How consent-gated email works (and why it's free) · GoodSender BlogEmail infrastructure pricing has barely moved in a decade. Mailgun, Postmark, SendGrid, Resend, all per-email, all clustered in a narrow band. The reason isn&rsquo;t bandwidth, and it isn&rsquo;t storage. It&rsquo;s abuse. Most of what an ESP charges you covers the cost of fighting the senders who shouldn&rsquo;t be on the platform in the first place.<br>Remove the abuse, and the price collapses.<br>That&rsquo;s the idea behind GoodSender&rsquo;s Permission Loop. Here&rsquo;s how it works, and why the economics finally let us run the first 100,000 emails a month at $0 and keep the curve flat after that.<br>The shared-pool problem<br>Every sender on a typical ESP sits in an IP reputation pool with everyone else on that tier. One bad actor blasts a purchased list, mailbox providers throttle the IPs, and your perfectly legitimate transactional mail starts landing in spam. You did nothing wrong. You&rsquo;re paying for the worst sender on your tier.<br>ESPs aren&rsquo;t oblivious to this. They staff anti-abuse teams, run heuristics, freeze accounts, review manually. That work is expensive. Per-email pricing is, in large part, a tax on the entire customer base to cover the cost of policing it.<br>The Permission Loop<br>GoodSender flips the order. Before you can send to a recipient, that recipient has to confirm they want your mail. The flow is simple.<br>You call POST /v1/emails/consent with the recipient&rsquo;s address.<br>We send a short, high-reputation consent email with approve and reject buttons. The link is signed, so the sender can&rsquo;t forge it.<br>Once the recipient clicks approve, that address is unlocked across your workspace. Sends go through instantly, from any API key in the workspace.<br>If they click reject, the address is suppressed. The original consent email stays live, so they can change their mind later and lift the suppression themselves.<br>If they never click, every send to that address is discarded inside GoodSender. Approve is a hard gate, enforced at the API.<br>Transactional templates (MFA Enrollment, New Device, Login, Order Completed, OTP Code) bypass the gate, because they&rsquo;re already implicitly requested by the recipient&rsquo;s own action. Transactional sends don&rsquo;t change consent state. They only fail if the recipient has explicitly clicked reject.<br>The Engagement Check keeps permission honest<br>A permission granted today isn&rsquo;t permission granted forever. We track opens, clicks, bounces, and complaints per recipient, aggregated into a live engagement score. Six months without engagement triggers an automatic re-permission ping. No response, the recipient drops off.<br>Unsubscribes and spam complaints are suppressed instantly across the entire workspace. No API key in that workspace can mail those addresses again, regardless of which engineer or which integration tries.<br>Permission is a snapshot. Engagement is the proof it&rsquo;s still real.<br>Why this lets us be free at the volumes most senders need<br>Permission-gated mail, by construction, has almost no abuse surface.<br>Purchased lists don&rsquo;t work, because the recipients haven&rsquo;t opted in to your sending domain.<br>Cold sequences don&rsquo;t work, because you can&rsquo;t email someone who hasn&rsquo;t confirmed.<br>There&rsquo;s no long-tail decay, because dormant recipients get pruned.<br>If abuse is structurally prevented, anti-abuse cost trends toward zero. Deliverability stays high without a fire-fighting team. The IP pool runs at unusually low complaint rates by design, and the marginal cost of a sent email, on infrastructure already serving the world&rsquo;s largest senders via Laneful, drops to roughly the cost of running the pipe.<br>That&rsquo;s why the first 100,000 emails a month, including consent requests, transactional templates, and marketing sends to consented recipients, cost $0. One bucket, no per-type splits, no tiered accounting. Beyond 100K it&rsquo;s $1 per additional 100,000. No subscriptions, no tiers, no credit card to start. The curve stays flat: roughly $9 a month at one million emails, $99 a month at ten million.1<br>100,000 emails a month is about 3,300 sends a day, more than most SaaS apps and small or mid-sized businesses ever reach. For the majority of senders, the bill stays at $0 forever.<br>What this changes for senders<br>For indie developers, solo founders, and AI startups building agentic workflows, the time you used to spend on IP warmup, suppression lists, and deliverability tickets becomes a config call. Domain verification takes about five minutes. DKIM, SPF, and DMARC get configured automatically.<br>This isn&rsquo;t built for marketing teams running mass-broadcast campaigns. It isn&rsquo;t built for cold-outreach teams. It&rsquo;s built for makers and builders who want every recipient to be someone who actually asked.<br>Who this is for<br>The Permission Loop isn&rsquo;t a feature you can A/B test against an open rate. It&rsquo;s a constraint. It rules out workflows...