(technically, I guess that doesn't prove anything other than it is in my Sent folder? it has a message ID but I guess only the purelymail admin could confirm that)

In any event, this should never have required an outside reminder. The indexing issue may be something non obvious. But the core decision not to use signed/expiring URLs is nothing less than good old security by obscurity.

trollbridge 2 days ago | parent | next [-]

I've contacted fiverr before about obvious fraud being conducted through their platform, and they just sent me in endless loops of "open a ticket". "No, e-mail us about it." "No, e-mail us at our security contact about it." Crickets, and then a response saying to please open a ticket.

Basically, they aren't set up for anyone to actually contact them and expect a resolution.

	▲	TZubiri 2 days ago \| parent [-]
		oh I got that too, Sent an email, "Open a ticket" . Then I see in the support page that the email opened a ticket and it was marked as solved. For sure their internal metrics are all green and solved tickets are on the rise.

▲

eudamoniac 2 days ago | parent | prev [-]

I wouldn't be surprised if their email blocks all unusual TLDs like your .dev.

	▲	ahhhhnoooo 2 days ago \| parent \| next [-]
		Sounds like a really bad strategy for a security email address...
	▲	zelphirkalt 2 days ago \| parent \| prev [-]
		How to shoot yourself in both feet 101