Launching Is This Phishy 🎣📩
This post was originally published on May 17, 2023.
And here we are! One startup done, six weeks passed. (Yes, the plan was originally one startup per month, but have you tried to create a minimum viable product in only a month?!?)
For each startup I launch, I’ll be writing a post like this, and explaining how it achieves my broader goal this year to make cybersecurity products more accessible to a wider audience. Since this was my first startup, I wanted to make something that would be useful for everyone from your kid brother to your grandma: an elegant email server that can identify phishing emails.
🤔 The Problem
The problem is that every time I get a sketchy email, I never know whether it's a phishing scam. When I google “how to identify a phishing email," hundreds of websites offer one hundred different answers. My cousin works at a big bank, and she told me that bank customers can send suspicious-looking emails to the security team, and they’ll tell you whether it’s a phishing attempt. That’s what made me realize there needs to be a similar service for any person, for any email, anywhere.
🛠️ Solution
Say hello to [email protected], a friendly email address that you can forward any and all emails to (for free), and you’ll get a response telling you why or why not the email is a phishing scam. 🎣📩 Check it out at isthisphishy.io.
🚨 The Launch
One month after its launch, Is This Phishy was featured on prominent blogs like Insanely Useful Websites, the OneLaunch blog, the Mike Taylor blog, and Beta List. It also reached 403 monthly active users in its first month.
Since this was my first launch ever, I followed the advice of Read Make and took a "spray and pray" approach, posting about my launch everywhere from Twitter and Reddit to Indie Hackers and Elpha.
The single biggest social media response came from my post to Reddit's r/msp (managed service provider) community, which garnered 23,200 impressions and a big uptick in users. Before posting, I didn't realize that the group had 148k members worldwide; I simply wanted good feedback on my landing page. I started laughing incredulously when I noticed that the post had 4,000 impressions only a few minutes after I'd posted it. In the end, I got 39 comments from people who cumulatively had decades of IT experience. (I know this because I DM'd some of them to get feedback on future product ideas.) Many commenters, unsurprisingly, wanted more security transparency before they used my service. This feedback inspired me to add a security notification to the top every email:
Additionally, my post to LinkedIn fetched 3,422 impressions and 96 likes, by far the most "likes" I got anywhere. (By comparison, my post to Hacker News got only 4 likes.) I was surprised and pleased by the number of friends and former coworkers who saw the post on LinkedIn and reached out to say they'd shared Is This Phishy with their IT team. Some even sent me the feedback from their IT teams which was especially helpful.
In the first week of launch, Is This Phishy made it to #45 on Product Hunt (out of 144 total product launches that day), and over 400 people viewed it:
💰 Biggest win: IsThisPhishy.io costs only $26.66/month to build and maintain
I’m most comfortable with AWS, so I decided to use AWS for this project. Whenever I researched email server solutions, AWS was always much cheaper than competitors like Mailgun: AWS SES only costs $0.10 cents per 1,000 emails sent, while Mailgun costs eight times more. This means that my costs for running isthisphishy.io are REALLY low, so I can offer it for free.
Expenses to maintain the isthisphishy.io site:
$89/year: cruip.com for static website design template (this was a one time purchase but for simplicity I’ll record it as an annual purchase)
$36/year: Registering domain name isthisphishy.io on Cloudflare
$0: Cloudflare pages for hosting
Expenses to maintain the email server:
$16/month – Amazon Workmail (for an email client interface to read the emails sent to my four @isthisphishy.io email addresses)
$1.39/month – Amazon Simple Email Service (for receiving and sending automated emails)
$0.09/month – Amazon Simple Storage Service (for storing emails in the cloud)
$0.01/month – AWS Lambda (for running arbitrary code in a container when an email is sent to isthisphishy.io)
$0.07/month - Amazon Elastic Container Registry (for hosting container images containing the email server code)
$0.01/month - Amazon Cloudwatch and Simple Notification Service (for getting alerts when things go wrong)
Total: $27.99/month
⌛ How I managed my time
I started this app on Monday, April 3. I posted it to Product Hunt on Wednesday, May 17. Total time to launch: six weeks.
The approximate time breakdown of the 6 weeks was spent as follows:
Week 1: Researched which stack I’ll use
Spent time figuring out the cheapest way to send emails (Answer: AWS SES)
Spent time figuring out the cheapest way to make a landing page (Answer: cheap online templates + Cloudflare pages)
Week 2: Took vacation!
Week 3: Made a bare-bones MVP (minimum viable product) to see if the stack would work
Basically, at first I made an AWS Lambda function that responds “Hi” when you send it an email.
Then I added some simple rules.
Week 4: Created a landing page for the website
Competitive research: what products existed and how they marketed themselves.
Came up with a vision for the landing page and found an online template to match it.
Wrote copy for the landing page (which was surprisingly difficult and time intensive).
Week 5: Solicited feedback from beta users (a.k.a. found bugs and fixed them)
At this point, I sent out my beta version to a few close friends and mentors. They found inevitable issues and bugs, so this time was spent addressing those.
Week 6: Added a feature where the email server checks the top one million most popular domains
This feature wasn’t a must-have for launch, so I was torn. Adding it flew in the face of my bare-bones ethos, but I felt strongly that it should be included. In the end, I think I made the right choice here.
💪 Reflection on Productivity
Ever since reading The 4-Hour Workweek, my life goal has been to accomplish as much as possible in as few hours as possible. (Ideally, 4 hours of work per week.)
For the past six weeks, I worked around 5 hours per day, 6 days a week, so I worked a 30-hour week. Certainly, I came nowhere close to Ferris’s 4-hour per week target, but he was selling muscle supplements, and I’m building a web app, so I’ll forgive myself the 26 extra hours.
These are the things I did well productivity-wise that I will continue:
Only do what feels fun on a given day: This philosophy was inspired by advice from my friend Pooja. I always try to have 3 pots cooking simultaneously: blog drafts I’m working on, app code I’m writing, and business activities like tracking costs or signing papers. Some days I wake up and want to work on code, while others, I wake up, and write. To keep myself motivated, I do whatever feels like fun that day. That way, I keep my energy and motivation levels up. (In the spirit of honesty, signing business forms is something I never wake up wanting to do. So I force myself to do that one, but only when I have lots of energy/coffee.)
Use a coworking space: As someone who used to work from home most of the time, splurging on a coworking space has been a game changer. Having a separation of home and work keeps me more motivated because I get time to relax every day when I’m in my “home” space. (And by “relax,” I mean watch Love is Blind.)
Things I could do better next time:
Get to my coworking space earlier: I now realize it takes me about 1.5 hours to actually start coding after I sit down at my computer – after all, there’s Architectural Digest to read, and Harry Styles’ love life to track. It takes a really long time to warm up my brain. I need to just accept this, plan for it, and sit at my desk sooner in the day.
Go straight to the docs: Instead of wasting time watching tutorials on youtube, I wish I’d gone straight to the AWS docs sooner. This was the main AWS tutorial I used for building the MVP of my email server, and I wish I’d started with it. There’s a lot of bad training content on the internet, and I need to ensure I’m using the most trusted online sources. (Yes, this is a jab at ChatGPT.)
Biggest technical learning: Parsing forwarded emails is surprisingly hard 📨
I built my MVP in Python first, only to realize three weeks in that Python does not have any libraries to parse forwarded emails. Different email clients – Gmail, Yahoo Mail, Outlook, etc. – all format forwarded emails in different ways, so it’s actually really complicated to parse something as simple as the “from” sender on a forwarded email. And I didn't want to build a parsing library from scratch in Python – I only had one month! The only code I could find online that could parse forwarded emails for all email clients was written in Javascript: email-forward-parser, which is an amazing library from Crisp. This meant that halfway into this project after I’d built my MVP in Python, I had to rewrite everything in Javascript, which I hadn't coded in since 2019.
The silver lining: being an independent developer allows me to choose my own technical stack, which I’ve never been able to do before. I was able to switch to JavaScript on a dime to best serve my development needs, which was very liberating!
The most valuable way you can help me is by providing feedback and ideas👂
Please comment below.