It took me a bit of time to find out how it actually works, as the 'How it works' button doesn't actually tell me how it works. I had to click onto the FAQ in order to find out that it integrates with Gmail.
Unfortunately I will never be giving a third-party access to my inbox like that. I was hoping that this service would be something where you can forward a spam email and they visit the unsubscribe link for you, or you simply paste in an unsubscribe link and it handles it all.
Perhaps these suggestions could be added as extra features for those of us who want to unsubscribe without giving away access to our inboxes?
Currently my personal process for unsubscribing is to either put the unsubscribe link into urlscan.io, and if that doesn't work (e.g. if it requires a complex form input), then I forward it to a malware sandbox machine and do it there.
If they don't respect this policy, it's going to get found out eventually, and it's going to hurt their business and their future reputation as founders.
Their incentives are in the right place to behave in the way that they've stated.
Security could be a concern as well, but it's all done within the framework that Google has created. Tokens can be revoked (if one desires, immediately).
Which just leaves the servers being compromised before/during the interaction. This isn't impossible and is something that LeaveMeAlone should definitely be considering. However, A breach potentially means the end of their business. This makes me trust, again, that their incentives are in preventing this from happening and investing in hardening the servers (etc).
The likelihood that some small SaaS shop will be found out for unethical/illegal behavior is much smaller than Google being found out. It does look like their hearts are in the right place, for what it's worth. But there's no way for them to promise never to sell to someone interested in monetizing the data.
I think the only way we can make this promise is by doing what we're doing right now and not actually storing any email content.
I'm not sure the best way to prove that this is what we're doing, short of open sourcing the code, so I'm open to suggestions there!
Of course, it might take a long time for email providers to offer such restricted-API access, if ever. As a stop gap, you could offer an open-source daemon your users could self-host. It would act as a gateway, granting you limited access to their email, without you needing their password or cart-blanche permissions.
More info here: https://cloud.google.com/blog/products/g-suite/elevating-use...
In fact, I love everything about products that use semantic email addresses as the UI. followup.cc is great at this for their email reminder service. If I could forward an email to email@example.com that would be amazing...
[Edit] To the_pwner224's point, you can also create a wildcard and send everything to a catch-all mailbox and/or write rules for it so you can tell a business "firstname.lastname@example.org".
Here are some rules I already have made: https://imgur.com/a/L90sQJD
I generate incrementing numbered emails to continue using Glassdoor after they block you for not giving info, thus the glob pattern.
For job seeking, I give employers the email 'email@example.com.' I suppose it does sound a bit weird, but if anyone gets spammy, I can add a rule to delete any messages with firstname.lastname@example.org and subject contains company name, without globally blocking any messages with company name in the subject.
FM specifically is based in Australia which you may have issues with, but I've given up trying to maintain privacy vs. big gov - they can see your email regardless of what you use, except maybe ProtonMail.
I also have other custom rules:
filter@[mydomain] goes to a special folder that isn't the inbox, for services whose messages I want to be able to access occasionally, but not most of the time.
spam@[mydomain] goes straight to spam.
I just went through my spam folder and found a bunch of spam (automatically filtered) to my "real" email address. That was surprising until I remembered that my email address is published on my website. I suppose my efforts were somewhat in vain.
Email is not an API. Never give a third-party service read-write access to your email.
The immoral actions of our competitors is one of the reasons why we started Leave Me Alone and we want to remain a privacy first service.
In fact we actually don't store any email content (only encrypted sender/receiver info), so we can't sell it to third parties, even if we wanted to.
A suggestion. A proxy service might work here, where I use your service and you give me a email@example.com, I use that firstname.lastname@example.org email to sign up to lists, then you forward email to my inbox, then I never give you access to anything. Then this will work with any email provider and you can access way more customers.
Regarding the unsubscribe within Gmail, I can't vouch for exactly how that button works, but there are three methods that are possible.
1. Subscription services can specify in the email headers that they have "one-click" unsub functionality. In which case following the link should unsubscribe you.
2. They can also specify an email address, and sending an email to should unsubscribe you (you can check this by clicking the button and then checking your sent emails).
3. They can also just specify a regular unsub link. This usually requires you to input additional info such as your email address, or a reason for unsubscribing. I don't think that Gmail will be unsubscribing you from these, and they are probably the most frequent.
Leave Me Alone will try all of these methods to unsubscribe you, including filling out any forms if required.
It will also show you all of your subscription emails in one place, which I don't think is possible from within Gmail.
The Mail app on iOS also offers this. Not sure how it works, but it seems to have a high success rate in my experience.
I have lots of labels for each service that I use. They all include unicode symbol character, to visually separate it from untagged mails. For example " DHL", " UPS", " fitbit", "︎ Uber", "︎ Austrian Airlines", " O2" and others.
The logic is all e-mails coming from the specified domain e.g. dhl.com goes to the DHL label. Then another filter that takes email@example.com which goes to newsletters and skips the inbox. This way I was able to handle the e-mail clutter and not rely on 3rd party service that I might be afraid will reduce my privacy concerns.
P.S. Ha. Bummer HN trimmed my unicode symbols anyway here is a screenshot : https://imgur.com/fpX8OLH
It's also an open startup so you can look at all the actionable metrics at https://leavemealone.xyz/open
a) not mishandling data
b) not breaching Google's privacy policies
c) securing data appropriately
There is a grace period for existing apps, but we have to undergo this assessment soon if we want to be allowed to keep running.
I did have the problem that the six month scan just hung up at 29%. Went to account info for scan history, and when I went back to the scan page it was back to asking me for 8$ - despite never having finished the scan. So, as it stands, are the paid-for results only available in a single session? Lost if you navigate elsewhere on the same site? (Accessing from iOS)
Only thing I would have appreciated is some way to easily distinguish between subscriptions-spam (eg, newsletters) and spam from places I need occasional communications from (eg, receipts from wayfair purchases.) I’m not sure what that would look like though - maybe a tag-and-archive for the latter?
This will hopefully give you a metric with which you can decide if something is important or not.
Ideally I’d prefer an app that analyzes this locally and does it. Apple’s Mail.app shows unsubscribe links at the top of emails sent through lists. I haven’t used it for the reason mentioned above.
The pricing for this service seems decent enough for certain cases since it’s more of a one time use case, but some sort of combo pricing for multiple inboxes could serve those who use multiple email addresses.
Edit: jamieweb’s comment here (https://news.ycombinator.com/item?id=19038588) here states that it supports only Gmail. Since Gmail already has unsubscription options in each email, this one seems to be doing the consolidated view and taking additional steps by sending an email. Doesn’t seem like a lot of differentiation and value add, which is something that needs to be explained on the front page.
A bigger problem for me is services that I have already unsubscribed from but the company doesn't honor my request. I'm still on some of their lists years later which infuriates me.
They're in breach of the CAN-SPAM act and should be punished appropriately.
I realize that if someone hasn't emailed you in the last 6 months, they're not really an active concern. But customers aren't thinking that deeply when they go to purchase — they're just looking at the time periods and dollar amounts and weighing the options.
1. Like you mention, if you don't receive a subscription in the last 6 months, it's probably not something you're bothered about.
2. Scanning some users inboxes is very bandwidth intensive, and time consuming (some people never delete an email). We experimented with 1 year scans and some users just give up waiting. We could probably improve the process, however due to point 1, we think 6 months is probably adequate.
We don't exclude the spam folder.