The article says he's tracking when recipients open emails and click links. So for every email one of his users sends there's some potential network traffic and data to be stored. He was probably able to offer the service for free originally because those features weren't added until after the subscription service launched. His AWS bill before adding those features was probably a few hundred dollars per month at the most. He also mentioned he is financially secure from selling a previous spam tool he created, so he could afford to run it for free for a while.
I am sorry if this sounds dense: But if you are sending the emails from server side, how are you getting to the user credentials / gmail login 2 step verifications etc.?
I am assuming you mean you send from the client UI but the extension talks to your server for scheduling the future sends etc. in which case you shouldn't have that much network bandwidth.
The user logs into his Gmail account on his own and uses the GMass extension, which operates within the Gmail UI, to create/schedule campaigns. On the back-end, GMass connects to the user's account over standard Google OAuth 2 to then send the emails.
