How a transactional email provider can ruin your business
At ProxyCrawl, we’ve been using transactional emails since our beginnings. We’ve always relied on external transactional email providers as they are supposed to bring ease of use and integration at an affordable price. But not all is good when you rely on a third party company.
- Mailgun has blocked our account twice in 1 week because we sent a single email (twice) to what they call “canary email address”. They haven’t notified us about this beforehand; they just have blocked the account.
- After more than 9 hours, our company cannot send any transactional/generic/marketing/support email to any of our clients. We keep trying to resolve this problem without success so far.
- Mailgun has been slow and unwilling to collaborate with such an urgent situation, which happened twice in one week.
- 11 hours later. Mailgun has enabled our account back again saying that it was a mistake. Looks like uur whole company email was disabled by a mistake.
Since we started our business operations several years ago, we’ve been relying on Mailgun for our transactional emails.
As we send several thousands of emails per month to cater to our thousands of clients, we need a reliable service with excellent deliverability. For some years already, we have a dedicated IP only used by our company, to guarantee that no other businesses are sending spam and damaging our reputation (something which happened to us in the past).
Several years ago, we decided to purchase a private IP and use it solely for our company email needs.
One of the good things about having your private IP, is that you own full responsibility for whatever is sent from there, avoiding spam and unwanted emails, which can damage your sending reputation.
That is why since around two years ago, at ProxyCrawl, we decided to connect our email servers to Mailgun SMTP servers. We also managed to use our private IP for our regular emails from our employees, guaranteeing maximum deliverability to our client inboxes.
On the 10th of November 2020, one of our employees contacted a blog owner who was looking for writers for his blog.
This is something our team does regularly, to spread the voice of ProxyCrawl across the internet.
Our employee sent a regular email, asking if the owner was interested in collaborating with us in writing an article about our products’ usage.
Well, all was good until, out of a sudden, we received an email from Mailgun that our account was disabled.
We thought it was a mistake, so we decided to contact urgently Mailgun support. In the end, we are paying clients for several years so that must be a confusion.
After some hours of emails and discussion, they told us that we emailed what they call a canary email, which is an email address that they have in their systems to detect whenever someone is scraping or crawling emails from the internet and using those emails to send spam.
Fair enough, we don’t know how they came to mark that blog owner as “a canary email”, but we told them that we were indeed not sending spam and only contacting the blog owner to make a collaboration.
Hours later, the account was re-enabled.
Fast forward to today, 17th of November, another account disabled email comes to our general inbox.
Again, they disable our account, and all our transactional emails, marketing emails, support emails, and SMTP employees’ inboxes stop sending.
We contact them back again, and they again say they will look into it.
Hours pass by, and our employees cannot send emails as we rely on our private IP via Mailgun to send all our company emails. Same for our support tickets, we offer 24/7 customer support for our thousands of clients, but the tickets keep coming, and we cannot reply to them as Mailgun has disabled sending from our domain.
After around 2 hours without being able to send any emails. They tell us that we have violated their AUP because we are:
- Abuse: Collecting or using information, including email addresses, screen names or other identifiers, by deceit, (such as, phishing, internet scamming, password robbery, spidering, and harvesting)
Additionally, they say that:
- Your intended recipients have given their consent to receive email via some affirmative means, such as an opt-in procedure, and you can produce the evidence of such consent within 72 hours of receipt of a request by the recipient or Mailgun;
- You must use reasonable means to ensure that the person giving consent is the owner of the email address for which the consent is given;
We use Mailgun to:
- Send transactional emails (account confirmation, login alerts, billing alerts, etc.).
- Send marketing emails for users who opt-in in the signup form to receive marketing emails (users can unsubscribe at any time).
- Reply to client support tickets with our ticket management system.
- Send our employees emails using their regular email inboxes for better deliverability (we have our SMTP servers connected to Mailgun).
Do we collect or use email addresses, screen names, etc. by phishing, internet scamming, password robbery, spidering, or harvesting? No, unless going to a blog website and contacting the blog owner is considered harvesting a single email address. Then yes.
Our intended recipients have given their consent to receive emails? For our transactional, marketing, and support emails, yes. For our regular mail emails, it depends on the client, obviously. Do you ask for a concern to send an email with Gmail, every time you send a new email? How do you even do that, if that is even possible?
Do we use reasonable means to ensure that the person giving the concern is the owner of the email? Yes, we do as all our email accounts are confirmed via email. Otherwise, we do not send any emails.
After more than 9 hours and several emails back and forth, Mailgun hasn’t re-established our service. We had to re-route our emails to another transactional email provider to continue offering our service properly to our clients.
Update: After 11 hours, Mailgun has enabled back the email service. According to them, it has been a mistake. Unfortunately, this mistake has costed us money and some upset clients who didn’t hear from us during the email downtime hours or that they couldn’t validate their email to login.
It’s straightforward and clear. Whenever you offer a service to a business, you have to show some guarantees. You cannot block a whole company because you think the company is sending spam without letting them know beforehand and letting them solve the issue, if any.
Mailgun should notify the client first if an issue like this happens and then investigate, but never block and leave a whole company without being able to send a single email.
Putting all eggs in a single basket is not a good idea. So we will have a backup email provider to guarantee this never happens again and all our emails from our clients and support tickets can continue to be delivered regardless of how our email provider decided to handle such a situation.