The gift of giving | QuaidLeckey.com

This presented another set of issues. We'll start with demand surge: was it fair to lump a customer with a huge bill for a month if they had a large amount of traffic? Sure, you could argue. The customer signed up, read the agreement (or should have) and they knew it was something that could happen – so when it does, they deserve to get a bill for all the hard-earned work that went into the product. While that logic can apply to something like the physical server time taken or something else that forms a material part of their application, it didn't sit right with this product. Something that must run in order for the customer to make money is a lot different to something that should run and needs to be billed differently.

The demand created isn't part of a marketing campaign, or because an unprecedented number of customers accessed their website because they were mentioned on Slashdot. The demand for Cordon is solely generated by malicious users, so it didn't seem fair to charge users for something they ultimately have no control over. Their website isn't attacked because the customer requested it, or paid for it, it's attacked out of shear malice from people that have no respect for the hard-work it takes to manage a website or application.

The first step to solving the problem, meant we had to offer an unlimited plan – customers would never have bill-shock to stop something they didn't want to happen in the first place, and we can cover the server costs when a few thousand people sign up. We could lower that break-even threshold and price higher, but I opted to lower any friction in the price points to increase adoption (remember, the goal is to make the internet a better place – not to profit from policing the bad guys). The opposite is also required to an extent – I needed to plan against runaway adoption, where we can't scale the infrastructure to handle demand. Having a small fee helps limit rampant overuse.

OK. Great, now we have a way to cover the server costs, the customer doesn't have to worry or keep track of how many requests they're making each month and we make it clear on the website that the customer would need to upgrade after a certain amount of hits per month. Job done, right?