I’m glad this got posted and I hope this gets resolved and MailChimp does the right thing (I’ve also upvoted the OP).
But man, I don’t envy companies deep in the anti-spam/fraud business. The impression I’ve gotten is that when you act with a lighter touch and/or give lots of info about why an account was closed, spammers/fraudsters weaponize that and either figure out how to bypass your controls or social engineer your support.
I hope I’m wrong. Any thoughts on how a company should balance good service to users (and false positives) with the need to fight black hats?
> Any thoughts on how a company should balance good service to users (and false positives) with the need to fight black hats?
Charge money.
A big part of why MailChimp responded this way is that they have a very generous free plan. With that they can't afford to dig deep on free plans that violate ToS. You'll get buried under the weight of support/vetting for that.
Once you start charging even a little bit, the amount of spam/fraud BS you have to deal with plummets.
Every hurdle your free plan introduces to blasting out emails adds friction for spammers. Give them enough friction and they'll move on somewhere else. Forcing them to provide a valid credit card before they can send emails is a great way to add that friction.
Generally, having enough humility to recognize that you might be wrong, and enough compassion to care about the little guy would go a long way.
For example, they could notify the owner of the account after deleting it. And allow them to download their data. It's not hard to do, it does not open them up to social engineering, and it does not incur per-customer cost.
Nor does it facilitate continuation of spam, in fact it hits legitimate users way more than spammers - spammers bought their lists and have copies, while users who legitimately grow their lists through sign ups usually don't make copies.
I think a good starting point is to take the existing process and add a more formal appeals process for people who feel their accounts were unjustly terminated.
My little sister works in customer support for a fairly large email marketing company that competes with MailChimp. From hearing her talk about some of her conversations with users booted from the platform I think a good number of spammers sincerely believe they have a legitimate business and are confused to hear they've been flagged for spam. A lot of these people seem to only know enough about the internet to be dangerous. Preaching about passive income has gone main-stream in the last few years and many spammers are just ordinary people who have been conned into buying email lists from some "internet guru" to run a "click funnel business."
It's kind of like prison. Everyone says they're innocent. Some guilty people might even sincerely believe they're innocent. But when everyone is saying they didn't do anything wrong it's really hard for the person who actually didn't do anything wrong to get "justice."
Unrelated, I would love it if a publication profiled a few spammers. I suspect they're very different from how most people imagine them.
Great point. I had a non-tech-savvy friend who “accidentally” got into spamming, and had no idea what he was doing was wrong or antisocial. He simply got hooked with one of those “make $$$ from home easy!!” scams where they send you a pre-baked spamming kit and convince you that you’re a businessman with an incredible opportunity. He came to me for help when he started getting banned everywhere and his emails stopped going through. I told him he was scammed and that the “kit” he paid for was junk mailer scheme, but he swore up and down that no, he’s an entrepreneur and that all the problems must be his competitors “hacking him.”
I felt bad for him that he had no idea what it was that he was doing but I couldn’t convince him that it was not legit. It was MLM-level brainwashing.
Many spammers don't see how what they are doing is wrong. They run a LinkedIn scraper to collect 100,000 business emails for people in their industry and they want to email them.
When you explain that they're spamming, they get offended. "No, this is not spam! These people are going to be interested in this product."
I cannot imagine the customer support burden in time and emotional energy that goes into explaining to people, day in and day out, that the thing they hung their hopes on is spamming and not permitted. It sounds exhausting and draining.
Having done community moderation in a past life, I know how tiring it is to try to offer real engagement and empathy for people who refuse to understand that they've acted in an unacceptable way. There are also the people who know they're abusive and expect to just talk they way through it until you allow them to continue. Combined, it's enough to convince someone to stop offering humanity and sympathy to those who have acted badly, knowingly or otherwise.
Excellent book in a journalistic style. Good present. You will (both) have your own views on Krebs' strategies to make complex issues accessible to 'civilians'.
I've worked on the email dev team of a mailchimp competitor and from what I've overheard, when a customer gets spam-flagged the first step is to help him avoid it in the future. A lot of small businesses using these tools might actually accidentally misuse them.
But man, I don’t envy companies deep in the anti-spam/fraud business. The impression I’ve gotten is that when you act with a lighter touch and/or give lots of info about why an account was closed, spammers/fraudsters weaponize that and either figure out how to bypass your controls or social engineer your support.
I hope I’m wrong. Any thoughts on how a company should balance good service to users (and false positives) with the need to fight black hats?