The Pangram sign-up form sends unsolicited emails to validate email addresses, a method that raises privacy and spam concerns, according to a June 23, 2026, report on milek7.pl. When users enter an email on the form, a POST request triggers an automatic email from "Winwin Insights" without further user action, effectively sending spam to confirm the address.
The process involves a POST request to https://www.pangram.com/api/validate-email with the entered email address. Shortly after, the recipient receives an unexpected bulk email from [email protected] with a subject line like "Fact of the day: Magnetic." This approach bypasses the standard practice of sending a verification link and instead relies on unsolicited messages to verify emails.
This method contradicts widely accepted advice against pre-validating email addresses by sending unsolicited messages, as it can harm user trust and violate anti-spam norms. The common industry practice is to send a verification link only after the user initiates sign-up, avoiding spam complaints and ensuring compliance with email best practices. Pangram’s approach may expose it to criticism and regulatory scrutiny.
The report was published on June 23, 2026, by milek7.pl, highlighting the risks of using spam to validate emails. The Pangram sign-up form’s behavior serves as a cautionary example for developers and companies considering similar validation techniques.