Topic: [ANN] Coinapult - send Bitcoin over email or SMS in seconds (Read 10308 times)

Anyone using the mycelium-coinapult locked account?

Thanks, evoorhees did it. He's a master of branding.

Hope we get to see your web app in action soon.

I like the design of Coinapult website. It's playful yet functional.

The site has also helped me flesh out a web app in my head. Kudos!

I made some improvements to the API, and wrote libraries.

New method:
    Get Details - Get the recovery URL for a payload.

Libraries:
    Python
    PHP
    NodeJS

https://coinapult.com/api

The new API requires credentials. Will open up the account registration process soon, which will allow for automatic API credential generation, but until then, please contact me for creds.

You can now use your cell phone to control your Coinapult funds. This is accomplished through simple SMS commands sent to the Coinapult phone number: (603)509-2102

Basic commands are:


All Bitcoin sent to your phone number is accessible through these commands by default. Each time you receive funds, it will still give you the recovery URL, if you prefer to use the website. In the future, I'll allow site accounts to be created, and users will be able to combine multiple email addresses and phones into one account.

No problem. I'm a bit curious, though... It made sense to you, but not him? Any idea why? Is there something I can learn from this? :/

I got him to forward the SMS to me and it made sense to me.
I claimed the coin.

Thanks for getting back to me promptly.

You question implies that he did not receive his retrieval url, or that it was improperly formatted. Would you PM me the number used, so that I can resend, making sure it is properly done?

I SMS coinapulted a bitcoin a friend in the US and hes terribly confused. what's his secret location? 

Added stats page: https://coinapult.com/stats

We just passed 10k BTC sent a couple of days ago.

The API now fully supports SMS payloads, in addition to email. I'm also pleased to report that the mobile template is pretty much done. I have two android phones and it looks good on both. If anyone has trouble on other phones, please let me know.

Just added SMS support. Simply type in a 10 digit (US + Canada) phone number into the "to" field to send money via text message.

Also, topped off the first version of the mobile site. Some pages are a little wide, but zooming in generally fixes any issues.

Yeah over 2,300 BTC Coinapulted from BitInstant thus far. It's a hit. PIN code has now been added to make it a bit safer.

Awesome service! I'm glad you hooked up with bitinstant.com. Very useful feature: your customer pays cash at their local bank and you receive bitcoin using the "bitcoin to email" feature.

Mem, I haven't received any inquiry. Would you please fill out the contact form on the site, and include the intended recipient, or PM me said information?

recipient never received email, no rejection email sent.
Will follow up with site admin tonight.

Thanks for the vote of confidence, psy, we always do our best to run an honest, tight ship.

Some updates:
Added a contact page.
Modified the API to allow direct to Bitcoin address transactions.
Added an optional 4-8 digit pin number to the API.

I could easily allow people to enter a pin number on the home/send page, but I think this might cause too much confusion. The idea of a pin is that it isn't emailed to the user. So, for instance, BitInstant generates a pin and displays it for the user at the time they create their cash to bitcoin order. The pin is not included in the email, so the user is expected to note it and remember for fund retrieval.

What do you folks think? Is there utility in allowing a pin to be entered on the website send form, or will this simply confuse?

a very interesting concept, I especially like the API feature.

Don't need to try to know evoorhees and barebones ventures are as reliable as they can be.
If bitcoins get lost in the process, most likely it won't because because of them. And if it is indeed because of them I have every reason to believe they'll do the right thing

But don't take my word for it.

anyone tried? reliable? no bicoins lost in the process? then I might give a try.

Might want to put a contact link somewhere on the page, even if it just goes back to here.

Also, could the capacity to auto deposit Catapult Payloads sent to an email address be added, in case it catches on as a form of payment? Might want to consider staggered withdraw and reloadable deposits if you want to integrate on-site wallet functionality, but for your current scope, it looks great.

thanks for the quick resolution

notme, you've been PMed.

Tried your service, sent this transaction:
http://blockchain.info/tx-index/4016365/bcb8eae372b9be07f424cf364f033d6827f254a06fc39a07875ad7f8d9b205f7

No email, it's not in my spam folder.  Are you doing manual approval or something?

I just got turned on Amazon SES sending, which seems to have resolve the spam issue. Please let me know if any messages from now on get flagged as spam. Thanks!

We were actually thinking of developing something similar, sort of paypal-for-bitcoin. After all this is how paypal got its initial base, back in 2001 or whatever. Not as much for the money, more of a public service, to help the spread of bitcoins.

Since you made the first move, you get the domain bought for this purpose (bitpal.us) free of charge (you will need a namecheap account). Pm me for the push.
Best of luck to you.

Actually, the issue I've been having with DKIM is a bug in my hosting account. When I submit the DKIM entry into the DNS system they provide, it escapes some characters, rendering it invalid. I'm sure they could fix this if I contacted them, but I found a better solution anyway.

Kind of, yes.
It took me 2 days to configure DKIM + SPF on one server (3 domains). Of course, I am not the best sysadmin, still learning.

Theoretically it is easy, but when it comes to practice, there are A LOT of ways in which it can go wrong, believe me.

SPF and DKIM are difficult?

SPF is only an entry in your DNS settings. DKIM is also easy to integrate if you use exim on your server to process the emails. I should also tell you that it won't resolve your inboxing problems.
Only email content and maybe $100k paid anualy to certain companies will resolve your inboxing problems. But only on hotmail and yahoo. In regards to gmail you are SOL...

SES sounds cool on the surface, but it is complicated to work with. I like http://sendgrid.com/ - although it is meant for bulk mailers and things, you can use it for most any email that you want your servers to send, and they will take care of reputation management and such things. You will need to play with SPF and DKIM when using it, but it is much nicer to live with.

After much poking with SPF and DKIM, I realized it is much easier and more trustworthy to allow a third party to send out our emails. As such, I created an Amazon SES account, and am in the process of integrating it. Should be up later today, and resolve the spam filter issue once and for all.

Did this myself manually, its a bit of a hassle copying .dat files, but not overly so.

(Compare to going shopping for some present)

This also meant I had complete control of the encryption process and made sure everything was safe.


Coinapult is still great, we need more like that, perhaps a program you could run offline on your computer?

Searching for public keys by email address is not reliable, as some people don't (and in some cases don't want to) have their public key on a keysever. Also, most keyservers don't verify keys, so it's all too easy for someone to upload a bogus key to the keyserver to prevent people from being able to receive their bitcoins (or steal the bitcoins, if they have access to the recipient's email). A better idea is to allow public key files to uploaded or copy/pasted, and/or specified by URL.

Also, I think you mean encrypt the message before sending. Signing it won't achieve anything.

I like this idea a lot. I have thought a lot about the security of the system, and think this is a good bit of transparency.

I've modified the email text a bit, to make it more user friendly. Thanks Foxpup for the suggestions!

The reason a person might use Coinapult is likely because the person isn't technical.  PGP is still mostly only for those who are technical.

Maybe do risk assessment.  Sending amounts over 2 BTC or something like that provides a warning to the sender that warns about the potential risk of loss.

Honestly, I hadn't considered PGP support, because so few people use it. Now that you mention it, though, it might not be too hard to implement. Say:

1. received email address
2. checked for public key associated with it
3. if found, sign the message before sending

I'll look into it a bit more. Right now, though, I don't see any downside to such an arrangement.

This sounds like a great service.  I hope it helps get some new people involved in Bitcoin.  Good work!

Lately almost everything lands in gmail spam folder.
Their spam filters became crazy.

PS.
@Coinapult author
So what about PGP support ? Is it planned at least ?

nice service

i received some and sent it back

Funds sent. Transaction ID:
4d437d4661598db0de15d946f1f295a7ce360e2be0c5fc89cff6324589a1c327

it was so easy

note :
on arrival it came into my gmail spam folder

Thanks for all of the feedback! There is far to much to respond to individually here, but I'll address some of the more salient points and consider the rest carefully.

Regarding consistency of wording on the site and in emails, it certainly isn't perfect. We may lighten up on the catapult terminology to avoid confusion. There were a lot of other good suggestions we'll take into account.

On confirmations, the transaction server waits until there are enough funds in the account with 2 confirmations to allow sending. It may not be the exact funds you sent. It may be part of the buffer we keep in there to avoid delays. It may be older funds that have simply been sitting. In this way, there is a 1:1 relationship between incoming and outgoing funds, but access is maximized. This also makes Coinapult a very basic mixer.

On email security, this is an issue. Email is almost always insecure. I can allow PGP mail, with modest effort, but only a small percentage of people would be able to use it. I'm open to suggestions on how to improve the email security, but the goal of Coinapult is usability. As has been noted, those who are ultra security conscious, or have need to move large amounts of funds, have other means of doing so. bitaddress.org and an encrypted email is one reasonable solution. Try getting grandma to open it, though. Last, on this subject, DKIM is a great idea.

To someone who is new to Bitcoin, the above may as well be latin.

One could always email a wallet file to someone, but Coinapult is a service for normal people

Sorry to be a downer, but it is pretty easy to send someone bitcoins in email.

Go to https://www.bitaddress.org/
and generate an address. Fund it with whatever you want, and send the private key to the recipient.

If a year rolls by and the person never uses the bitcoin, they can be "reclaimed" by just importing the PK into your wallet.

Be sure to tell them that you will do that otherwise you might get an angry email.

For what purpose? As far as I can tell, the only reason the from address is needed at all is so that the person receiving the email has a chance of recognising the sender and not deleting the email on sight (after all, the email does look suspiciously like some sort of weird scam).

Not to hijhack this thread but...

We have on Paytunia

Q: Do you support sending PGP/GPG - encrypted emails ?

a confirmation email sent to the from address would also be a nice feature

A few usability pointers regarding the email messages (keeping in mind that they will be read by people who may not have heard of Bitcoin before):

Your from field should read: "Coinapult"
It is very important that you format your from field like this.

Your subject line should read something like: $sender has sent you some bitcoins!
Since the whole point of Coinapult is to send bitcoins to people who don't know what Bitcoin is, and by extension would have no idea what Coinapult is, saying "You've been hit with the Coinapult" does not convey any useful information, and would most likely be interpreted as spam due to the weirdness of it.

The body of the email should:
* Start out by saying $sender has sent you $amount bitcoins using Coinapult.
* Then explain what bitcoins are, in the simplest terms possible (but no simpler).
* Explain that if they don't already have a bitcoin wallet, they'll need to either download a bitcoin client or sign up for an online wallet service; and provide instructions for doing so.
* Then provide the link to claim the bitcoins.
* Provide an assurance that no fee is required to receive the bitcoins and that no personal information will be requested at any time. (Otherwise most people will see it as yet another "Get free money now! After paying a large transaction fee upfront" scam)
* Inform them that if the bitcoins are not claimed within 30 days they will be refunded to the sender.
* Then finally put the sender's message.

Yes, this is an issue (and an extremely serious one), but judging by the number of companies (including banks ) that send passwords and other sensitive data in plaintext email, and the fact that almost nobody uses or has even heard about PGP, I'm forced to conclude that nobody actually cares about security in the slightest, even if their money is at stake. The only difference here is that bitcoins are anonymous, so now people can steal your money with virtually no chance of being caught. I don't know what to suggest either (apart from lamenting the typical person's apathetic attitude towards email security).

Just for the record : Paytunia.com has this exact feature, upon reception users may create a Paytunia account, or provide an arbitrary address to claim their funds. If the funds aren't claimed they get automatically refunded to the sender.

Also you should remove the 's' from 'fantastiques' I do really like your design!

Pretty decent ... a few usability issues, and a concern regarding security.

1.) When sending I see the "Load Bitcoins Here" dialog,  
The message states "Once the Bitcoins are received, the Catapult will launch." and I see a link to Close.
As a first-time user, I wasn't sure what "Catapult will launch" means.   If I were thinking this were like a game, I might be watching the graphic of the catapult waiting for it to sling the scoop of gold (bitcoins?).  
Of course, what it really means to say is that Once the Bitcoins are received the Catapult will send a message to: "[email protected]".
That's what is meant by "catapult will launch".  
So perhaps if there were some way to let the user know that after the coins are sent what to do next.  (i.e., Click Close after you've sent the bitcoins).

2.) The message ended up getting flagged as spam by Google's Postini.
X-pstn-levels:     (S: 0.01365/97.07104 CV:99.9000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
You might want to look into DKIM (and /  or SPF) to help lessen the chances that the message goes into the spam box.
Would there maybe after a few days a message to the "from:" e-mail address notifying that the funds hadn't been retrieved and offer the abiliity to get them back?

3.) When trying to retrieve the bitcoins, the first time I only had two confirmations I believe.  When I went to spend it it had said
"This transaction is still unconfirmed. Please wait 10 or 15 minutes and try again.".    

Firstly, what is the number of confirmations the site requires?   It appeared that after three I could then "retrieve the payload".

At the time the page is being rendered, wouldn't the state of being confirmed be known and thus it could tell me before I even enter the Send To address that I just need to hold on for a bit?

Additionally after that error message, I got another "Retrieve Payload" page, except this one asked for "Target (email address)" and also "Secret Location".  If I'm redeeming funds, I wouldn't be sending it to an email address.  Additionally, the e-mail sent to me to claim the funds never describes what 'Secret Location" is.  Of course, that's what is in the URL, but that isn't described in English in the message.

5.) When I entered the Send To address it had a trailing space in what I had copied and pasted and as a result there was an error message. The form validation could  do a trim() to help eliminate this from resulting in an error.

6.) On a later attempt, after there were three confirmations I then went to retrieve the payload.  It was a trivially small amount, like under 0.003 BTC.  When I hit the Send button the response said "Insufficient Funds."  I entered the exact amount that I had sent earliery.  I tried a second time same thing.  I then tried with 0.00001 BTC and it went through fine.  I tried another time, less than the full balance, and it too went through.  The third time I spend the remaining amout and it too went through.   So the entire amount couldn't be sent but breaking it up and sending portions, even though they added up to the same as the original number, were able to go through.

I presumed that the message was saying that as recipient I was trying to spend more than I had available.  Perhaps instead the "Insufficient Funds" message refers to the service's wallet itself not being able to send because it has insufficient funds?

7.) Consistency.  Am I retrieveing bitcoins or recovering bitcoins?   Both terms are used.

8.) Security.  SMTP messages are transferred clear text.  That means that if your service starts becoming popular that there is then an economic incentive for a sysadmin at the ISP or at the e-mail hosting service or somewhere between Coinapult and the recipient to heist the coins.  By simply adding a filter, every message that comes from Coinapult gets special attention by the scammer who redeems the coins, never with even a slight chance of getting caught.

E-mail is just not a secure method for transmitting essentially what is a negotiable bearer instrument  (the URL to claim the money).  This would be the same risk that exists when sending Mt. Gox Redeemable Voucher codes thorough e-mail, which is not recommended either.

NP, and fyi, there are no fees for using the coinapult site. For applications wishing to use the API, we charge 1% to help cover the cost of operations.

I have 0.4btc left to give away to the next 4 PMs.

Got the catapult, thanks! Transaction was initiated immediately after pressing send, no delays.

Hmmm, good point. I'll add a more useful error message for this case. As you noted, the transaction was refused; it just gave the wrong reason.

PM sent! Lemme test the 'catapulting' too.    Is there any fees associated with this service so far atm?

I just tried deliberately claiming coins with an invalid bitcoin address, and got this unhelpful error message:
Which implies the system successfully broadcast the bogus transaction! Fortunately, the coins didn't just disappear, and I was able to later claim the coins with a valid address, but there should really be server-side validation of bitcoin addresses, allowing the site to display a more, well, helpful error message, explaining that the bitcoin address the user entered was invalid and that they may have mistyped it, and ask them to re-enter it.

Bitdime sent.

So long as there are no withdrawals from the payload, it will be refunded.

Example:
slothbag sends grandma 1btc
grandma opens email and follows link, but doesn't understand how to recover the bitcoin
...30 days...
slothbag receives an email with recovery link for 1btc

Example 2:
slothbag sends grandma 1btc
grandma tips the paper boy 0.1btc from her coinapult stash
...30 days...
nothing happens. Grandma has a balance of 0.9btc

Just sent a couple of catapults flying.. thanks for the site.

A quick question, if a recipient does click on the URL and log into Coinapult to see the funds but does NOT take their Bitcoins do I still get the option to recover the coins in 30 days?

Edit: PM sent

Foxpup,

Thanks for sending the example funds back.

I just ran 100 test transactions through, and each received exactly what it was supposed to. The logs show that the script I threw together to fund my example funded each of these transactions. I shouldn't have tried to be tricky; I just thought it'd make for some fun.

0.8btc left to the next 8 people who PM me an email address!

But it isn't just the one you put up. I sent 0.1 BTC to myself (for real), then received 0.1 BTC. So far so good. Then I saw the screenshot, tried it out with a new address, and got another 0.1 BTC. Then all Hell broke lose. I recieved an additional 0.2 BTC in two additional transactions to the first address (the one not related to the one you put up) and another 0.1 BTC to the second address. I also did not click the claim link multiple times, or refresh the claim page, or anthing like that. I just suddenly started getting a bunch of extra coins for no reason.


Refunded the extra 0.3 BTC I wasn't supposed to get. I've also sent another 0.1 BTC to myself, and have (so far) received exactly 0.1 BTC.

This is not a bug. When I put the screenshot up, I set a script to automatically refill it as soon as someone recovered the funds. It was supposed to refill 5 times. The fact that it sent to your addresses just means that you were the first few requests to hit that page. This isn't a normal part of the system, I just thought it'd be a fun way for a few people to try a recovery based on my example.

If you'd like to send it back to 19c7oXEhBGXp3VD8dimth9yLdtZiGGzoDu, I'll distribute it to the first 4 people to PM me with an email address. As a matter of fact, I'll send 0.1btc to the first 10 people to PM me an email address, provided they all post here whether they received exactly the amount requested. Please, try again, if you think it'll multiple your coin. Prove me wrong.

Actually, I only grabbed 2 from the one you posted (1NjnUW4x1zVb3Ar7KEjVeqwnkm16A3qgdb). I somehow managed to grab 3 from the real request I sent (1EKnsRCiGtbocnK4vNR7ZUtevTXeNgDMqZ). That is a bug. Is it based on the amount? It's actually a coincidence that I picked the same amount as you did. Does everybody who requests 0.1 BTC keep getting coins until the wallet runs dry? Anyway, can I have an address to refund the 0.3 BTC I accidentally stole?

The wallet is empty, but I don't think this is a bug. This is from the example I posted, no? I had it refill, and it looks like you grabbed the first 4. Greedy. :p

Damn google. I think they decided it was spam because I sent so many test messages to my gmail account. I'm thinking of getting a third party mail service to send the emails, but that is a costly hassle. :/

SHUT IT DOWN IMMEDIATELY! TAKE THE WALLET OFFLINE AND SHUT IT DOWN! It sending me coins multiple times!

https://blockexplorer.com/address/1EKnsRCiGtbocnK4vNR7ZUtevTXeNgDMqZ
https://blockexplorer.com/address/1NjnUW4x1zVb3Ar7KEjVeqwnkm16A3qgdb

Each of these addresses should have only ONE transaction! There's more unconfirmed transactions on the way! SHUT IT DOWN!

Hazek, I could spend 10 minutes taking screenshots and carefully posting them... but I'm really lazy. Risk a bitcent on my honor and try it. :p

Dammit too slow, someone else already cashed out.

I just test-fired the Coinapult, and the coins landed in GMail's spam filter. Also, you may want to be more clear in the instructions to claim the coins, if you're targeting people who have never heard of Bitcoin before. Although I'm not sure how you can do that without seeming suspicious: "Someone sent you some money! Install this software on your computer and then click this link to receive your money!" Yeah, that sounds totally legitimate.

Yoink!

Ok... but I'm interested in the whole process. Please show us everything, from start to finish, how it looks if I send someone a coinapult message with coins, what message they receive and what process they have to go through to get the coins and how the instructions look like guiding them, I would like to know the details of every step it takes to complete the process.

The coins are stored on Paysius's secure transaction server. The two communicate via the Paysius API, which is documented here: https://paysius.com/developers. This is the same system that Feed Ze Birds has been using and distributing hundreds of BTC through for months.

http://i.imgur.com/PD4WS.png < if you're quick, you can even recover the coins

Where are the coins stored? What security measures do you have in place?

How can users feel safe knowing that their bitcoins they send actually get to the receiver?

This is how scams get started by NOT answering these questions.

 

After 30 days, an email is sent to the sender (see 'From:' field on send page) with a recovery code.

Awesome stuff. Your FAQ answered almost every question I had but one: How does the email message with the coins and instructions look like?

Q: what happens to coins that are not claimed?

This is awesome. Just what is needed to introduce grandmother to Bitcoins.

Announcing... Coinapult!!!

From the team that brought you FeedZeBirds, Coinapult is here!

Coinapult is how you send Bitcoins via email.

If you want to send Bitcoins to someone, traditionally that person needed a Bitcoin address. No longer! Now, if you know someone's email address, you can Coinapult coins over to them. See a cute girl, and want to launch Bitcoins at her? Great idea! Just load them up on the Coinapult (instant confirmations), and let slip the machine of war!

The coins will be launched thousands of miles instantly and smash down in the girl's inbox. She'll have simple instructions on how to access the coins, and she can then do what she wishes. She will be impressed, and will love you forever.

Uses for Coinapult:
- Send coins to friends and family easily
- Introduce new people to Bitcoin by giving them coins upfront
- Tip anyone in the world - like a certain news article? Sent Bitcoins to the author's email!
- Businesses: plugin to Coinapult's API to send refunds, distribute winnings, or

We know the community will find exciting new uses for Coinapult, so give it a try and see what you come up with.

Launch Some Coin Right Now!

https://coinapult.com

EDIT:
Just added SMS support. Simply type in a 10 digit (US + Canada) phone number into the "to" field to send money via text message.