FAQ

Nope. We have no plans to support file processing for Verification through GoodForms. From our time in the lead acquisition industry, we've seen too many bad actors selling and re-selling and re-re-selling lists without customers knowing it, and we do not wish to be a part of that. In fact, we built GoodForms to make unethical list-sellers' lives harder.

The privacy of your customers is our priority.

At the moment, we only accept credit cards.

Yes! We really do give you unlimited Verifications for just $10/month. No catch, no additional hidden fees.

At GoodForms, we make our money off of volume from those small $10/month fees, and off of certifications. For your $10/month, you get unlimited verifications (client-side JavaScript) and 5,000 Certifications (server-side REST API).

After you've used up your 5,000 Certifications that month, you can still Verify as much as you want for free, but each Certification costs just $0.001 per valid address.

Certification credits do not roll over to the next month.

Email addresses submitted through your GoodForms-protected forms are verified and then thrown away by our servers. We do not store them at any point.

Instead we store a cryptographic hash which cannot be converted back into an email address. When you Certify an email address, we check the cryptographic hash to make sure we've actually verified it.

You can currently only Certify an email once per verification. If a user submits the same email address to your form a second time, it gets counted as a second Certification.

Best practices for most newsletter and registration forms would dictate that you wouldn't want to allow the same email address for multiple accounts or signups, so this shouldn't be a scenario you'd run into often.

Yes, JavaScript must be enabled for Verification to work. The Verification process returns a checksum from the GoodForms servers, which can then be Certified using the server-side REST API. If JavaScript isn't enabled, no checksum can ever be sent to the Certification API.

If a user (or bot) does not have JavaScript enabled, you may want to tell them to enable JavaScript, or potentially quarantine their account and/or email them directly to confirm whether they are real.