Using an API to build a $1,500/month side business in 4 months

Please don&#x27;t continue to run this.<p>What you are doing is effectively recreating the VRFY command that nearly every major mail hosting service has removed for privacy and abuse reasons. You are opening yourself up to a <i>huge</i> liability, since spammers will quickly use stolen credit cards to crosscheck their lists against your API.<p>This will cause you to have processing issues from Stripe. This will cause you to have a <i>huge</i> backlash from hosting providers as you desperately try to make sure that your cached address is still valid. (Let&#x27;s fire off 1000 calls to some random Postfix server, WCGW?) This will cause you to produce false results for domains that run catch-all addresses but don&#x27;t advertise mailboxes. This will cause you to unwittingly become an effective tool in a spammer&#x27;s repertoire.<p>Look, sticking a cache in front of the RCPT TO command is all well and good, but that functionality should be up to the owner of the mail server that you&#x27;re bombarding, and not up to some third party. You are putting the onus of &quot;hey, just contact us if you don&#x27;t want us to hit your mail server&quot; on <i>every</i> <i>single</i> <i>mail</i> <i>server</i> <i>admin</i>. This is not okay. SMTP servers aren&#x27;t nearly as robust, and cannot handle a quickly-spiraling-out-of-control web service hitting them.

<a href="https:&#x2F;&#x2F;www.gpo.gov&#x2F;fdsys&#x2F;pkg&#x2F;PLAW-108publ187&#x2F;html&#x2F;PLAW-108publ187.htm" rel="nofollow">https:&#x2F;&#x2F;www.gpo.gov&#x2F;fdsys&#x2F;pkg&#x2F;PLAW-108publ187&#x2F;html&#x2F;PLAW-108p...</a><p>(1) Address harvesting and dictionary attacks (A) In general It is unlawful for any person to initiate the transmission, to a protected computer, of a commercial electronic mail message that is unlawful under subsection (a), or to assist in the origination of such message through the provision or selection of addresses to which the message will be transmitted, if such person had actual knowledge, or knowledge fairly implied on the basis of objective circumstances, that— (i) the electronic mail address of the recipient was obtained using an automated means from an Internet website or proprietary online service operated by another person, and such website or online service included, at the time the address was obtained, a notice stating that the operator of such website or online service will not give, sell, or otherwise transfer addresses maintained by such website or online service to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages; or (ii) the electronic mail address of the recipient was obtained using an automated means that generates possible electronic mail addresses by combining names, letters, or numbers into numerous permutations.

I&#x27;m not sure why there is so much negativity in these comments. LeadGenius is nothing more than a well-financed spam enabler that charges more, and yet they are celebrated in the Valley and have been handed $18 million in funding. The only difference is that they aren&#x27;t as up-front about how the data they sell is derived.

I would be very cautious using Anymailfinder.com to generate email lists -- based on this copy on anymailfinder.com:<p><i>Anymail finder uses many approaches to find emails—it searches billions of web pages and performs direct server validation.</i><p>The original SMTP spec allows for email address validation, and there are tricks like opening an SMTP connection to a mail server and dropping it half way if the address is verified -- but these are the same &quot;tricks&quot; that spammers use, so many mail servers disable or report false positives. There&#x27;s a reason why most lead services have a high price: they have actually verified an email address.<p>Next, sending cold emails to business is OK (sometimes annoying but legally ok), but the copy on makesmail.com has a broken link (1) and doesn&#x27;t clearly describe how to cold email and be legally compliant. From the horses mouth: <a href="https:&#x2F;&#x2F;www.ftc.gov&#x2F;tips-advice&#x2F;business-center&#x2F;guidance&#x2F;can-spam-act-compliance-guide-business" rel="nofollow">https:&#x2F;&#x2F;www.ftc.gov&#x2F;tips-advice&#x2F;business-center&#x2F;guidance&#x2F;can...</a><p>Regardless, congratulations on building up to $1,500 MRR, that is a milestone most side projects never reach!

Don&#x27;t use this if you do business in Canada. Under CASL you could face fines of up to $10M per violation: <a href="http:&#x2F;&#x2F;www.zorbloglaw.com&#x2F;2014&#x2F;07&#x2F;is-that-email-worth-10-million&#x2F;" rel="nofollow">http:&#x2F;&#x2F;www.zorbloglaw.com&#x2F;2014&#x2F;07&#x2F;is-that-email-worth-10-mil...</a><p>Compu-Finder got a $1.1M fine: <a href="http:&#x2F;&#x2F;news.gc.ca&#x2F;web&#x2F;article-en.do?nid=944159" rel="nofollow">http:&#x2F;&#x2F;news.gc.ca&#x2F;web&#x2F;article-en.do?nid=944159</a>

Just because you wrote about it on Medium, and used words like &quot;biz dev&quot;, doesn&#x27;t mean you&#x27;re not a spammer.<p>Seriously, if you&#x27;re not swayed by the ethical considerations and all the other commenters here pointing out how scummy and immoral your business is, at least consider the liability questions. You&#x27;re in pretty flagrant violation of the CAN SPAM Act and could be looking at very large fines.<p>Turn it off.

I both understand the demand for this and dislike it. But, assuming ethical questions stand aside, I do have some pricing reactions:<p>This should be a monthly service, full stop. You mention users use it once, and then not for a while. That is the best possible scenario for a recurring revenue business. You should stop offering one-off purchases immediately if you want to see revenue grow.<p>I can think off the top of my head of a few &#x27;ongoing&#x27; value adds you could do; in particular, you could remember emails you couldn&#x27;t find, and if you do find them notify the user. There are probably more things you could imagine if you were closer to the business.<p>This would also let you charge spammers a lot, or preferably just keep them out and stay more moral by just capping the monthly requests at something reasonable for a human, not a spammer.

If you need to verify an email address, it&#x27;s very likely you did not obtain it via an opt-in... a la Spammers... or people purchasing bulk mailing lists. Both are illegal.<p>It&#x27;s difficult to imagine how anyone using this service is not violating the CAN-SPAM Act[1].<p><pre><code> Despite its name, the CAN-SPAM Act doesn’t apply just to bulk email. It covers all commercial messages, which the law defines as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service,” including email that promotes content on commercial websites. The law makes no exception for business-to-business email. That means all email – for example, a message to former customers announcing a new product line – must comply with the law. </code></pre> In short, any unsolicited email sent with the intention to promote commercial interests is a violation of CAN-SPAM, and can carry heft fines.<p>Effectively, this service is a facilitating violation of the law.<p>Penalties can be up to $16,000 USD per unsolicited email sent.<p>Just ask Papa John&#x27;s how much unsolicited messages can cost you[2].<p>[1] <a href="https:&#x2F;&#x2F;www.ftc.gov&#x2F;tips-advice&#x2F;business-center&#x2F;guidance&#x2F;can-spam-act-compliance-guide-business" rel="nofollow">https:&#x2F;&#x2F;www.ftc.gov&#x2F;tips-advice&#x2F;business-center&#x2F;guidance&#x2F;can...</a><p>[2] <a href="https:&#x2F;&#x2F;topclassactions.com&#x2F;lawsuit-settlements&#x2F;lawsuit-news&#x2F;4146-papa-john-s-agrees-to-16-5m-text-spam-class-action-settlement&#x2F;" rel="nofollow">https:&#x2F;&#x2F;topclassactions.com&#x2F;lawsuit-settlements&#x2F;lawsuit-news...</a>

&gt; It takes a name and domain and checks against the server to see if the email for that person exists.<p>That sounds like SMTP VRFY, which doesn&#x27;t work since it&#x27;s disabled by every competent devops person.

So, you are basically strip mining the common good to generate more spam, and all you get is $1500? How can you sleep at night?

wondering if you disclosed that you were the creator of the service when you made the growthhacks list

&gt; The money part of the plan worked though we’re now both full time on Anymailfinder<p>It&#x27;s no longer a side-business, and $1500&#x2F;mo is not enough to sustain two partners.

Don&#x27;t use this in Europe. Cold emailing is forbidden in lots of countries.<p>If you cold email me with your business&#x2F;sales&#x2F;whatever you make money with it pitch, I report you to your hosting provider and if necessary, to the local authorities.

Tried my name at my Google Apps domain... no results as it&#x27;s apparently &quot;catchall domain&quot;, but a few alternative addresses were provided, several of which I know do not exist.

So spam?

I think this sounds shady. The most interesting part of the article to me was the use of &quot;email&quot; by itself to mean &quot;email address&quot;. This is always so confusing to me, since &quot;email&quot; already is a noun meaning something else.<p>A button saying &quot;Get email&quot; to me would indicate that I would be sent email if I clicked, not that I would be shown the email address of the person the button was associated with, for example.

Time to buy some liability insurance?