I’m the founder of a small bootstrapped SAAS and people use disposable email addresses all the time to avoid paying for our product.
We don’t sell any data.
> people use disposable email addresses all the time to avoid paying for our product.
From the prospective subscriber’s perspective, that’s your problem to worry about — not theirs.
> We don’t sell any data.
How should users know that? It’s also not just a matter of selling data — almost all companies will spam your email address, even if you check the box asking them not to.
… which makes it the prospective subscriber’s problem, pushing nearly all risk onto them, and requiring them to trust that the service won’t spam them or sell their e-mail address.
Depends hugely on the SAAS and it's current and desired customer base.
But some obvious candidates are
1) discontinue free trials.
2) provide enough obvious value to convert the current funnel of free trials into paying customers at a high enough rate that you don't care about the "freeloaders"
3) radically differentiate the support available on free trial accounts.
In the long run, and dev effort/time spend integrating email domain blacklists is just time taken away from building features that add value to the service/company. It's only possible that spending that time adding features will turn the conversion rate up, but its guaranteed that fencing off the top of the funnel will reduce the number of conversions.
Emails don’t guarantee unique users. I’ve seen free tier signups that require a valid credit card or sms verification codes. It depends on the value of the free offering on whether or not putting signup barriers in place is worth it.
I have no idea how they know that. Perhaps they found a reddit or Twitter thread describing how to abuse their platform with anonymous email addresses.
>almost all companies will spam your email address, even if you check the box asking them not to.
I find this very hard to believe. "Spam" has a specific definition; the most important bit of which is that it is unsolicited. Mails landing in your inbox that you'd rather not get, but which are not unsolicited (say, by you signing up for an account and confirming your address), are not spam by definition.
"Almost all companies" would find themselves unable to send email in short order if what they were delivering was spam.
Most email I get from services is unsolicited. While I did sign up for the services I did not solicit every newsletter, marketing email, "notification" and so on.
For 98% percent of services I use I mainly want my email for one thing: a way to reset my password.
Often I need to unsubscribe from each of them individually and then navigate some sort of "notification preferences" interface. Even after that has been done a lot of them seem to default any new newsletter or preference to on instead of deriving the preference from the closest existing option.
Yes you did. When you open a relationship with a company (by signing up to use their services), they are allowed to market to you, send you newsletters, and so forth, until such time as you terminate that relationship.
It isn't spam because you don't want it. If you actually don't want it, then click 'unsubscribe' - and if they continue to bother you afterwards (which, FWIW, I've seen a reputable company do a grand total of once in years), then and only then, is it spam.
Your definition of spam is different than most people's. Yours is closer to the legal definition in the can-spam act, and other laws/regulations. But popular usage of the word doesn't _have_ to conform to your narrower definition.
That conflicting definition is why the people receiving your email marketing get so mad at you. They would rather have not given you their email at all, but they have to, and they don't want emails from you, but they get them anyway. They don't click your link to unsubscribe because they don't think it would work, and probably just make things worse. So they mark your email as spam, send it to their junk folder, and the returns on your email continue declining, and eventually the mail services start blacklisting you.
> I see little historical precedent or common understanding for the HN definition of 'email I'd rather not have in my inbox' equating to 'spam'.
Man, oh, man, you're funny. Even more so as it is apparently unintentional and you're being totally serious.
To the rest of the world, i.e. everyone who isn't a spammer, 'email I'd rather not have in my inbox' is and has always been the exact definition of 'spam'.
This is the subject line of an email in my inbox right now. Sure you could say the sender allows me to opt out but I shouldn't have to opt out. This isn't legally spam but I want to know what you would call this unsolicited, non-transactional commercial email.
» Your Prime Membership: {{first name}} {{last name}}, discover the latest in deals and entertainment included with Prime
>I want to know what you would call this unsolicited, non-transactional commercial email.
Commercial email, differentiated from spam in that you have a commercial relationship with Amazon that you initiated and agreed to (i.e. solicited), and as such, they are allowed to market to you until such time as you ask them to stop.
I can see my opinion on this matter isn't a common one on HN.
..And people who spend a lot of time fighting actual spam, as in, actual unsolicited junk email, who have to deal with false positives from uninformed users who think the 'report spam' button is the appropriate response to them getting an Amazon email they don't like.
In practice, there is little difference between "junk email" which I assume you mean scams/phishing/pills/viagra/etc adverts and that Amazon email. Both take space in your inbox, may send you a notification and require time and brain power to deal with. Whether the latter example may comply with some jurisdiction's definition of "spam" is irrelevant.
The "mark as spam" button gives users the ability to keep their inbox clean and you shouldn't be faulting them for using it.
Not to mention, even if we agree for a minute that the report spam button should only be used for emails that conform to the legal definition of spam, which law should we be following? The US' definition of spam is much more liberal than the EU GDPR's one for example.
Creating an account with a company is not signing up for mailing lists unless there's a choice presented. Yeah, you can hide consent in the ToS that nobody reads, but that's not asking for permission.
It's not a false positive. The filter needs to be tuned to what your users think is spam, that is what spam filters are for. You are not the gatekeeper of what other people are allowed to think is spam.
> you have a commercial relationship with Amazon that you initiated and agreed to (i.e. solicited), and as such, they are allowed to market to you
That's not what that word means. I didn't solicit marketing emails; the only emails I asked for were the bare minimum to open an account and anything needed for orders that I initiated.
you do know, another name for spam is unsolicited commercial email (UCE), right? That is exactly what that crap is, since a) the person didn't want it (unsolicited), b) its relating to commerce, and c) its an email.
Any email I didn’t request or expect as part of a transaction (shipping update email) is spam as far as I’m concerned. I’m not concerned with any other definition other than my own. I will report every unsolicited marketing email as spam to my email provider. If the company that sent it wants to dispute that is between them and the provider. I don’t care what happens after I report and block the address. I don’t care if it takes “up to ten business days” to remove me from the marketing email list. That’s not my problem, I told you now I unsubscribed now and as far as I’m concerned any email I receive after that is spam.
I’m just a lowly user. Reporting it as spam is the only recourse I have.
Thanks to years of abuse of my email address by marketers I am all out of fucks to give.
It's actually very dependent on the country and jurisdiction.
Some EU countries require that you offer a simple and effective option to opt-out when gathering the contact details. Depending on the content, that can be a required to be an opt-in toggle.
It's not enough to offer users a way to unsubscribe once you've already started spamming them, there should be a way to not have the first spammy newsletter/newsletter group.
I'm curious - I see on your profile that you're a DevOps engineer presumably using a lot of online services on a daily basis, so what approach do you use to deal with email that would justify your opinion here?
Do you just let it fill up your inbox and essentially make it unusable as it's saturated with marketing spam? Do you read every single incoming email (if so how do you find time and how do you justify spending that time for this instead of other, more productive/fulfilling endeavors)? Do you have some magical, bulletproof AI that can classify and hide these marketing emails with 100% accuracy? Do you outsource the management of your inbox to someone else and if so how do you justify paying for that?
>so what approach do you use to deal with email that would justify your opinion here?
When I get email I don't want from a company I have an account with, I scroll to the bottom and click 'unsubscribe'. I then don't get anymore of those kinds of emails.
What I absolutely do not do is throw a hissy fit and click 'report spam' (which not fucks up my own bayes classifiers and makes false positives more likely, but sends harmful false reports to antispam orgs).
Seems to work quite well. Certainly well enough that I can't comprehend the level of snark and vitriol received here.
So you're accepting that for every company you sign up for you should expect at least one spam that requires time & attention to deal with (some may require login, etc)? Fair enough but I disagree that this is something we should all be accepting just for the benefit of a minority that happens to work in marketing.
> of those kinds of emails [emphasis mine]
Also keep in mind that scummy companies have caught on to that and now have dozens of different categories of marketing emails and unsubscribing merely unsubscribes you from one of them.
What I "accept" is that getting an email I'd rather not have gotten is not a day-ruining event worth rudely snarking at strangers on the internet for, and the level of entitled rage and piling on generated in response to a calmly stated ask (let's save 'spam' for things that actually meet an objective, commonly-accepted standard used by most groups that actually try to stop it) is ridiculous.
In a way you're perfectly correct: You're only wrong in the tiny detail that you think it's your narrowly legalistic definition that is the objective, commonly-accepted standard one. It isn't. (BTW, how did the fact that nobody else here accepts it not tip you off that it's not commonly-accepted?)
But, sure, say we go with your wishes and, as someone else suggested, call your spam something else than "spam" -- let's go with their suggestion and call it "trash email". Then the category -- or, now, categories -- of stuff that we want to get rid of from our inboxes become, in stead of just "spam", the more cumbersome "spam and trash email".
I'm sure you see the problem that immediately rears its ugly head: Language is lazy. "Spam and trash email" will in daily speech, inevitably, shortly become... "Spam". You may try to resist that, and as a longtime linguistic prescriptivist I extend you my sympathies... (But, psst, spoiler alert: This quixotic struggle is doomed to fail.)
But, anyway, you are of course perfectly free to keep campaigning for your cause. Only, in the name of all that is decent, be honest about it and call it for what it is: You're not defending spam, "only" trash.
Maybe after a while you'll realise why the rest of the world sees no difference in your distinction.
> let's save 'spam' for things that actually meet an objective, commonly-accepted standard used by most groups that actually try to stop it
Your definition is based on what’s legal under the “established business relationship” exemption in the CAN-SPAM act, not any “commonly-accepted objective standard” of what spam is.
Spam fighting existed long before a 2003 US law. RBLs came into being in 1997, Spamhaus in 1998. You'll note precisely none of these organizations (in any country) blacklisting Amazon, or any other company, because they send marketing emails to their existing customers.
> Spam fighting existed long before a 2003 US law.
So then it wasn't originally defined as per your preferred legal wording, now was it?
> RBLs came into being in 1997, Spamhaus in 1998.
And did they coin the expression, or was the concept itself around long before that...? (A: AFAIK, at least a decade earlier.)
> You'll note precisely none of these organizations (in any country) blacklisting Amazon, or any other company, because they send marketing emails to their existing customers.
Ah. So it's not actually the legal definition that is important, but the corporate one. OK, gotcha, that is of course so much better. (Blindingly obvious: /s)
I have had enough experience with unsubscribe on spam that I have to wonder what your figures are for "working well enough". They don't work enough for me. It is also a well-known assumption that using unsubscribe on a bit of spam only confirms that the sender has found a working address and those sell for more on the spammer's email address market.
I also don't understand why "marketers" want to put stuff in my email inbox or anything else I use to receive real communications that I just don't want.
If people dislike receiving that email so much that they report it as spam, it's spam.
Maybe if enough scummy companies have to mess about getting de-blacklisted, they might reevaluate whether their emails serve their customers, themselves, or, more likely, neither the company nor the customer but rather someone in between who is using some artificial metric (maybe "clients reached", "tracking pixels delivered", whatever) to angle for a pay rise.
Nope. In the UK and EU (and probably other places!) you can’t send someone email marketing unless they explicitly opt in (i.e. no pre-ticked boxes either) [1].
Also, it is presicely spam because I don’t want it, whether you have a right or even obligation to send it or not.
> Mails landing in your inbox that you'd rather not get, but which are not unsolicited (say, by you signing up for an account and confirming your address),
This itself is a redefinition of “spam” to exclude the types of spam businesses want to send.
There’s a two-part test I use to define “spam”, which I think is aligned with both the historic definition, and how most users perceive it:
1) An e-mail is a marketing e-mail if, on the balance, the e-mail primarily benefits the sender, not the recipient.
2) A marketing e-mail is spam if the user did not explicitly opt-in to receiving them.
"irrelevant or inappropriate messages sent on the internet to a large number of recipients."
Neither is your absurd definition.
And to be clear, entering a business agreement for a product or service you sell, is not me soliciting anything other than that product. Marketing emails, "product updates", etc are not the product or service I am paying for.
The legal definition of spam arose as a distortion of the preexisting concept lobbied for by spammers to allow as much spam as politically possible while allowing politicians to be seen as “doing something” about the spam problem.
Not only do I have zero reason to trust you when you say that (because every person planning on selling my data ways the same thing).
But I also have zero reason to trust you're skilled or resourced enough to adequately secure my data (or have sufficient motivation to do so).
And I also know that one day you'll likely sell your SAAS, and will have no control over what the people you sell it to will do.
If you've got enough traction that people are willing to jump through minor disposable email address hoops to use your product for longer than the free trial, but not enough traction to convince them to pay for it, I reckon you'd be better off building more features that add value and reconsidering your free trial plan - instead of devoting any dev effort into rejecting disposable emails.
I signed up for a KVM hosting provider. They initially rejected my account because I used a "disposable" email address. Their experience is that use of disposable email addresses is highly correlated to use of their VM instances to send spam or carry out other hostile activities.
That explantion was acceptable to me; if it works for them. I might note that they only send me transactional email (statement of charges for the month) and no marketing.
And that's fair enough but this is just another thing that businesses have to chalk up to as a cost of business because users' privacy is more important than your dollars.
I have sympathy for businesses out to make a buck: they are the reason I get to put food on my table. But on the scale of balance between users' rights and business rights over the last twenty years, it's no contest: business rights reign triumphant.
Recently, I wanted to try a web service but they did not let me register with a disposable email address. Well, I guess I will not try the service then.
I doubt that a meaningful number of users creates new accounts every 7 days just to avoid paying. Setting up a new account is usually enough work that it is not worth it. But if that is the case for your service, here are three things from the top of my head that might even work. If instead you just block disposable email addresses, I might as well look somewhere else.
* Reduce the trial period for users with a disposable email.
* Don't allow data import/export so that creating a new account is more work.
* Reduce cookie lifetime so that a login is needed more often.
Thanks, the first idea is a really good one for our use case. (the other ideas won't work unfortunately)
And yes, it is not a meaningful number of people that do so, but over time this is very ugly and frustrating (as it requires manual intervention) and you block the disposable Email provider they used ...
> but over time this is very ugly and frustrating (as it requires manual intervention) and you block the disposable Email provider they used ...
This seems like an ego issue honestly. Like you feel like you are being taken advantage of. If only a very small numbers of users are doing this then I don't see it worth the dev time to block the email providers they use possibly hurting valid customers. Just leave it alone. I use Relay for services I genuinely pay for but don't want to give out my email address in case of leaks.
> You can still have the trial expire and the credit card isn't ever charged; but you can track people on trials more easily.
I think that someone who doesn't want to give their real email address to try out a service is even less likely to trust an unknown service with their credit card number. There are just too many "free trials" that promise to not charge your credit card and then make you jump all sorts of hurdles (e.g., having to call) to cancel the free trial.
> I think that someone who doesn't want to give their real email address to try out a service is even less likely to trust an unknown service with their credit card number.
I think you'd be surprised. Credit cards are easier to dispose of then email addresses, and they offer greater protection with fraud and billing dispute processes. Some banks even offer virtual cards that let you set limits on duration or amount.
> I think that someone who doesn't want to give their real email address to try out a service is even less likely to trust an unknown service with their credit card number.
And that's OK. The problem as I understand it is that people are signing up with disposable email addresses, using the API key they receive for 7 days, and then signing up again. They are leeches, exploiting the generous free trial.
If they stop signing up, no problem. Other people who sign up with a disposable email address can test within the restrictions, and once they trust the service have a choice to enter card details or not. If they are planning to do business with the service, they're going to have to trust it with card details.
That happens quite frequently to our SaaS where people need free access to a new API key. We try to block multiple registrations but there are people who also invest into proxies to circumvent this protection...
people who want to bypass those restrictions can easily do it. It is trivial to get a bunch of mail addresses to use, even without "disposable mail" providers. People who try to abuse the trial period over and over will do. Blocking the disposable mail providers however also blocks users who are curious, but not yet committed.
I argue that maths is negative for your business and a better approachbis to make it easy tonget started, but show them clear benefit of switching plans. Maybe a cheap entry level plan with a small set of convenience features, not available to the test account.
Just a few idea: Make it useful to have a persistent identity, so you have something to lose if you abandon the account (like a library of games in steam, or a network of friends on facebook). Require a payment method and limit how many free trials can be activated with the same card. Require a phone number since they a harder to get than emails.
I really dislike services that require payment or telephone numbers for verification just to try out a service. And we are unsure if this increases friction for normal users.
If someone wants to use disposable email addresses out of fear of having the service sell or abuse their permanent email address, they will most likely also not be willing to reveal their phone number.
Make the service less useful in the free trial period — for instance a really low cap on API requests per hour/day or limit the user to cresting a very small number of records/items when they aren’t paying.
If making a new email address is all it takes to get free stuff then your trial model is broken. If your service stores data, a time-limited trial with no export option is usually enough. If it's more or less stateless, then you need to limit other things as well. Would you be willing to share what the SAAS is? Outside of content providers (streaming, etc.) I've never really seen any reason to abuse trials.
Besides, the whole idea of a "disposable email blacklist" is ridiculous. Are you going to block Gmail? Gmail addresses take like 1 minute to make. If not, you've already lost the battle, so do us all a favor and stop this blacklist nonsense.
But why would having a "valid" email address help you more getting payment?
At most you may send reminders, but even then, those may end up in a spambox?
Even once you've verified the email, you have not much of a guarantee it will stay verified/working long. That's more the subscriber's problem, if they want to continue to use your product.
It's easier to create many disposable email addresses than "real" email. To get a new "real" email address, you need to fill a lengthy form (e.g., try it on Gmail.com now) and it's not easy to automate the process. But it takes only one-click to create a new disposable email address. Some disposable email providers also provide APIs, so you can create addresses in batch.
People may exploit paid services by creating many new accounts -
1. Free trials: When trail period ends, create a new account.
2. Services with metered billing: Use the service, then refuse to pay. Then create a new account. Then refuse to pay. Then create a new account...
Of course, (theoretically) if the service provider has enough resources (i.e., money, time, knowledge...), they can always find a better solution than banning all disposable emails.
> It's easier to create many disposable email addresses than "real" email.
The difference between real and disposable is manufactured. A novice could register a domain, sign up for email hosting, and set up a catch all for cheap.
Out of curiosity, what does your service do and how do you know that these users would've paid for the service otherwise? As in with piracy, the argument is that it hurts sales but it's very difficult to determine whether that is really true.
I can't speak for the OP but free trial period abuse is very common.
"Would have paid for the service" vs "Are actively working to use the service without paying for it" are two different things.
I worked for a company that had some free tools on the web, with no published API. Those tools were scraped well above the T&C limitations to be mined by other companies.
We had a "free forever" account that you could use to monitor a single domain. Within the user table there were multiple instances of 20 to 300 (worst case) myaccount+<domain>@mycompanydomain.com trying to abuse the single domain rule without paying for it. In one case, the results were being packaged up to be shown in somebody else's product.
I'm certainly not advocating for spam or selling data (the company I mentioned didn't do this either), but abuse it the more common use case that web businesses deal with. To combat abuse, 90% of the battle is to identify where the abuse is coming from first.
If offering "free forever" causes problems, maybe that's too generous? What if it was only free for a couple of weeks - enough time to evaluate the service but not enough time to use it for commercial purposes?
that's not really how it works. If you create something and unless you license it permissively that product is yours and you get to set the terms and conditions.
If it is now mainstream to basically feel you're entitled on setting the terms for other businesses or stealing their software then nobody needs to complain when any email relay service gets just blacklisted. If people now think it's okay to abuse multiple accounts to avoid paying for software that they use and that costs money to build then nobody needs to be surprised that everything gets an identity verification.
> If you create something and unless you license it permissively that product is yours and you get to set the terms and conditions.
And if you want people to pay for it, you have to offer enough marginal value over not paying for it so that they choose to do so. The concrete, social, and personal moral consequences of violating social norms can provide part of that value by weighing negatively on the “not” side, in the case there is an available but “not permitted” mechanism which gives the benefits without paying. But that doesn't change the basic fact that you have to provide adequate value if you want people to voluntarily pay.
> If people now think it's okay to abuse multiple accounts to avoid paying for software that they use
Then models where you give the full service for free for each account with the limits actually applied that people are exploiting that way probably isn't the right model for that SaaS.
> that's not really how it works. If you create something and unless you license it permissively that product is yours and you get to set the terms and conditions.
It's exactly how it works, if you want to succeed. If you don't offer value that enough people are willing to pay, you still own the product, but it's worthless.
Disposable email domains aren't the issue here. Creating a disposable @gmail account to avoid paying is possible too. Don't use emails to assert user identity. Most companies use credit cards for that. Or make it so that creating another account from scratch is more of a hassle than paying.
Better yet, offer free tiers.
You can only create a small number of gmail accounts, since ever account needs to be linked to a valid phone number. Google actively work to prevent using their platform in this way.
I don't think so. I have numerous old Google accounts with their passwords in my password manager. Not for gmail, but for Google Groups lists, Google+ and various other services that no longer exist. Whenever I log in (in an account container of course) I cannot continue without adding a phone number. Have not found a way to skip the step (well, have not tried for some months now, trying to avoid Google increasingly). None of the accounts has stored any data. I would understand that Google would block people from misusing them as free cloud storage.
Where could I get disposable phone numbers from at a reasonable cost? So that I can receive just the first SMS. These are not valuable accounts, I don't need password reset years later.
As someone signing up for the service, it's far easier for me to deal with unwanted email after signup than recurring credit card charges. I don't sign up for anything that requires credit card for free trial.
People don't like giving their credit cards for free trials, mostly because of services that have abused this by automatically charging for a paid subscription if you don't cancel your free trial.
Linux is a nicer development environment, Windows is a nicer desktop environment. I use WSL2 full time for development (python/django, ruby/rails) and it's almost as nice as being on OSX. Almost.
You say that, but what you do like about the desktop environment on Windows more? Of course we don't need a battle of desktops, just curious about what you've tried and didn't like on the Linux side. (I abandoned Windows in 2000, and have hated the limitations Windows desktop I've tried since, up through Windows 10.)
I made this tool to help identify which keywords/terms you're missing when optimizing content for a certain SEO keyword. It scrapes the top Google results for your target keyword and identifies relevant terms that occur in their content. It's a very quick way to research the subject you're covering.
Would love to hear your feedback or ideas on how to make this more useful!
The 'chin' on newer Android phones is pretty thin anyway. And with gesture navigation becoming more common (see the newest Pie version, but plenty of OEMs offered gesture navigation before), starting the gesture from the "chin" (outside the touch area) is a nice convenience. The newer iPhones have that horizontal line at the bottom anyway, so it's not even clear what the cleanest design is.
Yeah I actually don't mind it at all. Just saying there's extra hardware (and R&D) expense in doing it Apple's way, in terms of the production cost of those two phones.
