Back to News
Advertisement
ffelixdoerp about 3 hours ago 59 commentsRead Article on captchainbox.com

HI version is available. Content is displayed in original English for accuracy.

Hi HN :) really excited to share this with you.

The one thing AI reliably does is generate noise. Half the tools I see launch are just machines for producing more noise across more channels. And people are starting to see this in the form of emails in their inboxes as spam filters are struggling.

There used to be a useful signal in email: the effort a sender put into customizing a message was a rough proxy for how relevant it actually was. AI killed that. Now it's customized slop with the appearance of effort with none of the cost. It is painful that the open internet / open channels have been abused like this.

Captchainbox applies the idea of proof-of-work to email. If a sender is willing to do a bit of work to reach you, the message is more likely to be worth your time and the sender more likely to be real. The work is a traditional captcha. You can also set a pay-to-deliver amount if you want more friction. The proceeds of the delivery payment after transaction costs go to the Internet Archive and the EFF. The tool currently works by authing with your Gmail or Outlook and during launch time I make this completely free as a lifetime deal (with optional payment if you wanna support).

How it works: Captchainbox builds a whitelist automatically from the metadata of your past correspondence. If you've emailed an individual address, that sender can reach you. If you talk to several people at the same domain, we whitelist the whole domain. If one transactional-looking sender has sent you more than 10 emails, we treat it as a transactional domain and let it through. This whitelist is for you to change whenever you want. It continues to build organically as you converse with more addresses.

Incoming mail is checked against that whitelist. Senders already on it land in your inbox as normal. Anyone else gets archived (never deleted) and is sent a challenge. This can be the captcha or the payment link. Once they solve it, their email is pulled out of the archive and put back into your inbox.

if you want to see what this looks like from a sender's point of view, send me an email here: doerpfelix15@gmail.com

The service only ever reads metadata, never message content. And since nothing is ever deleted, you can't lose a message. There is a legitimate risk / downside: if you sign up to a new service, these emails also land in the archive. Since we do not process the content, a first-time sender who can't solve the challenge (say an automated activation email) will sit in your archive until you spot it.

Happy to answer anything! :)

Advertisement

⚡ Community Insights

Discussion Sentiment

46% Positive

Analyzed from 2436 words in the discussion.

Trending Topics

#email#spam#emails#idea#don#mail#pay#inbox#enough#more

Discussion (59 Comments)Read Original on HackerNews

dwedgeabout 2 hours ago
This mostly assumes that the only one benefiting from the email exchange in the sender. If that's the case, just close your email account.

A few years ago I emailed a local freelancer I'd met in person, because I had a client asking for coding (which was more his bag than mine). I got an automated response that he was using something like this, with a link to some third party service to fill out a form and click a captcha if I wanted him to see my email.

Why would I? I just told the client sorry, I don't know anyone.

ryandvmabout 1 hour ago
I always liked the idea of a micro-deposit that the sender puts up for each email (say $0.001). If the recipient blocks your email and it ends up in their spam folder then you lose your deposit; if they read it then you get your deposit back.

The lost deposits would then be used to pay for the infrastructure.

felixdoerpabout 2 hours ago
valid point. I feel for many people the amount of inbound is just not bearable anymore with ai. Yet these people cannot close their account, either. This is basically an idea to increase the inbound friction for exactly these people.

do you have a take on how one could upp the relevancy of emails so that people can actually manage their inbound? Or any other open channel that is getting flooded, for that matter?

loumfabout 2 hours ago
I get about 10 AI generated spam emails a day that get through my spam filter. It takes about 10 seconds to block and mark as spam. I barely read the first three words of each.
benrutterabout 2 hours ago
> I get about 10 AI generated spam emails a day that get through my spam filter.

Yikes, that's sounds unworkable for a lot of people! Most people in here are techies and use email all the time, but some use cases (say, contractors who are mostly out in jobs) people might only sit down in front of emails properly once a week. 70 emails is a mammoth waste.of resources to have flooding your inbox in that kind of context.

sigmoid10about 2 hours ago
Do you often sign up for new services using your actual email? In gmail, I get spam in my primary mailbox maybe once every few months, usually after I've signed up for something. After marking mails as spam a few times, they are usually sent to the spambox automatically and I have a tidy primary inbox again for a long time.
Kwpolskaabout 2 hours ago
I haven't received any AI spam. You don't need an LLM to spam people.

Good spam filters should be enough to get rid of spam without annoying people who email you.

cwnythabout 2 hours ago
It's not my email that has an unbearable spam issue. I can't take all the incessant phone spam anymore, though. Even setting it to go straight to voicemail, the calls are relentless. They've switched to texts now, too.

Miserable lot that serves no purpose in life.

pjmlpabout 2 hours ago
Easy, set a filter with only contacts get through, everything else lands on junk.

Every now and then update the contacts with key emails that might have been lost.

Working quite fine since 2000's.

stvltvs41 minutes ago
It's hard to say whether you're missing out on legit emails from new senders or old senders with new addresses unless you review your spam folder regularly.
dwedgeabout 2 hours ago
I also realised a while ago that most emails are just transactional now (password resets, how well did we do the thing you paid us to do?), so I do similar to you without the sender input and it more or less works. Breaks down like this:

- Nobody gets into my inbox unless whitelisted address. Instead of fighting spam and blacklisting, I know my inbox is always from someone I want to hear from.

- Every other email goes through spam assassin (which is getting worse) and then into a folder called Transactional (and if it makes a mistake, I add to the whitelist)

- I have another folder SpamAssassin where I move spam, and it gets pushed back through sa-learn

- Finally, I have a cronjob that goes through the email in Transaction and looks for subjects, senders, sending domains or to addresses that have a) been received at least 5 times and b) are only in the spam folder.

So kind of the same idea as you. But I think I'd feel really pretentious using this system and assume that quite a lot of people just rolled their eyes and ignored the rejection.

felixdoerpabout 2 hours ago
this sounds really similar to how the tool works and processes emails, too.

Would you feel this would be more helpful if the tool just silently manages the emails and does not send any replies to the original sender then?

SilverBirchabout 2 hours ago
Isn't this the opposite of what I want? I don't want people willing to pay getting into my inbox. Those are the people who think they can get more from me somehow. Those are exactly the people I want to not be in my inbox.
saghmabout 2 hours ago
I imagine the point is that if you make the price high enough, the ones who don't want it enough will go away, and the ones that do will want it enough that it's worth your while. You can set the price to whatever threshold is high enough that you'd find the money worthwhile.
account42about 2 hours ago
That ignores the entire set of people who are not contacting you to get something out of you but rather to help you or for any number of social purposes. Those will be priced out much faster than dedicated spammers - most of them by any amount above $0.
saghmabout 1 hour ago
I don't necessarily disagree, but that seems like literally the opposite of the objection that I was actually responding to. My point wasn't that this idea is infallible, but that I thought there was a flaw in the logic of the one specific objection that I chose to reply to.
antasvara37 minutes ago
>the ones who don't want it enough will go away, and the ones that do will want it enough that it's worth your while..

Counterpoint: if you think you need to pay for my attention, that's a negative signal for what you're asking me. If I'm giving 10 vendors a shot at my business, I'm not going to pay money for the right to give you that opportunity?

On the other side, the only person paying $5 to ask me something is probably someone getting a lot of no's elsewhere. That, or what I offer is so valuable that people are willing to pay for it. But that's not most people.

netsharcabout 2 hours ago
Bill Gates wrote about paying to send you mail in his 1995 book "The Road Ahead" (yeah this is an old old idea). His expansion was that you could refund the sender's "stamp" if you consider their email worth your while.
felixdoerpabout 2 hours ago
pretty much this. The idea is that putting work / resources behind the sent message translates into more relevant messages getting into the owner's inbox.
gosub100about 2 hours ago
You will get fewer of them because they all must pay a cost for each message sent. Spam works now because it's free.
ralferooabout 1 hour ago
Physical mail costs money, but 80% of the mail I receive is junk mail that somebody has paid to send me.

Of the 20% of mail that is useful to me, it's still pretty much all just from corporations who have decided to send me a physical letter even though they have my e-mail - e.g. the water company sends me some brochure to somehow justify how much money they're charging by breaking down what they spend all their money on etc...

I get almost zero "real" mail from actual people nowadays. Now it costs £1.80 to post something first class and 91p second class, real mail is basically limited to birthday and Christmas cards. I myself send so few letters, than I still have a couple of stamps in my wallet that I technically bought 6 years ago when they cost 35% the current price (although they were replaced with barcode versions by sending them in to Royal Mail).

4chandailyabout 2 hours ago
Plenty of companies pay the post office to deliver paper spam to my mailbox each day. I don't want any of that, either. "Free" makes spam easier, but a cost doesn't prevent it.
AnimalMuppetabout 2 hours ago
No... but paper spam actually pays less than a regular letter. Make it pay more, and the amount will go down. Not to zero, but down significantly.
felixdoerpabout 2 hours ago
that is what I was thinking
michalplebanabout 2 hours ago
These services pop up from time to time. All they share a fatal flaw: accepting money for email delivery turns email from a communication medium into a service. And a service carries a different set of obligations - someone paying to send an email to me expects that they are buying my time spent on reading their email and replying promptly. I am never going to sell my time like that.
msdzabout 2 hours ago
Hi Felix,

I know the situation here in Germany kinda sucks for non-incorporated founders (or simply any website administrator trying to commercialize anything [0]), but gating imprint/Impressum behind a login wall makes it not legally compliant. It needs to be easily accessible from anywhere (that’s why most people place it in the footer), without auth or signup; and if you put it behind either Outlook or Gmail logins, you may as well just not include it at all (realistically, who’s gonna complain if you don’t include “made in Germany”).

All the best for your project, though!

[0]: Personally I’ve given up and just include my name and address on the public web in projects now, which I guess is what the federal government wanted to achieve.

felixdoerpabout 2 hours ago
good point! will adjust :)
msdzabout 1 hour ago
Glad to hear!

By the way, I never got a chance to thank you: The fireside you held at CDTM InnoLabs (I believe early 2024 was when I attended?) completely changed my thinking on direct air capture/DACCS and, to be frank, on carbon credits in general. Thanks!

felixdoerpabout 1 hour ago
I am glad to hear! :)
reticulatesabout 2 hours ago
As others have said, this is an age old idea that has been tried dozens of times and sometimes with very big financial backing (there was another attempt on HN just a few months ago). My personal view is that this idea is fatally flawed and will never work. That said, every idea sucks until it doesn’t, sometimes it’s all about the idea in the moment, maybe right now is finally the moment for this idea? So don’t be discouraged by all us naysayers, maybe your fresh perspective in this moment could make the difference.
gnashxyzabout 2 hours ago
Relatedly, a precursor to the Bitcoin proof of work algorithm, Hashcash [0], was created to solve this same problem.

This feels like a cool modern iteration of it.

[0]: https://en.wikipedia.org/wiki/Hashcash

OisinMoranabout 2 hours ago
Yeah, this gets reinvented every once in a while. I think Balaji’s earn.com was doing this for a while back around 2015/16
felixdoerpabout 2 hours ago
super interesting - did not know!
welderabout 2 hours ago
I built this for my company email, but instead of sending captchas it puts non-customer emails into a folder that I never read. Emails from customers and contacts get into my inbox, and get labeled based on their support subscription level.

Most tech companies I've seen gate and filter customer support on web not email, then only sales and external interfacing employees need external emails and the bigger problem is phishing not spam.

For my personal email I would never use this, because I myself would never solve a captcha to reach someone's inbox and I can't expect different from others.

felixdoerpabout 2 hours ago
valid point and for personal inboxes I would also not think this makes a lot of sense. Yet, for many businesses or people in these businesses, the amount of inbound is just not manageable at this point.
danesparzaabout 2 hours ago
It feels like a better pricing model (if you believe in your product) would be to give it away to consumers, but take a small portion of each payment when non-trusted senders validate.
felixdoerpabout 2 hours ago
also very valid. Currently updating this to a pay-what-you-want lifetime purchase, where 0 is also a valid price?
benrutterabout 1 hour ago
I like the idea of trying to make email more about human-to-human connection with less focus on automated-stuff-to-human.

The bit I don't understand, is what about where you need the automated-stuff-to-human, like, authenticating a new account? Would this just block those types of emails? Is the expectation if you used this, that you'd have seperate emails for contacting people vs accessing online services?

felixdoerpabout 1 hour ago
for new sign ups that would indeed make it difficult. The tool checks what senders have sent you transactional looking emails and puts them on a whitelist.

if you sign up to a new service you would have to look into your archive for the sign up email.

XLowPingFNXabout 1 hour ago
Interesting idea, one thing that genuinely confused me on the website it the slider on the pricing section, what does that mean ?

Sorry if it's obvious but it didn't make sense to me!

felixdoerpabout 1 hour ago
you can pay what you want for the service, including 0 dollars for a lifetime access :)
XLowPingFNXabout 1 hour ago
Oh okay :)

That makes sense now, you could also try something that gumroad does

"name a fair price" and let the user select or slide!

codazodaabout 2 hours ago
I kinda like the thought but wouldn't a simple action that sends email to the archive list for all senders that aren't on your contact list handle this? That's what I do with my phone, actually, and I might consider it for email too. Then you can manually check your archive when you have free time.
felixdoerpabout 2 hours ago
this could also be an option, yes!
Advertisement
cypharabout 1 hour ago
djb proposed Internet Mail 2000 back in the early 2000s as an attempt to solve this kind of problem without micropayments[1].

As others have said, a lot of the useful emails I get are still ones where the sender probably wouldn't have paid to send them. IM2000's fairly old-school-yet-elegant approach would probably lead to a better outcome too.

[1]: http://cr.yp.to/im2000.html

deweyabout 2 hours ago
How did you validate that this is a problem people have? Personally I haven't received any extra spam mail since LLMs became a thing.
felixdoerpabout 2 hours ago
I basically saw a lot of people complaining about it on LinkedIn and Reddit - spam filters seem to be struggling. And I also just thought this would be an interesting idea to play around with.
idiotsecantabout 2 hours ago
Is there not a (local) LLM that just reads your emails and puts them to spam or not? I feel like that wouldn't require an enormous model.
gosub100about 2 hours ago
What is the cheapest transaction fee crypto coin that is still redeemable for Fiat or other crypto?

I think this concept would work if taken a step further, with a new protocol that requires encryption, but only with a key provided by a block chain that cost some nonzero amount. the email server would drop message payloads whose hash wasn't on the chain, limiting DoS attacks.

When the recipient reads the mail, it starts a process of refunding that micro payment that is a 4h cycle that can be interrupted. So if you click "spam", it blocks the refund and you keep the micro payment. Anyone sending bulk emails would go bankrupt.

Anyone using email for normal purposes would only have to buy once to have enough tokens to send a few emails. Most of the time tokens would only be used inside the system, but they would need some monetary value to do their job, so they could be pegged at say $0.10.

villgaxabout 2 hours ago
This should be the case even for phones as well
felixdoerpabout 2 hours ago
100%! AFAIK apple is working on a pre-screening for unknown callers for the same reason. And it would be interesting to explore if pay to call / captcha to call would be feasible :)
dist-epochabout 2 hours ago
so basically LinkedIn "InMails"
st_goliathabout 1 hour ago
Your post advocates a

    ( ) technical ( ) legislative (X) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

    ( ) Spammers can easily use it to harvest email addresses
    (X) Mailing lists and other legitimate uses would be affected
    ( ) No one will be able to find the guy or collect the money
    ( ) It is defenseless against brute force attacks
    (X) It will stop spam for two weeks and then we'll be stuck with it
    (X) Users will not put up with it
    (X) Microsoft will not put up with it
    (X) The police will not put up with it
    ( ) Requires too much cooperation from spammers
    (X) Requires immediate total cooperation from everybody at once
    (X) Many email users cannot afford to lose business or alienate potential employers
    ( ) Spammers don't care about invalid addresses in their lists
    ( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for

    ( ) Laws expressly prohibiting it
    (X) Lack of centrally controlling authority for email
    ( ) Open relays in foreign countries
    ( ) Ease of searching tiny alphanumeric address space of all email addresses
    (X) Asshats
    ( ) Jurisdictional problems
    (X) Unpopularity of weird new taxes
    ( ) Public reluctance to accept weird new forms of money
    (X) Huge existing software investment in SMTP
    ( ) Susceptibility of protocols other than SMTP to attack
    ( ) Willingness of users to install OS patches received by email
    ( ) Armies of worm riddled broadband-connected Windows boxes
    ( ) Eternal arms race involved in all filtering approaches
    (X) Extreme profitability of spam
    (X) Joe jobs and/or identity theft
    ( ) Technically illiterate politicians
    ( ) Extreme stupidity on the part of people who do business with spammers
    (X) Dishonesty on the part of spammers themselves
    ( ) Bandwidth costs that are unaffected by client filtering
    ( ) Outlook
and the following philosophical objections may also apply:

    (X) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
    ( ) Any scheme based on opt-out is unacceptable
    ( ) SMTP headers should not be the subject of legislation
    ( ) Blacklists suck
    ( ) Whitelists suck
    ( ) We should be able to talk about Viagra without being censored
    ( ) Countermeasures should not involve wire fraud or credit card fraud
    ( ) Countermeasures should not involve sabotage of public networks
    ( ) Countermeasures must work if phased in gradually
    (X) Sending email should be free
    (X) Why should we have to trust you and your servers?
    ( ) Incompatiblity with open source or open source licenses
    (X) Feel-good measures do nothing to solve the problem
    ( ) Temporary/one-time email addresses are cumbersome
    ( ) I don't want the government reading my email
    ( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:

    (X) Sorry dude, but I don't think it would work.
    ( ) This is a stupid idea, and you're a stupid person for suggesting it.
    ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!