Hacker News new | past | comments | ask | show | jobs | submit login

I've gotten far more spam from SendGrid than anything legitimate. They deserve every bit of their bad reputation with Microsoft's email folks.



Interesting. From a legit user's perspective, it's a bit of a hassle to comply with their deliverability hurdles. First, there's a somewhat involved "whitelabeling" and setup process. Then, there's managing suppressions, unsubscribes, etc. You also have to be mindful of service interruptions if your reputation goes too low (i.e. from bounces, spam reports, etc.)

So, seems like they are doing everything reasonable to prevent spamming through their service. Not sure what else an ESP can do.

But, maybe they've just managed to make it more difficult for legit users than spammers.


> seems like they are doing everything reasonable to prevent spamming through their service. Not sure what else an ESP can do.

Sendgrid charge you to use a dedicated IP address for sending your mail. If you don't set this up -- and configure your SPF record to specify this IP, against the explicit instructions Sendgrid gives you -- anyone else can sign up with Sendgrid and send email as you. Their configuration guides and tooling actually encourage you to enable impersonation on yourself.

So, maybe they're doing everything they can to prevent spamming, but they're sure doing a lot to encourage phishing.


One thing they're not doing: Mandating confirmed opt-in. Asking the recipient if they want to receive email is the only way to confirm it's actually requested.


I don't know about their marketing email policies, but we use it for transactional emails, wherein opt-in consent is generally not explicit.

For instance, if you use it for service delivery (payment receipts, invoices, password resets, etc), there is no separate opt-in process beyond the fact that recipients are your users who signed up for your service.

I'm not sure how any ESP could enforce the notion of opting in under these circumstances.


> there is no separate opt-in process beyond the fact that recipients are your users who signed up for your service.

That's not a fact that the recipients are users that signed up for it. As someone with a first letter + last name @ gmail account, I can't tell you how many transactional emails I get for things I never signed up for. Try getting a bank to take your email address off of someone else's account—damn near impossible.


>That's not a fact that the recipients are users that signed up for it.

It is if you use an email verification step as part of your sign-up flow, which we do. At most, someone could sign up with someone else's address and generate a confirmation email, but it'd only be once per address and that's the price of an open Web.

Anyway, I'm aware that not everyone does this, but at a certain point there's not much an ESP can do, beyond which there's essentially trust and monitoring.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: