What a spam hack taught me about startup resilience

Executive overview

Russian hackers exploited Drip's email platform overnight to send PayPal phishing emails, getting its IPs blacklisted. For an email marketing tool, blacklisted IPs mean zero deliverability — an existential threat.

The team stopped the bleeding with a hardcoded account block, then worked vendors and blacklists to restore reputation. The real lesson wasn't the hack itself — it was learning to work through crises without assuming the business is finished.

Most startup crises feel business-ending but aren't — calm, coordinated action almost always finds a way through.

The hack and immediate response

• Hackers created dozens of accounts from Russian IPs overnight, sending phishing emails through Drip's platform
• Drip had no account-disable feature at the time — a hardcoded if account_id == X block was pushed to production to stop sending
• Hackers chose 2–4 a.m. deliberately, knowing no one would be watching
• IPs were blacklisted, meaning all customer emails — from legitimate senders — went to spam
• Team contacted blacklist operators directly; some had automated removal after a clean period, others required manual outreach
• Most vendors and blacklist operators were willing to work with them when given an honest explanation

Building defences after the fact

• After stopping the attack, Derek built a risk-scoring system on a whiteboard: prepaid cards, high-risk geographies, unusual send volume
• High-risk new accounts were gated — limited sends or full manual approval before going live
• Managing blacklists eventually became a full-time role as Drip scaled to 100M emails/month

Five lessons from the incident

1. Don't panic — panic prevents clear thinking; allow a moment, then get to work
2. The founder must lead — someone has to triage, divide tasks, and set the order of priority
3. Few crises are actually business-ending — things are rarely as bad as they first appear; calm and smart people usually find a fix
4. Run a post-mortem — ask "how do we prevent this?" before closing the incident; balance process discipline against startup speed
5. Vendors and partners will work with you — honest, proactive communication earns goodwill; most people respond well to transparency