What you are doing is effectively recreating the VRFY command that nearly every major mail hosting service has removed for privacy and abuse reasons. You are opening yourself up to a huge liability, since spammers will quickly use stolen credit cards to crosscheck their lists against your API.
This will cause you to have processing issues from Stripe. This will cause you to have a huge backlash from hosting providers as you desperately try to make sure that your cached address is still valid. (Let's fire off 1000 calls to some random Postfix server, WCGW?) This will cause you to produce false results for domains that run catch-all addresses but don't advertise mailboxes. This will cause you to unwittingly become an effective tool in a spammer's repertoire.
Look, sticking a cache in front of the RCPT TO command is all well and good, but that functionality should be up to the owner of the mail server that you're bombarding, and not up to some third party. You are putting the onus of "hey, just contact us if you don't want us to hit your mail server" on everysinglemailserveradmin. This is not okay. SMTP servers aren't nearly as robust, and cannot handle a quickly-spiraling-out-of-control web service hitting them.
"To avoid gaining a bad IP reputation, we make requests from a large number of servers, any of which will be turned off it our system detects its IP is temporarily graylisted by some larger email server.
In the unlikely event that all our servers are graylisted at the same time, the API might be down. Within a few minutes, our automated system will create new servers elsewhere."
I just threw up a bit in my mouth. I guess the weekend project is to spin up an automated abuse reporting service for requests made from Anymail's virtual machine farm. I'm sure AWS would be pleased to hear they're running command and control for a botnet.
(1) Address harvesting and dictionary attacks
(A) In general
It is unlawful for any person to initiate the transmission, to a protected computer, of a commercial electronic mail message that is unlawful under subsection (a), or to assist in the origination of such message through the provision or selection of addresses to which the message will be transmitted, if such person had actual knowledge, or knowledge fairly implied on the basis of objective circumstances, that—
(i) the electronic mail address of the recipient was obtained using an automated means from an Internet website or proprietary online service operated by another person, and such website or online service included, at the time the address was obtained, a notice stating that the operator of such website or online service will not give, sell, or otherwise transfer addresses maintained by such website or online service to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages; or
(ii) the electronic mail address of the recipient was obtained using an automated means that generates possible electronic mail addresses by combining names, letters, or numbers into numerous permutations.
I'm not sure why there is so much negativity in these comments. LeadGenius is nothing more than a well-financed spam enabler that charges more, and yet they are celebrated in the Valley and have been handed $18 million in funding. The only difference is that they aren't as up-front about how the data they sell is derived.
While I agree that it probably does enable a certain portion of spammers, cold outreach is a necessary component to growing a company. There is nothing more effective than a well directed email stating that 1) you can solve one of their problems and 2) are you willing to purchase it today?
Skip your blog posts. Skip your viral marketing videos. Skip your media blitz. Find your customers. Find their emails (yes, using services like LeadGenius) and just simply ask them.
When I signed up for my local AMA (American Marketing Association) they sold my data out to a number of lists. I haven't had such a terrible instance of absolute blasting of spam with no regard to audience out of two SFO "lead gen" startups that resulted in several complaints to their CMO's to get me off their lists.
The absolute wrong way to gain customers is to blast lists out to purchased people in a "hammer" fashion vs targeted / personalized informational content pieces.
Your idea on:
Find their emails (yes, using services like LeadGenius) and just simply ask them.
Is fantastic, but this service is being used for lead validation/spam.
If people want actual email addresses, they can typically online google search, or use data.com (formerly JigSaw).
Most larger companies don't do demand generation well, and I think many people on here don't see an issue of batch/blasting for "lead gen".
I'm in Marketing Automation for a living and deal with CANSPAM/compliance quite a bit day to day.
I agree that one man's spam can be another man's valuable service offering. But generally sending unsolicited email to people at work is considered spam.
The alternatives are numerous. Adwords, Facebook advertising, LinkedIn ads, running ad campaigns on targeted websites, etc. I saw one a story about one guy that was acutally able to specifically target a single person at a specific company he wanted using LinkedIn ads [1].
All those ad channels are substantially more expensive in almost all SaaS cases. Sending an unsolicited email is not spam. Sending mass numbers of automated unsolicited emails is spam. LeadGenius and the like simply provide email addresses.
I run large scale advertising campaigns. I wish that it was cheaper than hiring an SDR to cold email. It simply isn't. In the very early days, advertising is so expensive that it makes almost no sense to prefer it over cold emails. Cold emailing simply works, as much as it might irritate you
I get dozens of unsolicited sales emails every day.
Just answering "thanks but no thanks, and please take me of your mailing and prospect lists" takes time out of my day. It had a real cost.
I have to answer, because the sales people will keep mailing every week otherwise, and marking as spam reduces the quality of the spam filter rules.
I'm the kind of person who will use inbound information if I'm actually looking to solve a problem, and I will resent your wasting my time if you go outbound at me. You literally end up on a "prefer not to do business with" list, hurting yourself.
Meanwhile, enough people apparently can't research their own problems enough, that cold marketing works. I just can't really understand why that is.
"There is nothing more effective than a well directed email stating that 1) you can solve one of their problems and 2) are you willing to purchase it today?"
That is considered illegal spam in lots of european countries unless you have a pre-existing relation ship with the recipients. YMMV.
Unfortunately, many of those laws only apply in B2C contexts, not B2B.
That doesn't make the time dealing with it any less of a waste or make spamming any more ethical or socially acceptable just because it's a professional contact, of course.
People give higher credence to information that they find themselves, than information that is pushed to them by an obviously interested party. This is the heart of why inbound marketing works and is a good idea.
The alternative to finding potential customers is to find where they hang out, then go there and inform them that you exist. If they really want/need your service, they will come to you. Once they do, that's when you get that contact info and politely but persistently pound it.
I consider spam to be a on a spectrum of invasive advertising. Direct mail and telemarketers are other obvious examples.
A more extreme example: if a hustler approaches me on the street and tries to con me, is that still "cold outreach"?
To me if it's on that spectrum it's all sleazy, only to varying degrees. At least with blog posts and viral videos it's always my choice to engage with them.
If someone notices that you walk on the insides of your feet and see that you're in pain and they say "Hey, I own an orthopedic shoe store, you should stop in and we can alleviate some of your foot pain", is that sleazy?
I think it's beyond helpful; it's doing a great service. Thoughtful, highly targeted cold outreach is just that.
They got 138 points on their launch and lots of positive comments. Then they received $18 million. I'd say that's pretty positive reception in the Valley.
Points on a HN news article aren't the same as votes in favor of the company by the HN community (heck, this one on Anymailfinder has 49 points currently; if points were a measure, Anymailfinder would be getting a positive response, rather than the negative one complained of to launch this subthread.)
> Then they received $18 million.
Not from HN.
> I'd say that's pretty positive reception in the Valley.
Reception by the HN community isn't the same thing as reception in the Valley.
I would be very cautious using Anymailfinder.com to generate email lists -- based on this copy on anymailfinder.com:
Anymail finder uses many approaches to find emails—it searches billions of web pages and performs direct server validation.
The original SMTP spec allows for email address validation, and there are tricks like opening an SMTP connection to a mail server and dropping it half way if the address is verified -- but these are the same "tricks" that spammers use, so many mail servers disable or report false positives. There's a reason why most lead services have a high price: they have actually verified an email address.
Next, sending cold emails to business is OK (sometimes annoying but legally ok), but the copy on makesmail.com has a broken link (1) and doesn't clearly describe how to cold email and be legally compliant. From the horses mouth: https://www.ftc.gov/tips-advice/business-center/guidance/can...
Regardless, congratulations on building up to $1,500 MRR, that is a milestone most side projects never reach!
The thing is no one respects the CAN-SPAM act in high touch b2b sales, and no one cares about it.
Most people that are getting email addresses in this way are using it as a cheaper and more effective alternative to LinkedIn inmail, cold emails and cold calls are a great way to sell and if you do it right the recipient of the comms doesn't even care that you harvested their details.
Doing it right means the message is very targeted, and most of the time you have people or companies in common with the person you're reaching out to.
You can pretty easily find out if the server will return false positives by first testing a completely random email like 737377ndjd@domain.com . Not sure if he's doing that or not.
Just because you wrote about it on Medium, and used words like "biz dev", doesn't mean you're not a spammer.
Seriously, if you're not swayed by the ethical considerations and all the other commenters here pointing out how scummy and immoral your business is, at least consider the liability questions. You're in pretty flagrant violation of the CAN SPAM Act and could be looking at very large fines.
I both understand the demand for this and dislike it. But, assuming ethical questions stand aside, I do have some pricing reactions:
This should be a monthly service, full stop. You mention users use it once, and then not for a while. That is the best possible scenario for a recurring revenue business. You should stop offering one-off purchases immediately if you want to see revenue grow.
I can think off the top of my head of a few 'ongoing' value adds you could do; in particular, you could remember emails you couldn't find, and if you do find them notify the user. There are probably more things you could imagine if you were closer to the business.
This would also let you charge spammers a lot, or preferably just keep them out and stay more moral by just capping the monthly requests at something reasonable for a human, not a spammer.
"This would also let you charge spammers a lot" should be rewritten to "This would also let you charge unwitting victims of credit card theft a lot, and get a ton of chargebacks".
As a user of external services to build my own SaaS, I am actually forced to prefer the per-use billing model. So much so that I have signed up for only 1 service that bills monthly (and because they are priced way below the competition's monthly charge), and 4 that have a usage-based billing model.
What the usage-based pricing model does, it helps you capture startup customers early on when they are pre-revenue, then you get to keep them as they grow.
If you need to verify an email address, it's very likely you did not obtain it via an opt-in... a la Spammers... or people purchasing bulk mailing lists. Both are illegal.
It's difficult to imagine how anyone using this service is not violating the CAN-SPAM Act[1].
Despite its name, the CAN-SPAM Act doesn’t apply just to bulk email.
It covers all commercial messages, which the law defines as “any electronic
mail message the primary purpose of which is the commercial advertisement
or promotion of a commercial product or service,” including email that
promotes content on commercial websites. The law makes no exception for
business-to-business email. That means all email – for example, a message
to former customers announcing a new product line – must comply with the law.
In short, any unsolicited email sent with the intention to promote commercial interests is a violation of CAN-SPAM, and can carry heft fines.
Effectively, this service is a facilitating violation of the law.
Penalties can be up to $16,000 USD per unsolicited email sent.
Just ask Papa John's how much unsolicited messages can cost you[2].
Papa John's didn't violate CAN-SPAM. And there has never been a case (that I've seen, and I follow this stuff pretty closely because I really dislike receiving newsletters, personally) prosecuting anyone for sending a cold sales email.
Ya, they sent text messages, so they skirted that issue, but the CAN-SPAM Act fines are very real - and the point I was making is that Papa Johns essentially had to pay out through the nose for sending unsolicited messages.
> And there has never been a case (that I've seen, and I follow this stuff pretty closely because I really dislike receiving newsletters, personally) prosecuting anyone for sending a cold sales email.
People get fined all the time. Just because the likelihood of not being fined is pretty good, doesn't mean they aren't violating CAN-SPAM. Most people just mark the email as spam and move on - people have to report it to the FCC for them to get fined.
Doesn't look like it. He seems to make no mention of his relationship to Anymailfinder or Makesmail in any of his posts. [3] It also looks like he is working closely with "Clavain Skade" or that is a sock puppet since they seem to publish everything for them to repost.
Don't use this in Europe. Cold emailing is forbidden in lots of countries.
If you cold email me with your business/sales/whatever you make money with it pitch, I report you to your hosting provider and if necessary, to the local authorities.
How do they define cold email? If someone you know gives me your email address, and I don't tell you how I got it, is that illegal? Can you only email people who have actively given you an email address? This seems very unlikely, and extremely hard to enforce.
This is for email marketing, not cold emails. Email marketing refers to using automated systems to send emails to a list. A cold email is a human sending an email individually. They might use a template or software to aid in creation, but each email is sent to an individual separately. You might think that this sounds identical, but it isn't.
It is true, no matter how many times you claim that it isn't. Can you name one single salesperson who has ever been prosecuted for this? Active consent is required for email marketing in the US too. It's not required for me to send a cold email to someone whose email address I acquired (or could guess).
Tried my name at my Google Apps domain... no results as it's apparently "catchall domain", but a few alternative addresses were provided, several of which I know do not exist.
I really wish the marketing cycle was reversed, where I post what I'm looking for and businesses respond with offers, because when I'm looking to buy something I would love to be shown options and offered discounts.
I think this sounds shady. The most interesting part of the article to me was the use of "email" by itself to mean "email address". This is always so confusing to me, since "email" already is a noun meaning something else.
A button saying "Get email" to me would indicate that I would be sent email if I clicked, not that I would be shown the email address of the person the button was associated with, for example.
It's pretty clear in context what it means. Also, email has become a noun that also means exactly what it's intended to here (hence it being commonplace for someone to ask for another person's email and omit "address"). There are numerous words that are nouns with multiple meanings.
What you are doing is effectively recreating the VRFY command that nearly every major mail hosting service has removed for privacy and abuse reasons. You are opening yourself up to a huge liability, since spammers will quickly use stolen credit cards to crosscheck their lists against your API.
This will cause you to have processing issues from Stripe. This will cause you to have a huge backlash from hosting providers as you desperately try to make sure that your cached address is still valid. (Let's fire off 1000 calls to some random Postfix server, WCGW?) This will cause you to produce false results for domains that run catch-all addresses but don't advertise mailboxes. This will cause you to unwittingly become an effective tool in a spammer's repertoire.
Look, sticking a cache in front of the RCPT TO command is all well and good, but that functionality should be up to the owner of the mail server that you're bombarding, and not up to some third party. You are putting the onus of "hey, just contact us if you don't want us to hit your mail server" on every single mail server admin. This is not okay. SMTP servers aren't nearly as robust, and cannot handle a quickly-spiraling-out-of-control web service hitting them.