SpamLabs was one of my other "attempts" at bootstrapping a tech startup, and it failed hard. So hard that in the span of a month, I pivoted, I invalidated, I got valuable (negative) feedback and ultimately I killed it.

And I enjoyed every part of it. You’ll understand why just in a moment.

The initial idea

I was eager to start a new thing, and with my background in cybersecurity from the years I worked at BitDefender, I told myself that it is a good chance to get into that space with something simple: email validation.

Even though it sounds probably simple, it wasn’t. The idea here was to offer an API for other businesses to use to validate if an email address is valid or not, based on certain information I would gather from the internet. Things like the email hosting service, the DNS records, the owner of the IPs that serve the emails, the owner of the domains, etc. And also have a list of the domains of the popular “disposable email” services  that will be maintained and expanded over time.

Tried to validate it, I looked at possible competition (I found like 1-2 such companies, but they would offer this thing as a feature, not as the main product), and this was actually a red flag: no competition for something like this means that the market is really small, and there might not be enough actual demand to get to the actual customers.

I posted about it in certain communities, sent a few cold emails to try to see what businesses do about fake emails or fake users, and most of them fell into two categories.

1. I don’t need it, my problem is not big enough to hurt me and is completely manageable with plain old email link validation.
2. I don’t see a need of this API, but I just wish random freelancers and agencies spam me about all kinds of unsolicited services, trying to sell me SEO and Wordpress websites.

So I saw a pivot opportunity in the 2nd category, given that there seemed to be a problem worthy enough to get mentioned to a stranger offering a lame email validation service.

The pivot

So the issue at hand was this: email unsolicited cold emailing. How can I fight it?

The first idea was to reuse the email validation, but that fell flat because this kind of emails are actually sent by real people from real emails. And most of them, are sent by companies (which completely completely invalidated my “state of the art” email validation algorithm that had a rule that basically said “if it is a company owned email, then whitelist it”.

Then I tried to figure out the markets for this kind of solution. Back to validation square one, while I fiddled a bit with the proof of concept on the side, to figure out the pricing and success rate of the solution.

I made a list of possible domains where this spam issue was prevalent and there might have been people looking for a solution:

• Shopify store owners, because I found that the shop owners are getting hammered with such unsolicited emails, because the email is public and they are running a business that is a prime candidate for SEO and web design agencies.

  • I got a few responses saying that the problem isn’t as prevalent as I though. They were getting like maximum 10 such emails per day, which was handled with a time investment of a minute per day. Not much of a painkiller, barely a vitamin (if you know the saying from the startup world: make a painkiller, not a vitamin)

• Discord servers: I contacted a few server admins, and I got an interesting insight here: the problem wasn’t the spam from the channels, there are some bots that detect that and auto-ban users, and they also told me Discord got pretty good at this too. But the problem here was the fact that there was a lot of spam going on in the DMs of the people joining their servers, a kind of spam that it’s hard for a Discord app to fight from the outside (because it doesn’t have access to the DMs of a person, and if you ask for that kind of access, each user has to authorize your app to access that, which is pretty intrusive).

• Slack: didn’t really pursue this because there are not many public communities, it is more of a business oriented app for their employees. Not a place where unsolicited messages from strangers go through.

• Plain old email users of small businesses: here I found the same situation like the Shopify store owners: a maximum of 10 such emails per day, not really worthy of a monthly payment of even a few dollars.

In the meantime, while I was waiting for the responses, I was doing the proof of concept on the side. I used ChatGPT to analyze the message content to figure out if it is a spammy one or not.

The results were kind of bad at first, because for some, the intention was pretty unclear. And then another thing that took me by surprise was that the responses it gave were all over the place and not consistent at all.

For the same email, for different calls, I got either positive results, either negative.  And it was somewhat random.

I tried an “heuristic” approach, where I would call it multiple times, and pick up the majority answers (for example, if I get 5 yeses and 3 nos, then I the final verdict would be a “yes”).

This worked well to some degree, but it had two major flaws:

• the cost was high. I would have needed to run this 5+ times for each email, which was ballooning the cost with ChatGPT quite a lot. Of an initial estimation of ~200 analyzed emails per month, I would end up spending ~15 USD. This means that the cheapest plan, that would include 200 analyzed emails would need to cost at least 20 USD per month, which is pretty pricey for this kind of thing. I could do fewer requests, but if I did less than 5, then the results become way too unclear and the confidence in the results would be way lower.
• there were a few cases that were false positives, such as Steam’s “this game you wishlisted is on sale” or normal talking over email about any kind of payment. I found no way to bypass this, except whitelisting email types, which is not scalable at all and it could potentially flag as spam and remove a lot of legit business email talk (where money and budgets are a pretty common term).

Conclusion

So in conclusion, I killed the idea of SpamLabs, as being unfeasible and I wasn’t able to find any kind if positive validation. I think I talked with ~100 people about it, and I didn’t get even one “Hell yeah sign me up”. The overall feel was “meh“ about the problem space and the solution. Which, in my opinion is the worst kind of reaction, because it’s not even a domain that make people care about it.

Why I enjoyed it so much: probably because with this project I managed to go the “right” way about it, before spending too much time writing code like I did with previous projects. In total I think I wrote under 100 lines of code for the proof of concept, and instead I spent my energy and effort into validation.

And I’m glad I did it this way, because I enjoyed exploring this problem space and talking to people about their problems more than I would have enjoyed getting down and dirty in the code for 6 months straight and abandoning the project in the end when no users would even try it.

If you liked this article, consider subscribing to The Tech Bubble, when I document my journey and thoughts about the tech startup world.

And why not, even a share for other to read :)