DearAOL and GoodMail

Things have really been heating up recently around the AOL/Goodmail “pay to send” CertifiedMail scheme — the EFF and a host of other groups have launched, stating:

This system would create a two-tiered Internet in which affluent mass emailers could pay AOL a fee that amounts to an “email tax” for every email sent, in return for a guarantee that such messages would bypass spam filters and go directly to AOL members’ inboxes. Those who did not pay the “email tax” would increasingly be left behind with unreliable service. Your customers expect that your first obligation is to deliver all of their wanted mail, and this plan is a step away from that obligation.

While I dislike this proposal, too, as far as I can tell, AOL actually have pretty reasonable intentions with this program — nowhere near as bad as the site makes out.

However, they’re doing a really really crappy job of getting this information out there, or committing to reasonable limits on the program, such as announcing that they will use it only for transactional emails, as Yahoo! have done.

I’d strongly recommend reading Carl Hutzler’s posting on the subject. Carl was AOL’s head of anti-spam operations until last year, so he really knows what he’s talking about, and he lays it out clearly — a lot more clearly than any corporate statements from AOL do. His blog contains a fair bit more on the subject, too.

But seriously — why isn’t there a press release on the AOL site about this scheme? Some front-channel communication about now might be useful, I’d suggest, before things really get hairy — this crapstorm is coming about partly because AOL’s comments are all filtering out in drips and drabs via third parties, and (AOLers say) are being misconstrued and misrepresented in the process. It’s a classic case of missing the cluetrain.

I’d also really encourage the EFF people to tone done the rhetoric; statements like “senders will have no guarantee that their emails will be delivered” is scare-mongering, given that SMTP email already provides no such guarantee.

Update: wow, MoveOn went really overboard — “threatening the Internet as we know it … The very existence of online civic participation and the free Internet as we know it are under attack.” OMG the sky is falling!

Side Issue: The Spam Definition

Also, another note to EFF: defining spam as “whatever you don’t want to read” is a terrible mistake to make. That confuses a good, clear, enforceable and automatable definition of spam — unsolicited bulk email — and makes it effectively unenforceable by law, unpoliceable by ISPs, impossible to detect automatically, and incompatible with existing, effective EU and Australian legislation.

Listen to your own Chairman of the Board; he’s right on this count.

PS: any luck fixing up the non-confirmed signups issue? Last time I checked I could still subscribe any address to the EFF Action Alerts without a cross-check, which is not a good thing.

This entry was posted in Uncategorized and tagged , , , , , , , . Bookmark the permalink. Both comments and trackbacks are currently closed.


  1. Posted March 2, 2006 at 22:28 | Permalink

    You are spot on here. A lot of rhetoric instead of spending valuable time looking at forward thinking solutions. Nonetheless, it doesn’t look like the scare tactics are working.

  2. Danny
    Posted March 3, 2006 at 02:21 | Permalink

    Wotcha Jason —

    Okay, let’s roll backwards with your questions, which are all good points.

    First: non-confirmed signups. Sigh. I know, and I remember well my bright-eyed enthusiasm when I said that I’d deal with that when I first started at EFF. I still work hard on this, but the problem is that the standard for many third-party mailing list providers is still single opt-in, including our own provider, and it’s hard to pursuade them of the benefits of switching to a tougher system. I say this not to pass the buck (well, not just to pass the buck, as I’m still trying), but also to make a couple of points. First, it’s amazing how many of these policies end up being determined away from the end user — either sender or recipient. Goodmail, for instance, doesn’t require its clients to do double opt-in. I can’t work out whether that’s a bad move on their part, an acceptance of current business practices, or an example of how their high motives (they’re good, well-meaning, people, btw) can be softened by commercial need. Secondly, I think it illustrates how little traction or speed the market really has in these areas. It’s really difficult for us to move providers based on their non-use of double opt-in. We have data and effort tied up with them, there are few alternatives, and, hey, they’re really good at almost everything else we use them for. I honestly sit at night and plan shadow mailman lists that could monitor and do confirm mails based on interrogating their database, but there are only so many hours in the day.

    Two: the definition of spam. I think these are definitions for different purposes here. Brad’s talking about how to create a bright line for the law. In the context you take that from, we’re trying to make the point that user-driven filtering systems are going to work a lot better than AOL deciding what mail you should and shouldn’t see. Everything we’ve seen in the development of anti-spam tools, including SA, natch, confirms that.

    Next, the rhetoric. Yeah, it’s unfortunate on both sides, and one of my aims in this whole process is to try and insert some real dialog. I’m going to keep trying harder on this, but I do have to say that it’s rare that I see either side actually say anything false, or that they don’t believe. I just think the closer you move to the bullet points, the more distorted it becomes — and when you’re talking to each other through the media, that’s exactly what happens.

    I agree with you and Carl that what is mostly happening here is the usual ongoing negotiation between AOL and senders has broken down — and I have to say that that’s exactly what disturbs me the most about pay-to-send. Bi-partisan conversations about best practices, with a light smattering of the threat of being taken off a whitelist, gets turned into a brutal financial transaction.

    Next, what could AOL do? Honestly, they could talk. I’m just about take my voicemail now, and my fear is that there’s a call from Chuck Stiles or Nicholas that got buried in press calls from yesterday, and I haven’t had time to answer it. Well, it’s a fear mixed with hope. I’m still betting there’s a way out of this, and I’m hoping that AOL realises that when they try and use these nuclear weapons of language, you’re really playing into the wrong game. These little guys are worried, and they’re very accustomed to being in weak positions where their only option is to kick up enough of a stink to get noticed, and fast. It works, too. You’ll notice we’re all debating the good and bad of Goodmail, and – out of the depths of the usual AOL suxx0rs/bloody whinging spammers debate – actually working out some fairly subtle points.

    Finally, I think you’re right. I think that AOL’s delivery team have the best of intentions, and I think that Richard Gingras and the Goodmail team do, and I can honestly say that so do the Dear AOL coalition (AOL’s accusation that this is somehow political fundraising is delightfully disingenuous here).

    But AOL’s good intentions aren’t enough when the incentives are wired all wrong. It’s like trusting government without ensuring the checks and balances. Gatekeepers shouldn’t take a cut of reputation management systems profits, particularly when they are unbounded, and based on individual transactions. I honestly think that if someone who has worse intentions than AOL did this, we’d be less screwed, because everyone would instantly treat it with scepticism that it deserved. The problem with AOL accepting it is not only do we gain a dangerous pay-to-mail infrastructure, we lose the best example of how ISPs should run an anti-spam system.

  3. Posted March 3, 2006 at 12:56 | Permalink

    hi Danny!

    I get your point about signup confirmation. I hope you guys do get round to fixing it — sorry ;) It certainly is a case where it’s hard to do the right thing — but it’s important to do so. The MoveOn/Outblaze blocklisting case appears to have been caused by a well-meaning, over-enthusiastic, but clueless supporter; but it really would be trivial for a malicious partisan from the other side to get a non-confirming list host into a whole load more trouble, if they tried.

    Basically, times have changed since nonconfirmation was viable. This is a trade-off. The difficulties are in finding acceptable trade-offs in order to avoid losing the whole email system, as a viable means of communication, to spammers.

    These are indeed being worked out away from the end users — as is most of the anti-spam fight. Many people don’t realise how much spam filtering can cost an ISP to deal with — especially support costs of explaining complex anti-spam restrictions to customers. It’d be great to get greater understanding of anti-spam measures, why they were required, and their side-effects, with more signal than noise in the discussion. I hope this blog helps — and that’s where toning down the rhetoric also helps ;)

    by the way, regarding GoodMail — I’ll reiterate that my personal opinion of that system is not positive. There are too many undisclosed details, proprietary magic “black boxes”, hyped-up PR, and so on that make me nervous. Habeas and Bonded Sender both achieved support from the spam-filtering community through trustworthy behaviour, open code, well-elucidated “lines in the sand”, and a clear division of revenue streams. In my opinion that’s a much better way to go. That’s my (personal) take on it.

    And finally, on the spam definition — hmm. I’m still pretty convinced there’s only one way to workably deal with spam, and that’s by starting with UBE as a definition. I’ve yet to meet a UBE I didn’t consider spam. Maybe that’s my subjective opinion, I suppose ;)

    John Glube posted a great commentary on Carl’s weblog as a comment, btw, giving his “view from the cheap seats” as a SOHO/small-business sender. Well worth reading.

  4. Posted March 6, 2006 at 12:01 | Permalink

    we are trying to make the point that user-driven filtering systems are going to work a lot better than AOL deciding what mail you should and shouldnt see . Everything weve seen in the development of anti-spam tools, including SA , natch, confirms that.

    Great. Guess where most if not all of AOL’s spam filtering input comes from? There’s this nice, prominent “report as spam” button on the AOL email program. And AOL gets several hundred thousand to a few million emails a day reported to it

    Now, one email reported as spam may not trigger a block. Nor may ten… but let your percentage of complaints (measured wrt the number of emails sent to AOL users during a period of time) go above a certain level and AOL’s filters kick in.

    AOL does tend to listen to their users.

    And I’ve seen clueful answers from you. And from Brad (with whom I had a quite long discussion about this)

    Cindy Cohn and however seem to believe that every single complaint about them is a right wing plot, and moveon’s poorly managed lists and John Gilmore’s open relay are becoming the EFF’s single point of focus, at least in every single public statement that I’ve seen about spam that comes from the EFF (as in, posted on or emailed in to Politech / IP).

    This is unfortunate. The EFF has been alienating a significant number of people who share a lot of aims with the EFF though they’d put privacy ahead of the right to unsolicited free speech, whether or not its a political campaign. Why?

  5. Danny
    Posted March 6, 2006 at 14:12 | Permalink

    Suresh —

    Your point about AOL’s spam complaint system is true, but I don’t think it contradicts what I was saying. If AOL’s systems were trending towards greater input by the user, then that’s great. Once again, the worry with the Goodmail system is that it would wrench the trend the other way.

    As to your other points, I honestly don’t get them. I don’t read what you read into conversations on IP; the “clueful” statements I make are no different from Cindy’s. EFF is not anti-anti-spam, we’re concerned that some anti-spam techniques have some collateral damage on free speech, or the Net as a whole. Our motives come from this policy definition: , and that’s it. We can argue about whether our estimation of ISPs receiving continuous streams of payment from creditation agencies is a bad idea for free speech, or, if it is, whether it is a worthy sacrifice in the battle against spam. But discussing what each of us thinks the other’s secret motivations are isn’t going to move that argument one inch.

  6. Posted March 6, 2006 at 14:28 | Permalink

    Danny, like I said, if I got as reasoned comments from Cindy as from you .. well, the EFF’s public stance on spam would be clearer, and a lot better.

    This is from cindy’s original eff post –

    And prepare to be shaken down if you run a noncommercial mailing list, whether for local bowling leagues or political organizations with a national membership.

    Good. So goodmail is blackmail, right? Like a bunch of thugs going from one nonprofit to another hinting at all the nasty things that’d happen to their email to AOL users if they didnt pony up for a goodmail certificate?

    For the rest of it, please read through and then read through the older posts that get linked from it, to understand why so many people just dont like what the EFF says about email.

    And btw – I never did hear from Cindy about what I wrote to her at

    After that I did have a long and quite interesting conversation with Brad about basically the same points.

    Please take the time to read through that politechbot url and the other politech threads linked from it. I’ll find myself repeating a lot of what I want to say here ..

    Cindy has this charming trait of using examples of bad spam filtering to tar all spam filtering, even responsible filtering, with the same brush, just to prove a single point agenda “spam filtering is bad, and infringes free speech”. And her point of reference is, and consistently has been, moveon’s mailing lists. I must confess that it is a trait I dont like. Especially when it shows through as EFF official policy.

    It’d be quite good for the communication gap between the EFF and various people who go by the generic name “anti spammer” (as if the EFF is not against spam) .. and its a them v/s us situation that I’m not comfortable with, for all my posts on this issue.

    if you, or Brad, were to take over as EFF’s official spokespeople when commenting on anything spam related. It’d at least lead to saner discussions with far less FUD injected into the mix. Especially if the discussions were carried out without moveon or being mentioned anywhere.

    regards -suresh