Sorry, this is just bad design.
Re: > The customer may want to handle / filter the spam.
Then provide the customer with a "yes, send me all the spam" option.
Which do you suppose is the common case here?
1) Customer doesn't want spam.
2) Customer is doing a "study of spam"
3) Customer is running a spam filtering service.
Yeah, it's 1), dude, in a gigantic majority of the cases.
Fine to provide an option to filter it perhaps, requiring twilio to block what it THINKS is spam is a recipe for disaster, spam filters are no where near perfect.
Yet they are disabling the entire account when they think it has sent spam.
At least in use cases I was dealing with - we wanted zero filtering of inbound SMS because it was used as a control interface.
Spam didn't matter to us. Spammers had no idea how to format their messages etc. We also whitelisted inbound numbers.
The Twilio use case is not primarily for "mailing lists" and third party sms forwarding stuff.
And for a while SMS worked very well in certain IoT's contexts (SMS used to basically have its own channel that had surprisingly good deliverability for some reason).
Internationally in particular voice and data used to be potentially wildly expensive.
For sat backhaul, you could get 10 to 25 cents a message. A voice minute would be like $5 - $10. So this is a 100x difference potentially. Even data minutes were like $1-5/minute way back. The connection setup and teardown times were lower with SMS then doing a voice channel call etc. Pricing looks a lot better now, but still, messages are cheap (or free).
https://www.satphonestore.com/airtime/iridium-airtime.html
How does twilio even know that you will only forward messages they have scanned for spam? It seems like they MUST put the spam filter on the outbound leg.
So many other options here
Twilio outbounds the SMS message over the carrier network. Part of that relationship is that Twilio has to prevent spam from entering the carrier network, or the carriers will ban the interconnect.
Here's the full workflow of this situation.
The inbound leg looks like this.
[Spammer] -SMS-> [Carrier] -SMS-> [Twilio] -HTTP-> [Customer]
The outbound leg looks like this (the customer initiates this in response to the HTTP request)
[Customer] -HTTP/TWIML-> [Twilio] -SMS (SPAM DETECTION HERE)-> [Carrier] -SMS-> [Employee]
All of these parties are separate entities, each enforcing spam blocking. Twilio is incentivized to not transit spam over the Carrier because the Carrier will get upset at Twilio. Twilio has no way to tell the Carrier "Oh, hey, this is spam, but the customer owns the number and they said they were cool with getting spam, please don't get angry"
This is specifically covered in their ToS by the way.
"We never allow some types of content on our platform, even if our customers get consent from recipients for that content."
This is for the simple reason that a lot of folks are using Twilio for application to person / transaction messaging - and the key to delivery quality is to have no crap content going out.
If you operate an open relay for email - your IP address is going to be blacklisted very quickly. Same here, if twilio allows spam and fishing to go out, deliverability is going to go way down. Down the chain people don't know folks have "opted in" to the facebook phishing emails.
Sign up here for a code to win XXX. Then they send you the code (which is the twilio opt in code) and bam, you are in the spam list. All these things have happened on the email and other platforms side already.
This doesn't sound like an open relay (since the incoming message can't be forwarded to arbitrary destinations), this sounds like a mailing list. And if my mailing list was banned because someone else sent spam to it, I'd be upset too.
This does seem like a very common use case that Twilio needs to not punish.
Same principal with money transfer. If you start accepting money from someone to transfer to another person that is MUCH MUCH higher risk - every bank / online payment player should be looking out for that and probably getting you into a different account type.
Twilio is clear, they are designed for systems where you message folks.
