I’m the founder of a small bootstrapped SAAS and people use disposable email addresses all the time to avoid paying for our product.
We don’t sell any data.
> people use disposable email addresses all the time to avoid paying for our product.
From the prospective subscriber’s perspective, that’s your problem to worry about — not theirs.
> We don’t sell any data.
How should users know that? It’s also not just a matter of selling data — almost all companies will spam your email address, even if you check the box asking them not to.
… which makes it the prospective subscriber’s problem, pushing nearly all risk onto them, and requiring them to trust that the service won’t spam them or sell their e-mail address.
Depends hugely on the SAAS and it's current and desired customer base.
But some obvious candidates are
1) discontinue free trials.
2) provide enough obvious value to convert the current funnel of free trials into paying customers at a high enough rate that you don't care about the "freeloaders"
3) radically differentiate the support available on free trial accounts.
In the long run, and dev effort/time spend integrating email domain blacklists is just time taken away from building features that add value to the service/company. It's only possible that spending that time adding features will turn the conversion rate up, but its guaranteed that fencing off the top of the funnel will reduce the number of conversions.
Emails don’t guarantee unique users. I’ve seen free tier signups that require a valid credit card or sms verification codes. It depends on the value of the free offering on whether or not putting signup barriers in place is worth it.
I have no idea how they know that. Perhaps they found a reddit or Twitter thread describing how to abuse their platform with anonymous email addresses.
>almost all companies will spam your email address, even if you check the box asking them not to.
I find this very hard to believe. "Spam" has a specific definition; the most important bit of which is that it is unsolicited. Mails landing in your inbox that you'd rather not get, but which are not unsolicited (say, by you signing up for an account and confirming your address), are not spam by definition.
"Almost all companies" would find themselves unable to send email in short order if what they were delivering was spam.
Most email I get from services is unsolicited. While I did sign up for the services I did not solicit every newsletter, marketing email, "notification" and so on.
For 98% percent of services I use I mainly want my email for one thing: a way to reset my password.
Often I need to unsubscribe from each of them individually and then navigate some sort of "notification preferences" interface. Even after that has been done a lot of them seem to default any new newsletter or preference to on instead of deriving the preference from the closest existing option.
Yes you did. When you open a relationship with a company (by signing up to use their services), they are allowed to market to you, send you newsletters, and so forth, until such time as you terminate that relationship.
It isn't spam because you don't want it. If you actually don't want it, then click 'unsubscribe' - and if they continue to bother you afterwards (which, FWIW, I've seen a reputable company do a grand total of once in years), then and only then, is it spam.
Your definition of spam is different than most people's. Yours is closer to the legal definition in the can-spam act, and other laws/regulations. But popular usage of the word doesn't _have_ to conform to your narrower definition.
That conflicting definition is why the people receiving your email marketing get so mad at you. They would rather have not given you their email at all, but they have to, and they don't want emails from you, but they get them anyway. They don't click your link to unsubscribe because they don't think it would work, and probably just make things worse. So they mark your email as spam, send it to their junk folder, and the returns on your email continue declining, and eventually the mail services start blacklisting you.
Any email I didn’t request or expect as part of a transaction (shipping update email) is spam as far as I’m concerned. I’m not concerned with any other definition other than my own. I will report every unsolicited marketing email as spam to my email provider. If the company that sent it wants to dispute that is between them and the provider. I don’t care what happens after I report and block the address. I don’t care if it takes “up to ten business days” to remove me from the marketing email list. That’s not my problem, I told you now I unsubscribed now and as far as I’m concerned any email I receive after that is spam.
I’m just a lowly user. Reporting it as spam is the only recourse I have.
Thanks to years of abuse of my email address by marketers I am all out of fucks to give.
It's actually very dependent on the country and jurisdiction.
Some EU countries require that you offer a simple and effective option to opt-out when gathering the contact details. Depending on the content, that can be a required to be an opt-in toggle.
It's not enough to offer users a way to unsubscribe once you've already started spamming them, there should be a way to not have the first spammy newsletter/newsletter group.
I'm curious - I see on your profile that you're a DevOps engineer presumably using a lot of online services on a daily basis, so what approach do you use to deal with email that would justify your opinion here?
Do you just let it fill up your inbox and essentially make it unusable as it's saturated with marketing spam? Do you read every single incoming email (if so how do you find time and how do you justify spending that time for this instead of other, more productive/fulfilling endeavors)? Do you have some magical, bulletproof AI that can classify and hide these marketing emails with 100% accuracy? Do you outsource the management of your inbox to someone else and if so how do you justify paying for that?
>so what approach do you use to deal with email that would justify your opinion here?
When I get email I don't want from a company I have an account with, I scroll to the bottom and click 'unsubscribe'. I then don't get anymore of those kinds of emails.
What I absolutely do not do is throw a hissy fit and click 'report spam' (which not fucks up my own bayes classifiers and makes false positives more likely, but sends harmful false reports to antispam orgs).
Seems to work quite well. Certainly well enough that I can't comprehend the level of snark and vitriol received here.
Nope. In the UK and EU (and probably other places!) you can’t send someone email marketing unless they explicitly opt in (i.e. no pre-ticked boxes either) [1].
Also, it is presicely spam because I don’t want it, whether you have a right or even obligation to send it or not.
> Mails landing in your inbox that you'd rather not get, but which are not unsolicited (say, by you signing up for an account and confirming your address),
This itself is a redefinition of “spam” to exclude the types of spam businesses want to send.
There’s a two-part test I use to define “spam”, which I think is aligned with both the historic definition, and how most users perceive it:
1) An e-mail is a marketing e-mail if, on the balance, the e-mail primarily benefits the sender, not the recipient.
2) A marketing e-mail is spam if the user did not explicitly opt-in to receiving them.
"irrelevant or inappropriate messages sent on the internet to a large number of recipients."
Neither is your absurd definition.
And to be clear, entering a business agreement for a product or service you sell, is not me soliciting anything other than that product. Marketing emails, "product updates", etc are not the product or service I am paying for.
The legal definition of spam arose as a distortion of the preexisting concept lobbied for by spammers to allow as much spam as politically possible while allowing politicians to be seen as “doing something” about the spam problem.
Not only do I have zero reason to trust you when you say that (because every person planning on selling my data ways the same thing).
But I also have zero reason to trust you're skilled or resourced enough to adequately secure my data (or have sufficient motivation to do so).
And I also know that one day you'll likely sell your SAAS, and will have no control over what the people you sell it to will do.
If you've got enough traction that people are willing to jump through minor disposable email address hoops to use your product for longer than the free trial, but not enough traction to convince them to pay for it, I reckon you'd be better off building more features that add value and reconsidering your free trial plan - instead of devoting any dev effort into rejecting disposable emails.
I signed up for a KVM hosting provider. They initially rejected my account because I used a "disposable" email address. Their experience is that use of disposable email addresses is highly correlated to use of their VM instances to send spam or carry out other hostile activities.
That explantion was acceptable to me; if it works for them. I might note that they only send me transactional email (statement of charges for the month) and no marketing.
And that's fair enough but this is just another thing that businesses have to chalk up to as a cost of business because users' privacy is more important than your dollars.
I have sympathy for businesses out to make a buck: they are the reason I get to put food on my table. But on the scale of balance between users' rights and business rights over the last twenty years, it's no contest: business rights reign triumphant.
Recently, I wanted to try a web service but they did not let me register with a disposable email address. Well, I guess I will not try the service then.
I doubt that a meaningful number of users creates new accounts every 7 days just to avoid paying. Setting up a new account is usually enough work that it is not worth it. But if that is the case for your service, here are three things from the top of my head that might even work. If instead you just block disposable email addresses, I might as well look somewhere else.
* Reduce the trial period for users with a disposable email.
* Don't allow data import/export so that creating a new account is more work.
* Reduce cookie lifetime so that a login is needed more often.
Thanks, the first idea is a really good one for our use case. (the other ideas won't work unfortunately)
And yes, it is not a meaningful number of people that do so, but over time this is very ugly and frustrating (as it requires manual intervention) and you block the disposable Email provider they used ...
> but over time this is very ugly and frustrating (as it requires manual intervention) and you block the disposable Email provider they used ...
This seems like an ego issue honestly. Like you feel like you are being taken advantage of. If only a very small numbers of users are doing this then I don't see it worth the dev time to block the email providers they use possibly hurting valid customers. Just leave it alone. I use Relay for services I genuinely pay for but don't want to give out my email address in case of leaks.
> You can still have the trial expire and the credit card isn't ever charged; but you can track people on trials more easily.
I think that someone who doesn't want to give their real email address to try out a service is even less likely to trust an unknown service with their credit card number. There are just too many "free trials" that promise to not charge your credit card and then make you jump all sorts of hurdles (e.g., having to call) to cancel the free trial.
That happens quite frequently to our SaaS where people need free access to a new API key. We try to block multiple registrations but there are people who also invest into proxies to circumvent this protection...
people who want to bypass those restrictions can easily do it. It is trivial to get a bunch of mail addresses to use, even without "disposable mail" providers. People who try to abuse the trial period over and over will do. Blocking the disposable mail providers however also blocks users who are curious, but not yet committed.
I argue that maths is negative for your business and a better approachbis to make it easy tonget started, but show them clear benefit of switching plans. Maybe a cheap entry level plan with a small set of convenience features, not available to the test account.
Just a few idea: Make it useful to have a persistent identity, so you have something to lose if you abandon the account (like a library of games in steam, or a network of friends on facebook). Require a payment method and limit how many free trials can be activated with the same card. Require a phone number since they a harder to get than emails.
I really dislike services that require payment or telephone numbers for verification just to try out a service. And we are unsure if this increases friction for normal users.
If someone wants to use disposable email addresses out of fear of having the service sell or abuse their permanent email address, they will most likely also not be willing to reveal their phone number.
Make the service less useful in the free trial period — for instance a really low cap on API requests per hour/day or limit the user to cresting a very small number of records/items when they aren’t paying.
If making a new email address is all it takes to get free stuff then your trial model is broken. If your service stores data, a time-limited trial with no export option is usually enough. If it's more or less stateless, then you need to limit other things as well. Would you be willing to share what the SAAS is? Outside of content providers (streaming, etc.) I've never really seen any reason to abuse trials.
Besides, the whole idea of a "disposable email blacklist" is ridiculous. Are you going to block Gmail? Gmail addresses take like 1 minute to make. If not, you've already lost the battle, so do us all a favor and stop this blacklist nonsense.
But why would having a "valid" email address help you more getting payment?
At most you may send reminders, but even then, those may end up in a spambox?
Even once you've verified the email, you have not much of a guarantee it will stay verified/working long. That's more the subscriber's problem, if they want to continue to use your product.
It's easier to create many disposable email addresses than "real" email. To get a new "real" email address, you need to fill a lengthy form (e.g., try it on Gmail.com now) and it's not easy to automate the process. But it takes only one-click to create a new disposable email address. Some disposable email providers also provide APIs, so you can create addresses in batch.
People may exploit paid services by creating many new accounts -
1. Free trials: When trail period ends, create a new account.
2. Services with metered billing: Use the service, then refuse to pay. Then create a new account. Then refuse to pay. Then create a new account...
Of course, (theoretically) if the service provider has enough resources (i.e., money, time, knowledge...), they can always find a better solution than banning all disposable emails.
> It's easier to create many disposable email addresses than "real" email.
The difference between real and disposable is manufactured. A novice could register a domain, sign up for email hosting, and set up a catch all for cheap.
Out of curiosity, what does your service do and how do you know that these users would've paid for the service otherwise? As in with piracy, the argument is that it hurts sales but it's very difficult to determine whether that is really true.
I can't speak for the OP but free trial period abuse is very common.
"Would have paid for the service" vs "Are actively working to use the service without paying for it" are two different things.
I worked for a company that had some free tools on the web, with no published API. Those tools were scraped well above the T&C limitations to be mined by other companies.
We had a "free forever" account that you could use to monitor a single domain. Within the user table there were multiple instances of 20 to 300 (worst case) myaccount+<domain>@mycompanydomain.com trying to abuse the single domain rule without paying for it. In one case, the results were being packaged up to be shown in somebody else's product.
I'm certainly not advocating for spam or selling data (the company I mentioned didn't do this either), but abuse it the more common use case that web businesses deal with. To combat abuse, 90% of the battle is to identify where the abuse is coming from first.
If offering "free forever" causes problems, maybe that's too generous? What if it was only free for a couple of weeks - enough time to evaluate the service but not enough time to use it for commercial purposes?
that's not really how it works. If you create something and unless you license it permissively that product is yours and you get to set the terms and conditions.
If it is now mainstream to basically feel you're entitled on setting the terms for other businesses or stealing their software then nobody needs to complain when any email relay service gets just blacklisted. If people now think it's okay to abuse multiple accounts to avoid paying for software that they use and that costs money to build then nobody needs to be surprised that everything gets an identity verification.
> If you create something and unless you license it permissively that product is yours and you get to set the terms and conditions.
And if you want people to pay for it, you have to offer enough marginal value over not paying for it so that they choose to do so. The concrete, social, and personal moral consequences of violating social norms can provide part of that value by weighing negatively on the “not” side, in the case there is an available but “not permitted” mechanism which gives the benefits without paying. But that doesn't change the basic fact that you have to provide adequate value if you want people to voluntarily pay.
> If people now think it's okay to abuse multiple accounts to avoid paying for software that they use
Then models where you give the full service for free for each account with the limits actually applied that people are exploiting that way probably isn't the right model for that SaaS.
> that's not really how it works. If you create something and unless you license it permissively that product is yours and you get to set the terms and conditions.
It's exactly how it works, if you want to succeed. If you don't offer value that enough people are willing to pay, you still own the product, but it's worthless.
Disposable email domains aren't the issue here. Creating a disposable @gmail account to avoid paying is possible too. Don't use emails to assert user identity. Most companies use credit cards for that. Or make it so that creating another account from scratch is more of a hassle than paying.
Better yet, offer free tiers.
You can only create a small number of gmail accounts, since ever account needs to be linked to a valid phone number. Google actively work to prevent using their platform in this way.
I don't think so. I have numerous old Google accounts with their passwords in my password manager. Not for gmail, but for Google Groups lists, Google+ and various other services that no longer exist. Whenever I log in (in an account container of course) I cannot continue without adding a phone number. Have not found a way to skip the step (well, have not tried for some months now, trying to avoid Google increasingly). None of the accounts has stored any data. I would understand that Google would block people from misusing them as free cloud storage.
Where could I get disposable phone numbers from at a reasonable cost? So that I can receive just the first SMS. These are not valuable accounts, I don't need password reset years later.
As someone signing up for the service, it's far easier for me to deal with unwanted email after signup than recurring credit card charges. I don't sign up for anything that requires credit card for free trial.
People don't like giving their credit cards for free trials, mostly because of services that have abused this by automatically charging for a paid subscription if you don't cancel your free trial.
From the prospective subscriber’s perspective, that’s your problem to worry about — not theirs.
> We don’t sell any data.
How should users know that? It’s also not just a matter of selling data — almost all companies will spam your email address, even if you check the box asking them not to.