[shawncampbell]

> on August 8th, our Security Operations team was made aware of a customer who claimed their password had been reset, without their initiation.

> One of the first discoveries was a non-DigitalOcean email address that appeared on a regular email from Mailchimp on August 7th.

> Soon after we discovered an issue with our Mailchimp account on August 8th, we initiated contact with Mailchimp, both via traditional support channels and other escalation methods. On August 10th, we had our first actionable response

[ben_jones]

> both via traditional support channels and other escalation methods

I wish our industry could just be honest that many meaningful escalations have to happen via discriminatory back-channeling, contacting friends, family, former co-workers, ANYONE who might have an in with the organization.

Its discriminatory because if you don't know someone you can be SOL.

[xtracto]

Mailchimp/Mandrill have specially bad customer support and business user experience. At one point they closed the account of a company I was working at without any previous notice and without any recourse. They just sent a blanket email "Your account has been suspended". They left us scrambling for an alternative (we had both transactional and marketing email). We happily migrated to SES for transactional email and SendGrid for marketing.

I no longer recommend or use Mailchimp.

[44gg44gg]

My issue with SES is that your account may be placed in a Sandbox with no explanation other than to delete your account.

[Godel_unicode]

This is because of fraud. Everyone either does this, or enables the fraudsters. The only third option is to get rid of email, except the fraudsters would just move on to the next thing.

Assume that you’ll have availability problems with email and engineer with that in mind.

[capableweb]

Claiming that you either need to ban users without recurse or suffer from enabling fraudsters is why people start feeling like corporations don't have any human employees anymore. If you care about your customers, you could absolutely reach out and verify if the user you are about to/have blocked is a fraudster or not, and then act accordingly.

The reason most just say "You're banned, bye" is because they don't want to do that work, and subsequently don't care about their users one bit.

[Godel_unicode]

They ban thousands of accounts per day. Every day. If you can solve this problem you will have discovered a license to print money, so by all means try. But the problem is much harder than you are making it sound.

[dotancohen]

  > Assume that you’ll have availability problems with email and engineer with that in mind.

That goes for all dependencies, not just email. And not just third-party dependencies either.

If PyStorm died today, I could carry on in VIM. I could rebuild my entire architecture on DO if AWS sours. If git takes a dump, I have four machines from which I could copy the code and migrate to e.g. mercurial. And if I get hit by a bus, my code is well documented and testable.

[preommr]

> Its discriminatory because if you don't know someone you can be SOL.

Thanks for explicitly explaining that part. Now that you've put it that way, it's a pretty apt term but I probably wouldn't have been able to figure out because that term is usually used for things like gender, race, etc. and my brain immediately jumped to that. Maybe I am just stupid, but sometimes it shouldn't be that hard to understand what people mean and it helps to be more explicit.

[eastbound]

Good opportunity to talk about it. An awful lot of people are extremely solitary. I’d wager this is more of a problem than racial discrimination because:

- Lonely people aren’t visible, by definition,

- Solitude increases racism, so it would be worth solving,

- They often end up creating companies and being one’s boss.