| ▲ | Show HN: Make senders work to get into your inbox(captchainbox.com) |
| 39 points by felixdoerp 4 hours ago | 61 comments |
| Hi HN :) really excited to share this with you. The one thing AI reliably does is generate noise. Half the tools I see launch are just machines for producing more noise across more channels. And people are starting to see this in the form of emails in their inboxes as spam filters are struggling. There used to be a useful signal in email: the effort a sender put into customizing a message was a rough proxy for how relevant it actually was. AI killed that. Now it's customized slop with the appearance of effort with none of the cost. It is painful that the open internet / open channels have been abused like this. Captchainbox applies the idea of proof-of-work to email. If a sender is willing to do a bit of work to reach you, the message is more likely to be worth your time and the sender more likely to be real. The work is a traditional captcha. You can also set a pay-to-deliver amount if you want more friction. The proceeds of the delivery payment after transaction costs go to the Internet Archive and the EFF. The tool currently works by authing with your Gmail or Outlook and during launch time I make this completely free as a lifetime deal (with optional payment if you wanna support). How it works: Captchainbox builds a whitelist automatically from the metadata of your past correspondence. If you've emailed an individual address, that sender can reach you. If you talk to several people at the same domain, we whitelist the whole domain. If one transactional-looking sender has sent you more than 10 emails, we treat it as a transactional domain and let it through. This whitelist is for you to change whenever you want. It continues to build organically as you converse with more addresses. Incoming mail is checked against that whitelist. Senders already on it land in your inbox as normal. Anyone else gets archived (never deleted) and is sent a challenge. This can be the captcha or the payment link. Once they solve it, their email is pulled out of the archive and put back into your inbox. if you want to see what this looks like from a sender's point of view, send me an email here: doerpfelix15@gmail.com The service only ever reads metadata, never message content. And since nothing is ever deleted, you can't lose a message. There is a legitimate risk / downside: if you sign up to a new service, these emails also land in the archive. Since we do not process the content, a first-time sender who can't solve the challenge (say an automated activation email) will sit in your archive until you spot it. Happy to answer anything! :) |
|
| ▲ | dwedge 4 hours ago | parent | next [-] |
| This mostly assumes that the only one benefiting from the email exchange in the sender. If that's the case, just close your email account. A few years ago I emailed a local freelancer I'd met in person, because I had a client asking for coding (which was more his bag than mine). I got an automated response that he was using something like this, with a link to some third party service to fill out a form and click a captcha if I wanted him to see my email. Why would I? I just told the client sorry, I don't know anyone. |
| |
| ▲ | ryandvm 3 hours ago | parent | next [-] | | I always liked the idea of a micro-deposit that the sender puts up for each email (say $0.001). If the recipient blocks your email and it ends up in their spam folder then you lose your deposit; if they read it then you get your deposit back. The lost deposits would then be used to pay for the infrastructure. | |
| ▲ | felixdoerp 4 hours ago | parent | prev [-] | | valid point. I feel for many people the amount of inbound is just not bearable anymore with ai. Yet these people cannot close their account, either. This is basically an idea to increase the inbound friction for exactly these people. do you have a take on how one could upp the relevancy of emails so that people can actually manage their inbound? Or any other open channel that is getting flooded, for that matter? | | |
| ▲ | loumf 3 hours ago | parent | next [-] | | I get about 10 AI generated spam emails a day that get through my spam filter. It takes about 10 seconds to block and mark as spam. I barely read the first three words of each. | | |
| ▲ | benrutter 3 hours ago | parent | next [-] | | > I get about 10 AI generated spam emails a day that get through my spam filter. Yikes, that's sounds unworkable for a lot of people! Most people in here are techies and use email all the time, but some use cases (say, contractors who are mostly out in jobs) people might only sit down in front of emails properly once a week. 70 emails is a mammoth waste.of resources to have flooding your inbox in that kind of context. | | |
| ▲ | loumf 2 hours ago | parent [-] | | I am saying that 70 emails would be 70 seconds of time, so not a big deal. I can usually tell from the sender that it won’t be real and it takes just a couple of words to prove that. The good thing is that they tend to get to the point quickly, which works in my favor. |
| |
| ▲ | sigmoid10 3 hours ago | parent | prev [-] | | Do you often sign up for new services using your actual email? In gmail, I get spam in my primary mailbox maybe once every few months, usually after I've signed up for something. After marking mails as spam a few times, they are usually sent to the spambox automatically and I have a tidy primary inbox again for a long time. | | |
| ▲ | loumf 2 hours ago | parent | next [-] | | I’m sure the source is LinkedIn ultimately. They reference my job and things from there and pretend to have carefully considered my posts (just LLM generated BS) | |
| ▲ | ghaff 3 hours ago | parent | prev [-] | | Especially if you signed up for something, rather than just unsubscribing marking it as spam is a dickish move given that it has the potential of that mail also being filtered for people wanting to receive it. |
|
| |
| ▲ | Kwpolska 3 hours ago | parent | prev | next [-] | | I haven't received any AI spam. You don't need an LLM to spam people. Good spam filters should be enough to get rid of spam without annoying people who email you. | | |
| ▲ | cwnyth 3 hours ago | parent [-] | | It's not my email that has an unbearable spam issue. I can't take all the incessant phone spam anymore, though. Even setting it to go straight to voicemail, the calls are relentless. They've switched to texts now, too. Miserable lot that serves no purpose in life. |
| |
| ▲ | pjmlp 3 hours ago | parent | prev | next [-] | | Easy, set a filter with only contacts get through, everything else lands on junk. Every now and then update the contacts with key emails that might have been lost. Working quite fine since 2000's. | | |
| ▲ | stvltvs 2 hours ago | parent [-] | | It's hard to say whether you're missing out on legit emails from new senders or old senders with new addresses unless you review your spam folder regularly. | | |
| |
| ▲ | dwedge 3 hours ago | parent | prev [-] | | I also realised a while ago that most emails are just transactional now (password resets, how well did we do the thing you paid us to do?), so I do similar to you without the sender input and it more or less works. Breaks down like this: - Nobody gets into my inbox unless whitelisted address. Instead of fighting spam and blacklisting, I know my inbox is always from someone I want to hear from. - Every other email goes through spam assassin (which is getting worse) and then into a folder called Transactional (and if it makes a mistake, I add to the whitelist) - I have another folder SpamAssassin where I move spam, and it gets pushed back through sa-learn - Finally, I have a cronjob that goes through the email in Transaction and looks for subjects, senders, sending domains or to addresses that have a) been received at least 5 times and b) are only in the spam folder. So kind of the same idea as you. But I think I'd feel really pretentious using this system and assume that quite a lot of people just rolled their eyes and ignored the rejection. | | |
| ▲ | felixdoerp 3 hours ago | parent [-] | | this sounds really similar to how the tool works and processes emails, too. Would you feel this would be more helpful if the tool just silently manages the emails and does not send any replies to the original sender then? | | |
| ▲ | antasvara 2 hours ago | parent | next [-] | | The paradox is that the person most likely to do extra work is the person you want to hear from least. If someone felt the need to pay (for example) $5,000 to talk to me, it's probably because they don't feel they have a chance of getting my attention otherwise. I'd also never pay someone 5 grand if I'm the one offering them something. A Captcha isn't 5 grand, but I think the same principle applies. If I'm putting a request for proposal to 10 vendors, I'll probably disqualify the one that makes me verify that I'm a human. It's not like I'm short of qualified companies. | |
| ▲ | dwedge 3 hours ago | parent | prev [-] | | Look, this is HN it's not the typical technical ability or email needs. Just because I wouldn't use this doesn't mean nobody would. You've made it, try it, maybe people will find enough benefit here to pay you. |
|
|
|
|
|
| ▲ | SilverBirch 3 hours ago | parent | prev | next [-] |
| Isn't this the opposite of what I want? I don't want people willing to pay getting into my inbox. Those are the people who think they can get more from me somehow. Those are exactly the people I want to not be in my inbox. |
| |
| ▲ | saghm 3 hours ago | parent | next [-] | | I imagine the point is that if you make the price high enough, the ones who don't want it enough will go away, and the ones that do will want it enough that it's worth your while. You can set the price to whatever threshold is high enough that you'd find the money worthwhile. | | |
| ▲ | account42 3 hours ago | parent | next [-] | | That ignores the entire set of people who are not contacting you to get something out of you but rather to help you or for any number of social purposes. Those will be priced out much faster than dedicated spammers - most of them by any amount above $0. | | |
| ▲ | saghm 3 hours ago | parent [-] | | I don't necessarily disagree, but that seems like literally the opposite of the objection that I was actually responding to. My point wasn't that this idea is infallible, but that I thought there was a flaw in the logic of the one specific objection that I chose to reply to. |
| |
| ▲ | antasvara 2 hours ago | parent | prev | next [-] | | >the ones who don't want it enough will go away, and the ones that do will want it enough that it's worth your while.. Counterpoint: if you think you need to pay for my attention, that's a negative signal for what you're asking me. If I'm giving 10 vendors a shot at my business, I'm not going to pay money for the right to give you that opportunity? On the other side, the only person paying $5 to ask me something is probably someone getting a lot of no's elsewhere. That, or what I offer is so valuable that people are willing to pay for it. But that's not most people. | |
| ▲ | netsharc 3 hours ago | parent | prev | next [-] | | Bill Gates wrote about paying to send you mail in his 1995 book "The Road Ahead" (yeah this is an old old idea). His expansion was that you could refund the sender's "stamp" if you consider their email worth your while. | |
| ▲ | felixdoerp 3 hours ago | parent | prev [-] | | pretty much this. The idea is that putting work / resources behind the sent message translates into more relevant messages getting into the owner's inbox. |
| |
| ▲ | gosub100 3 hours ago | parent | prev [-] | | You will get fewer of them because they all must pay a cost for each message sent. Spam works now because it's free. | | |
| ▲ | ralferoo 3 hours ago | parent | next [-] | | Physical mail costs money, but 80% of the mail I receive is junk mail that somebody has paid to send me. Of the 20% of mail that is useful to me, it's still pretty much all just from corporations who have decided to send me a physical letter even though they have my e-mail - e.g. the water company sends me some brochure to somehow justify how much money they're charging by breaking down what they spend all their money on etc... I get almost zero "real" mail from actual people nowadays. Now it costs £1.80 to post something first class and 91p second class, real mail is basically limited to birthday and Christmas cards. I myself send so few letters, than I still have a couple of stamps in my wallet that I technically bought 6 years ago when they cost 35% the current price (although they were replaced with barcode versions by sending them in to Royal Mail). | |
| ▲ | 4chandaily 3 hours ago | parent | prev | next [-] | | Plenty of companies pay the post office to deliver paper spam to my mailbox each day. I don't want any of that, either. "Free" makes spam easier, but a cost doesn't prevent it. | | |
| ▲ | AnimalMuppet 3 hours ago | parent [-] | | No... but paper spam actually pays less than a regular letter. Make it pay more, and the amount will go down. Not to zero, but down significantly. |
| |
| ▲ | felixdoerp 3 hours ago | parent | prev [-] | | that is what I was thinking |
|
|
|
| ▲ | michalpleban 3 hours ago | parent | prev | next [-] |
| These services pop up from time to time. All they share a fatal flaw: accepting money for email delivery turns email from a communication medium into a service. And a service carries a different set of obligations - someone paying to send an email to me expects that they are buying my time spent on reading their email and replying promptly. I am never going to sell my time like that. |
|
| ▲ | msdz 4 hours ago | parent | prev | next [-] |
| Hi Felix, I know the situation here in Germany kinda sucks for non-incorporated founders (or simply any website administrator trying to commercialize anything [0]), but gating imprint/Impressum behind a login wall makes it not legally compliant.
It needs to be easily accessible from anywhere (that’s why most people place it in the footer), without auth or signup; and if you put it behind either Outlook or Gmail logins, you may as well just not include it at all (realistically, who’s gonna complain if you don’t include “made in Germany”). All the best for your project, though! [0]: Personally I’ve given up and just include my name and address on the public web in projects now, which I guess is what the federal government wanted to achieve. |
| |
| ▲ | felixdoerp 3 hours ago | parent [-] | | good point! will adjust :) | | |
| ▲ | msdz 2 hours ago | parent [-] | | Glad to hear! By the way, I never got a chance to thank you: The fireside you held at CDTM InnoLabs (I believe early 2024 was when I attended?) completely changed my thinking on direct air capture/DACCS and, to be frank, on carbon credits in general. Thanks! | | |
|
|
|
| ▲ | gnashxyz 3 hours ago | parent | prev | next [-] |
| Relatedly, a precursor to the Bitcoin proof of work algorithm, Hashcash [0], was created to solve this same problem. This feels like a cool modern iteration of it. [0]: https://en.wikipedia.org/wiki/Hashcash |
| |
| ▲ | OisinMoran 3 hours ago | parent | next [-] | | Yeah, this gets reinvented every once in a while. I think Balaji’s earn.com was doing this for a while back around 2015/16 | |
| ▲ | felixdoerp 3 hours ago | parent | prev [-] | | super interesting - did not know! |
|
|
| ▲ | reticulates 3 hours ago | parent | prev | next [-] |
| As others have said, this is an age old idea that has been tried dozens of times and sometimes with very big financial backing (there was another attempt on HN just a few months ago). My personal view is that this idea is fatally flawed and will never work. That said, every idea sucks until it doesn’t, sometimes it’s all about the idea in the moment, maybe right now is finally the moment for this idea? So don’t be discouraged by all us naysayers, maybe your fresh perspective in this moment could make the difference. |
|
| ▲ | welder 4 hours ago | parent | prev | next [-] |
| I built this for my company email, but instead of sending captchas it puts non-customer emails into a folder that I never read. Emails from customers and contacts get into my inbox, and get labeled based on their support subscription level. Most tech companies I've seen gate and filter customer support on web not email, then only sales and external interfacing employees need external emails and the bigger problem is phishing not spam. For my personal email I would never use this, because I myself would never solve a captcha to reach someone's inbox and I can't expect different from others. |
| |
| ▲ | felixdoerp 4 hours ago | parent [-] | | valid point and for personal inboxes I would also not think this makes a lot of sense. Yet, for many businesses or people in these businesses, the amount of inbound is just not manageable at this point. |
|
|
| ▲ | danesparza 4 hours ago | parent | prev | next [-] |
| It feels like a better pricing model (if you believe in your product) would be to give it away to consumers, but take a small portion of each payment when non-trusted senders validate. |
| |
| ▲ | felixdoerp 4 hours ago | parent [-] | | also very valid. Currently updating this to a pay-what-you-want lifetime purchase, where 0 is also a valid price? |
|
|
| ▲ | benrutter 3 hours ago | parent | prev | next [-] |
| I like the idea of trying to make email more about human-to-human connection with less focus on automated-stuff-to-human. The bit I don't understand, is what about where you need the automated-stuff-to-human, like, authenticating a new account? Would this just block those types of emails? Is the expectation if you used this, that you'd have seperate emails for contacting people vs accessing online services? |
| |
| ▲ | felixdoerp 3 hours ago | parent [-] | | for new sign ups that would indeed make it difficult. The tool checks what senders have sent you transactional looking emails and puts them on a whitelist. if you sign up to a new service you would have to look into your archive for the sign up email. |
|
|
| ▲ | codazoda 4 hours ago | parent | prev | next [-] |
| I kinda like the thought but wouldn't a simple action that sends email to the archive list for all senders that aren't on your contact list handle this? That's what I do with my phone, actually, and I might consider it for email too. Then you can manually check your archive when you have free time. |
| |
|
| ▲ | XLowPingFNX 3 hours ago | parent | prev | next [-] |
| Interesting idea, one thing that genuinely confused me on the website it the slider on the pricing section, what does that mean ? Sorry if it's obvious but it didn't make sense to me! |
| |
| ▲ | felixdoerp 3 hours ago | parent [-] | | you can pay what you want for the service, including 0 dollars for a lifetime access :) | | |
| ▲ | XLowPingFNX 3 hours ago | parent [-] | | Oh okay :) That makes sense now, you could also try something that gumroad does "name a fair price" and let the user select or slide! |
|
|
|
| ▲ | cyphar 3 hours ago | parent | prev | next [-] |
| djb proposed Internet Mail 2000 back in the early 2000s as an attempt to solve this kind of problem without micropayments[1]. As others have said, a lot of the useful emails I get are still ones where the sender probably wouldn't have paid to send them. IM2000's fairly old-school-yet-elegant approach would probably lead to a better outcome too. [1]: http://cr.yp.to/im2000.html |
|
| ▲ | dewey 3 hours ago | parent | prev | next [-] |
| How did you validate that this is a problem people have? Personally I haven't received any extra spam mail since LLMs became a thing. |
| |
| ▲ | felixdoerp 3 hours ago | parent [-] | | I basically saw a lot of people complaining about it on LinkedIn and Reddit - spam filters seem to be struggling. And I also just thought this would be an interesting idea to play around with. |
|
|
| ▲ | chrisjj an hour ago | parent | prev | next [-] |
| > Unknown senders solve a CAPTCHA or pay a fee to get in. Trusted contacts get through as usual. Somehow I doubt this determines whether a contact is trusted. |
|
| ▲ | idiotsecant 3 hours ago | parent | prev | next [-] |
| Is there not a (local) LLM that just reads your emails and puts them to spam or not? I feel like that wouldn't require an enormous model. |
|
| ▲ | gosub100 3 hours ago | parent | prev | next [-] |
| What is the cheapest transaction fee crypto coin that is still redeemable for Fiat or other crypto? I think this concept would work if taken a step further, with a new protocol that requires encryption, but only with a key provided by a block chain that cost some nonzero amount. the email server would drop message payloads whose hash wasn't on the chain, limiting DoS attacks. When the recipient reads the mail, it starts a process of refunding that micro payment that is a 4h cycle that can be interrupted. So if you click "spam", it blocks the refund and you keep the micro payment. Anyone sending bulk emails would go bankrupt. Anyone using email for normal purposes would only have to buy once to have enough tokens to send a few emails. Most of the time tokens would only be used inside the system, but they would need some monetary value to do their job, so they could be pegged at say $0.10. |
|
| ▲ | villgax 3 hours ago | parent | prev | next [-] |
| This should be the case even for phones as well |
| |
| ▲ | felixdoerp 3 hours ago | parent [-] | | 100%! AFAIK apple is working on a pre-screening for unknown callers for the same reason. And it would be interesting to explore if pay to call / captcha to call would be feasible :) |
|
|
| ▲ | dist-epoch 3 hours ago | parent | prev | next [-] |
| so basically LinkedIn "InMails" |
|
| ▲ | ubermonkey an hour ago | parent | prev | next [-] |
| Interesting idea, but honest to god I don't really have that big of a spam problem anymore. O365 is handling 90% of it on our corporate mail; my personal address (which is far older) is hosted at Fastmail and it traps nearly all the spam there, too. In 2026, I'm much more annoyed by PHONE spam -- though Apple's "who the hell are you and why should ubermonkey take your call" feature has done wonders. (I assume something similar exists in Android.) |
|
| ▲ | st_goliath 3 hours ago | parent | prev [-] |
| Your post advocates a ( ) technical ( ) legislative (X) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.) ( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(X) It will stop spam for two weeks and then we'll be stuck with it
(X) Users will not put up with it
(X) Microsoft will not put up with it
(X) The police will not put up with it
( ) Requires too much cooperation from spammers
(X) Requires immediate total cooperation from everybody at once
(X) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for ( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
( ) Jurisdictional problems
(X) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(X) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
(X) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply: (X) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(X) Sending email should be free
(X) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you: (X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
|