[sanderjd]

I don't see how this was specific to ChunkHost, or how anybody else using SendGrid and supporting password resets through email wouldn't be vulnerable to the same attack... Since presumably password reset emails aren't outside SendGrid's target market, it seems reasonable to suggest that this is a problem SendGrid should try to fix.

[danielweber]

Generally, an outsider doesn't care that you got owned because someone you relied upon got owned. They consider it part of your job that you make sure all the people you rely upon are reliable.

I'm not saying this is fair.

[sanderjd]

Depends on what outsider. Sure, for your customers, everything is your fault. But as an outsider that is also building services with email components, I do care exactly how they got owned so that I can think about which part of their systems were actually problematic.