266 comments

[ 3.5 ms ] story [ 190 ms ] thread
(comment deleted)
> I really don't like to resort to public shaming, but this really is unacceptable.

Public shaming works quite well on HN; I remember quite a few cases when the problem was solved very quickly by hitting the front page.

However, in this case I'd give MailChimp more time. It seems the author contacted them today. Maybe there is a reasonable explanation and they will provide it tomorrow?

Indeed. I have found that the best way to get a company to respond to a complaint in a reasonable manner is to post your complaint on their facebook or twitter profile. Its a shame that it needs to be like this.
Depends on the company.

Some simply delete complaints and block the people who left them...

The best way to get satisfaction (in the UK at least) seems to be to get a tabloid journalist involved....

Can confirm.

Sent eBay a private message on both Twitter and Facebook. Facebook's was read and ignored.

Posted the complaint on their fb page wall. It was automatically deleted.

What worked was commenting on their post.

There could also be some selection bias here. I always wonder how many other attempts at public shaming never make it anywhere.

I've been locked out of my Amazon and AWS account for more than two weeks despite numerous phone calls to Amazon support and desperate pleading on social media. "We are still looking into this matter for you." I could post some nasty blog post but I have really little faith it would get me anywhere.

I can't speak for using AWS, but Amazon customer support in general is awful. Recently, my girlfriend was unable to get into her account. When she would try, it would say she had the wrong password. When she would try to reset the password, it would say the account didn't exist. When she gave up and just tried to recreate the account it wouldn't let her because it said the account already existed. During this process, she also accidentally created and gained access to an account using an email address that belongs to someone else with the same name.

She called Amazon support. The first person she talked to just told her to do all the things she had already done. She humored them by repeating the steps. She told the support person it wasn't working. The support person said she couldn't be helped because she wouldn't do the steps. My girlfriend asked to speak to someone else who could help her and the support person hung up on her. She called back and had to talk to two other people before she finally got someone who would help her. (Once she did, it was a process of about 30 seconds to resolve the problem!)

She received some gift cards from a couple of her clients and when she clicked the link, it credited them to the wrong account (the one with the wrong email). She had to call support again and although their solution was ultimately quick and simple it took another 30 minutes of nonsense on the phone to get there.

My experience is similar since its with Amazon support and separate from AWS. My account, encompassing everything covered my Amazon credentials, was put on hold for "address verification" two weeks ago and handed to the "Accounts Team". This means, no buying anything on Amazon for the holidays and zero access to my AWS account, Lambdas, S3 buckets, etc. Just a mind-numbing cycle of phone trees and "we are looking into this".

I cannot even sign into my Washington Post subscription. Thanks, Bezos!

It's been two days since this was written. Presumably the nuclear option of posting it to HN was deferred to give Mailchimp the opportunity to fix things.

Edit: Also, considering the author's fame, I expect public shaming on HN will work quite nicely.

it didn't work the first (or second) time that this article was submitted. there was no waiting done here.
Hmmm... This poster has noticed an issue on 17th, mailed support and without waiting to see if there's any reply or resolution, decided to blog publicly about it the same day... seems definitely premature, maybe borderline of questionable professionalism.

It appears MailChimp has a chat option for support on weekdays for paid users but since this hasn't been used, one would assume the poster is using a free plan - not exactly exemplary practice for handling anything "mission-critial".

If the chat option is for paid users, I'm not sure that would have been useful if the account was deleted.
Fair point. Though I suspect many more warning signs would have come up given billing is involved.
It's unprofessional to write a blog post about your account getting deleted without notice? Mailchimp is a business, and the relationship between a person and a business is not friendship. When they shut down an account without notice blogging about it (in a non-accusatory manner no less) is completely reasonable. This isn't a smear job.

Talking in public about the manner in which businesses conduct themselves is a good thing. It benefits businesses with good customer service and hurts those with bad service. More transparency is good for consumers and for businesses alike.

Are you in any way affiliated directly or indirectly with MailChimp ? Reason for my concern is that this is not a exemplary practice to do victim bashing either. Even if OP is "free" customer , He has some right to complaint. Companies usually don't provide "free" tier by goodness of there heart and have legitimate business plan to do so.
Nope, no connections whatsoever. In fact I work at a place a few orders of magnitude bigger than what MailChimps of the world would handle...

Shit happens from time to time in business and the normal approach is you connect and discuss by whatever SLAs you align to. You don't scream publicly sullying reputations unless you've given resolution a reasonable shot. Waiting less than 1 business day doesn't seem like giving resolution a reasonable shot. If it were my business, I'd fire this poster as a client.

> Shit happens from time to time in business

This the kind of apologetics I can't stand. These things happen because businesses knowingly take actions that negatively affect a small percentage of their user base, but they just don't care if the percentage is small enough.

Software businesses enjoy extremely high gross margins, which means they can afford first-rate customer service. "Bad things happen" isn't an excuse.

Oh my god, so salty!

But here's the deal, and this might be directly aimed at you, since you say you're in the field. As a home-user who works in the industry and with some interest for tech, I generally only get access to the free-tiers of services offered by players working at world-magnitude. Based on my experience with those services I may or may not advertise them to my friends, colleagues, employers. Especially to employers, because there's a good chance that if there's bad-blood between me and the service provider personally, I might be impaired in my professional activity.

This word-of-mouth type of adversiting is crucial to "2.0" companies, that function based on things such as scale, transparency, growth, reach, efficiency. There's also the different type of provider, the "old business" world, with more business-y and less tech-y practices, such as "call us for a quote" deals, "license per year per seat pe server core", etc. Dealing with them often times involves whole departments (legal + technical) with specific training and paid-for support channels.

If you release and roll perpetuum-beta services and software ("2.0" practice), build your brand on word-of-mouth advertising, on try-for-free honeypots for hobbyists (also "2.0"), don't act "old business" if it comes down to support for a puny user and don't push the "well, it was free, what would you expect?" button. The whole deal of your "we are awesome and scale as opposed to <brand that existed for more than 20 years and sucks just because of that>" is the fact that your machinery doesn't do politics and doesn't discriminate between your users based on estimated pocket girth. It's useless if your solution elegantly "scales" to billions of users, if your business can't secure and treat with dignity the first, lonely user.

> Shit happens from time to time in business and the normal approach is you connect and discuss

Which is exactly what MailChimp failed to do, and what makes this an issue worth the treatment the OP has given it.

There are a couple of lessons to be learned from this:

* Make sure to have a plan B for all service providers that you use for critical services.

* Make sure you have a secondary copy of critical data, and that you store it responsibly in case a provider does something.

That still doesn't excuse not informing the account holder, but given the short time that has passed, it is possible that task has ended up in someone's backlog.

If it ended up in someone's backlog, then MailChimp still screwed up because the "suspend account" button should automatically send a notification (even if it only said that more information will follow).

I'd also add one item to your list: Proper monitoring (which is extremely difficult and time-consuming to set up). A plan B is useful if you know that you need to enact it. Here, the third party provider had silently caused an outage, possibly because they consider shadow bans more effective without considering that the same thing that makes them effective makes them extremely damaging when they're handed out incorrectly.

Good point! Monitoring is also one of those critical things one should always have.
Assuming the author is truthful, then I'd say Mailchimps actions are a lot more questionable. Shutting the account down without a warning? Making it impossible for him to see his mailing list even if the ban was deserved? I don't know about you but I'd never want to use a mailing service if I knew that I at any time could lose access to the mailing list I had spent months/years building up..
My own experience with mailchimp was very brief.

Created an account, verified my email address. Then i sent a test email to the same email I verified my MC account with.

Immediately, MC disabled my account's ability to send emails. My appeal to support was ignored and eventually, the account was deleted - banned.

Couldn't agree more. Any business who respects the customer would know that this type of stuff is totally unacceptable, and the list is a huge money maker for anyone. I got really pissed with MailChimp and their support for exactly these reasons and decided to move to SendX. That's it, haven't looked back ever since and I don't think I ever will unless something major goes wrong.
OP here. I waited several hours between contacting MC and posting the blog entry. This was (and still is) a time-sensitive mission-critical issue. I have customers I cannot contact about a potential security flaw in my product. Happily, I need to contact them to tell them that my product is NOT affected, but it could easily have been otherwise, and in the future it might be otherwise. This is an existential threat to my customers and my business. Damn right I'm not going to wait around.

FWIW, MC did respond, saying essentially that there is nothing they are willing to do, and that I need to create a new account. I have written them back asking if I will be able to access my old mailing list from my new account (obviously the answer to that is going to be "no" but I want to get it on the record). They have not responded.

it almost sounds like they don't want your customers to know your product is not affected. hypothetically speaking, could one of your clients make a possibly bad hasty security move by being under the immpression your product is vulnerable?
I would give you very long odds that no one at MC had a clue who I was before this story showed up on the front page of HN. My mailing list is very small (it's a very niche product) and I hardly use the MC account (which was the problem to begin with). I'm sure I just got caught in their process. I'm equally sure that their process was designed to thwart abuse, which is surely a major problem for them. (In fact, it surely the major problem for them!) But it just seems to me that they just didn't think it through. This whole unfortunate situation could have been avoided with a single automated email drawing my attention to the fact that my account was about to be closed for inactivity.
It sounds like you afforded more notice to MailChimp than they did for you.
Just because someone is a dick to you doesn't mean that you should be a dick back. Especially when you have no leverage.
Well, the only leverage he has is creating bad social media PR, and it seems to be working pretty well.
So, besides blaming the victim your point is?
> seems definitely premature, maybe borderline of questionable professionalism

So basically, if that person was a plumber, and a bath they installed worked perfectly, you'd now think maybe that was a fluke, because their professionality is "borderline questionable" (is that like borderline borderline, or questionably questionable?)

Yet you say you "don't scream publicly sullying reputations" -- so they're not professional, and now they're "screaming", both of which are things you are creating, while they're stating the cold facts, and they just don't happen to be flattering.

That you can be "professional" without being good, at all, just shows how meaningless that word is.

So? Web is full of unhelpful error messages and bullshit workflows. Just use something else.

One other funny workflow I was subjected to is unidirectional validation, where you are supposed to have something validated by the other party, and there's no possibility of feedback/responding to their determination.

So you get a response "your website is down", when it clearly is not, and their crappy validator just can't handle redirects or whatever (you don't really know, and can't ask for details). And there's no way to communicate, other than changing random stuff on the website and re-submitting and waiting a day or two for each cycle. LOL

I'm sick and tired of this kind of reasoning. Sure, you can use something else, but that's not the point. The point is that a company cannot just delete your fucking account without even bother to notify you, especially when we're talking about B2B services. The guy was bleeding leads without even knowing because MailChimp decided that it was too much of a trouble to properly inform their client. Fuck that shit. Just because we're engineers doesn't mean we don't expect a certain amount of proper support like every other non tech savvy person out there. The mantra that everything can be solved with algorithms is having really shitty implications when it comes to operating a business.
What if it was a free account?
Why offer free accounts if you don't want to support them? If google decided to close gmail or youtube without any prior notice, I'm pretty sure a lot of people would be pissed of, and rightly so.
Obviouly to attract customers to your paid tiers, eventually.

People's gmail/youtube accounts are routinely closed without prior notice.

>So?

So we need to know this is happening so we can plan accordingly. I'm glad I saw this today, we will be better prepared.

Not the first time this happened. Company needs to get sued a few times to learn its lesson. Just what needs to happen to PayPal as well.
Sued based on which legal theory? What are the monetary damages? Where is the contract violation?
A lawsuit that you wouldn't win.
To people mentioning public shaming. I had a mailing list with them removed with all contacts lost and account banned without even notifying me. Customer support indeed responded, but with something like your account was banned because you are involved into cryptocurrencies (i had hashcash.io - no selling or buying of crypto is even close) and we completely wiped all your data.

Only after a hint about possible public shaming, someone sent me data dump with all the emails and names. So they lied in the first response (all data is wiped and unrecoverable) and only responded to a threat.

Since then I am using Mautic and own SMTP server.

I hope everyone already using or considering using MailChimp reads this. Denying access to your mailing list even if you violated their terms is insane.

Banning accounts with no warning is already bad enough - ideally they'd just disable your ability to send emails until the issue was resolved, but at least I can accept that.. but to steal people's mailing list in the process? What the fuck.

OP here. To be clear, I did not violate their TOS. And deactivating an account for inactivity is not entirely unreasonable, especially a free account.

What is unreasonable IMHO, and the reason I want to bring this to people's attention, is deactivating an account without a warning, without even a notification, and with no way to recover. That is a ticking time bomb that I was simply unaware of. I never even imagined that a company as successful and popular as MC could have such an inane policy. Obviously, if I had know, I would have done things differently. All I can do now is sound the alarm so that other people don't step on this land mine. (And maybe public shaming will convince MC to give me my mailing list back, but I'm not counting on it.)

P.S. One of the problems here is that "inactivity" is ambiguous in this case. I had not logged in to my account in a long time, but people were signing up for my list. I assumed that would count as "activity".

Two landmines:

1. The MC one 2. Relying on any free service as an important part of your business.

The adage "you get what you pay for" really does tend to hold true.

The irony is that if MC had sent me an email saying that I needed to upgrade to a paid account in order to keep it active, I would have sent them a check without hesitation.

That's one of the frustrating things about this. MC has turned this into a lose-lose when it really didn't have to be.

That's the big takeaway here, in my opinion. Regardless of the fault with MailChimp (and I do think they're at fault here), you should never rely on a free service if it's mission critical to your business and there should never be a single point of failure like this. If this really was as critical as OP claims it is, then they should have taken more care to ensure that this wasn't even possible.
For data you care about, you have backups. It's better than being angry later, regardless of whether you're angry at some company or at yourself (for not having backups).

Backups also make your life longer, because of reduced stress. Otoh, you spend some of that extra time making backups, but it's still a win win, I guess. :D

Yep! Doing a monthly backup of my mailchimp newsletter, it's too important.
> So they lied in the first response (all data is wiped and unrecoverable)

Not defending Mailchimp, but keep in mind the perspective and context. To a customer support agent using some backend interface, it very well could be "completely wiped". To an escalation team, they may be able to pull it from backups in an "unofficial" manner.

It is still a lie.

Also keep in mind the perspective and context that the end user has no way of knowing.

And even if the data can be recovered in an unofficial manner whether they will actually bother is highly unlikely if they care as little as they most obviously do.

So, as a user it is a pretty safe bet to just assume it is gone (but do keep poking).

It's a lie that organizations have backups?

"Your data has been deleted" pretty much has always meant that it was deleted from the live servers and that the deletion will propagate through backups depending on the orgs retention policy/requirements.

We don't know the exact messages. If the poster asked for a copy of his data and was told it was deleted, then yes, that was a lie (although possibly the person sending the message genuinely might not have known better, which puts the fault more nebulously at "the company"). If they asked why their account was gone and the response said "all data has been deleted" without offering a copy of it, it's just bad service.

(Although given privacy regulations, it's a bad sign if a support agent can't give a precise answer about data stored or at least know not to make unchecked claims about it)

"Your data has been deleted" pretty much has always meant

To whom? My mother? Nope- she thinks it's gone. So yeah- it's a lie, and you only catch it if you know better.

"Yes Dad I did my homework" has pretty much always meant that he hasn't started it yet.

No, it's a lie and the organization knows it. They are responsible for training their CS folks.

If I turn on Windows Backup on my Mom's laptop and she right clicks a file and selects "Delete" is the expected behavior that it be deleted in every backup as well?
If she doesn't know the backup's been set up, in her mind, yes.
Are you suggesting that the delete command shouldn't be trusted because there might be a backup of the file somewhere?

You people are throwing around the word "lie" very loosely here...

> Are you suggesting that the delete command shouldn't be trusted because there might be a backup of the file somewhere?

No, the exact opposite in fact.

Am saying that if you weren't told there's a backup, you'll not think there's one and treat the data as completely deleted, even if they really aren't.

Windows doesn't tell your Mom that her data has been wiped, just that a particular file has been deleted.
MailChimp, the organization, first stated that all data was completely wiped, and when threatened, promptly produced the previously wiped data. MailChimp, as an organization, lied. It doesn't matter if the support agent didn't have the capabilities or not, that's an internal thing.

The organization knows that they have the data, but they trained their staff to reply that it was destroyed.

That's a lie. Not an untrue statement, but a deliberate lie.

>>"Your data has been deleted" pretty much has always meant that it was deleted from the live servers and that the deletion will propagate through backups depending on the orgs retention policy/requirements.

No it doesn't. Deleted most places means deleted and gone forever. There are a number of legal requirements (in the U.S.) at least when dealing with certain government organizations, and many non ones as well surrounding this. Think of it this way, a customer comes and says, there is sensitive information on your server, and since we no longer want to do business with you, you are now required to delete it. Normally there is an end date to allow the backups to be purged through propagation etc., but at the end, when they say it's deleted, it means deleted from everywhere. Sometimes this also means completely wiping drives so there is absolutely no trace of it left.

Either the data is deleted or it's not. If I send you a GDPR request, you reply "it's all deleted" then at a later date, data magically appears, that's an obvious per se violation.
https://en.wikipedia.org/wiki/Lie

"A lie is a statement used intentionally for the purpose of deception"

I don't think you can prove it was a lie.

Since we don't have a mind-reading machine, by that logic, we can conclude that no statement can be proven to be a lie.

After all, how can we know what an alleged liar is really thinking?

You exaggerate, but actually, this is a good reason to avoid accusing people of lying unless you understand the situation pretty well. Honest mistakes do happen a lot.
It doesn't matter if the individual people at MailChimp were liars.

What matters is that the institution as a whole - the way their policies and procedures come together - lied.

The institution certainly knows of it's capabilities. It deliberately chose to not tell that to it's CS reps, because of a multitude of reasons, that come down to 'It makes our/their jobs easier.'

My ISP, for example, lies to me every time I make a call to customer service. Is the front-line CS rep lying to me? No. But his employer is, by making him tell me a pile of bullshit about why my Internet is busted - again.

"The word lie has lost all meaning"

"It doesn't matter if they're liars"

C'mon, man.

Well, but that's anthropomorphizing. Institutions don't really know things, people do. Getting stuff out of one person's head to all the people that could use it actually takes a lot of effort. (Look at how terrible medical record systems are.)
Lies can be proven by finding evidence someone did know something when they say the opposite.
And in this case, we have iron-clad evidence that MailChimp, as an organization, with 100% certainty, knew that the customer's data was recoverable.
The company is set up to deliver a lie, even if the last person telling it is doing so unintentionally.
Mailchip seems to be in the wrong, but ignorance isn't the same as a lie.

I bet you people just assume or their manager doesn't know either.

Why was my account suspended -

https://mailchimp.com/help/why-accounts-get-suspended/

The first level support person isn't lying if he/she doesn't truly know whether the data is recoverable. A manager higher up, who approved the script and knows better, is lying however. To the end user it makes no difference who the liar is, only the the lie is being told.
But that end with:

> If we suspended your account, we'll contact you as soon as possible to let you know why, and to give you details on how to fix the situation.

And that's clearly a lie, based on OP's experience, and those of other commenters.

That's...fascinating. While we have lots of corporate personhood, I normally disregard blaming specific actions on a company because at the end of the day a person makes the call. But here you've pointed out that a company, operating as a collection of people, can "act" in ways that may be unintentional or may be deliberate, but are hard to pin down to a specific person.

Definitely worth considering in more depth, thanks for the perspective.

Does your tongue know when it's used to lie?
It's the main reason for corporate structure in the first place. To shield individuals from personal liability. CEO tell VP who tells Senior Manager who tells Department Manager who tells worker bee to do something. Everyone has an out. They either were "misunderstood" or they were "following instructions"
"Corporation: An ingenious device for obtaining profit without individual responsibility." -- The Cynic's Word Book (1906), by Ambrose Bierce
Check out The Myth of the Machine by Lewis Mumford, specifically the second volume The Pentagon of Power, which gets into the idea of the modern "megamachine"
Yknow the paperclip maximizer? The thing where a paperclip company makes an AI that takes over everything, making it into paperclips? Well, actually you don't need any fancy AI. The paperclip company is already a [Local Currency] maximizer from the start.
Exactly. Corporate structures, governance, and regulation have been formulated to treat corporations as "persons".

Well, that "person" lied. Regardless of the specific agency it employed in doing so.

(And, this type of banning and cut-off from data is obviously -- just look at the comments here -- not a one-off scenario. I find it difficult to believe that the consequences, including the customer's lost access to their data, were not thought about by MailChimp, as an organization and by people in their official roles within MailChimp.)

P.S. As I've grown older and observed and thought about things, I've come to see this as a primary role of the corporation or other such entity: To "dilute" responsibility and accountability to the extent that no member -- or, no member who has sufficient influence, who "matters" -- is ever held personally accountable for their actions within and on behalf of the corporation. [Addendum: And, in turn, the corporation is never truly held accountable, because the employees involved "lacked knowledge". Nicely circular, eh? By the way, I don't consider paying a dollar amount that is often a fraction of the gains realized by the behavior, to be "being held accountable".]

I've stopped letting people in such corporate or institutional roles off the hook, just because "they didn't know". Or rather, I've stopped letting the corporations and institutions off the hook because employee X didn't know. All too often, it's set up precisely that way and on purpose.

I once had a job where I eventually figured out this was implicitly was I was hired to do, be the guy who gets lied to so it's not a lie when you tell the customer. I didnt last long.
It goes lots deeper than that. It's not uncommon for corporations to be setup to prevent leaking or discovery of sensitive information. Military intelligence agencies are notorious for that.

Top executives maintain ignorance of operational unpleasantness. Technical staff know operational specifics, but little about business design and usage. Intermediate management know pieces of business design and usage, but nothing about technical implementation.

Nobody needs to lie, and still there's often no way to know for sure what happened.

(comment deleted)
As a manager of a customer service team, everyone on my team knows exactly whether something has been "totally wiped" or not, regardless of whether it's something that would require developer intervention to recover. To have your reps not understand this and ultimately mislead the customer (or, in this case, I suppose former customer would be more accurate) is a management/training problem, and what the rep ultimately said on behalf of the company was a lie as a result.
It's possible that tools used by Care/Support don't have everything implemented
to quote your parent:

> regardless of whether it's something that would require developer intervention to recover.

Agreed, regardless of whether the rep can see it or not, they should be trained properly and reply that they no longer have access to the data, and that access would require an escalation of some sort. To simply say the data is gone is a straight up lie.
A lie is a falsehood that's meant to deceive someone. A rep saying the data is gone because, functionally, it is is not a lie. If the intent is to set proper expectations with a customer then I think telling them it's gone and potentially being able to say "actually, we were able to recover it by escalating it" is better than "we may be able to recover it by escalating the issue" because you're underpromising and overdelivering. The opposite just sets you and the customer for failure.
I have to disagree with this wholeheartedly because sometimes you don't want to set the expectation with a front-line representative that the data is recoverable. In many cases, you don't want reps promising to recover data that's potentially unrecoverable. It's one thing to recover data in the event of a mistake on behalf of the company but that should require a conversation with someone outside of front-line customer service. I've been in situations too many times where our front-line team knew when something had not been "totally wiped" and they turned out to be "totally wrong" because they were aware that we kept backups but not aware that we had a strict retention policy outside of a specific timeframe or, in other cases, where a hardware failure caused a loss of a specific set of data because it was marked for deletion and wasn't scheduled to have a backup anyways. The customer had cancelled their account and agreed to losing their data but didn't actually read the terms of the cancellation they agreed to and then returned over a month later asking for their data and a rep told them that it's not really lost because we keep backups every 30, 60, and 90 days. That part was true for live accounts but not for deleted accounts.

In other words, data recovery that can't be handled by the customer service reps and that requires developer intervention should be a "surprise and delight" sort of situation and not a "customer should expect this" type of situation.

Saying you know when you don't is a lie. Instructing people to say they know when they don't is instructing them to lie on your behalf.

The answer should be: "I can't know." Followed by one of: (1) Let me connect you to someone who can know (2) Let me tell you how much it costs to find out (or 3) Also we don't care.

That would be honest. Not saying it's easy.

>Saying you know when you don't is a lie. Instructing people to say they know when they don't is instructing them to lie on your behalf.

Because, in that case, the intent of the statement is to deceive. If the intent of the statement is simply to not set an expectation that can't be guaranteed rather than to intentionally deceive, then it's not a lie, in my opinion.

I work in audio editing and recovery/enhancement and there are situations on a regular basis where we tell customers that their audio can't be recovered. I don't think we're lying to customers in saying that despite the fact that, in some cases, we may be able to recover or enhance the audio to the point where it's usable if we invested an exorbitant amount of time on it. In the most literal sense, yes we can recover the audio but in the practical sense and, most importantly, to the customer we can't recover the audio in any meaningful way because they either can't afford the work necessary, we don't have the resources to devote to that work, or we can't guarantee that, even if we can recover it, it's acceptable for whatever purpose they need it for despite being "good enough" for us.

I agree with what you say. I think the trouble starts when the economical burden of recovery is not on the customer, but on the company.

If I tell somebody that something's unrevocerable because I know they wouldn't want to pay the recovery, I'm not lying. But saying nothing can be done when I'm just afraid of the cost of righting my mistake: that is lying.

The correct response is to tell the customer that it has been deleted from the main server, and that it MAY be recoverable with escalation to the dev team. Why would you even consider telling them anything else, if that is not the truth?
If management sets up a system which intentionally results in untruths being told to customers ...?
There's nothing nefarious about customer service not having access to every single possible data record on a customer. In fact, I'd be concerned if customer services had access to archived backups or raw server logs.

For most intents and purposes, data existing only on archived backups or raw server logs is "completely wiped".

There's nothing nefarious about customer service not having access to every single possible data record on a customer. In fact, I'd be concerned if customer services had access to archived backups or raw server logs.

Irrelevant, customer service can know if the data record exists without having access to it.

For most intents and purposes, data existing only on archived backups or raw server logs is "completely wiped".

My intent and purpose in asking the question may not be part of "most", yet it's still valid.

But it isn’t completely wiped. That is completely inaccurate.
The antecedent of "they" in the previous sentence is the company, not an individual. The individual creating the email, as a person, probably was not lying BUT since they were acting as an agent of the company, in an official capacity all of their actions were that of the company as a whole.

This shields them from individual liability as well as makes the company liable for their actions (as long as they are acting as agents of the company in an official capacity).

The customer has no business relationship with the individual customer support person, so whether they are lying or telling the truth is irrelevant to the customer -- they do have a business relationship with the company (a single actor, with multiple agents) and the company can easily tell lies via these agents.

If the above narrative is correct, the company did very likely tell a lie since the fact that the customer's data was recoverable was probably known by the company and also the company likely actively worked to make the opposite of this known via their agents.

> This shields them from individual liability

That's... ambiguous. Agents aren't liable for contractual violations, but agents are typically liable for torts. Liability depends on exactly what the employee did.

AFAIU, theoretically an employee committing a tort could be liable personally as well as the employer; and if service is disrupted the employer could be contractually liable.

That way of looking at it - that the company is lying but the individual is not - is fascinating to me.
A company is liable for its agent's false statements.
> and own SMTP server

Good luck with that.

Way to patronize someone trying to be self-sufficient.

Just because you read blog posts titled "DON'T HOST YOUR OWN MAIL", doesn't mean you shouldn't. People are scared of hosting their own mail servers because they a) are told they shouldn't b) don't understand SMTP.

I am all for decentralizing this hyper-centralized internet.

Sorry, I'm old enough to have come from the era of "DIY" mass emailing which transitioned (rightfully so) to using providers like Constant Contact/MailChimp. I've seen first hand the drawbacks of emailing thousands of people via your own SMTP server. Blacklists, legal threats, deliverability issues, proper unsubscribe, formatting etc. And this was early 00's when much of the legal framework around email marketing was either non-existent or weakly enforced.

Maybe I'm too old? Has email come around to the point where someone can host their own email and send out thousands of emails without having to deal with a mountain of headaches again? That would be sweet, maybe I can go back to telling clients it's okay to paste a massive list of email into their Outlook's BCC field? It would certainly save them some money. I still to this day hear from clients who send "small" mass emails wondering why their friends at AOL, or <insert your ISP here> didn't get the email.

Sorry but this is based on my direct, first hand experience with hundreds of small businesses doing this exact thing. I don't base my business model off of some random blog post, I base on years of experience and the lessons learned from getting burned.

I'm guessing that people who are criticizing you have mostly never run SMTP services for a decently sized ISP (something with its own AS number, big chunk of ARIN IP space, peering, etc).

I run my own smtpd for personal purposes, but if I were going to send outgoing customer-contact mails en masse, I certainly wouldn't do it through my personal perfectly-configured postfix system. Things like mailchimp fill a market niche.

I think email has come round to the point where you can, if you really want, run your own SMTP server and send out thousands of emails without having to deal with a mountain of headaches again, yes.

Tens or hundreds of thousands, maybe not. (And I'm assuming that this isn't email that the recipients are going to consider is spam.)

I think there are two major reasons for this improvement: DKIM basically works, and far fewer recipients are using email accounts provided by crappy ISPs.

I've provided "backyard" shared hosting for a handful of customers for about a decade, some of whom have mailing lists sizing up into a thousand recipients or so. I do encourage them to use proper mailing list services, but for the most part, shipping it all through my mail server works fine and there really aren't that many headaches.

Some basic good hygiene and some effort put into gently educating customers on how email works has gone a long way.

My biggest headache today is in receiving mail, not sending it. Because so many other people have followed advice like yours and jumped onto one crappy mail service or another, the originating network for an email is no longer a good signal for whether it's spam or not.

We've been sending our email through our own servers since the early 00's. In my experience it's never been that bad if you are a good actor and follow best practices. Hell, even if you're a spammer and follow best practices you might still get through. But if you don't know what those are you will most likely go to the spam folder.

Regardless, hosting your own mail isn't the same thing as using outlook's BCC field.

It indeed depends on personal circumstances. In my case my case sending mail through own SMTP server is not a problem.

Even if that would be a problem in future, you'd rather use one of SMTP PaaS (there are quite a few of them out there) instead of using fully integrated solution like Mail Chimp. I.e. you can use Mautic and connect it to Sendgrid or something like that. This way you have full ownership of mailing lists and newsletters content.

People are scared of hosting their own SMTP server because hosting an SMTP server is woefully insufficient for actually having mass mailings reliably delivered.

The hard part isn't actually sending the mail, the hard part is staying abreast of the already long and perpetually growing list of legitimacy signals you need to send to reassure understandably paranoid SMTP clients that they shouldn't mark your newsletter as spam. And you're not done even when the server is set up and configured properly; it doesn't take more than a handful of ignored complaints to start getting added to blacklists.

It's not difficult, per se, but it is a huge time investment for a service that centralized vendors can provide extremely cheaply because of economies of scale.

I'm all for moving toward decentralization too, but we're not going to get there from here if we don't understand and respect the incentives that lead people toward centralization in the first place.

I've definitely hosted my own many times in the past to send out automatic emails and they... worked!
FWIW I've been running my own SMTP client/server for many years (I wrote them myself for my purposes, it's hobby stuff), with the proper SPF records it gets accepted by Google & co. no problem. Only residential Internet IP range are generally blacklisted by default by antispam filters.
(comment deleted)
How difficult was it to set up an SMTP server? I know that merely installing and configuring the software isn't that hard, but the common opinion of late seems to be that setting up things like MX records(I really don't even know how those work) is too onerous. If it's not that difficult, then there really should be fewer people/orgs relying on services like MailChimp.
Setting up MX records isn't hard at all but also irrelevant here—it's needed to receive mail.

As for sending out mail, one of the difficulties that MailChimp and similar services take care of is keeping the servers' IP addresses out of spam lists.

Setting that stuff up is not that hard, you can even just use unix Sendmail.

What's hard is actually making sure your emails get delivered and don't end up in the spam folder.

Starts with the easy stuff like DMARC (needs DKIM & SPF), goes further to properly warming your IP's, then to properly parsing hundreds of different error response messages and good retry scheduling, and to complex problems like individual mail receivers spam and max-throughput rules.

Also these companies sell you the ability to easily make campaigns targeted at a specific subset of your contacts.

I am using sovereign - https://github.com/sovereign/sovereign

It is dated it seems, but still does a job.

There are indeed issues with delivery, but you just work through these as they arise. Also, there is no monetization involved, so I do not care that much about delivery rate. But if your profits are directly tied to delivery rate - hoting own SMTP server might not work as well.

I wonder about how they detect cryptocurrencies and if every mailing list that deals with security is going to get tagged. Makes me wonder if any other words are problematic. I wonder if any historical societies use MailChimp to announce their lectures? Might be interesting to see if they got shutdown. Tumblr might not be the only ones having a bit of a problem in proper detection. Reminds me of the YouTubers who do animated history and their changing of all WWII German logos to the YouTube logo to keep away the demonetization.
>I wonder if any historical societies use MailChimp

I was confused for a second with the mental image of Nero sending out blast emails to Rome's citizens.

I was apart of a finance student group in college. We used MailChimp to tell members about meetings. I remember our account got automatically flagged and locked once because newsletter contents included details about a forthcoming stock pitch presentation, and that apparently was close enough to a ToS violation that MailChimp froze us.

The funny thing was that our student group was allowed to directly invest a trivially small portion of the university's endowment in the stock market, so we were not soliciting others to buy stocks - the presentation was a confidential, internal one about how to invest our fund's own money.

FWIW, my partner too had similar experiences and now switched to rayzz.net I agree, backup or self-hosted backup is always necessary.
The real problem is that support and service notification on the internet are often really bad. The giants can afford to do whatever they want without drawbacks. The really small players on the other hand can disappear without notice. Just the other day one of our VPSs went down, the web panel was also down, we discovered on twitter, posted by another user that the hosting company was closing in 4 days. They haven't even send an email to the customers. The CEO had already removed the company from his linkedin profile!
Name and shame! Which VPS and CEO(s) name??
did that host happen to be Hiformance? pretty much what you said is happening there (servers going down, no contact from host etc)
Exactly! A dirty cheap service, but I guess that the low price was what made them close... As an update to the first post, now the website works again.
You really need to give the service a reasonable amount of time to respond to any ticket. Agree an account, paid or free, should not be deleted without notification but you need to be reasonable and give people time to resolve issues. Sometimes you can be pleasantly surprised.

Last week I had one of the best support experiences I've ever had with spotify through twitter DMs. 100% my own fault where I had signed up twice by accident by missing the "." in my email address and hadn't noticed I was being billed twice/month for 10 months. A few questions over and back getting to the bottom of the issue and it was resolved within an hour and my €100 refunded in 3 days.

Maybe I'm just feeling reasonable after my experience with spotify, if it was my account deleted maybe I'd feel different or maybe its just the season of goodwill :-)

Out of technical curiosity, how did they resolve the situation of duplicate accounts: just deleted one, or merged the data on them in some way?
They deleted the account without the "." as it had never really been used.
OP here. I did wait several hours, but this was (and still is) a security issue so it really couldn't wait.

Also, MC did eventually respond. They refused to reactivate my account.

I bet it sucks that the user didn't get a warning or notification...

...but as normal user of email, I appreciate a heavy hand when it comes to email lists which mailchimp deems malicious or bad for its ecosystem. It's no secret that mailchimp maintains a high standard for the quality of lists and email it delivers. The common thread in these stories seems to be malicious actors, poor/spammy content, etc. So I'm not sure it's so bad?

Has anyone with a "typical" (e-commerce shop, saas newsletter, etc) mailchimp list been shutdown without notice?

Well, OP's business seems pretty typical to me?
If you're looking for alternatives, I can't recommend MailWizz + Amazon SES enough. You can host it on a $5 VPS and you pay just what you consume from Amazon.
Last I checked SES had quite poor deliverability, at least compared to MC, sendgrid &co. Has that improved?
I've also had friends who have had their MailChimp accounts deleted or locked without explanation, warning, or recourse, so I wouldn't rely on MC specifically for anything business-critical. That said, if you have business-critical data on any cloud provider, you should be exporting periodic backups of that data to another provider so you don't lose access to it all if a single provider shuts down your account.
What I don't understand is... when this data is oh so important, where is the backup?
Because not everyone using a mailing list service is technically capable of doing this, or understands why it's even necessary? I never used MailChimp but if I did then I would assume that the mailing lists I built with their service would be 99.999% secure, and that I'd always be able to access it even if they went out of business. Reading this thread with many users claiming similar experiences is quite frankly shocking.
> I never used MailChimp but if I did then I would assume that the mailing lists I built with their service would be 99.999% secure, and that I'd always be able to access it even if they went out of business.

You're saying you never used service X, yet you would absolutely trust service X and assume that even when service X is out-of-businness, you can access data related to you.

That's very surprising to read, I'm exactly the opposite - own your data, don't trust any service, they always can go away, at any random moment.

This makes me wonder, what is more popular? Absolute trust or -ENOTRUST?

Yes, because their entire business model is built around email marketing, and despite not using MailChimp then they're as far as I know the biggest player. Give me a couple of hours and then I can guarantee 99.999999% durability for almost no cost through Google/Amazon services. I would be very sad if MailChimp can't gaurantee the same.

Edit since I can't reply: We're talking about durability of their mailing lists, not uptime. At least that's my intention. That Google/Amazon or MailChimp might experience downtime doesn't have any impact on the durability promises. I would also expect MailChimp (rather than all their customers) to do regular backups.

Uptime for themselves != Uptime for customers

You absolutely have to consider TOS, account disablement, and other service provider-caused downtime.

And from what I've seen, no uptime calculation adds in account issues like this. And I'd really like to see how fast their resolution is.

What drives the assumption that their mailing lists would always be available to you even if they went out of business or that they are almost perfectly secure? Is it due to standards set by large companies or just an idealized desire?
Because I assume they use Google/Amazon cloud services which are designed for 99.99999999% durability, just as I assume they often make backups (it's not like it would be expensive for them to backup mailing lists every hour or so).

If they went out of business then I would also assume they would give customers at least several months to export their mailing lists.

Edit: for some reason I'm not allowed to post new comments (presumably because of the downvotes to my other comments), so I'll just reply here: Would it be naive/fraudulent to promise the same durability as the storage service you're using? After all you're just feeding the data to their service through their API. I of course wouldn't promise this kind of up-time, but once the data is successfully saved then I fail to see why it would be wrong to make such claims. Assuming you also made regular backups of the data you feed to their services (which I certainly hope MailChimp do) then you can be even more confident that the data won't be lost. If Google/Amazon banned the accounts storing the mailing lists then I'm sure it could be recovered, especially by a company of MailChimps size.

Thanks for answering! I think your perspective is becoming more common. It's not like MailChimp is a start-up, so these assumptions aren't inherently crazy.
At some point people started expecting unreasonable things from random free services on the internet. I still think it's ridiculous.

I hope that in the future, schools will also teach some basics of computer hygiene in IT classes, and how to behave on the internet.

Things like what internet services are, why backups are important, and how to practically do them, how to evaluate risks when communicating on the internet, how people are harmed on the internet (typical scams, phishing, running untrusted programs, ransomware,...), what privacy is on the internet, how to choose passwords, etc.

Yes, it's fair to say that the expectation presented by the FAANGs are polluting the general expectations of users. You have to live up to a higher standard which often requires you to leverage their cloud offerings. This higher expectation isn't necessarily a bad thing on its face as a better user experience often helps your business succeed.

It would be wonderful if we taught people how to navigate the digital age. It would be similar to a driving course or personal finance. I know I had none of the above when I went through school, so I won't hold my breath, but I would support an initiative to provide more practical skills in school.

This is a reasonable assumption. 95% of companies have backups (just don't ask about restore!) and 90% of companies will take reasonable measures to give you your data if they are going out of business.

Those numbers are not the 99.999% you quoted and you really shouldn't think they are. If you promised your customers five nines reliability based on the one-two nines of your free suppliers, that's somewhere between disingenuous naivete and fraud.

Sure.. FAANG has insane 9 uptimes. Good for them.

What about when accounts are locked for users due to $reasons? What do those downtimes look like? I've heard enough horror stories to be wary of any one provider.

In response to your edit -

I think it's okay to extend your durability promise to your clients, but durability isn't the same metric as availability as you've eluded to in your edit. I typically tell customers our product's durability is an extension of AWS's via a BAA. If I had to shut down a product and needed to provide the data for export, it would be simple to throw them in AWS s3 by client ID and let them sit there, but you're going to have to budget a big chunk of money for it. The only way you get a green light to have that budget is if you are contractually bound to do it. I believe a lot of companies (mine included) do have those contractual obligations in place already, but I honestly don't think what I have in mind to meet the contract, and the user's expectations are aligned. Is it the raw data they passed via API that I return or the enriched data we produced that I return? If it's the latter, we're going to need more money as that will be exponentially more information to store for export.

There's an app for this - https://stompapp.xyz/

But Mailchimp really should be making it easy for you to make your own mail backups!

I deal with small business owners regularly. While this seems crazy, it's not even close to the worst we've seen. Entire businesses based on free email, entire businesses based on a social media following from one network, entire businesses based on an undocumented "black box" server that everyone is afraid to touch ... the list goes on.

I routinely think about by my business model and the repercussions of losing access to an online service. I backup incessantly as a result. BRB, going to backup my MailChimp lists.

Hey, I'm building a tool that automatically backs up your email subscribers and stores them in google sheets. It's still in dev, but feel free to subscribe https://stompapp.xyz/
> It will be your responsibility to keep it safe and you'd have to do it every fucking time if you want to update your data.

You might want to consider removing "fucking" from your front page. I'm really not one to bat an eye at any form of cursing but seeing it on a company's webpage like that doesn't sit well. You have a good idea, let the tech speak for itself, no profanity needed.

Agreed. Every time I want to "get casual" with a client or business associate and consider using profanity, I almost always step back and remove it from the email. In person it's a little easier, but I cringe when I think back to a meeting where I used a curse word - even if the client was using those same terms.
Yes, gonna remove that! Thanks for the feedback :D
Different commenter, but I think in your pricing section, you may have enterprise spelled incorrectly. "Enterprice" -> "Enterprise"
OP here. It never crossed my mind that MC would cut me off like this with no warning and no possibility of recovery.

Lesson learned.

Any company is liable to data loss or even sudden company collapse. You don’t need to fear them deciding to cut you off in order to be backing up.
I had enough faith in MC's ability to keep their own backups that accidental data loss was a risk I was willing to accept. It never occurred to me that they would intentionally do something so counterproductive as shut off my account with no warning and no possibility of recovery (or so they said -- see https://news.ycombinator.com/item?id=18717279).
Some years ago MailChimp decided to act as a cash cow, invest very little if anything (except a recent redesign). Mandrill still isn't integrated after they combined the two services some years ago.

(PS: We've been a customer for many years but migrated away lately)

This exact same thing happened to me, resulting in the loss of hundreds of emails collected over the years from my website.

Any recommendations on alternatives?

>Any recommendations

Uh, regularly export your list?

To add a data point to this, I created a MailChimp account a couple of years ago. I never used it as other projects became priority. Recently I decided I might give it a shot again. Tried to login. My account is deleted and my email banned. I'm not tied to any weird or shady business. Dodged a bullet I guess.
I just exported my subscriber list for safe keeping. If I could automate this as a monthly job that would be even better.
Hey, I'm building a tool that does exactly this. It automatically backs up your email subs and stores them in google sheets. It's still in dev, but feel free to subscribe https://stompapp.xyz/
I’m glad this got posted and I hope this gets resolved and MailChimp does the right thing (I’ve also upvoted the OP).

But man, I don’t envy companies deep in the anti-spam/fraud business. The impression I’ve gotten is that when you act with a lighter touch and/or give lots of info about why an account was closed, spammers/fraudsters weaponize that and either figure out how to bypass your controls or social engineer your support.

I hope I’m wrong. Any thoughts on how a company should balance good service to users (and false positives) with the need to fight black hats?

I think a good starting point is to take the existing process and add a more formal appeals process for people who feel their accounts were unjustly terminated.
My little sister works in customer support for a fairly large email marketing company that competes with MailChimp. From hearing her talk about some of her conversations with users booted from the platform I think a good number of spammers sincerely believe they have a legitimate business and are confused to hear they've been flagged for spam. A lot of these people seem to only know enough about the internet to be dangerous. Preaching about passive income has gone main-stream in the last few years and many spammers are just ordinary people who have been conned into buying email lists from some "internet guru" to run a "click funnel business."

It's kind of like prison. Everyone says they're innocent. Some guilty people might even sincerely believe they're innocent. But when everyone is saying they didn't do anything wrong it's really hard for the person who actually didn't do anything wrong to get "justice."

Unrelated, I would love it if a publication profiled a few spammers. I suspect they're very different from how most people imagine them.

> I would love it if a publication profiled a few spammers. I suspect they're very different from how most people imagine them.

You might like Spam Nation: https://amzn.com/dp/B00L5QGBL0/

Awesome, thanks for the recommendation! I just ordered a copy for me and another for my sister as a Christmas gift.
Excellent book in a journalistic style. Good present. You will (both) have your own views on Krebs' strategies to make complex issues accessible to 'civilians'.
I've worked on the email dev team of a mailchimp competitor and from what I've overheard, when a customer gets spam-flagged the first step is to help him avoid it in the future. A lot of small businesses using these tools might actually accidentally misuse them.
Absolutely agree.

Many spammers don't see how what they are doing is wrong. They run a LinkedIn scraper to collect 100,000 business emails for people in their industry and they want to email them.

When you explain that they're spamming, they get offended. "No, this is not spam! These people are going to be interested in this product."

They just don't understand why it's wrong.

Great point. I had a non-tech-savvy friend who “accidentally” got into spamming, and had no idea what he was doing was wrong or antisocial. He simply got hooked with one of those “make $$$ from home easy!!” scams where they send you a pre-baked spamming kit and convince you that you’re a businessman with an incredible opportunity. He came to me for help when he started getting banned everywhere and his emails stopped going through. I told him he was scammed and that the “kit” he paid for was junk mailer scheme, but he swore up and down that no, he’s an entrepreneur and that all the problems must be his competitors “hacking him.”

I felt bad for him that he had no idea what it was that he was doing but I couldn’t convince him that it was not legit. It was MLM-level brainwashing.

The best part is, when this guy votes, it counts as much as your vote and mine.
I cannot imagine the customer support burden in time and emotional energy that goes into explaining to people, day in and day out, that the thing they hung their hopes on is spamming and not permitted. It sounds exhausting and draining.

Having done community moderation in a past life, I know how tiring it is to try to offer real engagement and empathy for people who refuse to understand that they've acted in an unacceptable way. There are also the people who know they're abusive and expect to just talk they way through it until you allow them to continue. Combined, it's enough to convince someone to stop offering humanity and sympathy to those who have acted badly, knowingly or otherwise.

> Any thoughts on how a company should balance good service to users (and false positives) with the need to fight black hats?

Charge money.

A big part of why MailChimp responded this way is that they have a very generous free plan. With that they can't afford to dig deep on free plans that violate ToS. You'll get buried under the weight of support/vetting for that.

Once you start charging even a little bit, the amount of spam/fraud BS you have to deal with plummets.

Every hurdle your free plan introduces to blasting out emails adds friction for spammers. Give them enough friction and they'll move on somewhere else. Forcing them to provide a valid credit card before they can send emails is a great way to add that friction.

Generally, having enough humility to recognize that you might be wrong, and enough compassion to care about the little guy would go a long way.

For example, they could notify the owner of the account after deleting it. And allow them to download their data. It's not hard to do, it does not open them up to social engineering, and it does not incur per-customer cost.

Nor does it facilitate continuation of spam, in fact it hits legitimate users way more than spammers - spammers bought their lists and have copies, while users who legitimately grow their lists through sign ups usually don't make copies.

Once again, the lesson shines through the "clouds"; Data that isn't on your hard disk isn't yours.
IF this was a free plan, do not expect much help. if this is a paid plan, totally unacceptable.
We've had a similar experience. We use them for both marketing mass emails and for ingesting support ticket emails (I believe that's through Mandrill). Someone sent a marketing email they didn't like (they said another one of their customers complained about it, or something; literally one complaint) and so they silently shut off our incoming email. We noticed it when one of our customers called to ask why we hadn't replied to one of their support tickets. They didn't bother to tell us.

It's a big bag of "do not recommend".

(As for how we manage to use them for incoming email; emails go to a gsuite inbox, which forwards them to MC/Mandrill, when then calls a webhook to actually process the email further. Yes, we could do way better with our own SMTP server that cuts them out. I think this architecture was chosen to have a failsafe in the event that our services all go down.)

That's what a secondary MX is for.
A secondary MX record doesn't solve the problem of "accept email and silently route to /dev/null".

Aside telling the sender or receiver, there's no good way to know. I guess you could send a test email every hour.... But this is an evil failure mode. This isn't an accident.

They wouldn't shut you down if they received just one complain, there is a very explicit process for opt-out / unsuscribe that you have to comply with. You're probably not telling the whole story here.

https://mailchimp.com/help/about-unsubscribes/

Similar problem happened to me with a hobby project. They can and most definitely do shut you down for a single complaint.
Did you comply with the link I sent?
Yes. It’s probably best to not assume malice here.
Sorry I don't believe you, the reason why is I worked in that industry and we definitely wouldn't close an account for a single complain or even many, for every email campaign there is a % of bounce rate / open / complain, obviously all those companies would be out of business if they would close accounts for complains. The only reason I see are those explained here: ( we had the same one )

https://mailchimp.com/legal/terms/#Rules_and_Abuse

Complains are normal business, people don't care if there is an unsub link they will complain no matter what.

So it's most likely not about the complain your account was shutdown but something else.

#1 content of your email

#2 compliance of the email ( unsub link ect ... )

#3 where / how did you acquired the emails

Are you speaking on behalf of MailChimp? Are you aware of their internal practices? Are you an official spokesperson? If so, I’d love an official response. Otherwise, I think there’s a ton of evidence here (from people I trust even) that disagrees with you.

1) project updates

2) in full compliance with their documentation

3) no preseeded list, users signed up on their own accord

Do you also think all of the many other people in this thread who've had the same experience are lying?
Not disputing that sometimes that might be the case, but I knew someone who was using a shady list, sending out to 20k+ people, and every time they sent out a blast they got multiple complaints...but never shut down.

So maybe the answer is more complicated.

Possibly a lot of inconsistency because of a quickly grown abuse team that has to get through a ton of cases a day.
And yet I still get junk from MC senders for which I never subscribed. I report as spam, but those people still keep sending with no problems. (Anecdote, I report as spam an email sent to me@mybusiness.com, then get emails from the same sender at info@mybusiness.com, support@mybusiness.com and finally to emails that aren’t even real such as contrived first_initial_lastname@mybusiness.com (which aren’t in use but go to a catchall, so clearly some “marketing person” just added me to a list without any consent at all.)

At all times these are reported as spam. Then, when we, a few years ago sent out a new feature announcement and a request for a follow up appointment, our account gets frozen for sending unsolicited marketing emails — to our actual customers who have opted in to our emails! Emails that complied with every bit of the anti-spam laws. So Mailchimp arbitrarily lets through their massive enterprise senders sending actual unsolicited emails but freezes their smaller (but still paid) customers sending marketing to actual, current customers.

Anecdotes aren’t data, but for us, it was reality.

I seem to be constantly checking "I never signed up for this mail list" buttons on MailChimp unsubscribe pages. Eventually I got curious if this actually does anything and looked into it; as far as I could tell from their docs, it does nothing but inform the mailer that you are of the opinion that you never subscribed to their list. Very useful.
No, MC definitely uses that data as part of their anti-spam operations. Source: have attended a few presentations by MC anti-abuse people.
hacker news is customer support?
Hacker News is where you go, when customer support does not respond, or (in this cased) responds so poorly you feel the need to tell the "tech world". Besides Twitter, I'd say the best way to shame a tech company would be Hacker News, given how many employees of said tech company and other influential people frequent this forum.
They banned me after migrating an email list over because they said I couldn't confirm how I got the emails. It was weird because the 80 emails were newsletter sign-ups from my website. After that happened I never went back.
Kind of odd considering they changed to make single opt-in the default on new mailing lists.
They’re covering their asses only legally speaking.
A similar thing happened to me while using their Mandrill system. After years of using it with no issues, all of a sudden no emails were getting out. They shut us down without notice and without recourse. We were sending simple support emails, and auto-emails (when you register, forgot your password, etc).

Absolutely would never recommend.

Did you continue to get billed for it?
They did the same to me. I reached out to their support and they just recommended I create a new account. No idea how a business can do that and expect users to be ok with it. They lost me as a customer and I will no longer recommend them to any of my clients.