[Edit: Resolved now] Important: IndiePitcher got attacked by a spammer and sending of emails does not work
Jan 6, 2025
Update on January 18th, 2025
Great news, our access to AWS SES has been restored, and sending emails will be re-enabled in a few days after we triple-check all possible scenarios of how spammers could abuse the infrastructure.
—-
Hi, this is Petr, the founder of IndiePitcher.
IndiePitcher was attacked by a spammer who created multiple accounts, purchased a pro subscription, and started sending spam emails through the SMTP proxy feature.
I noticed what the spammer was sending through the first account they used pretty much immediately, but a combination of naively thinking that some of their other accounts were a spike of legit users, being in a car driving for 300 kilometers, and the lack of more sophisticated spam detection heuristics at the time (implemented now) caused around 6,000 spam emails to be sent to mostly French email addresses before I managed to ban the spammer fully. I’m deeply sorry for this incident and have certainly learned my lesson there.
What happened next was AWS suspending the ability to send emails through their SES service, on which IndiePitcher is built. Any follow-up appeal to unblock sending in any of the AWS regions has been denied as of now.
I fully understand AWS pausing IndiePitcher’s access to SES to protect the reputation of their sending infra. The only thing I’d argue is that getting what I can only interpret as a permaban for IndiePitcher after just a single incident is a bit too harsh. There are other services similar to IndiePitcher in one way or another, they’re all great products with extremely talented people behind them and the last thing I’d want to do is to bad-mouth them, but they’d face similar or even the same situation, and AWS would restore their access to the SES infra. This is all I’m asking for, but being just a side project without having someone like Y Combinator behind my back, it’s not easy go anyone at Amazon to talk to me.
[This has been resolved] If you think that you could help, please reach out to me at petr@indiepitcher.com or through any other channel. The case id is 173541266400509.
What’s next for IndiePitcher
IndiePitcher will be made open-source and self-hostable. This is something I’ve been planning to do for quite some time, this incident just gave it a higher priority. The front end is a React app using Refine and the backend is written in Swift using the Vapor framework. When open-sourced, both codebases will I believe serve as some of the more complex examples using the mentioned frameworks if nothing else.
I’ll share more updates as soon as I have them, hopefully through the email.
Best,
Petr