Pretty decent ... a few usability issues, and a concern regarding security.
1.) When sending I see the "Load Bitcoins Here" dialog,
The message states "Once the Bitcoins are received, the Catapult will launch." and I see a link to Close.
As a first-time user, I wasn't sure what "Catapult will launch" means. If I were thinking this were like a game, I might be watching the graphic of the catapult waiting for it to sling the scoop of
Of course, what it really means to say is that Once the Bitcoins are received the Catapult will send a message to: "email@example.com
That's what is meant by "catapult will launch".
So perhaps if there were some way to let the user know that after the coins are sent what to do next. (i.e., Click Close after you've sent the bitcoins).
2.) The message ended up getting flagged as spam by Google's Postini.
X-pstn-levels: (S: 0.01365/97.07104 CV:99.9000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
You might want to look into DKIM (and / or SPF) to help lessen the chances that the message goes into the spam box.
Would there maybe after a few days a message to the "from:" e-mail address notifying that the funds hadn't been retrieved and offer the abiliity to get them back?
3.) When trying to retrieve the bitcoins, the first time I only had two confirmations I believe. When I went to spend it it had said
"This transaction is still unconfirmed. Please wait 10 or 15 minutes and try again.".
Firstly, what is the number of confirmations the site requires? It appeared that after three I could then "retrieve the payload".
At the time the page is being rendered, wouldn't the state of being confirmed be known and thus it could tell me before I even enter the Send To address that I just need to hold on for a bit?
Additionally after that error message, I got another "Retrieve Payload" page, except this one asked for "Target (email address)" and also "Secret Location". If I'm redeeming funds, I wouldn't be sending it to an email address. Additionally, the e-mail sent to me to claim the funds never describes what 'Secret Location" is. Of course, that's what is in the URL, but that isn't described in English in the message.
5.) When I entered the Send To address it had a trailing space in what I had copied and pasted and as a result there was an error message. The form validation could do a trim() to help eliminate this from resulting in an error.
6.) On a later attempt, after there were three confirmations I then went to retrieve the payload. It was a trivially small amount, like under 0.003 BTC. When I hit the Send button the response said "Insufficient Funds." I entered the exact amount that I had sent earliery. I tried a second time same thing. I then tried with 0.00001 BTC and it went through fine. I tried another time, less than the full balance, and it too went through. The third time I spend the remaining amout and it too went through. So the entire amount couldn't be sent but breaking it up and sending portions, even though they added up to the same as the original number, were able to go through.
I presumed that the message was saying that as recipient I was trying to spend more than I had available. Perhaps instead the "Insufficient Funds" message refers to the service's wallet itself not being able to send because it has insufficient funds?
7.) Consistency. Am I retrieveing bitcoins or recovering bitcoins? Both terms are used.
8.) Security. SMTP messages are transferred clear text. That means that if your service starts becoming popular that there is then an economic incentive for a sysadmin at the ISP or at the e-mail hosting service or somewhere between Coinapult and the recipient to heist the coins. By simply adding a filter, every message that comes from Coinapult gets special attention by the scammer who redeems the coins, never with even a slight chance of getting caught.
E-mail is just not a secure method for transmitting essentially what is a negotiable bearer instrument (the URL to claim the money). This would be the same risk that exists when sending Mt. Gox Redeemable Voucher codes thorough e-mail, which is not recommended either.