How consent-gated email works (and why it's free)

Email infrastructure pricing has barely moved in a decade. Mailgun, Postmark, SendGrid, Resend, all per-email, all clustered in a narrow band. The reason isn’t bandwidth, and it isn’t storage. It’s abuse. Most of what an ESP charges you covers the cost of fighting the senders who shouldn’t be on the platform in the first place.

Remove the abuse, and the price collapses.

That’s the idea behind GoodSender’s Permission Loop. Here’s how it works, and why the economics finally let us run the first 100,000 emails a month at $0 and keep the curve flat after that.

The shared-pool problem

Every sender on a typical ESP sits in an IP reputation pool with everyone else on that tier. One bad actor blasts a purchased list, mailbox providers throttle the IPs, and your perfectly legitimate transactional mail starts landing in spam. You did nothing wrong. You’re paying for the worst sender on your tier.

ESPs aren’t oblivious to this. They staff anti-abuse teams, run heuristics, freeze accounts, review manually. That work is expensive. Per-email pricing is, in large part, a tax on the entire customer base to cover the cost of policing it.

The Permission Loop

GoodSender flips the order. Before you can send to a recipient, that recipient has to confirm they want your mail. The flow is simple.

1. You call POST /v1/emails/consent with the recipient’s address.
2. We send a short, high-reputation consent email with approve and reject buttons. The link is signed, so the sender can’t forge it.
3. Once the recipient clicks approve, that address is unlocked across your workspace. Sends go through instantly, from any API key in the workspace.
4. If they click reject, the address is suppressed. The original consent email stays live, so they can change their mind later and lift the suppression themselves.
5. If they never click, every send to that address is discarded inside GoodSender. Approve is a hard gate, enforced at the API.

Transactional templates (MFA Enrollment, New Device, Login, Order Completed, OTP Code) bypass the gate, because they’re already implicitly requested by the recipient’s own action. Transactional sends don’t change consent state. They only fail if the recipient has explicitly clicked reject.

The Engagement Check keeps permission honest

A permission granted today isn’t permission granted forever. We track opens, clicks, bounces, and complaints per recipient, aggregated into a live engagement score. Six months without engagement triggers an automatic re-permission ping. No response, the recipient drops off.

Unsubscribes and spam complaints are suppressed instantly across the entire workspace. No API key in that workspace can mail those addresses again, regardless of which engineer or which integration tries.

Permission is a snapshot. Engagement is the proof it’s still real.

Why this lets us be free at the volumes most senders need

Permission-gated mail, by construction, has almost no abuse surface.

• Purchased lists don’t work, because the recipients haven’t opted in to your sending domain.
• Cold sequences don’t work, because you can’t email someone who hasn’t confirmed.
• There’s no long-tail decay, because dormant recipients get pruned.

If abuse is structurally prevented, anti-abuse cost trends toward zero. Deliverability stays high without a fire-fighting team. The IP pool runs at unusually low complaint rates by design, and the marginal cost of a sent email, on infrastructure already serving the world’s largest senders via Laneful, drops to roughly the cost of running the pipe.

That’s why the first 100,000 emails a month, including consent requests, transactional templates, and marketing sends to consented recipients, cost $0. One bucket, no per-type splits, no tiered accounting. Beyond 100K it’s $1 per additional 100,000. No subscriptions, no tiers, no credit card to start. The curve stays flat: roughly $9 a month at one million emails, $99 a month at ten million.¹

100,000 emails a month is about 3,300 sends a day, more than most SaaS apps and small or mid-sized businesses ever reach. For the majority of senders, the bill stays at $0 forever.

What this changes for senders

For indie developers, solo founders, and AI startups building agentic workflows, the time you used to spend on IP warmup, suppression lists, and deliverability tickets becomes a config call. Domain verification takes about five minutes. DKIM, SPF, and DMARC get configured automatically.

This isn’t built for marketing teams running mass-broadcast campaigns. It isn’t built for cold-outreach teams. It’s built for makers and builders who want every recipient to be someone who actually asked.

Who this is for

The Permission Loop isn’t a feature you can A/B test against an open rate. It’s a constraint. It rules out workflows that other ESPs accommodate — purchased lists, cold sequences, lapsed-subscriber reactivation campaigns — and it rules them out at the API, not in the terms of service.

If your sending depends on those workflows, we’re not the right tool, and we’ll save you time by saying so now. If your sending is mostly transactional plus a newsletter people actually signed up for, the constraint is invisible and the bill is $0.