How to build and maintain momentum in your fundraising process

Momentum is the single most important factor that helps startup founders raise capital.

In 20+ years of working to connect founders with potential investors, I’ve learned that there’s a direct correlation between the speed of your fundraising process and the probability of actually getting funded.

Startup investors are incredibly smart people who eat, sleep and breathe these kinds of investments. The best investors are pros at sensing whether a deal has momentum or not — or worse, whether a deal has gone stale.

When you’re raising venture capital for your startup, you will have to hustle like you’ve never hustled before. As CEO, your primary job is building and maintaining momentum for your investment deals.

Once you have set up and organized your fundraising funnel, it’s go time.

Check out these tips for creating momentum in your next fundraising round:

Great hack for asking for email introductions

Asking for introductions to your target investors is one of the best places to concentrate your efforts at the beginning of a round. If done well, these email intros can get the ball rolling quickly.

The trick is to make it as easy as possible for your connector to do their job.

Before you send your first email, map out mutual connections between you and your target investors. You may find that you have some “power connectors” in your network — people who are already in touch with several of your targets. Put these people at the top of your list.

If your go-to-market slide raises eyebrows at a couple of meetings, it’s time to try a different tact.

Reach out to your connector with a brief email that says something like: “Hey, I’m raising money and I see you’re connected to these investors on my target list. Do you know them well enough to make an intro?”

After your connector responds with a list of introductions they’re willing to make, here’s the best way to help them help you:

  • Start a clean email thread to your connector — one for each target investor.
  • Write a clear subject line: “[Connector], can you introduce me to [target investor]?”
  • At the end of the subject line, include at-a-glance info about your company: company name, the funding round + the single most exciting data point about your business
  • Keep the email body very short. Investors get dozens of these emails a day, so keep yours to four to five sentences:
    • Use one sentence to say what your company does and link to your website.
    • Reiterate that you’re fundraising, and ask for the intro.
    • Mention any connections you may have with the investor (Universities, past employers, etc.)

Glossier just laid off one-third of its corporate employees, mostly in tech

Glossier, the popular beauty brand led by former blogger Emily Weiss, let go of 80 of its corporate employees today, according to an internal email obtained by Modern Retail. The cuts, which amount to around one-third of Glossier’s corporate workforce, will primarily impact the company’s technology team.

“[W]e are shifting our technology strategy to leverage external partners for parts of our platform that we’re currently maintaining internally,” Weiss wrote in the email announcing the layoffs to staff.

The email recounts some of the company’s recent mistakes, including prioritizing strategic projects that “distracted” the company from its core beauty business and that executives “got ahead of ourselves on hiring.”

The tech team layoffs are notable for a beauty retailer that has often described it as a technology company. In numerous interviews throughout the past two years, Weiss and other executives have emphasized the company’s focus on its direct-to-consumer online shipping model and obsession with iterating the customer experience based on feedback.

The company built its own point-of-sale system and commerce APIs in-house, allowing them to deliver a “seamless” customer experience, former Glossier CTO Bryan Mahoney said in 2018.

Founded in 2014, Glossier is widely touted as one of the earliest breakout successes of the DTC model, and raised its Series E last July at a $1.8 billion valuation from Lone Pine Capital, Sequoia, Forerunner Ventures, and others. E-commerce sales typically account for 80% of Glossier’s revenue, the Business of Fashion reported last July. 

Despite its fundraising success, Glossier’s ascent has oftentimes been far from smooth. The company laid off its entire retail staff and closed all its physical locations, including its flagship New York City store, in August 2020. It also grappled with the fallout from an open letter written by some of its employees of color sharing their experiences of enduring racism from managers in its stores, prompting a public apology from Weiss.

Nearly a year later, the company seemed to change course on its decision to double down on e-commerce alone, saying it planned to use the Series E funding to open three new permanent physical stores in Seattle, Los Angeles, and London – as well as reopen its New York City location. It hoped to use the retail locations to build brand awareness and encourage customers to create content, areas Glossier became well-known for in its early days through its distinctive, millennial-pink aesthetic and clever use of social media marketing.

The company’s website currently says customers should “stay tuned” for more retail store openings this year.

Dyspatch helps companies create emails you’ll actually want to open

Some marketers believe that to make more money, you have to send more emails, which Matt Harris, founder and CEO of Dyspatch, refers to as the “law of email.”

“All of those emails are leading to a decline in open engagement rates,” he told TechCrunch. “In addition, there is a new generation entering the workforce that isn’t email centric, and is having to learn how to email.”

Most marketers don’t take courses on email marketing, rather it’s a skill learned on-the-job, Harris added. As time goes on, people get to a point where they create their own designs and copy and paste lines of code into whatever email system they are using.

With the advent of multiple tools and resources for sending out email, it has become a challenge as people have to learn how to use different ones and the code they relied on doesn’t always work.

Harris started off with a solution called Sendwithus in 2018 that was a developer product in the email space. Later on, he and his team identified email production as a big problem and pivoted to become Dyspatch to bring a more drag-and-drop approach to designing emails. The company’s email production tool essentially takes the tips and tricks from people designing email well and makes it widely accessible.

Dyspatch is leveraging Google’s AMP for Email to launch its interactive email product, called Apps in Email, last year that makes implementing the AMP email elements simpler for non-technical users.

The tool is now being used by more than 300 customers, including Canva, which uses AMP emails to boost engagement with comment reply notifications.

“Dyspatch has massively reduced the hours our team spends on creating emails, which has allowed us to really scale our content production,” said Megan Walsh, global head of lifecycle marketing at Canva, in a written statement. “We’re producing over 20 emails a week, and the platform ensures every single one is on-brand, localized and responsive, without any engineering effort. It’s also allowed us to implement interactivity with AMP comment reply emails. The Dyspatch team was so supportive and collaborative on that project, and it’s been a huge success with our users.”


Dyspatch’s booking demo. Image Credits: Dyspatch

Dyspatch is already able to prove out that brands see a 500% increase in email engagement and 300% increase in email conversions after developing fully functional interactive AMP email campaigns, Harris said.

The company is now at the point where it is scaling its go-to-market and technology teams to support new customer growth, and raised $6 million in seed funding to help. Gradient Ventures led the round, with participation from Initialized Capital, Baseline Ventures, Blue Run Ventures, Scott Banister and VanEdge Partners. This is Dypatch’s first round of funding, but together with its previous company, they raised $11 million in total.

Dyspatch also plans to use this round of funding to further integrate with email service providers, like Oracle Eloqua and Salesforce Marketing Cloud, to make sure that users will be able to facilitate a seamless email workflow no matter which resources they use to send email.

The company focuses on how many people are using the app, and its customer base more than doubled in the past year. One of the repeated patterns Harris is seeing are customers coming back each year and adding more users. For example, one of its marquee customers initially bought 10 user seats in the first year of the contract, but within six months grew that by 10 times.

Next up, the company is taking steps to open up its technology to third parties and to build some of the features customers have been asking for, like calendar booking in email.

“Today we are building out the building blocks for apps, surveys and approval apps, but our DNA is an engineering company, so we want to build a marketplace so that third parties can build apps on our marketplace,” Harris added.

Flowrite is an AI writing productivity tool that wants to help you hit inbox zero

When TechCrunch asks Flowrite if it’s ‘Grammarly on steroids’, CEO and co-founder Aaro Isosaari laughs, saying that’s the comment they always get for the AI writing productivity tool they’ve been building since late summer 2020 — drawing on early access to OpenAI’s GPT-3 API, and attracting a wait-list of some 30,000 email-efficiency seeking prosumers keen to get their typing fingers on its beta.

The quest for ‘Inbox zero’ — via lightning speed email composition — could be rather easier with this AI-powered sidekick. At least if you’re the sort of person who fires off a bunch of fairly formulaic emails each and every day.

What does Flowrite do exactly? It turns a few instructions (yes you do have to type these) into a fully fledged, nice to read email. So where Grammarly helps improve a piece of (existing) writing, by suggesting tweaks to grammar/syntex/style etc, Flowrite helps you write the thing in the first place, so long as the thing is email or some other professional messaging type comms.

Email is what Flowrite’s AI models have been trained on, per Isosaari. And frustration with how much time he was having to spend composing emails was the inspiration for the startup. So its focus is firmly professional comms — rather than broader use cases for AI-generated words, such as copy writing etc (which GPT-3 is also being used for).

“In my previous work I knew that this is a problem that I had — I’d spend several hours every day communicating with different stakeholders on email and other messaging platforms,” he says. “We also knew that there are a lot more people — it’s not just our problem as co-founders; there’s millions of people who could benefit from communicating more effectively and efficiently in their day to day work.”

Here’s how Flowrite works: The user provides a set of basic (bullet pointed) instructions covering the key points of what they want to say and the AI-powered tool does the rest — generating a full email text that conveys the required info in a way that, well, flows.

Automation is thus doing the wordy leg work of filling in courteous greetings/sign-offs and figuring out appropriate phrasing to convey the sought for tone and impression.

Compared to email templates (an existing tech for email productivity), Isosaari says the advantage is the AI-powered tool adapts to context and “isn’t static”.

One obvious but important point is that the user does also of course get the chance to check over — and edit/tweak — the AI’s suggested text before hitting send so the human remains firmly the agent in the loop.

Isosaari gives an example use-case of a sales email where the instructions might boil down to typing something like “sounds amazing • let’s talk more in a call • next week, Monday PM” — in order to get a Flowrite-generated email that includes the essential details plus “all the greetings” and “added formalities” the extended email format requires.

(Sidenote: Flowrite’s initial pitch to TechCrunch was via email — but did not apparently involve the use of its tool. At least the email did not include a disclosure that: “This email is Flowrittenas a later missive from Isosaari (to send the PR as requested) did. Which, perhaps, gives an indication of the sorts of email comms you might want to speed-write (with AI) and those you maybe want to dedicated more of your human brain to composing (or at least look like you wrote it all yourself).)

“We’ve built an AI powered writing tools that helps professionals of all kinds to write and communicate faster as part of their daily workflow,” Isosaari tells TechCrunch. “We know that there’s millions of people who spend hours every day on emails and messages in a professional context — so communicating with different stakeholders, internally and externally, takes a lot of work, daily working hours. And Flowrite helps people to do that faster.”

The AI tool could also be a great help to people who find writing difficult for specific reasons such as dyslexia or because English is not their native language, he further suggests.

One obvious limitation is that Flowrite is only able to turn out emails in English. And while GPT-3 does have models for some other common languages, Isosaari suggests the quality of its ‘human-like’ responses there “might not be as good” as they are in English — hence he says they’ll remain focused there for now.

They’re using GPT-3’s language model as the core AI tech — but have also, recently, begun to use their own accumulated data to “fine tune it”, with Isosaari noting: “Already we’ve built a lot of things on top of GPT-3 so we’re building a wrapper on it.”

The startup’s promise for the email productivity tool is also that the AI will adapt to the user’s writing style — so that faster emails won’t also mean curtly out of character emails (which could lead to fresh emails asking if you’re okay?).

Isosaari says the tech is not not mining your entire email history to do this — but rather only looks at the directly preceding context in an email thread (if there is one).

Flowrite does also currently rely on cloud processing, since it’s calling GPT-3’s tech, but he says they want to move to on-device processing, which would obviously help address any confidentiality concerns, when we ask about that.

For now the tool is browser-based and integrates with web email. Currently it only works for Chrome and Gmail but Isosaari confirms the team’s plan is to expand integrations — such as for messaging platforms like Slack (but still initially at least, only for the web app version).

While the tech tool is still in a closed beta, the startup has just announced a $4.4 million seed raise.

The seed is led by Project A, along with Moonfire Ventures and angel investors Ilkka Paananen (CEO & Co-founder of Supercell), Sven Ahrens (director of global growth at Spotify), and Johannes Schildt (CEO & Co-Founder of Kry). Existing investors Lifeline Ventures and Seedcamp also joined in the round.

What types of emails and professionals is Flowrite best suited for? On the content side, Isosaari says it’s “typically replies where there’s some kind of existing context that you are responding to”.

“It’s able to understand the situation really well and adapt to it in a really natural way,” he suggests. “And also for outreaches — things like pitches and proposals… What it doesn’t work that well for is if you want to write something that is really, really complex — because then in order to do that you would need to have all that information in the instructions. And then obviously if you need to spend a lot of time writing the instruction that could be even close to the final email — and there’s not much value that Flowrite can provide at that point.”

It’s also obviously not going to offer great utility if you’re firing off “really, really short emails” — since if you’re just answering with a couple of words it’s likely quicker to type that yourself.

In terms of who’s likely to use Flowrite, Isosaari says they’ve had a broad range of early adopters seeking to tap into the beta. But he describes the main user profile as “executives, managers, entrepreneurs who communicate a lot on a daily basis” — aka, people who “need to give a good impression about themselves and communicate very thoughtfully”.

On the business model front, Flowrite’s initial focus is on prosumers/individual users — although Isosaari says it may look to expand out from there, perhaps first supporting teams. And he also says he could envisage some kind of SaaS offering for businesses down the line.

Currently, it’s not charging for the beta — but does plan to add pricing early next year.

“Once we move out of the beta then we’ll be starting to monetize,” he adds, suggesting that a full launch out of beta (so no more waitlist) could happen by mid 2022. 

The seed funding will primarily be spent on growing the team, according to Isosaari, especially on the engineering side — with the main goal at this early stage being to tool up around AI and core product.

Expanding features is another priority — including adding a “horizontal way” of using the tool across the browser, such as with different email clients.

Demand Curve: How Zapier acquires customers via its homepage

Your startup’s homepage should accomplish two things well: (1) Clearly explain exactly what you offer and (2) Convert visitors into active prospects.

If visitors leave confused or your website isn’t able to convert, allocate the resources to fix it before worrying about marketing.

When building your startup’s website, start by getting inspiration from the websites of established companies in your industry. Why? Because larger companies will have the resources to test and optimize their website to convert, saving you the need to do figure it all out yourself.

This post is going to tear down the homepage of Zapier, a SaaS platform that now has millions of customers and integrates with over 3,000 apps.

This teardown covers all the key sections of Zapier’s homepage so that you can apply the conversion tactics and copywriting strategies to your startup’s homepage.

Grab attention early with these three tactics

The above-the-fold (ATF) section of a homepage is the first section users see before they begin to scroll. It’s important that you nail this section, because if it’s not compelling, the rest of your landing page won’t be read.

Zapier’s ATF section has three pieces that we’ll dive into individually: header, subheader and a call to action.

Zapier's above the fold section

Image Credits: Demand Curve

A descriptive header with no jargon

The purpose of the header is to explain what your startup does and why it matters. It needs to be easy to understand at a glance. One of the biggest mistakes we see startups make is trying to make their header clever. Opt for clarity, not cleverness if you care about getting customers. The best headers can accomplish this in about 10 simple words.

Zapier explains what their product does in three words: “Connect your apps.” Then, they explain why it matters in two words: “Automate workflows.” The implication is that you’ll save a lot of time if you use Zapier.

Help TechCrunch find the best growth marketers for startups.

Provide a recommendation in this quick survey and we’ll share the results with everybody.

When crafting your header, start by writing at least 10 variations and share them with friends and colleagues who don’t work in your industry. Your header should be simple enough that anyone can understand what you sell. Avoid industry jargon unless it’s a primary competitive advantage.

It's imperative to use a descriptive header with no jargon

Image Credits: Demand Curve

A subheader that describes the transformation your customers go through

The header and subheader should complement each other. The header explains what you do, while the subheader explains how you do it.

The less information you ask your visitor to provide, the higher the conversion rate will be.

The subheader should add credibility to the claim made in the header by explaining how your company will accomplish the promise of the header. Explaining how it works is critical for conversion so that visitors know you have a real solution to their problems that has been thought through.

Again, avoid technical jargon in the subheader. You’re trying to pique your reader’s interest, not pitch to them.

Google brings AppSheet automations to Gmail, Jira support to Chat and Spaces

Google today announced a new feature for its AppSheet automation service that will allow developers on its no-code platform to create custom apps and automation that can interact directly with Gmail. By leveraging dynamic email, developers can now build applications that users can trigger and execute right from inside their Gmail inbox — and while that has been the promise of dynamic email since Google announced it in 2019, we haven’t seen all that many developers really make use of these capabilities yet.

With this, an AppSheet developer could now build an approval workflow or asset management system that users can update right from within an email, for example.

Praveen Seshadri, the CEO and founder of AppSheet who sold the service to Google in 2020, noted that this is a small but important step in the service’s overall mission to enable more users to convert their idea into working software — and to help those developers (or “creators,” as he likes to call them) reach their users where they are.

“What we’re in the process of doing is saying, ‘how do we let people who are what we call creators — people with ideas of how to make things run better or automate things, and so on — build those things?’ Traditionally, there were apps, but of late, we’re trying to say, ‘how do we integrate that deeper into the experience of those end users?’ That’s what developers have been doing for a while with the workspace platform and now we’re broadening that to the non-developers,” Seshadri said.

Image Credits: Google

Typically, it’s the business users who are the closest to the business problems, so as Seshadri noted, they are also usually the ones who know what they want from an automation solution like this. And while they may not be able to code themselves, Seshadri argues that AppSheet’s focus on a declarative approach lets users focus on outcomes and not the “insanely tedious steps to achieve those outcomes.” But he also noted that in most businesses, no-code users and traditional engineers work together. Somebody has to build and maintain the database that the no-code application sits on top of, after all.

On top of broadening the capabilities of the AppSheet platform, though, the current focus for the team is on how those efforts are consumed by end users.

“Traditionally, if you’re building applications, you got to go to the application and do something there,” Seshadri said. “I’ve got to do an expense report. I’ve got an expense report application, a web web page or something And I do that. And then I have to do something with recruiting, I go to that application. We tend to transform your context in all these places. What we’re doing now is taking AppSheet applications built by creators and bringing them into your Gmail, so that the users can stay in the context they are in and the work comes to them, the application comes to them.”

He noted that Gmail is an obvious starting point inside of Google Workspace, though the overall goal is to meet the users where they are so they can stay within their current work context as much as possible.

Image Credits: Google

In this context, it’s also worth noting that Google is also launching a new integration with Atlassian today that brings a Jira integration to Google Chat and Spaces (formerly called “Rooms”). With this, users will be able to create new Jira tickets right from Chat and Spaces, see previews of their tickets and track active issues. That is pretty much a capability that users of Slack and Microsoft Teams already have access to, so in many ways, Google is simply filling a gap in its tool chest here.

“Modern work requires people to switch contexts and tools faster than ever before,” said Joff Redfern, chief product officer, Atlassian. “We believe an open ecosystem and tight integrations among the tools that users rely on every day is vital to their success. Since 2017, our Trello integration with Gmail has been installed by more than 7 million people. Today, we are excited to build on the partnership between Atlassian and Google to propel work collaboration further with the integration of Jira with Google Chat and Spaces.”













Image Credits: Google


Amazon will allow U.S. Prime members to send gifts using only an email or phone number

In preparation for the holiday shopping season, Amazon today convenient a new way to send gifts through its mobile app. Instead of entering in the recipient’s mailing address — a piece of information people often don’t know in today’s age of digital communications — Prime members can now send a gift to a friend via their phone number or email address.

The feature works by offering an alternative to entering in a delivery address at checkout. If you don’t have someone’s address, you’ll be able to select a new option that says, “Let the recipient provide their address.” You then enter in the person’s email address or mobile phone number.

When checkout is complete, the gift recipient will then receive either an email or text, depending on what information you provided, that lets them accept the gift by providing Amazon with their preferred delivery address from their own Amazon account. They also have the option of exchanging the item in question for an Amazon gift card of the same amount — something that’s possible because the gift-giver selected the “add a gift receipt” option at checkout. This exchange can be done without notifying the gift-giver, of course, just as in real life. And because Amazon showed the recipient what was purchased, they can still say thank you for the specific gift that had been picked out.

The addition isn’t being made available to anyone who wants to shop Amazon. The retailer is instead using it as another lure to encourage users to sign up for a Prime membership ($119/year or $12.99/mo). As it tackles one of the annoyances of the gift-giving season, it could perhaps encourage a few fence-sitters to sign up. But more than likely, it’s not enough of a reason to encourage those who weren’t yet considering an Amazon Prime subscription to join. After all, you can always ask your family member, friend, or colleague to simply provide their address. But for those who already have a Prime subscription, it could serve as a useful retention strategy, especially for last-minute gift-giving or those times where you forgot a gift.

Amazon says the feature will roll out to Prime members in the U.S. on its mobile app beginning on Oct. 4.

The retailer today also announced its early Black Friday deals, and a multi-week beauty haul event with discounts on a variety of products.

Sinch acquires Pathwire, the company behind Mailgun and Mailjet, for $1.9B to add email into its API-based communications platform

Sinch, the Swedish company that competes with Twilio and others in the world of messaging and other communication APIs is making another big M&A play to build out its platform. It has acquired Pathwire, the cloud-based email provider behind Mailgun, Mailjet and Email on Acid. Sinch said it would pay $925 million in cash, with an additional 51 million new shares in Sinch. Based on yesterday’s closing price for Sinch (it’s traded on the Swedish stock exchange Nasdaq Stockhom and has a market cap of $13.7 billion), this works out to an enterprise value of $1.9 billion (SEK 16.6 billion).

The deal is very large in its own right, but also continues to set up Sinch as a (maybe “the”) key competitor to Twilio. The U.S.-based communications API giant acquired Sendgrid — another major email API provider that, like Pathwire’s products, is popular with developers — for $2 billion in 2018. That was an all-stock deal.

It also points to just how significant email is as a key part of the communications landscape, with services you may never even think twice about but use all the time — booking confirmations, receipts and password resets — falling under this umbrella. Quoting figures from Technavio, Sinch estimates the worldwide delivery market for email is worth $16 billion annually. This figure includes payments for email services, related investments and so on; and specifically “transactional email” (the area Pathwire covers) accounts for 60%+ of this amount.

It also underscores the massive consolidation at work at the moment in this sector. Even Pathwire itself is an example of that. Prior to this exit, it was owned by Thoma Bravo and was itself an acquirer of substantial businesses operating in the same general category of email-as-a-service, with its latest acquisition, of Email on Acid, announced as recently as June of this year. (Was that the spur that got Sinch to bite and buy Pathwire, I wonder?)

This is Sinch’s biggest acquisition to date, and it’s also a huge business. Collectively, Pathwire has shaped up to be a massive platform for those building email experiences within apps, marketing campaigns and other communications services. Today it counts more than 100,000 businesses as customers, which works out to millions of people using Mailjet, Mailgun and other Pathwire products (as well as the analytics and everything else that comes with this). That customer list includes Lyft, Kajabi, Microsoft, Iterable, and DHL.

“Every form of digital communications has its unique benefits, and delivering high quality at scale requires both extensive technical capabilities and deep subject matter expertise“, comments Oscar Werner, Sinch CEO, in a statement. “Together with Pathwire, we will be able to offer a best-of-breed product set, across messaging, voice and email, that empowers businesses and developers to craft an unmatched, digital, customer experience.”

This also gives Sinch a much bigger foothold in the U.S. market, where it has made other acquisitions, such as buying Inteliquent for $1.14 billion earlier this year. (Pathwire is based in San Antonio, TX.)

As with other services in the wider platform that Sinch has built out, the bigger concept that it is pursuing with the Pathwire acquisition is “embedded communications.”

Messaging, voice services, email and other communications tools are hard to build from the ground up, and for many of the companies that rely on them in their apps, websites, and other customer interactions, it’s not the essential core of their services, so putting resources into building them would be costly, distracting, and hard to keep updated and maintained in the longer term. APIs have changed the game here by letting developers or others integrate communications services built and powered by others, into these various experiences. The same API concept has been applied in other furiously complex areas of tech such as financial services and payments.

Pathwire’s products cover a few different bases, however, which is what makes it a compelling buy for Sinch. Mailgun is its big developer-focused API play in cloud-based communications. Mailjet, meanwhile is a little more accessibility for less technical people, giving them the option to use drag-and-drop functionality to integrate the email APIs. Email on Acid is another step in that low-code direction, giving its users further features to ensure consistency of appearance across different delivery platforms and so on.

“Sinch and Pathwire are a natural fit: both companies have built their businesses around product excellence, a commitment to positive results for our customers, and a focus on clear, measurable outcomes. I’m proud of what the Pathwire team has accomplished, and I’m tremendously excited about this next step on our journey and the many opportunities we can unlock together”, comments Will Conway, Pathwire CEO, in a statement.

“We are proud of what we accomplished with Will and the Pathwire team over the past few years, investing in product initiatives, leadership, and M&A, including the acquisitions of Mailjet and Email on Acid,” added Hudson Smith, a Partner at Thoma Bravo. “Sinch is the perfect strategic partner to support Pathwire and continue to build on its market-leading position as the email communications partner of choice for developers and marketers.”

Pathwire, notably, was already profitable. Projected revenues for this year (ending December) are $132 million, with gross profit of $104 million, and adjusted EBITDA of $55 million in the same period.

An email ‘autodiscover’ bug is helping to leak thousands of Windows passwords

Shipping companies, power plants, and investment banks don’t often share much in common, but new research shows they are all inadvertently leaking thousands of email passwords of their own employees, thanks in part to a design flaw in a widely used email protocol.

Autodiscover is a feature in Microsoft Exchange, a popular email software for companies to host their own email servers, to set up apps on a phone or a computer using just an employee’s email address and password. It’s meant to make it easier to set up an email or calendar app, for example, by offloading the hard work to the server than configuring the app by hand.

Most apps will look for the configuration file in places on the company’s domain where it knows to look. Each time it looks somewhere and can’t find it, the app will “fail up” and somewhere else on the same domain. And if it can’t find the file, then users are left with the inconvenience.

But some apps will inadvertently fail up one step further before hitting a wall. That’s a problem because behind the scenes the app is trying to communicate with a domain name that’s outside of the company’s control but within the same top-level domain — so would end up looking for the configuration file on Anyone who owns that domain name can “listen” to the email addresses and passwords as they are sent across the internet

Researchers have for years warned that email apps are vulnerable to this kind of data leakage and can put a company’s credentials at risk. Several apps were fixed at the time, but it’s clearly a problem that hasn’t gone away.

In April, Guardicore Labs acquired the autodiscover domains for some of the most common top-level domains —,, and so on — and set them to “listen” to leaky requests as they arrive.

In four months, Guardicore says it identified 340,000 exposed Exchange mailbox credentials hitting those domains. Some companies allow those same credentials to be used to log onto that domain, posing a risk if misused by a malicious hacker. Guardicore said the credentials were sent over the internet in plaintext and could be read at the other end.

Another 96,000 Exchange credentials were sent using protocols that are far stronger and cannot be decrypted, but could be tricked into sending the same credentials over the wire in the clear.

Amit Serper, Guardicore’s security research lead for North America and the author of the research, developed an attack that bounced back the encrypted credentials with a request to the app to use a weaker level of security to send the email address and password again, prompting the app to re-send the credentials in cleartext.

Serper named the attack, perhaps fittingly, “The ol’ switcheroo.”

The domains also saw exposed credentials from real estate companies, food manufacturers, and publicly traded companies in China, Serper said.

For the average user, the leak is practically invisible. Guardicore is not immediately naming the apps that are the biggest culprits of leaked credentials, since many of the app makers are still working on rolling out fixes. Serper told TechCrunch that once the apps are fixed, the domains will be sinkholed but will remain under Guardicore’s control to prevent them from falling into the hands of malicious actors.

It’s not an exhaustive list of domains under Guardicore’s control, but companies and users can take their own precautions by blocking autodiscover domains at the top-level, Serper said. App makers can also not let their apps fail upwards outside of a company’s domain.

Read more:

Demand Curve: Tested tactics for growing newsletters

There are very few marketing channels as well rounded as email newsletters. They provide a direct, owned line of communication with your audience; nearly 40x return on investment (~$40 generated per every dollar spent), are infinitely scalable and virtually free.

But to unlock these benefits, you’re going to need to be strategic. In this article, I’m going to share tactics we’ve used at Demand Curve to grow our newsletter list to over 50,000 highly-qualified subscribers and maintain an open rate of over 50%.

Increase popup conversion using the 60% rule

While they’re often thought of as intrusive, pop-ups work. On average, they convert 3% of site visitors, and strategic, high-performing pop-ups can reach conversion of about 10%.

To make higher-converting, less intrusive pop-ups, try the 60% rule.

  1. Choose a page you’d like to put a pop-up on. We recommend pages that aren’t conversion-focused (like product pages, checkout and sign-ups). We’ve found content pages work the best and they can act as a signal for visitors who are looking for something specific.
  2. Open your website’s analytics and see what the average time spent on that page is.
  3. Set your pop-up to appear after 60% of the average time of that page has elapsed.

So if the average time spent on a page is 50 seconds, set your pop-up to appear 30 seconds (60% of total time) after visitors land on that page.

Why 60%? Readers have shown interest in your content, but are nearing the end of their session. Prompting them to join your newsletter to see more relevant content in exchange for their email will feel fair.

To encourage new subscribers to open your welcome email, try breaking the welcome email pattern using delayed gratification and a recognizable sender.

Give samples of your newsletter to prove quality

If a visitor is new to your content, asking them to sign up for your newsletter can be a big step, and most new visitors won’t convert. To narrow the gap between a new reader and subscriber, provide a sample on the sign-up page. Use your most engaging newsletter as a sample to prove that your content is high quality.

To source your most engaging content, filter by open rate and replies. In your email service provider, sort your previous editions by open rate. This will help you identify which subject lines are most popular with existing readers. Modify your most popular subject line to turn it into a header on your newsletter sign-up page.

Next, go into your inbox and sort by replies to your newsletter. Identify which newsletter got the most replies from your readers. This is a positive signal that the content from that edition resonated the most and would be a solid choice for your free sample.

Give samples of your newsletter to prove your quality

Image Credits: Demand Curve

Emails from real people are opened more often

People reflexively ignore welcome emails after they sign up. But, those who do open your welcome email are more likely to consistently open your newsletters.

To encourage new subscribers to open your welcome email, try breaking the welcome email pattern using delayed gratification and a recognizable sender.

Delay your welcome email by 45 minutes. This will bypass the reflex that new subscribers have to ignore an email that pings them seconds after signing up. We’ve found 45 minutes to be ideal, because the delay is long enough that it breaks the pattern, but not so long that your email gets buried in their inbox.

Send your welcome from a person, not from a business account. We’ve found this tactic to be especially effective when the sender is the founder of the business or someone with an established audience. Use a photo of that person and not your company logo to help the email stand out.

To avoid overflowing the sender’s real inbox, create a subdomain for your website that will be used exclusively for sending emails. Create an account for your sender and begin using it for your newsletter. This avoids overwhelming their inbox and maintains the health of your sending domain.

Emails from real people get opened more frequently

Image Credits: Demand Curve

Send a superissue to new subscribers

A new subscriber will be keen to receive their first issue. To ensure they’re satisfied, piece together your best content from past issues into a superissue. But be careful not to use the same content you included as samples on your sign-up page.

Send this first superissue with the welcome email so that your new subscribers are immediately receiving value from your newsletter. Starting with your best content first will get your subscribers excited to open future emails.

We’ve found that shorter welcome emails perform better than long-winded ones. Keep your welcome message short and your opening issue tight. Once they’ve received the welcome email and the first superissue, add them to the regular email cadence.

Send a super-issue to new subscribers

Image Credits: Demand Curve

Consider sending fewer emails

We polled over 24,000 marketers on Twitter asking whether people suffer from “newsletter fatigue,” causing them to unsubscribe.

The results: 80% of respondents unsubscribe when they get too many emails.

To avoid overwhelming your subscribers:

Give your subscribers control over how often they are emailed: Some subscribers want them weekly, while others want monthly. In the footer of your email, create opt-out links that allow subscribers to customize the cadence they’ll receive emails. Giving them the opportunity to opt out of frequent emails while still remaining subscribed keeps them as valid contacts on your email list. You want to avoid losing them completely as a subscriber.

Send fewer emails: Putting a constraint on how many emails you’re allowed to send every quarter will force you to be more thoughtful about the contents of those emails. A high volume of emails just for the sake of being in your subscribers’ inbox can burn you and your readers out. We’ve seen very little correlation between volume of emails and the resulting conversion rate.

Make your emails fun — not just educational

Most emails in your inbox are serious. To stand out, consider injecting some lighthearted memes, jokes or interesting links from around the web.

We’ve found this tactic works extremely well, because it gives your readers a dopamine hit in every email. Not every piece of newsletter content you write will resonate with every subscriber. Humor, on the other hand, can have broad appeal. Including interesting and fun content will ensure that every reader is left feeling satisfied.

It also helps build a habit. If every edition is slightly different, your reader will never be sure what they’re opening when a new edition hits their inbox. We’ve found that including something fun at the bottom of the newsletter gives readers a reward: Read the serious stuff, then get rewarded with the fun stuff.

We add a meme to each issue. People reply to tell us how much they appreciate it.

Add a funny meme or interesting content to engage your readers

Image Credits: Demand Curve

Make referrals seamless

Referrals are a free way to grow your newsletter. To increase the chances of subscribers referring you to others, make sure the process takes no longer than 25 seconds.

Remind readers at the end of each issue that they can refer others. A simple way is to ask them to forward the email to a friend who would find it interesting. Include a short sentence in the intro to your newsletter telling people being referred where they can subscribe. Include a link.

An advanced tactic is to include a subscriber’s unique link to a referral program so they can track how many people they’ve invited. Give them the option to share through email or social media.

You should also have a web version of every issue so that your content can be easily shared outside of email. Most email service providers will automatically generate a web link that you can promote through social media or elsewhere. You can also copy the content and post it to your website as a blog post to generate traffic from search engines.

Consider providing rewards to those who refer your newsletter. Merchandise will likely only work as an incentive if your brand is well known or very unique. We suggest incentivizing referrals using exclusive content. Send a monthly bonus issue to subscribers who have referred five or more friends. This will keep your costs down and give your subscribers more of what they already want.

Note that you will need a critical mass of subscribers before referrals will prove to be effective. We’ve found the threshold is about 10,000 subscribers. But if your audience is extremely engaged or the community you serve is active, implementing a free referral program has virtually no downside.

How to turn followers into subscribers

Your subscribers will likely become aware of your content through a social media channel, but social media audiences are rented from the platform — you do not own a direct channel to communicate with them. Converting followers into newsletter subscribers is one way to control a direct line of communication and deepen your relationship with your audience.

When pitching your followers to subscribe to your newsletter, include a link in your bio. This may sound obvious, but many people don’t do it. When someone comes across your social media profile, make signing up for your newsletter the call to action. Otherwise, they’ll have no idea that you even have a newsletter.

You could also cut a Twitter thread or LinkedIn post short and tell people to subscribe for the rest of the insights. You probably don’t want to overuse this tactic.

Create an offer or unique piece of content that can only be accessed through the newsletter. This will motivate your followers to join your email list to get access to exclusive content or unique offers.


Getting new subscribers: Use pop-ups that are relevant and only to high-intent readers on your site. Provide proof of why they should subscribe to your newsletter with sample content. Make your welcome email stand out and front-load the first issue with your best content.

Keeping subscribers: To keep your subscribers wanting more, send fewer emails. Sprinkle in humor and interesting links to turn your newsletter into a habit.

Promoting your newsletter: Use exclusivity and offers to hook your social media followers into subscribing to your newsletter. Ask your subscribers to refer your newsletter to others to grow your subscriber base.