Recommendations to others considering Twilio SendGrid Email API:
The API is easy to implement and the data export and reporting are clear and useful. The help documentation is weak. The monitoring to protect your IP and Domain Reputation is non-existent so you better make sure you eliminate any exploits possible to your endpoints that access your sendgrid account. Sendgrid does not have the self service monitoring tools to effectively identify and/or stop an attack before the damage to your reputation has been done. Review collected by and hosted on G2.com.
What problems is Twilio SendGrid Email API solving and how is that benefiting you?
Wanted reliable transactional emails to reach our customers inboxes while making sure our email sending was monitored effectively to protect our IP and Domain reputation.
Sendgrid is providing a similar set of features from other transactional email providers at a premium cost compared to other providers. We get good access to download historical data to use in our own app, and they have a clean, limited functional dashboard.
Where they failed is when we did get exploited when someone hijacked our email script. The exploiter was able to send off more than 400K in emails through our mailscript before any protections kicked in by Sendmail. Our account typically delivers 1000 transactional emails a day, so for any type of reputation protection kick in until 4000 X our daily average went out within 3 hours means they really don't provide any reputation protection. Once they did finally stop queuing the emails, they were unable to remove the emails that had made it through (but not sent yet) to their deferral queue. So we were stuck for the next 72 hours while their servers tried to send spam emails under our account (350k of them) domain. Even though we knew they were bad emails and were already identified. So our IP reputation went from a perfect 100% to 20% over 4 days. Now most of our emails go to junk and we have to start with a brand new IP and rebuild our reputation over the next 6 months.
Sendgrid told us it was our responsibility to monitor traffic and that they had notification tools (which we had implemented but didn't notify us of the unusual traffic until it was too late - very limited notification like "you've reached 50% of your monthly quota". Pretty useless when this notification gets sent at 2am on a Sunday).
In short, they do not have the capabilities nor consider it their responsibility to protect your IP or Domain reputation.
1. They do not stop a send attack until your reputation has been damaged beyond rehabilitation (pausing sending emails at 10X our daily average to wait for our approval would have stopped this issue immediately).
2. They have no way to stop emails in their deferral queue even though they have been identified as fraudulent (we watched at these known emails took our rep down from 55% to 20% even though we knew they needed to be deleted).
3. They do not see this as their responsibility.
Almost all other transactional mail service providers have the ability to add in hard caps to daily email limits and much quicker technical triggers to catch unusual sending activity (most would have caught it before 10000 emails were sent from our IP, instead of waiting until 400000 were queued and sent). Review collected by and hosted on G2.com.
