Why I Take Spam Personally (And how Shopify enables it)

Most people think spam is an annoyance. An inconvenience. Something you swipe away, filter, or laugh about in screenshots.

For me, spam stopped being abstract a long time ago.

Years ago, someone deliberately weaponized newsletter systems against me. Not phishing. Not malware. Something far more insidious and far harder to clean up. Mass newsletter subscriptions, spread across thousands of legitimate stores, all pointed at one address that could not be changed.

That address was abuse@.

If you run email infrastructure, you already know why that matters. Abuse needs to be reachable. It needs to be stable. You cannot just rotate it away without breaking the reporting ecosystem that keeps the internet functional.

The attacker knew this.

What made it worse was not just the volume. It was the platform design choices that enabled it to persist indefinitely.

Shopify was, and still is, the worst offender by a mile. Their system allows stores to send newsletters without requiring double opt in. Unsubscribe often does not work when a store is abused this way. Even when it does, forcing someone to manually unsubscribe from thousands of stores is not a remedy. It is a punishment.

On top of that, Shopify sends mail for every store from the same envelope sender. One sender. Thousands of shops. No meaningful way to block abuse without collateral damage. No practical way to stop it without building one filter per abused shop.

That is not accidental design. That is a choice.

Meanwhile, Shopify has quietly become the backbone of online ordering across the internet. When a platform at that scale treats abuse as an acceptable externality, the damage compounds. Not just for providers like us, but for every end user caught in the blast radius.

The attack also used aliases (ex. abuse+jarlandisarapist). Not clever ones. Spiteful ones. Crafted to make the intent unmistakable. This was not automation gone wrong. This was someone discovering that modern email systems make it trivial to hurt someone for a very long time without ever technically breaking the rules.

That was the moment spam stopped being theoretical for me.

Every one of those emails is an abuse report. I forward them. I log them. I filter them. I send them to shops. I send them to executives. I send them to investors. I do not stop.

Not because I think it will magically fix the problem overnight. But because silence is how these systems stay broken.

One day, someone will lose a filter. Someone will migrate systems. Someone will have a bad day. And when that happens, I want the consequences of negligent platform design waiting for them at the top of their inbox.

You might ask how I stay motivated to fight spam. The answer is simple. I look at the logs. I see the same junk hitting the inboxes of customers who were caught in the same attack. People who may not have the tools, time, or knowledge to defend themselves.

That is the part that never stops being fuel.

MXroute exists because I refuse to treat email as disposable. I refuse to treat abuse as someone else’s problem. And I refuse to accept that inbox destruction is just the cost of doing business online.

My goal is not to win loudly. It is to win quietly. To reduce the surface area for abuse. To make these attacks harder, noisier, and more expensive to execute. To push back against systems that prioritize growth metrics over the health of the internet.

I may be fighting a war most people never see.

But I am fighting it anyway.

Because spam is not just annoying.

Spam is personal.

And the systems that enable it deserve to be challenged.

-Jarland