Vrfymail vs Kickbox: Pricing, Latency, Compliance (2026)
Kickbox is the verifier B2B SaaS buyers reach for when their compliance team is in the room. Sendoso-owned, SOC 2 Type II, Spamhaus DNSBL data contributor, and confident enough about the brand to charge $0.008 per email at the entry tier. If your prospect’s procurement team asks who your subprocessors are before signing, Kickbox is a name nobody objects to.
For everyone else — indie SaaS founders running vrfymail behind a Resend webhook, growth engineers wiring real-time signup gating in a Next.js form, ESP operators chasing margin on a 250k-verify month — the math points elsewhere. We’ll cover the five things that actually decide which API you ship: pricing, p50 latency, verdict semantics, disposable-domain freshness, and bounce-feedback handling. Then a clear “pick this if” section and an FAQ.
This is a side-by-side, not a hit piece. Skip to “Where Kickbox still wins” if compliance is your buying signal.
Pricing: enterprise floor vs indie ceiling
Kickbox is priced like a tool sold to procurement teams.
| Tier | Per-email | Effective $/1k | Notes |
|---|---|---|---|
| Free | — | — | 100 verifies once, testing only |
| Entry | $0.008 | $8.00 | At 5k volume |
| Growth | ~$0.006 | $6.00 | At 50k volume |
| Enterprise | ~$0.004 | $4.00 | At 500k volume |
Vrfymail is priced like a tool sold to founders writing the cheque themselves.
| Plan | $/mo | Verifies/mo | Effective $/1k | Overage $/1k |
|---|---|---|---|---|
| Free | $0 | 5,000 | $0 | — |
| Indie | $9 | 10,000 | $0.90 | $1.50 |
| Pro | $29 | 50,000 | $0.58 | $0.80 |
| Business | $99 | 250,000 | $0.40 | $0.50 |
The delta at 10k verifies: Kickbox $80, vrfymail $9 ($90 if you stay on Free + pay overage). At 50k: Kickbox $300, vrfymail $29. At 250k: Kickbox $1,250, vrfymail $99.
Two further details that change the bill:
- Unknown verdicts don’t bill on vrfymail. When the pipeline can’t reach a verdict — DNS failed, MX timed out, strict-mode flag fired without resolution —
refundUsage()releases the slot and the call isn’t billed. Kickbox charges per call regardless. - Per-customer caching is included. Same customer asking twice for the same email within 24h is one billable call, not two. Useful when your signup form retries on transient network errors and you don’t want to double-pay.
The 5,000-verifies-free tier on vrfymail is the part the table doesn’t show. Kickbox’s 100 free verifies are a one-time testing allowance. Vrfymail’s 5,000/month, no card required, is a workable production tier for a real indie SaaS for its first six months. First 100 signups get 2× free quota (10,000/month) for life as the founder’s perk.
Latency: 50ms vs 400ms
For real-time signup gating, latency is the deciding metric. A 50ms verdict is invisible inside a form-submit roundtrip. A 400ms verdict is the time a user spends wondering if the form broke.
Vrfymail’s /v1/check returns in ~50ms p50 (cache hit) and ~250ms p99 (cold path with MX lookup + Spamhaus DBL probe in parallel). It runs on Cloudflare Workers in 300+ POPs with no cold starts. The hot path skips both probes via a per-customer KV cache.
Kickbox’s real-time API documents fast verification but doesn’t publish a p50. Independent testing puts it at ~400ms p50 — which makes sense given they appear to run an SMTP-probe stage on cold paths, serialized after the DNS lookup. The mechanical reason: serialized probes accumulate; parallel probes don’t.
The implication for signup-gating: at 50ms, you call vrfymail synchronously on form submit and the user doesn’t notice. At 400ms, you start considering optimistic-accept patterns and async post-signup verifies — both of which defeat the point of real-time gating.
For bulk workloads (cleaning a 100k newsletter list once a quarter), the latency gap is invisible. You batch overnight either way.
Verdict semantics: four states vs DeliverabilityScore
Vrfymail returns four results — deliverable, undeliverable, risky, unknown — each with a machine-readable reason code (e.g., role_account, plus_addressing_rejected, disposable, previously_bounced) and a pre-mapped reason_message you can show users verbatim.
Kickbox returns a similar four-state verdict (deliverable, undeliverable, risky, unknown) plus a DeliverabilityScore from 0 to 100. The score is Kickbox’s strongest feature — it lets you set your own threshold instead of relying on the binary verdict.
If your downstream system already aggregates signals (you’re feeding the verdict into a fraud model, or you have a “soft accept” pattern that batches risky verdicts for human review), the score is genuinely useful. If your signup form just needs a yes/no with a human-readable error, the score is noise.
Vrfymail’s equivalent is the strict-mode flag set — opt-in via strict: true — which decomposes the local-part into specific flags (plus_alias, gmail_dot_alias, throwaway_local, sequential_run, repeated_char_run, all_digits_local, very_short_local, high_digit_ratio). Same idea (richer signal than a binary), different shape (named flags vs a single score).
Disposable detection: certified contributor vs self-growing moat
Both APIs detect disposable domains. The difference is in the freshness model.
Kickbox is a Spamhaus DNSBL data contributor — meaning their data flows back into Spamhaus’s shared blocklist. They benefit from Spamhaus’s coverage, which is the industry baseline. Beyond that, Kickbox doesn’t publicly describe additional disposable-detection channels.
Vrfymail’s domains table is five overlapping channels:
- Bundled seed — ~121k entries from the
disposable-email-domainsnpm package. - Daily scrapers — 1secmail / mail.tm / mail.gw public APIs hand out daily inbox domains; we capture them. Tagged
source: "scraper:<provider>". - Spamhaus DBL (live) — every verify call that hits DBL persists the domain.
- Customer consensus — ≥3 distinct customers POSTing
hard_bounceorspam_complaintfor the same domain within 30 days promotes it tois_spam_trap=1. Free-mail providers excluded. - CT-log scanner — hourly polls of crt.sh for newly-issued TLS certs matching
temp/throwaway/minute/burner-mailpatterns. Catches the next disposable provider before they have customers.
The total today: 238K+ entries, growing daily. The Spamhaus seed (#3) is the same data Kickbox contributes to and benefits from. The other four channels are vrfymail-specific and compound with traffic — your moat gets stronger as more customers send bounces our way.
Bounce-webhook handling: per-customer overlay
This is where the two diverge sharply.
Vrfymail’s /v1/report-bounce accepts the bounce-event JSON that Resend, Postmark, SendGrid, Mailchimp, Mailgun, and Loops emit from their webhook settings. Forward your ESP’s bounce webhook once and the verifier learns YOUR bad addresses — scoped to your api_key_id, never leaked to anyone else.
The next /v1/check from your key on a previously-bounced address returns previously_bounced with the original reason. Hard-bounces and spam complaints cross-write to trap_signals; ≥3 distinct customers reporting the same domain in 30 days promotes it globally (free-mail excluded).
Kickbox doesn’t have a per-customer bounce-overlay endpoint. The closest equivalent is their list cleaning product, which is workflow-shaped (upload a list, get a verified list back) rather than API-shaped (post a bounce, get future verifies aware of it).
For B2B SaaS apps with steady signup traffic and an ESP relationship, this is a meaningful gap. Your verifier should learn from your sends; without that loop, you’re paying for a verifier that doesn’t get smarter.
Where Kickbox still wins
Three scenarios where Kickbox is the right pick:
- Enterprise procurement. SOC 2 Type II, Spamhaus DNSBL contributor, Sendoso-owned. When the buyer’s compliance team asks for your subprocessors and one of them needs to be a brand-name email verifier with auditor-friendly docs, Kickbox is on every shortlist. Vrfymail isn’t there yet — we’re SOC 2 in progress, not certified.
- DeliverabilityScore is in your pipeline. If your fraud model or downstream automation already consumes a 0–100 score and you’d rather plug into that than re-shape around verdict-plus-flags, Kickbox is the better fit.
- Bulk one-off cleaning at very high volume. At 1M+ verifies, Kickbox’s per-email rate drops to ~$0.004 — competitive with PAYG-only providers. Vrfymail’s Business plan covers 250k/month at $99; above that you’re talking Enterprise pricing, which closes the gap but doesn’t beat Kickbox at the very top of the volume curve.
For everything else — indie SaaS in the first 5,000–250k verify/month range, real-time signup forms, ESP-integrated bounce loops, founders writing their own infrastructure cheques — vrfymail’s math wins.
When to pick which
| Your situation | Pick |
|---|---|
| Pre-revenue indie SaaS, signup form on Next.js | vrfymail |
| B2B SaaS with active ESP, want bounce-learning | vrfymail |
| Enterprise procurement asks for SOC 2 | Kickbox |
| Cold-email outreach at 500k+/mo | Either; Kickbox cheaper at very high volume |
| Need real-time signup gating in <100ms | vrfymail |
| Need DeliverabilityScore in a fraud model | Kickbox |
| Free 5,000-verify/month tier | vrfymail (Kickbox is testing-only) |
FAQ
Is Kickbox more accurate than vrfymail?
Both pass the standard accuracy benchmarks (high 90s on a representative list). Where vrfymail pulls ahead is on signals adjacent to verification — disposable freshness (daily vs Spamhaus-only cadence), per-customer bounce overlay (Kickbox doesn’t have one), strict-mode flags for B2C local-part patterns. Accuracy parity, signal advantage.
Does Kickbox have a free tier?
100 verifies once, intended for testing only. Vrfymail’s free tier is 5,000/month, no card, no expiry — workable for production at indie SaaS scale.
What about SOC 2? My buyer is asking.
Kickbox is SOC 2 Type II certified. Vrfymail is SOC 2 in progress, not certified. If procurement requires the cert today, Kickbox wins. If you can hand the buyer a Trust Center URL plus a “we’re in Type II audit, expected Q3” line, vrfymail is workable.
Can I switch from Kickbox to vrfymail without rewriting my code?
Mostly yes. Both APIs return a four-state verdict (deliverable | undeliverable | risky | unknown) with reason codes. The endpoint, auth header, and request body differ — POST /v1/check with a Bearer token vs Kickbox’s own endpoint shape — but the handler logic translates verbatim. Plan on ~30 minutes of code change plus your ESP webhook re-pointed at /v1/report-bounce.
Does vrfymail’s pricing get worse at very high volume?
Above 250k/month you’re talking Enterprise tier ($499+, custom). At 1M+/month Kickbox’s per-email rate drops below vrfymail’s Enterprise quote. The break-even depends on negotiation; for most volume bands under 500k/month vrfymail is cheaper.
Will my ESP bounce webhook break if I switch?
No. Vrfymail’s /v1/report-bounce accepts the JSON shape every major ESP already emits. You re-point the webhook URL (Resend, Postmark, SendGrid all have a “Bounce Webhook” setting), and the bounce overlay starts learning your traffic from the next event.
When the math points to vrfymail
If your buyer is in product or engineering and not procurement, the chequebook math runs through pricing and latency, not compliance certifications. At 10k verifies, the bill drops 8×. At 50k, 10×. At 250k, 12×.
Try vrfymail free — 5,000 verifies/month, no card. Get an API key →