And while I'm asking questions, jaquesm says, "the sender is mailscarp.com". Was it actually sent through your servers? It looks like mailscarp is only inbound, so I don't understand how one of your beta users could have spammed a bunch of people on your behalf.

Yes, it was, I checked the headers.

Thanks. Then maydemir's explanation doesn't hold up for me. The Mailscarp page doesn't say anything about the features he describes. It seems like the simpler explanation is that they just tried spamming people and got caught. I hope that's not the case, and I hope they'll respond to questions to straighten things out.

Hard to argue with these:

ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mailscarp.com header.s=api header.b=DnugwplP; spf=pass (google.com: domain of hackernews.newsletter@mailscarp.com designates 104.243.65.3 as permitted sender) smtp.mailfrom=hackernews.newsletter@mailscarp.com; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mailscarp.com Return-Path: <hackernews.newsletter@mailscarp.com>