logoalt Hacker News

Show HN: Make senders work to get into your inbox

40 pointsby felixdoerptoday at 11:58 AM64 commentsview on HN

Hi HN :) really excited to share this with you.

The one thing AI reliably does is generate noise. Half the tools I see launch are just machines for producing more noise across more channels. And people are starting to see this in the form of emails in their inboxes as spam filters are struggling.

There used to be a useful signal in email: the effort a sender put into customizing a message was a rough proxy for how relevant it actually was. AI killed that. Now it's customized slop with the appearance of effort with none of the cost. It is painful that the open internet / open channels have been abused like this.

Captchainbox applies the idea of proof-of-work to email. If a sender is willing to do a bit of work to reach you, the message is more likely to be worth your time and the sender more likely to be real. The work is a traditional captcha. You can also set a pay-to-deliver amount if you want more friction. The proceeds of the delivery payment after transaction costs go to the Internet Archive and the EFF. The tool currently works by authing with your Gmail or Outlook and during launch time I make this completely free as a lifetime deal (with optional payment if you wanna support).

How it works: Captchainbox builds a whitelist automatically from the metadata of your past correspondence. If you've emailed an individual address, that sender can reach you. If you talk to several people at the same domain, we whitelist the whole domain. If one transactional-looking sender has sent you more than 10 emails, we treat it as a transactional domain and let it through. This whitelist is for you to change whenever you want. It continues to build organically as you converse with more addresses.

Incoming mail is checked against that whitelist. Senders already on it land in your inbox as normal. Anyone else gets archived (never deleted) and is sent a challenge. This can be the captcha or the payment link. Once they solve it, their email is pulled out of the archive and put back into your inbox.

if you want to see what this looks like from a sender's point of view, send me an email here: [email protected]

The service only ever reads metadata, never message content. And since nothing is ever deleted, you can't lose a message. There is a legitimate risk / downside: if you sign up to a new service, these emails also land in the archive. Since we do not process the content, a first-time sender who can't solve the challenge (say an automated activation email) will sit in your archive until you spot it.

Happy to answer anything! :)


Comments

dwedgetoday at 12:15 PM

This mostly assumes that the only one benefiting from the email exchange in the sender. If that's the case, just close your email account.

A few years ago I emailed a local freelancer I'd met in person, because I had a client asking for coding (which was more his bag than mine). I got an automated response that he was using something like this, with a link to some third party service to fill out a form and click a captcha if I wanted him to see my email.

Why would I? I just told the client sorry, I don't know anyone.

show 2 replies
SilverBirchtoday at 12:32 PM

Isn't this the opposite of what I want? I don't want people willing to pay getting into my inbox. Those are the people who think they can get more from me somehow. Those are exactly the people I want to not be in my inbox.

show 2 replies
michalplebantoday at 12:37 PM

These services pop up from time to time. All they share a fatal flaw: accepting money for email delivery turns email from a communication medium into a service. And a service carries a different set of obligations - someone paying to send an email to me expects that they are buying my time spent on reading their email and replying promptly. I am never going to sell my time like that.

msdztoday at 12:22 PM

Hi Felix,

I know the situation here in Germany kinda sucks for non-incorporated founders (or simply any website administrator trying to commercialize anything [0]), but gating imprint/Impressum behind a login wall makes it not legally compliant. It needs to be easily accessible from anywhere (that’s why most people place it in the footer), without auth or signup; and if you put it behind either Outlook or Gmail logins, you may as well just not include it at all (realistically, who’s gonna complain if you don’t include “made in Germany”).

All the best for your project, though!

[0]: Personally I’ve given up and just include my name and address on the public web in projects now, which I guess is what the federal government wanted to achieve.

show 1 reply
KomoDtoday at 7:50 PM

> If a sender is willing to do a bit of work to reach you, the message is more likely to be worth your time and the sender more likely to be real.

Or they just really want to sell you something.

gnashxyztoday at 12:32 PM

Relatedly, a precursor to the Bitcoin proof of work algorithm, Hashcash [0], was created to solve this same problem.

This feels like a cool modern iteration of it.

[0]: https://en.wikipedia.org/wiki/Hashcash

show 2 replies
reticulatestoday at 12:59 PM

As others have said, this is an age old idea that has been tried dozens of times and sometimes with very big financial backing (there was another attempt on HN just a few months ago). My personal view is that this idea is fatally flawed and will never work. That said, every idea sucks until it doesn’t, sometimes it’s all about the idea in the moment, maybe right now is finally the moment for this idea? So don’t be discouraged by all us naysayers, maybe your fresh perspective in this moment could make the difference.

weldertoday at 12:20 PM

I built this for my company email, but instead of sending captchas it puts non-customer emails into a folder that I never read. Emails from customers and contacts get into my inbox, and get labeled based on their support subscription level.

Most tech companies I've seen gate and filter customer support on web not email, then only sales and external interfacing employees need external emails and the bigger problem is phishing not spam.

For my personal email I would never use this, because I myself would never solve a captcha to reach someone's inbox and I can't expect different from others.

show 1 reply
danesparzatoday at 12:16 PM

It feels like a better pricing model (if you believe in your product) would be to give it away to consumers, but take a small portion of each payment when non-trusted senders validate.

show 1 reply
cyphartoday at 1:02 PM

djb proposed Internet Mail 2000 back in the early 2000s as an attempt to solve this kind of problem without micropayments[1].

As others have said, a lot of the useful emails I get are still ones where the sender probably wouldn't have paid to send them. IM2000's fairly old-school-yet-elegant approach would probably lead to a better outcome too.

[1]: http://cr.yp.to/im2000.html

benruttertoday at 1:16 PM

I like the idea of trying to make email more about human-to-human connection with less focus on automated-stuff-to-human.

The bit I don't understand, is what about where you need the automated-stuff-to-human, like, authenticating a new account? Would this just block those types of emails? Is the expectation if you used this, that you'd have seperate emails for contacting people vs accessing online services?

show 1 reply
codazodatoday at 12:19 PM

I kinda like the thought but wouldn't a simple action that sends email to the archive list for all senders that aren't on your contact list handle this? That's what I do with my phone, actually, and I might consider it for email too. Then you can manually check your archive when you have free time.

show 1 reply
deweytoday at 12:50 PM

How did you validate that this is a problem people have? Personally I haven't received any extra spam mail since LLMs became a thing.

show 1 reply
XLowPingFNXtoday at 1:13 PM

Interesting idea, one thing that genuinely confused me on the website it the slider on the pricing section, what does that mean ?

Sorry if it's obvious but it didn't make sense to me!

show 1 reply
idiotsecanttoday at 12:56 PM

Is there not a (local) LLM that just reads your emails and puts them to spam or not? I feel like that wouldn't require an enormous model.

chrisjjtoday at 2:49 PM

> Unknown senders solve a CAPTCHA or pay a fee to get in. Trusted contacts get through as usual.

Somehow I doubt this determines whether a contact is trusted.

gosub100today at 12:46 PM

What is the cheapest transaction fee crypto coin that is still redeemable for Fiat or other crypto?

I think this concept would work if taken a step further, with a new protocol that requires encryption, but only with a key provided by a block chain that cost some nonzero amount. the email server would drop message payloads whose hash wasn't on the chain, limiting DoS attacks.

When the recipient reads the mail, it starts a process of refunding that micro payment that is a 4h cycle that can be interrupted. So if you click "spam", it blocks the refund and you keep the micro payment. Anyone sending bulk emails would go bankrupt.

Anyone using email for normal purposes would only have to buy once to have enough tokens to send a few emails. Most of the time tokens would only be used inside the system, but they would need some monetary value to do their job, so they could be pegged at say $0.10.

villgaxtoday at 12:30 PM

This should be the case even for phones as well

show 1 reply
dist-epochtoday at 12:55 PM

so basically LinkedIn "InMails"

ubermonkeytoday at 2:38 PM

Interesting idea, but honest to god I don't really have that big of a spam problem anymore.

O365 is handling 90% of it on our corporate mail; my personal address (which is far older) is hosted at Fastmail and it traps nearly all the spam there, too.

In 2026, I'm much more annoyed by PHONE spam -- though Apple's "who the hell are you and why should ubermonkey take your call" feature has done wonders. (I assume something similar exists in Android.)

st_goliathtoday at 1:05 PM

Your post advocates a

    ( ) technical ( ) legislative (X) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

    ( ) Spammers can easily use it to harvest email addresses
    (X) Mailing lists and other legitimate uses would be affected
    ( ) No one will be able to find the guy or collect the money
    ( ) It is defenseless against brute force attacks
    (X) It will stop spam for two weeks and then we'll be stuck with it
    (X) Users will not put up with it
    (X) Microsoft will not put up with it
    (X) The police will not put up with it
    ( ) Requires too much cooperation from spammers
    (X) Requires immediate total cooperation from everybody at once
    (X) Many email users cannot afford to lose business or alienate potential employers
    ( ) Spammers don't care about invalid addresses in their lists
    ( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for

    ( ) Laws expressly prohibiting it
    (X) Lack of centrally controlling authority for email
    ( ) Open relays in foreign countries
    ( ) Ease of searching tiny alphanumeric address space of all email addresses
    (X) Asshats
    ( ) Jurisdictional problems
    (X) Unpopularity of weird new taxes
    ( ) Public reluctance to accept weird new forms of money
    (X) Huge existing software investment in SMTP
    ( ) Susceptibility of protocols other than SMTP to attack
    ( ) Willingness of users to install OS patches received by email
    ( ) Armies of worm riddled broadband-connected Windows boxes
    ( ) Eternal arms race involved in all filtering approaches
    (X) Extreme profitability of spam
    (X) Joe jobs and/or identity theft
    ( ) Technically illiterate politicians
    ( ) Extreme stupidity on the part of people who do business with spammers
    (X) Dishonesty on the part of spammers themselves
    ( ) Bandwidth costs that are unaffected by client filtering
    ( ) Outlook
and the following philosophical objections may also apply:

    (X) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
    ( ) Any scheme based on opt-out is unacceptable
    ( ) SMTP headers should not be the subject of legislation
    ( ) Blacklists suck
    ( ) Whitelists suck
    ( ) We should be able to talk about Viagra without being censored
    ( ) Countermeasures should not involve wire fraud or credit card fraud
    ( ) Countermeasures should not involve sabotage of public networks
    ( ) Countermeasures must work if phased in gradually
    (X) Sending email should be free
    (X) Why should we have to trust you and your servers?
    ( ) Incompatiblity with open source or open source licenses
    (X) Feel-good measures do nothing to solve the problem
    ( ) Temporary/one-time email addresses are cumbersome
    ( ) I don't want the government reading my email
    ( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:

    (X) Sorry dude, but I don't think it would work.
    ( ) This is a stupid idea, and you're a stupid person for suggesting it.
    ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
meyerdav14today at 12:36 PM

[dead]