Show HN: I made a MailChimp alternative that connects to your database (cc.dev)
The idea for this product came from trying to do email marketing for my side project, CubeDesk, a site where Rubik's Cube enthusiasts can time themselves, race with one another, train algorithms — it's a fun niche!
With over 40k users, sending even a single campaign was becoming expensive with MailChimp. I knew AWS SES would be much cheaper, but it’s just an API with none of the other necessities you need for a robust email marketing platform.
Beyond cost, I was also frustrated with having to make sure my database was always in sync with MailChimp and the audience schema they enforced. If I wanted to email every user who had completed 10 solves, that would be a whole ordeal and eat up hours of my day.
So, I started (and am now launching):
cc.dev connects directly to your database and lets you write SQL queries to target your audience. It's backed by AWS SES, so the cost to send emails is significantly less than what you're used to seeing. Combined with a template builder, media management, and campaign monitoring, cc.dev is meant to be your final destination whenever you need to send marketing emails to your users.
Would love to hear your feedback on this! If you're interested in trying out cc.dev as your email marketing platform, shoot me an email and let's have a chat: kash at cc.dev
102 comments
[ 2.9 ms ] story [ 173 ms ] threadMany, if not all databases are not public accessible, nor should they ever be. Asking people to open their database up to you, sketchy and dangerous.
You better have one hell of a security team to ensure youre locked down tighter than a ducks ass. Look at how many data breaches there have been, even in the past year.
The solution is to either make an SDK or API as already suggested by others, and giving customers endpoints to manage their lists.
Having said that, it's totally understandable that some orgs won't want do open up their db. The idea with going open source would be that they can host the platform in their VPC so that their data is never leaving the premises.
Not against having an SDK or API at all, but I would need to think about would work because the whole syncing issue is one that I'm focused on addressing here.
That being said, self hosting doesnt solve all issues.
You, and whoever uses this product, will need MANY IPs because of blacklisting and throttling limits applied almost worldwide to all mail servers. Theres a reason why the marketing spam hosts have their own /24 or /25 and have 80% of them cycling through usage as a mail sender.
Im not knocking your want to have something better than MailChimp and the like, but i feel like you didnt really dig into the real underlying tech and security before you went to work on this.
At that point id just configure SES outright and not even use this solution. Most other services use direct mailing from their own servers
As others have mentioned, there are security issues here that would be a non-starter for me. Even just having to open a database to the open internet for an external service to connect to is too much, even if I trusted that service completely.
Self-hosted fixes these issues since outbound traffic can be locked down so only connections to SES are allowed, and no databases have to be exposed to the internet.
However, many people will also not want more than 1 service talking directly to a database for a few reasons:
1. Databases are often a single point of failure. A bad query can take down a whole service. Allowing queries that don't pass code review can be dangerous here, even if it's locked down to be read-only. This can be mitigated by talking to replica databases, but that's more setup.
2. Migrations on data that is accessed directly from multiple services becomes harder. Many server frameworks handle data migrations, and they assume ownership of the data. These frameworks cannot account for other services and cannot make sure the queries will continue to work. This is less of an issue if the query is a one-off though.
3. Having multiple services talk directly to a database pushes all the security, data validation and processing to the database. Many developers (myself included) prefer to keep database configuration as simple as possible since they are already complex.
Anyway, sorry for the long post, but I thought my experience might be useful in developing this! Generally, I'd love to see a simple, self-hosted MailChimp. Especially one where I could keep all the configuration in version control.
https://support.mailchannels.com/hc/en-us/articles/456589835...
Since you're here, how would you say you compare vs them or say sparkpost? I looked for comparisons on your site but I wasn't able to find anything.
Especially in startups, this is super annoying process. Say I want to test out a feature with 100 random users who have done XYZ before. Right now I have to do a SQL query, export that to a CSV, import to MailChimp, send.
[1] https://github.com/tylermaran/pigeon
Could you explain why this was such a problem?
It would seem like this (API to submit data) is the sensible way to balance the cost against the security concerns raised in the other comment.
Does mean engineering and sync issues which your solution does address in an interesting way.
Personally, I find this really intriguing and think it would be much better for data security because it would be far less likely that they will have my customers’ email addresses lying around their database months or years after I cancelled the service.
I assume the difference would be that having your database exposed presents additional surface area for attacks. A rube-goldberg style setup probably presents its own risks, but personally I just use AWS SES for my transactional/marketing emails and it's a one-way pipe that doesn't present any significant risks as far as I can see.
The top thing that comes to mind is creating a separate ‘read replica’ DB that logically replicates target table(s) from the source DB, creates a materialized view with a subset of the replicated data in the replica db, and then exposes only the materialized view to a specific 3rd party user.
That way you:
1) Run your primary db in a private subnet — addressing your concern with ip whitelisting
2) Run the replica in a public subnet with extremely limited access(ip-whitelisting and limited access controls to data).
This is definitely a more complex setup to reason about and creates more moving parts that can fall out of sync, but it does greatly decrease the blast radius of a breach, and for some orgs, that may be a worthwhile trade-off. In my opinion, the OP would probably benefit from some basic security walkthroughs on these different implementations to help engineering teams get onboarded/make a better case for their solution if they hit friction with legal or security teams.
Your private IP database isn’t unhackable either. A simple phishing attack can probably get someone’s VPN creds a nonzero percentage of the time.
So again, I'm not saying you're wrong in that this might be a bad security practice, but OP is not alone in taking this approach and many SaaS vendors are seeing success and getting users because of it. So OP is going down a trodden path.
Email marketing cheaper is a great attention grabber: kudos for the good copywriting.
Step 1: Link to AWS SES... humm, for that your target audience must be tech-savvy.
Step 2: Query your database... humm, linking my database to a strange system? No freaking way! But assume for an instant that this would be ok. For this, your target audience again must be tech-savvy.
Step 3: Create an email template using MJML... again, for tech-savvy people, not for the average digital marketeer...
Step 4: Review and send... ok, pretty basic..
English -> SQL. Here you got me confused. For steps 1, 2 and 3, your audience must be tech-savvy. This feature doesn't make any sense for tech-savvy people. It only makes sense for the average marketeer in a small team (or solopreneur) who doesn't know SQL. But this guy would never get through steps 1, 2 and 3!
See my point?
A tech-savvy person in a tight budget would develop his own solution. Imho, not your target.
An average digital marketeer or solopreneur who doesn't know how to code and is in a tight budget could be your audience. But for that, steps 1-3 must be no-code/for dummies.
The greatest thing about the idea is "email marketing cheaper".
1. is tech-savvy and runs an app/service with a bunch of users
2. has tried existing emailing platforms and feel that they're too expensive
3. wants full freedom of who they target their emails to
A tech-savvy person could make their own solution, and that's what I wanted to do with my site CubeDesk, but it's surprisingly difficult and time-consuming, which gave me the idea for this service.
The English -> SQL thing is just a fun feature I added since I'm excited about LLMs. Comes in handy for folks who aren't SQL experts (like me).
Totally agree on the security concerns. That seems to be the main feedback in this thread and will be my main focus going forward!
Re: non technical users, one idea would be an ability to save “audiences” using smaller SQL queries, that way non-technical collaborators could easily send a campaign to a well-defined group of users, and update the group definition once instead of across all your emails.
If you could infer the structure of the connected database automatically and control which tables are visible in the product, people might find that really helpful too (check out Metabase as an example product that does a great job at querying data sources with UI and raw SQL)
That said I think this is an interesting niche to be in, because I think there are some customers out there who don’t need the technical hand-holding of other marketing platforms.
While they are the market leader in marketshare, they're losing marketshare rapidly. [1]
Now that they're owned by Intuit, I only expect the product to get worse.
OP's product seems to allow you to get more specific about segmentation, which is something that a rapidly growing MailChimp competitor Klaviyo seems to excel at, as an example. [2]
Here's more discussion about email marketing automation, it seems as though there are a lot of choices: https://www.reddit.com/r/Emailmarketing/comments/wriew9/best...
I know this is probably no more than a side project for OP, but if I was in their shoes I probably wouldn't have started building this kind of thing myself if I hadn't tried at least 3 other alternatives. Email marketing/marketing automation is a very deep specialty, so I think you have to really be sure that there's nothing suitable off the shelf before you wade into building your own solution. I feel like it's not much different than building your own database for your application. I would want to be really sure that there isn't one already out there that fits my needs before building my own.
[1] https://www.emailtooltester.com/en/blog/mailchimp-market-sha...
[2] https://www.reddit.com/r/Emailmarketing/comments/apu08p/klav...
Good luck with it @kashnote
Congrats on EmailOctopus; it looks like a nice product!
Welcome to customer service hell.
And the inevitable competitor who will do it cheaper. If all that differentiates you is low price, good luck.
Have you looked at something like https://grapesjs.com/ for templates?
What data about my users would be stored in your database, vs my database?
As for the data question, when you create a campaign, the following gets stored for each email that will get sent:
- email address - JSON blob of the required variables that exist in the subject and body of the email (ex: {first_name: "John"}
That's pretty much all the data that will be stored in our database which is sourced from your database. This data is stored for 30 days then removed, but I'd like to make this be configurable.
My SES is already setup. I have templating for emails already. I can query my DB using my ORM without grant additional access. I guess I get the benefits of your UI for monitoring.
I'm really not sure if the net positive is large enough for me to consider the solution.
I don’t even like MailChimp but there’s a real reason to use an app like them/similar. They help you not screw up "all of that" is complicated.
Typically via ReturnPath. It’s basically a scam, but everyone pays for it.
Lots of really good stuff going on here, a few bits of feedback, ideas, etc, and also responding to some of the comments in other threads.
* The quick explanation of how this works is pretty strong, but I think the differentiator/value over other services maybe isn't called out as well. To me, this seems pretty clearly ideal for smaller teams all in on JAMstack/serverless with a lean stack that don't/won't have an easy place to create an automated process for synchronization, and are more likely to be using a planetscale/supabase/neon where this model is more attractive. I would suggest adding some of that info, not only to help target customers better recognize the value prop, but also help discovery via SEO.
* While the landing page gives a good overview, as a dev, before I sign up, I want more details of how it works, more complete examples, etc. For SaaS apps targeting the general market, after landing/product pages,the most visited pages are generally use cases, success stories, industry specific info, etc. But from my experience and talking with many others, for dev audience, docs are the next thing people visit (if they aren't ready to sign up). You don't need every doc at once, but things like a quick start guide, concept overview, feature overview, etc can all be high value docs that you generally need anyways for your first customers
* With docs, you can better address and explain the security side of things. I would do less on the landing page in regards to security and push that to more in depth detail in the docs. Talk about best practices of creating a read-only user. Create guides for most popular db vendors, etc
* As has already been mentioned, you will get concerns about any access to the db and "why not an API". I think these commenters are right that this will be a deal breaker for many companies, but I don't agree that you want an API. Not only because I think that reduces some of the value prop but also because then you would need to store customer data. I obviously don't know what you are storing today, but I would think that this model could have a big advantage if you didn't need to store any PII data in cc.dev. The complexity of dealing with compliance and regulatory requirements is no small part of why something like MailChimp is expensive is that burden. I don't know if this is something you currently consider a value prop (or if you have engineered to support this)... But I certainly would :)
* To address the reality of private dbs/giving access to a db, I would look at potentially implementing an agent. This agent would then run the queries (still provided by the user) and just-in-time deliver the results when needed. Getting the model of this right that works across different companies view of security will mean this is probably best to do with a handful of potential customers.
* As far as deployment and monetization model... I would only open source it if you are giving up on commercialization or if you can open source a subset that can be useful enough to build a community. Once again, returning to JAMstack, maybe solve in open source (but integrate) some problem unique to those teams. As far as a paid self-hosting, given that this seems like a one man show, I would resist it. Trying to do SaaS and support of self-hosting is rough, even for well funded VC backed teams..
Quite a bit here, but if you want follows up on anything, my email is in profile or will reply to comments.
Congrats again and hope it goes somewhere :)
Hm interesting point on the open sourcing and monetization. I've been thinking a lot about this and still not sure if it's wise to open source it. I definitely want to generate revenue from this. Perhaps going open source would be detrimental to that.
* Can you shepherd a community, that will have issues with self-hosting, prs, bugs, etc AND do all the stuff needed to run a company (once again, assuming one person show here)
* By going open source, you now are also "competing" with other OSS projects, which may drive toward features that don't drive value on commercial side. You may also find that the core value prop just doesn't translate well to open source, for example, if the target is JAMstack teams and you can't run this on vercel, cloudflare, fly, etc
* I think the most successful open projects like this tend to be something that is a segment only really solved by proprietary companies. For example, workflow automation like Zapier built a novel model and led to open source with hosted version projects like n8n to replicate that, with many people offering that as a service inside their company. I think "open source MailChimp" isn't a bad play, but I don't know if that is really what you are doing, so it is hard to say if open sourcing would led to sales or to useful software that no one wants to pay for
this stuff is so critical that people will not use anything other than mailchimp. if you want to disrupt this space...disrupt this part of the product.
second biggest feature - support for Liquid templates. https://dripemailtemplates.com/tutorials/liquid-templates-gu...
I'd be interested in running a cronjob with my custom SQL and sending you a batch payload to process the emails.
Currently paying $25 to send 250,000 emails with sendy.co for years. Also using Amazon SES. no monthly fees just pay for what you use plus one time cost of sendy.
I don't quite get it.
- stores the templates
- selectively runs campaigns and tracks open rates etc
- create campaigns, see how many users are in there, have a safeguard before you hit "send"
- actually a nice interface.
Let's assume the "open my database to the internet" is not a dealbreaker, then this tool gets your development cost of 1-8 weeks (depends on how big the code base is) down to a 19 USD / m. Depending on where you hire / how much your time is, your opportunity cost of several thousand dollars for the feature are now much smaller.
I think there's a niche but strong case for this.
[edit: typo]