Escort and dating services
Work from home, make money online, and lead generation opportunities
Gambling services or products
Credit repair and get out of debt opportunities
List brokers or list rental services
Selling “Likes” or followers for a social media platform
Cryptocurrencies are just the latest. You can read the whole list and more clarifications here (it's very clear and readable for legal documentation): https://mailchimp.com/legal/acceptable_use/
Why does this harms users who follow the guidelines to show origin/identity (SPF, DKIM, dedicated IP, etc.)? We also use SendGrid for transactional emails and it's the same: some hosts (like Office 365) have told us that they weight all messages coming from sendgrid.net to their users as SPAM because they've seen so many issues there.
I pointed out that they should be able to distinguish between spammers and those who, like us, are positively identifiable and have not engaged in SPAM. No avail.
Are they being lazy, or am I missing something?
It does lock you to using EIPs though, which makes it a bit harder to scale up.
So, seems like they are doing everything reasonable to prevent spamming through their service. Not sure what else an ESP can do.
But, maybe they've just managed to make it more difficult for legit users than spammers.
Sendgrid charge you to use a dedicated IP address for sending your mail. If you don't set this up -- and configure your SPF record to specify this IP, against the explicit instructions Sendgrid gives you -- anyone else can sign up with Sendgrid and send email as you. Their configuration guides and tooling actually encourage you to enable impersonation on yourself.
So, maybe they're doing everything they can to prevent spamming, but they're sure doing a lot to encourage phishing.
For instance, if you use it for service delivery (payment receipts, invoices, password resets, etc), there is no separate opt-in process beyond the fact that recipients are your users who signed up for your service.
I'm not sure how any ESP could enforce the notion of opting in under these circumstances.
That's not a fact that the recipients are users that signed up for it. As someone with a first letter + last name @ gmail account, I can't tell you how many transactional emails I get for things I never signed up for. Try getting a bank to take your email address off of someone else's account—damn near impossible.
It is if you use an email verification step as part of your sign-up flow, which we do. At most, someone could sign up with someone else's address and generate a confirmation email, but it'd only be once per address and that's the price of an open Web.
Anyway, I'm aware that not everyone does this, but at a certain point there's not much an ESP can do, beyond which there's essentially trust and monitoring.
There's always the possibility that your dedicated IP isn't as clean as you would hope. You can check here: https://mxtoolbox.com/blacklists.aspx