San Francisco MTA uses them:

https://www.sfmta.com/about-us/contact-us/email-and-text-alerts

I'm guessing it's a company that sells services to government and
quasigovernmental agencies.


On Fri, Nov 2, 2018 at 8:34 AM Michael Paoli

Wow, that's _really_ sleazy.

Granicus, LLC of Denver appears to be a VC-funded firm selling 'legislative
management and digital marketing solutions for several government
agencies', i.e., they build and sell software for the public sector.

The company since [2016] has focused on building the broadest cloud
technology platform to help governments track and document their
legislative processes and to engage their constituents with the kind of
modern digital communications — apps, sophisticated web services, email,
text and mobile phone notifications — that consumers expect from
companies they do business with, Hynes said.

https://www.bizjournals.com/denver/news/2018/02/28/denver-techcompanys-deal-continues-m-a-trend-in.html

Just another bunch of Beltway bandits, except with a bigger than usual
dose of chutzpah.

The IRS of US Dept of Treasury uses govdelivery.com for their public
relations email: tips, general notices, video links, etc. going back
to at least to December 2015. I think it's part of the trend to
contracting out internal services to private contractors. Also
suspect it's used by other government agencies.

------------
Date: Fri, 02 Nov 2018 08:26:17 -0700
From: "Michael Paoli" <***@cal.berkeley.edu>
To: ***@linuxmafia.com
Subject: [conspire] govdelivery.com Re: Official November 6 General
Election Information
Sender: conspire-***@linuxmafia.com

Yes, risks ...
govdelivery.com ?

Who/what is that, and ought it be (dis)trusted, or at least
viewed with lots of skepticism?

First of all, claiming to be official from State of California,
it's not state.ca.us, nor is is ca.gov ... but ...
govdelivery.com ... which in theory is an arbitrary commercial
enterprise ... and could well be spammer or scammer or hoax or fake
or whatever
At least most of the URLs within are ca.gov ... but still.

And whois? ...
Not that that's highly reliable data, but ...
Registrant Organization: Granicus, LLC
Registrant State/Province: Colorado
Registrant Country: US
Certainly not anything official state of California, ... heck, not
even California, nor US government nor even something that claims to be
so ... except for the email that was sent which claims to represent ...
Yeah, dumb way to do it. Heck, they could always delegate some sub-domain
if they want to use some commercial service/vendor for sending out official
mass emailings.
And of course it's not PGP signed or the like either, has some DKIM
in headers, but of course that's for govdelivery.com, so that
does nothing to attribute it back to anything State of California.

Yes, we've seen this kind of thing before (and over, and over).

It's funny: I've worked at several firms (that shall go nameless) over
the last couple of decades that engaged the services of outsourced
Internet firms to contact employees from external-to-the-firm e-mail
addresses and advise them to visit some external Web site and enter
sensitive or personal information there. In every case, I've politely
inquired with my management if said contact from nobody-in-particular
reflected any directive from management, and then tried very hard to
conceal my scorn when the answer translated to 'Oh, yes, I guess we
forgot to tell you that.'