Comment by jsnell

You can't start the timeline from the first email, because clearly Cloudflare didn't communicate the actual issue to the customer. (Yes, the customer could be lying about what was said in that meeting, and they could have been told what the problem was rather than it being just Cloudflare trying to upsell them the enterprise plan without telling why. But then the "omg, we just discovered a problem with your site during a routine inspection!" email sent two weeks later wouldn't make sense.)

They also were clearly lying in those email messages: The second email says that domain rotation is strictly forbidden, but a few days later in the third email they're explicitly selling features for rotating domains more effectively.

And sorry, but a company selling "we'll override the Trust and Safety team if you pay us $$$" is absolutely unacceptable. There are only two options, both bad. Either they're not running a real TnS operation, but just pretend-staff one in order to run these kinds of shakedown operations. Or they're running a real TnS team that found a real problem but are letting sales people override the TnS team's honest judgement.