Sadly, you don't even need to engage directly with these companies to be affected. Case in point: e-mail.
I host my own e-mail. Valid SPF, not on any spam blacklists, good reputation score on my static IP.
At the beginning of November, I lost the ability to send e-mail to Gmail - it was all rejected as, quote, "possibly spammy". Double checked SPF and DMARC... Double checked documentation... Spent time setting up DKIM on my mail server, even though I sent nowhere near enough mail to merit it. Nothing got through for two weeks.
Google Postmaster Tools were totally unhelpful, telling me _that_ I was being blocked, but not _why_ I was being blocked. There is a community support forum where I posted - it hasn't seen a response since I posted in November. There was also a support portal where I could, in theory, contact a human. I sent something in there, and am still awaiting a reply.
Now remember, Gmail isn't just for @gmail.com addresses. Gmail hosts my accountant's domain. Gmail hosts the domain for a club that I'm part of. Gmail hosts friends who also have their own domains. Gmail hosts... well, probably a solid half of the Internet's e-mail.
My only way out of this nightmare was to reach out to a contact at Google, who - having an @google.com e-mail - was also unable to receive e-mail from me, and made the case to the right folks internally that I couldn't send important messages to him. A few days later, I could magically send e-mail to Google again.
Do I have any idea what I did? No. Do I have any idea what they resolved? Also no. Can I prevent it in the future? Who knows!
I'm increasingly of the opinion that the modern practice of not telling people why they've been blocked -- or even that they've been blocked -- was devised by sadists to satisfy their proclivity.
The core of the flaw is that actual fraudsters and spammers are repeat players and ordinary people aren't. The bad guys expect to be blocked, so they test for it. They check if their messages are getting through and then notice immediately when they stop. Whereas real people expect their messages to go through, because why wouldn't they when they've done nothing wrong? And then become isolated and depressed because it seems like everyone they know is suddenly ignoring them.
The bad guys create thousands of accounts and play multi-armed bandit, so when some of them get blocked they can identify why by comparing them to the ones that didn't, or create new ones and try new things until something works, and thereby learn what not to do. Whereas real people have no idea what sort of thing is going to arouse the Dalek either before or after their primary account is exterminated.
So it's a practice that creates a large increase in the false positive rate (normal people have no way to know how to avoid it) in exchange for a small decrease in the false negative rate (bad guys figure it out quickly). In a context where false positives cost a zillion times more than false negatives because the bad guys treat accounts as a fungible commodity they acquire in bulk whereas innocent people often have their whole lives tied to one account.
And all of that is only disguising the real problem, which is that people get blocked having done nothing wrong. If you were expected to point them to the spam they sent or the fraud they attempted then you wouldn't be able to do it when they'd done no such thing, and then "we can't tell anyone because it would help the bad guys" is used to paper over the fact that you couldn't tell them regardless. When the decision was made by an opaque AI and then reviewed by no one, there isn't actually a reason, there's just a machine that turns you off.
Towards the end of using self-hosted email at $dayjob, a couple of years ago now, Google started bouncing [some of] our email.
In the header for the bounce messages was included a description of the problem (as they perceived it), and a link for background reading.
I never followed up on it personally (that wasn't my job anymore because reasons), but the bounces seemed descriptive-enough for someone who was paid to care about it to make it work.
I also host my own email. In my case, Google always routes the first email I send to a new Gmail address as spam. After the recipient marks the email as good, future emails are received as expected. The only way around this is to advise the recipient via Gmail that I've set an email to them via a different route, so that they can check their spam and mark the email as good. This has been going on for at least two years.
Basically, Google are shadow-banning me till they get caught. I think this should be illegal.
I host my own e-mail. Valid SPF, not on any spam blacklists, good reputation score on my static IP.
At the beginning of November, I lost the ability to send e-mail to Gmail - it was all rejected as, quote, "possibly spammy". Double checked SPF and DMARC... Double checked documentation... Spent time setting up DKIM on my mail server, even though I sent nowhere near enough mail to merit it. Nothing got through for two weeks.
Google Postmaster Tools were totally unhelpful, telling me _that_ I was being blocked, but not _why_ I was being blocked. There is a community support forum where I posted - it hasn't seen a response since I posted in November. There was also a support portal where I could, in theory, contact a human. I sent something in there, and am still awaiting a reply.
Now remember, Gmail isn't just for @gmail.com addresses. Gmail hosts my accountant's domain. Gmail hosts the domain for a club that I'm part of. Gmail hosts friends who also have their own domains. Gmail hosts... well, probably a solid half of the Internet's e-mail.
My only way out of this nightmare was to reach out to a contact at Google, who - having an @google.com e-mail - was also unable to receive e-mail from me, and made the case to the right folks internally that I couldn't send important messages to him. A few days later, I could magically send e-mail to Google again.
Do I have any idea what I did? No. Do I have any idea what they resolved? Also no. Can I prevent it in the future? Who knows!