
Using an API to build a $1,500/month side business in 4 months - kullar
https://medium.com/anymail-finder-blog/using-an-api-to-build-a-1-500-month-business-in-4-months-6573350291f#.nwywqjb6z
======
mark242
Please don't continue to run this.

What you are doing is effectively recreating the VRFY command that nearly
every major mail hosting service has removed for privacy and abuse reasons.
You are opening yourself up to a _huge_ liability, since spammers will quickly
use stolen credit cards to crosscheck their lists against your API.

This will cause you to have processing issues from Stripe. This will cause you
to have a _huge_ backlash from hosting providers as you desperately try to
make sure that your cached address is still valid. (Let's fire off 1000 calls
to some random Postfix server, WCGW?) This will cause you to produce false
results for domains that run catch-all addresses but don't advertise
mailboxes. This will cause you to unwittingly become an effective tool in a
spammer's repertoire.

Look, sticking a cache in front of the RCPT TO command is all well and good,
but that functionality should be up to the owner of the mail server that
you're bombarding, and not up to some third party. You are putting the onus of
"hey, just contact us if you don't want us to hit your mail server" on _every_
_single_ _mail_ _server_ _admin_. This is not okay. SMTP servers aren't nearly
as robust, and cannot handle a quickly-spiraling-out-of-control web service
hitting them.

~~~
toomuchtodo
"To avoid gaining a bad IP reputation, we make requests from a large number of
servers, any of which will be turned off it our system detects its IP is
temporarily graylisted by some larger email server.

In the unlikely event that all our servers are graylisted at the same time,
the API might be down. Within a few minutes, our automated system will create
new servers elsewhere."

I just threw up a bit in my mouth. I guess the weekend project is to spin up
an automated abuse reporting service for requests made from Anymail's virtual
machine farm. I'm sure AWS would be pleased to hear they're running command
and control for a botnet.

Do not abuse the commons for profit.

------
joshka
[https://www.gpo.gov/fdsys/pkg/PLAW-108publ187/html/PLAW-108p...](https://www.gpo.gov/fdsys/pkg/PLAW-108publ187/html/PLAW-108publ187.htm)

(1) Address harvesting and dictionary attacks (A) In general It is unlawful
for any person to initiate the transmission, to a protected computer, of a
commercial electronic mail message that is unlawful under subsection (a), or
to assist in the origination of such message through the provision or
selection of addresses to which the message will be transmitted, if such
person had actual knowledge, or knowledge fairly implied on the basis of
objective circumstances, that— (i) the electronic mail address of the
recipient was obtained using an automated means from an Internet website or
proprietary online service operated by another person, and such website or
online service included, at the time the address was obtained, a notice
stating that the operator of such website or online service will not give,
sell, or otherwise transfer addresses maintained by such website or online
service to any other party for the purposes of initiating, or enabling others
to initiate, electronic mail messages; or (ii) the electronic mail address of
the recipient was obtained using an automated means that generates possible
electronic mail addresses by combining names, letters, or numbers into
numerous permutations.

------
downandout
I'm not sure why there is so much negativity in these comments. LeadGenius is
nothing more than a well-financed spam enabler that charges more, and yet they
are celebrated in the Valley and have been handed $18 million in funding. The
only difference is that they aren't as up-front about how the data they sell
is derived.

~~~
aantix
While I agree that it probably does enable a certain portion of spammers, cold
outreach is a necessary component to growing a company. There is nothing more
effective than a well directed email stating that 1) you can solve one of
their problems and 2) are you willing to purchase it today?

Skip your blog posts. Skip your viral marketing videos. Skip your media blitz.
Find your customers. Find their emails (yes, using services like LeadGenius)
and just simply ask them.

What would be the alternative?

~~~
downandout
I agree that one man's spam can be another man's valuable service offering.
But generally sending unsolicited email to people at work is considered spam.

The alternatives are numerous. Adwords, Facebook advertising, LinkedIn ads,
running ad campaigns on targeted websites, etc. I saw one a story about one
guy that was acutally able to specifically target a single person at a
specific company he wanted using LinkedIn ads [1].

[1] [http://thehustle.co/the-linkedin-hack-that-made-
me-120000](http://thehustle.co/the-linkedin-hack-that-made-me-120000)

~~~
the_watcher
All those ad channels are substantially more expensive in almost all SaaS
cases. Sending an unsolicited email is not spam. Sending mass numbers of
automated unsolicited emails is spam. LeadGenius and the like simply provide
email addresses.

I run large scale advertising campaigns. I wish that it was cheaper than
hiring an SDR to cold email. It simply isn't. In the very early days,
advertising is so expensive that it makes almost no sense to prefer it over
cold emails. Cold emailing simply works, as much as it might irritate you

~~~
jwatte
I get dozens of unsolicited sales emails every day. Just answering "thanks but
no thanks, and please take me of your mailing and prospect lists" takes time
out of my day. It had a real cost.

I have to answer, because the sales people will keep mailing every week
otherwise, and marking as spam reduces the quality of the spam filter rules.

I'm the kind of person who will use inbound information if I'm actually
looking to solve a problem, and I will resent your wasting my time if you go
outbound at me. You literally end up on a "prefer not to do business with"
list, hurting yourself.

Meanwhile, enough people apparently can't research their own problems enough,
that cold marketing works. I just can't really understand why that is.

------
mrmch
I would be very cautious using Anymailfinder.com to generate email lists --
based on this copy on anymailfinder.com:

 _Anymail finder uses many approaches to find emails—it searches billions of
web pages and performs direct server validation._

The original SMTP spec allows for email address validation, and there are
tricks like opening an SMTP connection to a mail server and dropping it half
way if the address is verified -- but these are the same "tricks" that
spammers use, so many mail servers disable or report false positives. There's
a reason why most lead services have a high price: they have actually verified
an email address.

Next, sending cold emails to business is OK (sometimes annoying but legally
ok), but the copy on makesmail.com has a broken link (1) and doesn't clearly
describe how to cold email and be legally compliant. From the horses mouth:
[https://www.ftc.gov/tips-advice/business-
center/guidance/can...](https://www.ftc.gov/tips-advice/business-
center/guidance/can-spam-act-compliance-guide-business)

Regardless, congratulations on building up to $1,500 MRR, that is a milestone
most side projects never reach!

~~~
mpeg
The thing is no one respects the CAN-SPAM act in high touch b2b sales, and no
one cares about it.

Most people that are getting email addresses in this way are using it as a
cheaper and more effective alternative to LinkedIn inmail, cold emails and
cold calls are a great way to sell and if you do it right the recipient of the
comms doesn't even care that you harvested their details.

Doing it right means the message is very targeted, and most of the time you
have people or companies in common with the person you're reaching out to.

------
biot
Don't use this if you do business in Canada. Under CASL you could face fines
of up to $10M per violation: [http://www.zorbloglaw.com/2014/07/is-that-email-
worth-10-mil...](http://www.zorbloglaw.com/2014/07/is-that-email-
worth-10-million/)

Compu-Finder got a $1.1M fine: [http://news.gc.ca/web/article-
en.do?nid=944159](http://news.gc.ca/web/article-en.do?nid=944159)

------
Analemma_
Just because you wrote about it on Medium, and used words like "biz dev",
doesn't mean you're not a spammer.

Seriously, if you're not swayed by the ethical considerations and all the
other commenters here pointing out how scummy and immoral your business is, at
least consider the liability questions. You're in pretty flagrant violation of
the CAN SPAM Act and could be looking at very large fines.

Turn it off.

------
vessenes
I both understand the demand for this and dislike it. But, assuming ethical
questions stand aside, I do have some pricing reactions:

This should be a monthly service, full stop. You mention users use it once,
and then not for a while. That is the best possible scenario for a recurring
revenue business. You should stop offering one-off purchases immediately if
you want to see revenue grow.

I can think off the top of my head of a few 'ongoing' value adds you could do;
in particular, you could remember emails you couldn't find, and if you do find
them notify the user. There are probably more things you could imagine if you
were closer to the business.

This would also let you charge spammers a lot, or preferably just keep them
out and stay more moral by just capping the monthly requests at something
reasonable for a human, not a spammer.

~~~
mark242
"This would also let you charge spammers a lot" should be rewritten to "This
would also let you charge unwitting victims of credit card theft a lot, and
get a ton of chargebacks".

~~~
Spivak
That seems to be true of any business that accepts credit cards.

------
Alupis
If you need to verify an email address, it's very likely you did not obtain it
via an opt-in... a la Spammers... or people purchasing bulk mailing lists.
Both are illegal.

It's difficult to imagine how anyone using this service is not violating the
CAN-SPAM Act[1].

    
    
        Despite its name, the CAN-SPAM Act doesn’t apply just to bulk email. 
        It covers all commercial messages, which the law defines as “any electronic 
        mail message the primary purpose of which is the commercial advertisement 
        or promotion of a commercial product or service,” including email that 
        promotes content on commercial websites. The law makes no exception for 
        business-to-business email. That means all email – for example, a message 
        to former customers announcing a new product line – must comply with the law.
    

In short, any unsolicited email sent with the intention to promote commercial
interests is a violation of CAN-SPAM, and can carry heft fines.

Effectively, this service is a facilitating violation of the law.

Penalties can be up to $16,000 USD per unsolicited email sent.

Just ask Papa John's how much unsolicited messages can cost you[2].

[1] [https://www.ftc.gov/tips-advice/business-
center/guidance/can...](https://www.ftc.gov/tips-advice/business-
center/guidance/can-spam-act-compliance-guide-business)

[2] [https://topclassactions.com/lawsuit-settlements/lawsuit-
news...](https://topclassactions.com/lawsuit-settlements/lawsuit-
news/4146-papa-john-s-agrees-to-16-5m-text-spam-class-action-settlement/)

~~~
the_watcher
Papa John's didn't violate CAN-SPAM. And there has never been a case (that
I've seen, and I follow this stuff pretty closely because I really dislike
receiving newsletters, personally) prosecuting anyone for sending a cold sales
email.

~~~
Alupis
> Papa John's didn't violate CAN-SPAM

Ya, they sent text messages, so they skirted that issue, but the CAN-SPAM Act
fines are very real - and the point I was making is that Papa Johns
essentially had to pay out through the nose for sending unsolicited messages.

> And there has never been a case (that I've seen, and I follow this stuff
> pretty closely because I really dislike receiving newsletters, personally)
> prosecuting anyone for sending a cold sales email.

People get fined all the time. Just because the likelihood of not being fined
is pretty good, doesn't mean they aren't violating CAN-SPAM. Most people just
mark the email as spam and move on - people have to report it to the FCC for
them to get fined.

------
nailer
> It takes a name and domain and checks against the server to see if the email
> for that person exists.

That sounds like SMTP VRFY, which doesn't work since it's disabled by every
competent devops person.

------
jwatte
So, you are basically strip mining the common good to generate more spam, and
all you get is $1500? How can you sleep at night?

------
kevinwang
wondering if you disclosed that you were the creator of the service when you
made the growthhacks list

~~~
JoblessWonder
Doesn't look like it. He seems to make no mention of his relationship to
Anymailfinder or Makesmail in any of his posts. [3] It also looks like he is
working closely with "Clavain Skade" or that is a sock puppet since they seem
to publish everything for them to repost.

[1] (My favorite) [https://growthhackers.com/slides/30-brilliant-growth-hack-
ca...](https://growthhackers.com/slides/30-brilliant-growth-hack-cards-great-
new-stuff#comment-37533) [2]
[https://medium.com/@clavain](https://medium.com/@clavain) [3]
[https://growthhackers.com/members/kullar/posts](https://growthhackers.com/members/kullar/posts)

~~~
chinathrow
What can you really expect from someone providing this service and also
favours excessive growth hacking by saying "Oh lock, Airbnb did it too!!"

 _shakes head_

------
rabidrat
> The money part of the plan worked though we’re now both full time on
> Anymailfinder

It's no longer a side-business, and $1500/mo is not enough to sustain two
partners.

~~~
slig
The side-business making $1500/mo is the other venture that he started himself
using the Anymailfinder API.

 _Then_ , he partnered up with the guy from Anymailfinder.

------
chinathrow
Don't use this in Europe. Cold emailing is forbidden in lots of countries.

If you cold email me with your business/sales/whatever you make money with it
pitch, I report you to your hosting provider and if necessary, to the local
authorities.

~~~
the_watcher
How do they define cold email? If someone you know gives me your email
address, and I don't tell you how I got it, is that illegal? Can you only
email people who have actively given you an email address? This seems very
unlikely, and extremely hard to enforce.

~~~
chinathrow
You even need consent and proof of it. Cold email can't have that consent...

[http://www.selligent.com/blog/inspiration/think-
differently-...](http://www.selligent.com/blog/inspiration/think-differently-
when-emailing-germany-switzerland-and-austria)

~~~
the_watcher
This is for email marketing, not cold emails. Email marketing refers to using
automated systems to send emails to a list. A cold email is a human sending an
email individually. They might use a template or software to aid in creation,
but each email is sent to an individual separately. You might think that this
sounds identical, but it isn't.

~~~
the_watcher
It is true, no matter how many times you claim that it isn't. Can you name one
single salesperson who has ever been prosecuted for this? Active consent is
required for email marketing in the US too. It's not required for me to send a
cold email to someone whose email address I acquired (or could guess).

------
danpalmer
Tried my name at my Google Apps domain... no results as it's apparently
"catchall domain", but a few alternative addresses were provided, several of
which I know do not exist.

------
paulcole
So spam?

~~~
Spivak
Marketing!

I really wish the marketing cycle was reversed, where I post what I'm looking
for and businesses respond with offers, because when I'm looking to buy
something I would love to be shown options and offered discounts.

------
unwind
I think this sounds shady. The most interesting part of the article to me was
the use of "email" by itself to mean "email address". This is always so
confusing to me, since "email" already is a noun meaning something else.

A button saying "Get email" to me would indicate that I would be sent email if
I clicked, not that I would be shown the email address of the person the
button was associated with, for example.

~~~
the_watcher
It's pretty clear in context what it means. Also, email has become a noun that
also means exactly what it's intended to here (hence it being commonplace for
someone to ask for another person's email and omit "address"). There are
numerous words that are nouns with multiple meanings.

------
dboreham
Time to buy some liability insurance?

