Hacker News new | past | comments | ask | show | jobs | submit login
Tell HN: Mailgun disabled our domain without notice
19 points by wilsmex on April 28, 2021 | hide | past | favorite | 18 comments
Quick backstory: We've used Mailgun for email delivery since ~2014. Sent hundreds of thousands of emails in that time. No mailing lists, all user provided emails (account creations, receipts, password resets, confirmation emails) etc. We're on the 'pay per use' plan. Average > 98.5 % delivery rate. We average maybe 1000 emails per day.

Suddenly without prior notice we get an email: "Your account xxx has been temporarily disabled". Total blackout of all our email delivery.

Takes multiples emails and support ticket to get re-instated. Apparently we went above some "complaint rate threshold is 0.05% or lower" threshold, ad boom auto-disable. We now think (but guessing) our own users were complaining about contact form message spam getting through (as it seems google v2 recaptcha is easily spammed these days).

Not faulting MG for having spam protections in place, that's great. One one think after being a client for nearly a decade of clean email sending, you'd at least get a notice about unusual activity before a blanked account deactivation.

/rant

Any alternatives folks have had good relations/practice with?




https://postmarkapp.com/ warned us a 0.1% complaint rate. A stern warning. "For transactional email spam complaints should not exceed 10 complaints in 10,000 emails sent and we're seeing much higher in your activity. This is an expectation that many ISPs have set, which we work very hard to uphold. "

We now use their API to forward any complaint to us to doublecheck, we became paranoid to keep the number lower.

We're very happy with postmarkapp.

Somebody was using random IPs, but real email addresses to signup. We don't know why, it never led to pageviews later. Maybe it was an attempt to check which user (email address) clicks the link in the confirmation email of a service they haven't signed up for. I can understand if such users click 'this is spam' which then gets reported back by the big email providers to postmarkapp.


I'm having the same issue with a project I'm working on. Did you end up doing anything to mitigate random signups with fake emails? For me, they all follow the same pattern so I can usually guess which users are fake but I haven't been able to programmatically block them yet.


Any chance the user agents are the same? On some form spam I've seen often only a few user agents with some really old browser versions are used.


Yes and no. It looks like there are at least two different tools creating users on my platform. One of them looks likes it's using chromedriver, and the other one has a varying user agent but some other constant things that they do.

In my case, it's pretty easy to tell a real user from who has an email that matches up with the username and what form they used to signup.


Thanks for info here. Definitely will look into them. I'll also have to look into if MG has some webhook for complaints, as we're also now suddenly super paranoid about that metric.


That sucks. Like you said already, especially the communication and handling of the situation. Although it is really hard for email services to keep spam outside and their services healthy (stay off spam/deny lists).

MailChimp has been working for me pretty well in the past. They have transactional emails too, this used to be a separate service called Mandrill: https://mailchimp.com/features/transactional-email/

Currently I am trying out Sendgrid, which is now owned by Twilio. For the other Twilio services they are always clear in communication with great guides for everything. This seems to be the case for Sendgrid as well (so far): https://www.twilio.com/sendgrid/email-api (little plus, they have Azure Functions integrations)


As for spam from the contact forms, you could look into integrating with https://www.oopspam.com/. It returns score similar to reCaptcha in addition to the outputs from different analyses.


Thanks for this! Will look into..


We had a similar issue and ended up sticking with Mailgun but going with one of their larger contract plans which also gave us access to one of their Technical Account Managers. He's been fantastic, and helped us mitigate some of the issues we were running into. (It also ended up being a better value for the volume we were doing monthly.)

You can also configure their web hooks to report complaints back to you in near real-time: https://documentation.mailgun.com/en/latest/user_manual.html...


Seems like a system that could be very easily weaponized.


Interesting thought.

I remember zoho was down because their domain provider blocked their whole domain due to some of their emails getting flagged as spam.


I had this exact same thought..


> We now think (but guessing) our own users were complaining about contact form message spam getting through (as it seems google v2 recaptcha is easily spammed these days).

Interesting. Could you elaborate how your users can get spammed this way?


We have a sass service where many of our clients have a public facing 'website' where they have a contact form for their visitors. We have google captcha v2 on that form, which is easily bypassed. So spammers are submitting the form bypassing the captcha with typical form spam. We send all of the contact messages to our users via Mailgun as a 'new contact message.' Our users get these spam messages not really realizing they are from their own sites (as they just see the spam in the email) and flag/mark them all as such.


We use AWS SES for email on production, and use mailgun for the rest.

> 20M/day transaction email

We get better support and explanation from SES.

Totally recommended AWS SES, but for usage statistic you need to create one with their SNS


https://cuttlefish.io/

If you dont rely on 3rd parties, 3rd parties cannot screw you


Thanks, that looks interesting!

Although it can be quite hard to get clean IP ranges and keep everything of SPAM/deny lists.


Nice, thanks for the link here




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: