How to read competitor newsletters without subscribing
TL;DR
Subscribing to a competitor newsletter, even from a burner Gmail, still hands them your domain pattern, retargeting fuel, and an A/B-test bias signal. Six methods let you read the same content without giving an address: public /p/ URLs on Substack and beehiiv, the Wayback Machine, Google site operators, RSS feeds, Cloudflare Email Routing aliases, and a single anonymous inbox forwarded into an analyzer. The cost: only the last method recovers send time and SPF/DKIM headers.
If you want to read competitor newsletters without subscribing, the standard advice is to spin up a Gmail burner and call it a day. That is the worst version of the play. Across the senders we track in the Newsletrix corpus, roughly 60 to 70 percent of Substack, beehiiv, and Ghost posts are publicly readable within 24 hours of the email going out. No address required. For Klaviyo, Iterable, and Customer.io campaigns the recovery rate drops under 15 percent, but even then the burner is wrong. Six methods, what each recovers, the one honest tradeoff.
Why "subscribe with a burner" is the wrong default
The burner-Gmail trick is on every competitor-intelligence listicle on the internet. It looks anonymous. It is not.
When you sign up, three things happen at once. The sender writes a row to their CRM, links it to whatever fingerprint they captured (UTM, referrer, IP geo, browser), and ships you into their ESP. Google Postmaster Tools then aggregates your domain TLD into a daily delivery report the sender can read. Sign up from @yourcompany.com against a competitor and your domain shows up in their stats inside a week.
A Gmail burner is leaky too. Klaviyo, Iterable, and Customer.io fingerprint the TLD distribution of new signups and flag unusual spikes inside their dashboards. We have watched a Klaviyo dashboard light up after a research team seeded 12 burner addresses in a single morning. The signal is obvious if you know to look for it.
Then there is the A/B test problem. If the sender runs any subscriber-cohort segmentation (welcome variant, send-time test, name-personalisation test), the variant they put you in is whatever their algorithm thinks you are. A new burner with no engagement history lands in the low-engagement bucket. So what you read is not what their best subscribers read, and what you conclude about their playbook is biased toward the worst variant they ship. A burner gives you the worst of both: it tells the competitor you signed up, and it gives you a distorted view of their content. Skip it.
Method 1 - Public web archives on Substack, beehiiv, and Ghost
Three ESPs publish every newsletter as a public web page by default. Substack ships every post to publication.substack.com/p/slug. Beehiiv ships to either the publication.beehiiv.com/p/slug default or a custom domain that keeps the /p/ pattern. Ghost ships to the publication root with an optional /tag/newsletter/ filter on the index.
The practical consequence: you do not need an inbox at all for any newsletter on those three platforms. Open the publication's homepage, scroll, read. The HTML you get is the same HTML the subscriber gets, minus the personalisation tokens and the tracking pixel.
Roughly 60 to 70 percent of sends from Substack, beehiiv, and Ghost in our corpus are publicly readable within 24 hours. Paid Substacks gate the body behind a Stripe paywall, but the headline, the email subject line (in the page <title>), and the first 200 to 400 words land in plain HTML you can read and feed into the Newsletrix ESP detector directly.
What you cannot recover this way: the SPF, DKIM, and DMARC headers, the precise send time (the publish timestamp on the post is usually within a few hours but not exact), the open and click rates they saw, and any A/B variant you did not happen to be served.
Method 2 - The Wayback Machine for view-in-browser URLs
Almost every ESP exposes a "view in browser" link inside the email itself. That link sits on a public subdomain the ESP controls. SendGrid uses patterns like url1234.sender.com. Mailchimp uses mailchi.mp. HubSpot uses hubspotemail.net. Constant Contact uses myemail.constantcontact.com. Once a recipient clicks one of those links, the page becomes public. Cloudflare crawls it. Archive.org sometimes mirrors it. Google indexes a copy.
The trick is finding those URLs. Go to https://web.archive.org and search mailchi.mp plus the brand name in quotes. Cycle through hubspotemail.net, myemail.constantcontact.com, the SendGrid url1234 pattern, and the brand's own domain. Most of what you find is months old, which is what you want when you are mapping a year of campaigns rather than a single send.
What you get is the full rendered HTML, often with original UTM parameters still attached to the CTA links. That alone reveals their entire link-tagging convention, the agency or platform behind their paid traffic, and frequently the campaign naming scheme they use internally.
The practical limit: the Wayback Machine only stores what gets crawled. Big-list senders like Morning Brew and Lenny's Newsletter get crawled constantly. Niche B2B SaaS sends from a 4,000-person list get crawled rarely or never.
Method 3 - Google site: and inurl: operators
The same ESP-hosted URLs are usually indexed by Google. Five queries surface most of what is public:
site:mailchi.mp "brand name"site:hubspotemail.net "brand name"inurl:view-in-browser "brand name"site:constantcontact.com "brand name""brand name" "view this email in your browser"
The last query is the cleanest of the five. It looks for the literal "view this email in your browser" anchor on any indexed page, which catches forwarded campaigns on company press pages, agency case studies, employee LinkedIn shares, and Reddit threads where someone pasted a quote with the source link still in it.
A small Newsletrix data point. When we ran this exact set of queries against the top 200 B2B SaaS brands we track, we surfaced at least one indexed campaign for 64 percent of them. The miss case is predictable. Klaviyo, Iterable, Braze, and Customer.io campaigns live behind non-public CDN subdomains that the ESPs rotate and de-index aggressively. Public recovery for those four platforms drops under 15 percent.
Have the HTML, want the ESP
Once you have a campaign HTML file from any method on this page, paste it into the Newsletrix ESP detector to identify the sending platform, tracking domains, and click-wrapping pattern in about three seconds.
Try the ESP detector →Method 4 - RSS-to-email reversal
A lot of newsletters quietly publish an RSS or JSON feed alongside the email. Substack always exposes publication.substack.com/feed. Ghost exposes /rss/ unless the operator has turned it off. Beehiiv now exposes a similar feed on custom-domain hosting.
Subscribing to the RSS feed with an offline reader (NetNewsWire on macOS, FreshRSS if you self-host, Inoreader if you want a hosted client) gets you the same body content with zero address handed over. The reader pulls the feed, parses each entry, and shows you what the email contains, usually within minutes of publish time.
Two caveats. The feed often strips inline tracking pixels and rewrites image URLs to a CDN, so you cannot inspect their pixel-tracker setup or list any third-party trackers. Paid-only Substacks gate the feed body too: you get titles and dates but no content.
Method 5 - Cloudflare Email Routing as a real anonymous alias
If you do need the email to arrive somewhere (because Methods 1 through 4 missed a specific send, or because you want the headers), there is a version of the burner trick that is genuinely anonymous. Buy a throwaway domain on a registrar that does not link the WHOIS to your identity. Point its MX records at Cloudflare Email Routing. Create a catch-all rule that forwards every inbound message to a separate inbox you control.
Setup takes about 30 seconds inside the Cloudflare dashboard. The result: you sign up as something like [email protected] and the email lands in your real inbox, but the sender sees a domain with no LinkedIn employees, no website, no Postmaster Tools coverage, and no public footprint.
Why this beats a Gmail burner. Gmail flags new accounts with no contact history as low-value subscribers, and a savvy ESP will treat a brand-new gmail.com signup with no prior engagement as a research signal. A custom domain with no website looks like a small business someone registered yesterday. It blends in with the long tail of one-person companies signing up to test a tool. The fingerprint goes quiet.
Method 6 - Forwarding into an analyzer (where Newsletrix sits)
Methods 1 through 5 cover content. They do not cover the technical metadata that tells you how the sender is operating: which ESP, which send-time bucket, whether SPF and DKIM align, what the list-unsubscribe header value points to, the image-blocking pixel structure, the click-tracking domain wrapping every link.
For those, you need at least one email to land in a parser. The minimum-cost setup: one anonymous inbox via Method 5, subscribed to the publications you want to instrument, with a forwarding rule that pushes every received message into an IMAP folder Newsletrix watches. The analyzer reads the raw RFC 822 source, detects the ESP, extracts every link pattern, parses the headers, and stores a per-send record you can query later.
The honest tradeoff: to recover headers and authentication info, one subscription is required. There is no way around that. Send-time bucket, SPF and DKIM alignment, list-unsubscribe values, click-tracking domain - none of it is in the public HTML. We keep one Cloudflare-routed domain for this purpose. One inbox, several hundred sends per week, all parsed. The data in this article came from that exact inbox: the 60 to 70 percent public-recovery number for Substack/beehiiv/Ghost, and the sub-15-percent number for Klaviyo/Iterable/Customer.io, both come from comparing what Methods 1 through 5 surfaced against what the analyzer saw over the same week.
What each method recovers
Match the method to the question you are trying to answer. If you only want content and pattern analysis, Method 1 plus Method 3 covers most of the SaaS universe. If you want headers and operational metadata, only Methods 5 and 6 do the job.
| Method | Subject | Body HTML | Send time | ESP | SPF/DKIM | UTM links |
|---|---|---|---|---|---|---|
| 1. Public /p/ URLs | Yes | Yes | Approx | Inferred | No | Sometimes |
| 2. Wayback Machine | Yes | Yes | Stale | Inferred | No | Yes |
| 3. Google operators | Yes | Yes | Stale | Inferred | No | Yes |
| 4. RSS feeds | Yes | Rewritten | Yes | No | No | Rewritten |
| 5. Cloudflare alias | Yes | Yes | Yes | Yes | Yes | Yes |
| 6. Newsletrix forwarding | Yes | Yes | Yes | Yes | Yes | Yes |
For most competitor research the right answer is Methods 1 to 3 first, because they cost nothing and reveal no signal. Reserve Methods 5 and 6 for the senders whose operational fingerprint matters. A teardown of a welcome flow or sponsorship strategy needs content. A teardown of deliverability and authentication needs headers. For what to do with the recovered HTML, see our reverse-engineer walkthrough and the ESP detection guide. For the inbox-side workflow, the competitor tracking playbook covers IMAP folders and tagging. If you are evaluating tools, see our side-by-side comparisons of SendView and Panoramata.
Frequently asked questions
Is it legal to read competitor newsletters without subscribing?
Yes. Reading a publicly published web page or an archived view-in-browser URL is the same activity as reading any other public web page. The methods in this article rely on content the sender has already chosen to publish on Substack, beehiiv, Ghost, Mailchimp's mailchi.mp domain, or HubSpot's hubspotemail.net domain. Avoid bypassing paywalls or scraping behind authenticated subscriber walls.
Can you see a Substack newsletter without subscribing?
Yes. Every Substack publication exposes posts at publication.substack.com/p/slug as public web pages. Free posts show the full body. Paid posts show the headline, subject line in the page title, and the first 200 to 400 words of the intro. The RSS feed at publication.substack.com/feed lets you receive new posts without ever creating a subscriber record.
How do you find archived versions of marketing emails?
Two routes work. The Wayback Machine at archive.org stores view-in-browser URLs from ESPs like Mailchimp (mailchi.mp), HubSpot (hubspotemail.net), Constant Contact (myemail.constantcontact.com), and SendGrid's url1234 pattern. Google indexes the same URLs, so site:mailchi.mp "brand name" or inurl:view-in-browser "brand name" surfaces what is cached.
What is the best alternative to a Gmail burner account?
Buy a throwaway domain and point its MX records at Cloudflare Email Routing. Create a catch-all rule that forwards to a separate inbox. The setup takes about 30 seconds. The sender sees a domain with no LinkedIn footprint and no Postmaster Tools coverage, which blends in with small-business signups rather than spiking a fingerprint dashboard.
Can Newsletrix work without subscribing?
Partially. Content analysis on the HTML you recover anonymously runs through the Newsletrix ESP detector and pattern tools without any subscription. To recover headers, send time, SPF, DKIM, list-unsubscribe values, and click-tracking domains, one subscription is required. Most teams keep a single anonymous Cloudflare-routed domain for that purpose and forward all inbound mail into the analyzer.