teams face consent bypass liability from pre-consent tracking activation. RevOps must audit cross-domain data flow to prevent email engagement leakage.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use SendGrid

  • Verify email tracking and cross-domain sync timing against consent framework
  • Map domain topology - which domains receive email engagement data
  • Audit behavioral tracking integration with email delivery

If You're Evaluating SendGrid

  • Require consent-first tracking with cross-domain sync disabled pre-consent
  • Demand technical documentation of email-web sync methodology
  • Negotiate data isolation ensuring email engagement remains internal

Negotiation Leverage

  • C06+C08+C09: Demand DPA amendment requiring consent before email tracking and cross-domain sync
  • Request list of ALL domains participating in email engagement synchronization
  • Require audit rights covering cross-domain data flow and email tracking
  • Negotiate data retention limits for email engagement data
Runtime Detections

Runtime Detections

3 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

BTI-C08Cross-Domain Sync

Identity stitching

BTI-C09Consent Bypass

Ignoring CMP signals

IOC Manifest

IOC Manifest

67 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*sendgrid.com/etc.clientlibs/twilio-foundation/clientlibs/clientlib-dependencies.lc-*-lc.js*
Tracking script
TRACK
*sendgrid.com/etc.clientlibs/clientlibs/granite/utils.lc-*-lc.js*
Tracking script
TRACK
*sendgrid.com/etc.clientlibs/sendgrid/clientlibs/clientlib-dependencies.lc-*-lc.js*
Tracking script
TRACK
*sendgrid.com/etc.clientlibs/clientlibs/granite/jquery.lc-*-lc.js*
Tracking script
TRACK
*sendgrid.com/etc.clientlibs/twilio-foundation/clientlibs/clientlib-site.lc-*-lc.js*
Tracking script
TRACK
*sendgrid.com/etc.clientlibs/sendgrid/clientlibs/clientlib-site.lc-*-lc.js*
Tracking script
EXFIL
*sendgrid.com/etc.clientlibs/core/wcm/components/commons/datalayer/v1/clientlibs/core.wcm.components.commons.datalayer.v1.lc-*-lc.js*
Data collection endpoint
TRACK
*sendgrid.com/etc.clientlibs/twilio-foundation/clientlibs/clientlib-dynamic-modules/resources/*.*.js*
Tracking script
TRACK
*sendgrid.com/etc.clientlibs/sendgrid/clientlibs/clientlib-dynamic-modules/resources/203.*.js*
Tracking script
TRACK
*sendgrid.com/etc.clientlibs/sendgrid/clientlibs/clientlib-dynamic-modules/resources/800.*.js*
Tracking script
TRACK
*sendgrid.com/etc.clientlibs/sendgrid/clientlibs/clientlib-dynamic-modules/resources/613.*.js*
Tracking script
TRACK
sendgrid.com
Tracking script
TRACK
sendgrid.com/etc.clientlibs/twilio-foundation/clientlibs/clientlib-dependencies.lc-d41d8cd98f00b204e9800998ecf8427e-lc.min.js
Auto-extracted from scan
TRACK
sendgrid.com/etc.clientlibs/clientlibs/granite/jquery.lc-7842899024219bcbdb5e72c946870b79-lc.min.js
Auto-extracted from scan
TRACK
sendgrid.com/etc.clientlibs/clientlibs/granite/utils.lc-e7bf340a353e643d198b25d0c8ccce47-lc.min.js
Auto-extracted from scan
TRACK
sendgrid.com/etc.clientlibs/twilio-foundation/clientlibs/clientlib-site.lc-3d60d581bb66e9ed8df1565b1fe557bb-lc.min.js
Auto-extracted from scan
TRACK
sendgrid.com/etc.clientlibs/sendgrid/clientlibs/clientlib-dependencies.lc-d41d8cd98f00b204e9800998ecf8427e-lc.min.js
Auto-extracted from scan
TRACK
sendgrid.com/etc.clientlibs/sendgrid/clientlibs/clientlib-site.lc-d1a86b5218980da267925a1c683ce1f6-lc.min.js
Auto-extracted from scan
EXFIL
sendgrid.com/etc.clientlibs/core/wcm/components/commons/datalayer/v1/clientlibs/core.wcm.components.commons.datalayer.v1.lc-70264651675213ed7f7cc5a02a00f621-lc.min.js
Auto-extracted from scan
TRACK
sendgrid.com/etc.clientlibs/twilio-foundation/clientlibs/clientlib-dynamic-modules/resources/5494.1508c86eaea27698e226.js
Auto-extracted from scan
TRACK
sendgrid.com/etc.clientlibs/twilio-foundation/clientlibs/clientlib-dynamic-modules/resources/8330.c0a1bf6c381e1c716482.js
Auto-extracted from scan
TRACK
sendgrid.com/etc.clientlibs/twilio-foundation/clientlibs/clientlib-dynamic-modules/resources/6258.d80625dc86d76c53518b.js
Auto-extracted from scan
TRACK
sendgrid.com/etc.clientlibs/twilio-foundation/clientlibs/clientlib-dynamic-modules/resources/5819.e81b6fbe3cefb740994a.js
Auto-extracted from scan
TRACK
sendgrid.com/etc.clientlibs/twilio-foundation/clientlibs/clientlib-dynamic-modules/resources/9869.4df035ae9e86852e93f8.js
Auto-extracted from scan
TRACK
sendgrid.com/etc.clientlibs/twilio-foundation/clientlibs/clientlib-dynamic-modules/resources/3803.1befa0e76bc3b49e75d8.js
Auto-extracted from scan
TRACK
sendgrid.com/etc.clientlibs/sendgrid/clientlibs/clientlib-dynamic-modules/resources/203.c993f212186c9e9f0035.js
Auto-extracted from scan
TRACK
sendgrid.com/etc.clientlibs/sendgrid/clientlibs/clientlib-dynamic-modules/resources/800.1ac832935b15aaf0a18c.js
Auto-extracted from scan
TRACK
sendgrid.com/etc.clientlibs/sendgrid/clientlibs/clientlib-dynamic-modules/resources/613.fe570edf93aa568c2217.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

SendGrid operates in email delivery layer, integrating with marketing automation, CRM, and analytics platforms. Cross-domain sync enables email-web attribution but creates exposure when sync occurs before consent. Often co-deployed with email tracking vendors, multiplying engagement surveillance.
Loads (2)
MutinySegment
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

68 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details