SparkPost just suspended the mail account I used with Discourse


(Chris Beach) #1

Email received today:

I’ve replied with the following:

I’ll update when I get a response back

Has anyone else had compliance problems with SparkPost and Discourse?

It’s possible that “junk” reports have been sent by my competitor whose crummy 10-year-old PHP forum was understandably left for dead when I entered the scene with my shiny Discourse-powered forum. He’s been using every trick under the sun (including spuriously reporting the contact details on my whois record) to try to sabotage my forum!


SparkPost experience (superb support)
(Chris Beach) #2

Just in:

So - it’s a user submitted link that they had an issue with. I believe SparkPost inserted spaces in the link deliberately when emailing me.

I responded with this:

Can we disable user-submitted external links being included in notification / digest emails?


(David Collantes) #3

Sadly can’t see the original post. Nevertheless, it is weird SparkPost is suspending accounts for links you have very little control on.


(Chris Beach) #4

Ah - that would be because it’s in an opt-in group.

Screenshot of post:

The user has submitted a link wrapped by “linkis” - one of those social services that serves up the link in an iframe (I assume that’s how it works), with a header showing the identity of the person that originally shared it, plus some extra navigation options.


(Chris Beach) #5

Phew :sweat_smile:

Worth bearing in mind, though - if a user submits an external link that’s genuinely dodgy, your email service provider may pick it up and suspend your account immediately.


(David Collantes) #6

Ah, I see! Although I do not like the practice—and avoid it myself—I don’t see it as problematic, unless the linking site is really degrading and full of malpractice. It seems they (SparkPost) have some very trigger happy algorithms.


(David Collantes) #7

Scary! One more reason to run a well configured, local SMTP server.


(Chris Beach) #8

From my point of view it’s a bit of a risk to use my own server for emails - if people submit enough spam reports to Google (or other email mailbox providers), my IP would be blacklisted, and my sent emails would silently fail to be delivered.

This is why deliverability companies like SparkPost exist - they maintain pools of safe IP addresses that haven’t been blacklisted.


(David Collantes) #9

Right, until they suspend your account. :slight_smile:


(Neil Lalonde) #10

I had my own issues with SparkPost, but it’s good to see they cleared your account. Will have to keep this topic in mind if other email providers treat links in notification and summary emails the same way.


(Guy Loeffler) #11

Just dumped Sparkpost today… Just 48 hours after they suspended ALL of our outgoing business emails (including eCommerce order notifications).

We only send about 100-200 eMails a day through them, and have been for about the last year. We’ve had No prior issues, no prior warnings, no prior suspensions, etc. Clean as clean gets.

Why did we get suspended without warning. Because of ONE email with a suspicious link (according to them).

We acted immediately. We tried replying to their complaint (right away). We tried again a few hours later. We tried calling their office (they have no telephone help available, only email). We even opened another Case Email… nothing back for 2 full days.

What was the “suspicious link” … it was me personally replying to my brother-in-law who sent me an email for a local gun store sales in his home town… REALLY Sparkpost!!!

Not sure if anyone else is better, but we’re giving Mailgun a try now.


(Bryan Holst) #12

Glad I read this post! Thanks for keeping us updated on it. I’ll definitely have to keep all that in mind as I’m using Sparkpost also.


#13

A few days ago our SparkPost account was disabled (without warning) because an email was sent with a link to https://radarr.video/

I’m assuming it was in a summary email or because of a PM. I replied explaining about Discourse. They then replied that they are closing my account.

If they suspend on the grounds of single links being considered somewhat dodgy - it might not be the best service to recommend in the guide for Discourse.


(Chris Beach) #14

For ultimate safety I wonder if Discourse ought to strip external links from notification emails?

This is user-generated content and we do have to keep our wits about us.

Perhaps Discourse could use Alexa-style metrics to judge whether an external link is to a “mainstream” domain - and in notification emails, strip any links that aren’t to mainstream domains? Perhaps also strip links submitted by users of low trust level?


#15

The problem with ranking domains like that is that you’ll never end up blocking the same set that an email provider deems bad (if that is the goal).
And who defines what is dodgy or not?

In the case of SparkPost, I cannot understand why they consider http://radarr.video to be bad enough to suspend an account. Sure, anyone can disagree with the actual software, but that doesn’t mean discussing it is wrong, or the fault of the forum owner.


(Chris Beach) #16

Perhaps that’s the answer - we should reach out to Sparkpost and find out how they source their blacklist/whitelist (it may be public data). Then for those who use Sparkpost with their Discourse instance, set the (proposed) link-stripper to operate on the same blacklist/whitelist.


(Wayne Scott) #17

Just had my site suspended too. The recent post contained a lot of images and links to .mp4 files that were embedded in the post and so are at my forum URL.

No reply from them about what caused the problem yet.

Kinda wondering if SparkPost should be first on the list of recommended email hosts?


(Neil Lalonde) #18

I got banned too and SparkPost is dead to me. So I would be happy to stop recommending them.


(Christoph) #19

There seem to be a number of complaints on the net about sparkpost terminating/suspending accounts and many of them mention not being told why. The question is: is this unique to sparkpost or do other providers do the same?

I have tried to figure out what might cause sparkmail to suspend accounts used for discourse. Here’s what I found so far:

To start with, they reserve the right to suspend accounts for a number of reasons:

Some of the ways that can cause your account to be suspended and/or terminated are:

  • A violation of our messaging policy
  • A violation of our terms of use
  • High hard bounce percentages
  • High complaint rates
  • Content that is abusive, harmful, or is identified as spam
  • Failure to collect payment for the service

(Source: Account Suspension - SparkPost)

Among these, I suppose the messaging policy is most relevant, so I looked it up at Messaging Policy - SparkPost and among the long list of requirements I found the following two which, I believe, any discourse instance routinely violates (so I may be misunderstanding something since it would be strange if they really required every single transactional email to comply with these):

Always include a working “unsubscribe” mechanism in each marketing Digital Message that allows the recipient to opt out from your mailing list (receipt/transactional messages that are exempt from “unsubscribe” requirements of applicable law are exempt from this requirement).

Include in each Digital Message a link to your then-current privacy policy applicable to that Digital Message.

And the following might become relevant in some cases when users generate inappropriate content (but the problem is that it is up to Sparkpost to decide what is or is not appropriate):

You must not use the Services to:

  • Store, distribute or transmit any malware or other material that you know, or have reasonable grounds to believe, is or may be tortious, libelous, offensive, infringing, harassing, harmful, disruptive or abusive; or

  • Commit (or promote, aid or abet) any behavior, which you know, or have reasonable grounds to believe, is or may be tortious, libelous, offensive, infringing, harassing, harmful, disruptive or abusive. Examples may include Digital Messages that are themselves are or promote racism, homophobia, or other hate speech


(Neil Lalonde) #20

Maybe those policies aren’t compatible with forums, although companies in their customers list must be emailing some offensive email notifications (Twitter?). The privacy policy requirement might be the important one for us.