Jonathan Zhang

CEO of threatintelligenceplatform.com & whoisxmlapi.com, infosec thought leader and adviser

Avoiding Freemium Trial Abuses with Email Verification

Freemium is not a new concept, and neither is it exclusive to SaaS providers. Many companies have been successful at freemium marketing, and we know that the model works well at ramping up users who you can upsell to later. Dropbox and Evernote are just a few among the prominent names that come to mind.
Unfortunately, things are not perfect in the world of freemium as this pricing strategy comes with a few potential downsides. First off, the free level of service you provide may already be satisfying all your users’ needs, so in this case, you most likely will not be able to convert them into paying customers. Detractors also argue that freemium SaaS spends far too much supporting free users, without any chance of earning back the cost of doing so.
Last but not least, critics point out that freemium puts companies at great risk because they become vulnerable to abuse by users with malicious intentions. So while the first two fundamental issues can probably only be addressed at the leadership level, the last one is of a technical nature and can be resolved by implementing software.
In this article, I’ll take a closer look at the problem of abuse and discuss how email verification can actually help businesses to combat the issue.
No Free Lunch for SaaS Applications with Free Trials
For end-users, the point of entry into a freemium SaaS application is at registration time, when they input their email address. For you, as a service provider, email is, of course, ubiquitous as it represents your customers’ online identity and allows you to continuously communicate with them. However, email is also where problems might begin for SaaS providers.
The thing is, many freemium users create disposable email addresses or burner accounts to enroll in the service. It’s easy and allows building a layer of anonymity between themselves and your service. Yet, disposable addresses can become a real pain for your business and if these are not timely detected and eliminated, they can mean a slow, agonizing death for your service.
The anonymity creates the perfect environment for fraud and abuse of your service as malicious users never actually intend to use their burner accounts for anything other than to register into a SaaS application. Chances are they’ll never even open any emails you send to their disposable inboxes and this can adversely skew your analytics. It can also have a disastrous effect on your sender score, which email delivery services look at to establish your reputation as a sender.
And when these disposable email accounts are then discarded, this also adversely affects your sending bounce rates, which in turn affects your sender reputation. High bounce rates can also lead to your sending IP address being blacklisted, subsequently bringing your marketing and support processes to a complete standstill.
Flagging Likely SaaS Freemium Abusers by their Email Address
So where does email verification stand here and can it actually help? 
Basically, the software analyzes each email address to establish two important factors. First, is the email address a valid one? Does it have a prefix and a domain separated by the standard “@” symbol, and do both of these parts conform to acceptable formats? Any deviation from this is quickly flagged down and the email address is excluded from your list.
Next, the email verification API checks if the address truly exists. Disposable emails that have long since been terminated may continue to persist within your user database and mailing lists, creating all sorts of problems for your marketing efforts. The API constantly and consistently checks the list for these disappearing mailboxes to manage your email bounce rates and keep your subscriber base fresh and legitimate.
Sounds great, however, it’s important to note that even the best email verification API is far from being entirely foolproof. The issue lies in the process as it involves subjecting each email address to a barrage of tests. If the address passes these tests then the probability increases that it is valid and should pose no threat. But it is still just a probability, and not 100% certainty — so you might want to complement email verification with other tools and practices.
---
End-users can and will register to your freemium SaaS using disposable email addresses, often with the intention to abuse the service. And unfortunately, no software will give a 100% guarantee that this won’t happen to your SaaS. However, we still recommend you to initiate measures that will help ensure you nip abuse at the bud, that is, at the point of entry.

Tags

Comments

More by Jonathan Zhang

Topics of interest