Yes or they could have just blocked the messaged before it hit my system. They are the ones that originally allowed the message to get to me. Then when I process it, they suspend my account.

Perhaps your employee's cell carrier detected the message as spam and automatically complained to what it saw as the source (twillio). From twillio's point of view they absolutely and unequivocally need to keep the carriers happy. If Att or Vzw simply blocks all twillio then twillio is dead. When faced with the choice of losing the entire company or losing your $600 a month it's pretty obvious why twillio has in place the automated system you recently chafed under.

It's probably a good idea for twillio to be more reachable to any paying customer, at least until a human employee makes the determination if the customer is a spammer.

I'd be really curious to know if this is what happened. Whats more interesting is he lives in Spain and his cell phone is on a Spanish carrier.

I also understand and agree with your argument about why they might have done what they did. But I still needed to counter with what I did in order to protect my business.

Rules for thee, not for me

Yeah this sounds highly problematic. Maybe in the meantime you can text links to your own portal instead. I.e. "New SMS received from +123... . Read it at: https://your-internal-infrastructure.com/sms/[GUID]" (maybe with a simple login so Twilio auto-fetch, if any, gets a benign page). That way there is no spammer-controlled message content (apart from the phone #) in the message you send. Or convert them to jpeg and send as MMS hoping that Twilio won't OCR that :D

Yes, these are very good ideas. Didn't even think of the JPEG one, very cool!

At a high enough volume, links will also get you blocked by carriers

Yeah, we pass all of our twilio messages to our staff via a special Slack channel.

Which pricing tier do you use? I've been thinking of starting with the for a while. Now we use a hodgepodge of Skype and WhatsApp

For which, Slack or Twilio? We have a basic twilio account, paying $1/mo for the phone number, and $0.1/msg or whatever it is.

On Slack, we have a paid account at the standard level, we've had that for years.

One note, both Google and Apple detect that our number is Twilio, and won't let us use it for 2FA, sadly (our original use case).

Or base64 encode the orginal message :p

It needs to be human readable, so maybe pig latin instead

If someone has already written a custom integration, how hard can it be to wire it up to a spam detection API? It sounds like the integration was sending spam (not intentionally of course), which none the less is a TOS violation.

If they can’t update the integration with spam filtering, then it seems like they should be using COTS software.

Is sending an employee a message they've elected to receive ever spam in some sense? If the reflection were to an arbitrary number then I'd say so, but simply forwarding to a specific number you're working with seems... Fine. Maybe it's different too if it's a solution you're selling, but even then that's somewhat between you and the customer.

I guess if twilio has negative impacts as a result of the perceived spam then that's a separate issue.

It was only spam on the inbound leg. On the outbound leg, it was requested and correct content.

I'm already using a spam detection API. But remember those things don't block all spam.

Also, there are other ways to solve this specific problem given that they are intent on auto-suspending my account in this type of context. I could relay the messages using a different platform as an example.

Thats not really the point though. Me not paying for the spam API or not using it when I relay messages internally to employees is not a good reason to shut my whole business down and not give me a way to contact them. This should be obvious.