Hacker News new | past | comments | ask | show | jobs | submit login

>deliverability issues so bad that they harm all of their other users.

Why does this harms users who follow the guidelines to show origin/identity (SPF, DKIM, dedicated IP, etc.)? We also use SendGrid for transactional emails and it's the same: some hosts (like Office 365) have told us that they weight all messages coming from sendgrid.net to their users as SPAM because they've seen so many issues there.

I pointed out that they should be able to distinguish between spammers and those who, like us, are positively identifiable and have not engaged in SPAM. No avail.

Are they being lazy, or am I missing something?




If the IP addresses get associated with to many spam reports, unsubscribes etc the gmail etc will start to associate these IP addresses as bad, and will be more likely to just block them no matter what the content.


Don't host emails where the IPs used have a high chance that they have been used before. So no AWS/Azure/xyz stuff.


There are actually 3rd party services that mail companies can use to check how trusted an IP is. So a lot of times, they'll provision an EIP on AWS, run a check against that service, use it if it's clean, and release and try again if it's not.

It does lock you to using EIPs though, which makes it a bit harder to scale up.


You might be interested in a provider-agnostic email API I am building to to avoid EIP/provider lock-in and have the security of multiple dedicated IP providers. Check it out: flutemail.com


What's an EIP?


Elastic IP. You can reserve EIPs from among Amazon's pool and allocate them to other AWS resources that need public-facing IPs (like an EC2 machine).


I've gotten far more spam from SendGrid than anything legitimate. They deserve every bit of their bad reputation with Microsoft's email folks.


Interesting. From a legit user's perspective, it's a bit of a hassle to comply with their deliverability hurdles. First, there's a somewhat involved "whitelabeling" and setup process. Then, there's managing suppressions, unsubscribes, etc. You also have to be mindful of service interruptions if your reputation goes too low (i.e. from bounces, spam reports, etc.)

So, seems like they are doing everything reasonable to prevent spamming through their service. Not sure what else an ESP can do.

But, maybe they've just managed to make it more difficult for legit users than spammers.


> seems like they are doing everything reasonable to prevent spamming through their service. Not sure what else an ESP can do.

Sendgrid charge you to use a dedicated IP address for sending your mail. If you don't set this up -- and configure your SPF record to specify this IP, against the explicit instructions Sendgrid gives you -- anyone else can sign up with Sendgrid and send email as you. Their configuration guides and tooling actually encourage you to enable impersonation on yourself.

So, maybe they're doing everything they can to prevent spamming, but they're sure doing a lot to encourage phishing.


One thing they're not doing: Mandating confirmed opt-in. Asking the recipient if they want to receive email is the only way to confirm it's actually requested.


I don't know about their marketing email policies, but we use it for transactional emails, wherein opt-in consent is generally not explicit.

For instance, if you use it for service delivery (payment receipts, invoices, password resets, etc), there is no separate opt-in process beyond the fact that recipients are your users who signed up for your service.

I'm not sure how any ESP could enforce the notion of opting in under these circumstances.


> there is no separate opt-in process beyond the fact that recipients are your users who signed up for your service.

That's not a fact that the recipients are users that signed up for it. As someone with a first letter + last name @ gmail account, I can't tell you how many transactional emails I get for things I never signed up for. Try getting a bank to take your email address off of someone else's account—damn near impossible.


>That's not a fact that the recipients are users that signed up for it.

It is if you use an email verification step as part of your sign-up flow, which we do. At most, someone could sign up with someone else's address and generate a confirmation email, but it'd only be once per address and that's the price of an open Web.

Anyway, I'm aware that not everyone does this, but at a certain point there's not much an ESP can do, beyond which there's essentially trust and monitoring.


If you're using a dedicated IP, then yes, they are being lazy. Or they have some vendetta with sendgrid maybe.

There's always the possibility that your dedicated IP isn't as clean as you would hope. You can check here: https://mxtoolbox.com/blacklists.aspx




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: