Slashdot Mirror
Pay-per-email and the "Market Myth"
AOL created quite a stir in February when they announced that senders would soon be able to bypass the company's junk mail filters by paying a quarter-penny per message to a company called Goodmail, which would split the revenue with AOL. EFF and MoveOn.org argued, in an open letter posted at DearAOL.com and co-signed by many groups including Peacefire, that once the big players were able to bypass AOL's mail filters for a fee, there would be less pressure on AOL to fix problems with non-paying senders being blocked, and that the quarter-penny would become a de facto "e-mail tax" for newsletter publishers if other ISPs followed suit.
At the N-TEN conference last Thursday in Seattle, I had the chance to talk to Charles Stiles, the AOL postmaster, and Richard Gingras, the CEO of Goodmail, after a panel discussion about Goodmail's system, where they clarified some issues. First, if you pay for a GoodMail stamp, your mail not only bypasses AOL's junk mail filters, it also gets displayed to the user with a blue ribbon indicating "This mail has been certified" -- which is a promise to the user that GoodMail has actually done a "background check" on the organization and found them to be a "good actor". (So it's mainly useful for banks, as a way of saying "This is not a phishing attack", and for charities, as a way of saying "We are a legitimate charity".) Stiles said that AOL will continue offering a free whitelisting program for people to bypass the filters, where anyone can apply to join the whitelist (even though this can be easily abused by spammers as well, but AOL offers it anyway because most spammers don't bother). If you're on the whitelist, you don't get the little blue "Certified Email" ribbon, but you do get past the junk mail filters.
So, what's everyone so worried about, if anyone can bypass the filters for free? Well, one problem is that this is where Hotmail used to be, before they started requiring senders to pay a fee to bypass their filters. At one time, if your newsletter was being wrongly blocked by Hotmail, you could fill out a questionnaire with some verification information, and they would add you to the whitelist, which is what we once did to get the Peacefire newsletter un-blocked. However, once Hotmail started using Bonded Sender, a third-party company that requires you to post a $2,000 bond in order to get on their whitelist, Hotmail revoked the free whitelistings that had been given out in the past. If your newsletter is being blocked by Hotmail's filters, no matter how many people vouch for you as a non-spammer, the only way to make sure you get past the filters is to pay the $2,000 to Bonded Sender. (I refused to pay the fee, and of the last seven messages that I sent to our press list, all of them got labeled by Hotmail as "Junk Mail".)
Charles from AOL seemed sincere in saying that AOL's free whitelisting won't go away. But he can't promise or guarantee anything, and someday it'll be someone else's decision. And other ISPs, most of which do not have free whitelists, will be tempted to use GoodMail as a de facto whitelist, such that senders that don't pay will have a greater chance of being blocked.
But I think there's a bigger problem underlying all of this. It's not about specific problems with GoodMail's or AOL's or Hotmail's system. The problem is that many advocates of these systems say that any flaws will get sorted out automatically by "the market" -- and in this case I think that is simply wrong. And in fact the people on Thursday's panel can't really believe it either, because one thing we all agreed on was that Bonded Sender sucks. But has the marketplace punished Hotmail for using it? Have people left in droves because non-Bonded-Sender e-mail gets blocked? No, because if they never see it getting blocked they don't know what happens. Free markets only solve problems that are actually visible to the user.
And this is why groups like EFF and Peacefire are rallying against pay-per-mail. We don't protest bad ideas. We protest bad ideas that could cause harm because by their nature, the marketplace will not kill them. Think about it: if AOL announced that they were going to start charging $100/month for dial-up, would we care? Would MoveOn send out e-mail warnings to its AOL subscribers? Would the EFF start a coalition against it? No, because users will abandon AOL over something like that, and the marketplace will kill it. But people don't abandon their provider over wrongly blocked e-mail if they don't even know it's happening. And thus pay-per-mail could become a de facto standard because it's invisible to customers.
If Microsoft released a new version of IE with huge ugly buttons that were hard to understand, would civic-minded groups and public advocates complain? No, because that problem will sort itself out through browser competition. It's when Microsoft releases features that have bad implications for user privacy and security, that civic groups and experts complain loudly -- because most people can't assess the privacy and security risks of using their browser, and so the marketplace alone won't solve that. (Microsoft knows this, of course, which is why they have sometimes released features that have bad implications for users' privacy and security, but they never made the buttons big and ugly.)
This is what I think people like Esther Dyson don't understand, when she wrote her editorial in the New York Times: Partly she wrote why she thought GoodMail was a great idea, but mainly she wrote that she didn't see why EFF and other groups were so upset, when if the idea turns out not to work, it will die in the market. "If they [AOL] don't do a good job of ensuring that customers get the mail they want, even from nonpaying senders, they will lose their customers." But that's simply not true. Hotmail subjects anyone to random blocking who doesn't pay the $2,000 Bonded Sender fee, and there's no evidence that it has caused them to lose customers.
Private companies do not have the absolute right to do whatever they want with your mail. If you sign up to receive mail from someone, and they send you an e-mail, then that e-mail is your property; if your ISP knows that the sender is almost certainly not a spammer, then they are violating the sender's and receiver's rights if they block the message. (Not First Amendment rights -- those only apply to government laws -- but rights based on contracts and implied warranties, since I think an e-mail address comes with an implied warranty that your contacts will be able to send you mail for free. So stop composing your -- yes, this means YOU -- stop composing your message saying that First Amendment rights don't apply to private companies.) EFF and other advocacy groups are working on anti-spam solutions that respect these rights, and you may agree or disagree with their proposals. But the point is that they should be commended for realizing that the marketplace will not preserve these rights "automatically".
After the N-TEN panel on Thursday, since I had sent a "communication" to Richard Gingras from Goodmail by asking him a question, I handed him a penny and reminded him that, per his agreement with AOL, he had to give half of it to them. I hope I never have to pay Goodmail anything again to get my message through, and I hope you never have to either.
If you aren't getting emails that you aren't expecting, oh well, that's spam.
I disagree with the assertion that the market would not kill off this idea. If you aren't getting emails you expect (as has happened to me in the past) you will seek an alternative solution. If it's really important, there's this device called a telephone whereby you can actually speak with someone else in urgent situations.
Curb CO2 emissions: Kill yourself today!
From my experience working for an ISP, business is more likely to be affect ed for organisations that don't pay for Goodmail certificates. End users just see one thing - email you sent me doesn't get to my AOL account, but email that othercorp sends me does. They don't care about the technicalities of what systems AOL is using that are getting in the way, all they see is service works from x but not y. Large email providers like hotmail and AOL hold everyone else in the palms of their hands, either we play ball, or we lose business.
Was there a story here? My web filter might have deleted any story that might have been here.
There are two dots that are not connected in this article: the little "blue ribbon" thing and the de facto tax. The author claims that the fee would become a de facto tax due to less pressure on AOL itself to fix problems.
The connection not made is that there is another reason it would become a de facto tax. I work for a nonprofit organization. If an AOL user knows that organizations and companies who have become certified get a blue ribbon, and we don't pay up, then the customer's question becomes this:
Why don't you have a blue ribbon, too?
That hurts us. And it's yet another reason this amounts to extortion.
ACs are modded -6. I don't read you, I don't mod you, I don't see you. Don't like it? Don't be a coward.
At least we know now that we'll be able to easily recognize junkmail that paid its way passed the filter--it'll have a "blue ribbon." Blue ribbon=certified junk mail.
I see several possibilities:
- Spammers copy and paste the blue ribbon into their spam templates in 1/100th of the time it took Goodmail to come up with and implement it.
- Spammers sign up for Goodmail to send some of their spam out, in quantities that will allow the cost to be worth it. The spam folder in your e-mail just became worthless.
- I refuse to use Goodmail, and my legitimate e-mails start ending up in Spam. I encourage users of services that do this to switch to "a better e-mail service with better filters", namely one that does not support Goodmail.
look it up if you don't believe me.
You insinuate that hardly any work at all went into the creation of email. This says otherwise.
Read the EFF's Fair Use FAQ
"Hotmail subjects anyone to random blocking who doesn't pay the $2,000 Bonded Sender fee"
Do they actually block the email, or do they just send it to your junk mail folder? I am on numerous email lists, and I find it hard to believe that any of them would have coughed up the $2k to avoid getting blocked. Those emails all go to my junk mail folder by default (I have my in box set up with a white list), which is right where I want them to go. They sit in there for 7 days for my review and get deleted on their own, no need for me to hold tri-mag build questions or Microsoft news letters for more then a one time read. So if the "blocking" is just getting sent to the junk mail folder, I say who cares.
On the other hand, allowing a company to stick their emails in my in box against my wishes (like some MS and Hotmail newsletters) really annoys me. It bothers me in the same way a two tier internet bothers me. It takes away the level playing field and turns the system itself into a capitalist entity.
But I do like the idea of a certified white list and verified emails. Anything to cut down on the number of phishing emails and exploitation of the uneducated computer using masses.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
As I've written before, the only way this spam stuff will be sorted out is when they redesign the SMTP protocol. All the legislation and 'pay-per-email' stuff won't solve anything. What e-mail requires is authentication in the protocol combined with black/whitelisting.
They should have the domain registrars hand out domain certificates with which e-mail communication has to be signed. In which case domain spoofing will be impossible and you could create domain block lists that work.
This fictional scenario, I think closely (but not perfectly) mirrors the current email system. The whole spam problem should have been forseen.
That is a great analogy but I'm not sure your conclusions are right. As the price has went UP over the last 15 or so years I have noticed that the concentration of legitimate letter mail I get has went down. Bulk advertising or 'Spam' mail has actually increased in percentage. Individuals and companies I actually do business with have started using email rather than pay high postage rates. Many companies offer incentives so you can get your bills deliverd in email format.
If postage and paper was free we might get significantly more advertising, but we also might see more people drop a card in the mail once in a while with a written note. Cost is a significant factor for me in wanting to pay bills online and send email to friends rather than written notes.
The USPS has done exactly what AOL is trying to do. They have catered to big business that can see an ROI on their investment. Everyone else that sends letters 'First Class' and isn't trying to spam postal patrons gets screwed.
Find coupons in Greeley
College room mate from 10 years ago finds you online and decides to say hi, City hall emails you a reminder to re-register your car, there are plenty of examples of unexpected emails that are legit and could be blocked. ....
From my own personal experience, I recieved unexpected email in 2002 from my father whom I had not heard from in almost 12 years.... I'm kinda a little happy that "the market" wasnt the arbitrating factor if I recieved that mail or not
... that it costs $.39 now to send a letter in the mail, but countless companies are willing to send thousands of pieces junk mail at a price MUCH steeper than a quarter of a penny. E-mail tax is a silly idea with nothing to offer.
Sure, but in that hypothetical situation, the junk mailers' boxes would be full, too. As it is I use those postage paid envelopes to return all sorts of interesting stuff. Usually I just return the contents of the original envelope, but sometimes I pick up random junk off my desk that will fit in there. Used kleenex, shredded paper, page from a playboy, etc. I figure eventually they'll figure out that I don't ever want to hear from them again. If they don't figure it out, I get more free entertainment. Yes, I am easily amused.
24 beers in a case, 24 hours in a day. Coincidence? I think not!
Get over yourself!
You cannot compare the two things. E-mail is more akin to an extremely decentralized mail system where everyone can turn into a postman at their whim. The absence of a huge central infrastructure makes it so that the cost of delivering your mail does not fall on the system itself; rather, on your own mailservers. If my ISP asked me for money to send email, well 1. I'm already paying a flat fee for always-on and 2. I'd set up my own server and be happy with it. Actually... I'd probably do it even if nobody forced me.
Global warming is a cube.
I guess I'm a luddite, but I have never been a fan of "managed email services". I don't want filtering, and I don't want to leave my messages on someone else's server.
All I want is a data pipe, please. Don't filter my content, just give me a pipe with as much speed as I can pay for.
I don't use email filters because I don't trust them to not block important content. When one email address starts to attract spam, I just delete it and create a new one. I put an auto-responder on the old account that says, "To my friends: this account has attracted too much spam - please contact me offline for my new email address". Within a month, everyone important has my new email. I do this ritual about once every six months.
If I didn't have to give out my email address for every damn thing on the web I could go a lot longer.
Steve
A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
HOW DOES THIS HELP YOUR CUSTOMERS?
The problem wasn't that your customers are receiving advertisements that weren't blessed by AOL -- it's that they were receiving too much junk mail -- PERIOD. Your clientele are already paying AOL their hard-earned money for connectivity, how does stuffing their $INBOX full of junk mail help them?
Wasn't this one of the things your customers originally whinged about a few years ago?
The good news is that the market will address this issue and correct itself.
It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
The problem is that we can't afford to have transport providers selecting content if we have any expectation of maintaining open communications. As soon as transport providers are allowed to define the type of content, their self-interest, typically monetary but frequently political, overrides any other concern.
This isn't to say that content can't or shouldn't be 'regulated'. There are situations where this is clearly desireable, however, the providers themselves should not be allowed make those decisions.
Living in a time when communications is so widespread, not only amplifies it's effect, it also makes it's antagonists more desperate. Governments, corporations and numerous other groups have repeatedly demonstrated their intolerance of open communications. Combine this with the temptation to profit by creating classes of service within the transport system and you have an ugly mix.
Classes of service are a de facto process of discrimination. Build the features to support classes of service for profit, and their use for information suppression will not be far behind.
Do you really want AOL or News Corp deciding what contetn is fit for your consumption?
Mind you the original email had nothing commercial in it. It became so, and thus giving birth to spam because some of the companies offered it as a product. The only way out of spam would be creating a kind of VPN of SMTP servers, so that one accepts email only from an "authenticated" SMTP. It's wrongly to solve this problem in a commercial way, because it creates corruption, while the democratic way would be to solve it technically. Maybe an SMPT authority needs to be created, an subdivision of ICANN maybe.
I run the email relays for a large financial institution. Spam is a bigger problem than they realize. If my users don't get an email, they let me know about it.
The example given that you might not get some important email that announces some security issue is bogus. If you are expecting to get your security announcements through *AOL*, you get what you deserve. AOL's service level agreement with its customers basically says that if we're unavailable, we won't charge you for that time, you have no other rights than that.
Email in general is not reliable enough for important stuff. Normal email filtering systems catch legitimate email all the time.
The market *will* sort this out. I don't know anyone who has a hotmail account, let alone considers it important.
All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
I think you're referring to spam as the consequence?
:-/
Well, the reason mail is the way it became is that a few universities, defense contractors, and government organizations needed to communicate, and given the reliability of network equipment of the time, open relays were a necessity to ensure that email got through. The reason that something along the lines of SPF didn't come into play from the beginning is multifold; DNS wasn't around (hosts were maintained in host files at each site), every organization on ARPANET was 100% trusted, and there was no incentive to forge emails nor to do what we now call "spamming" - in fact the few early advertisements which went out in targeted emails were heavily criticized.
When ARPANET became the Internet and DNS came into being due to the volume of hosts going online, open relays were still the standard, not due to network reliability (which had significantly improved) but due to legacy support. To maintain backwards compatibility SMTP stayed pretty much as-is from day one, and with the harsh criticisms that followed early email advertisemtns from trusted organizations, no one really anticipated a number of things:
- Internet access becoming a commodity (Quantum Link and Compuserve were just coming into their own then, and dial-up to proprietary online services was the wave of the future beyond private BBSes)
- Everyone having multiple, multiple email addresses
- Commercial entities abusing the network
In hindsight it was quite obvious that things like SPF would be required but given the Internet's early history (and computer networking in general) it's clear why they didn't think of security and sender verification when first implementing an email solution.
What AOL, Hotmail, and others SHOULD do is not use that GoodMail crap (it's not good sense to do that!) but to make SPF required rather than optional. If you want to send email to AOL recipients, on your authoritative servers, you must list which hosts are actually allowed to send emails from your domain via an SPF record, and all emails from your host not meeting the SPF rules will be regarded as spam and not even make it to the receiver's inbox.
This puts the onus totally on the senders. Want your mailing lists to make it through to the receiver? Make sure your listserver is listed in your SPF rules.
This is why SPF was proposed in the first place; to overcome issues arising from legacy support, to work around open relay-originating spam without having to block legitimate email from open relays, and to avoid the need for whitelisting.
Want to learn more about SPF? Check out http://www.openspf.org/
Posting this reminds me: I need to update our SPF records. Oops!
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
Will I still be able to mark certified mail as spam?
Yes. Certified Email only bypasses site filters; not an individual's filters.
Don't piss off The Angry Economist
Maybe you should read it.
I did. Where does it say anything about email being a quick hack? I assume you're referring to this bit:
First, nothing in this description tells me how long it took Tomlinson to come up with the idea and implement it. Second, Tomlinson's effort set up the addressing convention of email. That is hardly the whole of email as we know it today. As the article notes, SMTP didn't even come around until the early 1980s. My point is that it took a lot of work to create what we now know as email. Tomlinson built on SNDMSG, but that was neither the start nor the end of the process of developing email. To characterize its development as a "late night hack" seems insulting to all of the people who put their time and effort into that development.
Perhaps my interpretation of the original post was a bit oversensitive, but I just dislike such flippant characterizations, particularly when someone doesn't provide any factual information and suggests that I look up the information myself. If you know the history behind something, why not share it with the rest of us, instead of assuming we'll take your statement on faith?
Read the EFF's Fair Use FAQ
I work for a financial services company who has a clients who are supposed to receive emails from us related to trades. Since I manage our web presence, email deliverability is also my problem.
i l o rm.asp?id=isp
Here are the places to start:
Free Certification
AOL: http://postmaster.aol.com/whitelist/
Yahoo: http://add.yahoo.com/fast/help/us/mail/cgi_bulkma
Verizon: http://www2.verizon.net/micro/whitelist/request_f
Reporting
Spamcop: http://www.spamcop.net/w3m?action=ispsignupform
Hotmail: http://postmaster.msn.com/snds/
Senderbase: http://www.senderbase.org/
Email Signing
SPF: http://www.openspf.org/
DomainKeys: http://domainkeys.sourceforge.net/
Paid Certification
Bonded Sender: http://www.bondedsender.com/
Habeas: http://www.habeas.com/
Goodmail: http://www.goodmailsystems.com/
A lot of providers outside the US have many of their own rules and regulations to follow, which makes it quite difficult to achieve deliverability. At the end of the day, we try to follow all the rules that have been laid out from existing companies and then deal with individual providers on a needs basis. The more users that use that ISP, the more we are willing to obey their individual rules.
Unfortunately, I see paid certification becoming the way of the future. If I can pay to guarantee to have my clients email delivered rather then negotiate with ISPs every other week based on their varying criteria, I'm pretty sure my company will pay for it. I don't like it, but results are the bottom line.
There are two kinds of people in the world: those who categorize others into nice simple dichotomies and those who realize that most people do not fall into neat little categories, but rather consume the spectrum between multiple points of view.
We can trivially solve 99% of the spam problem by the following measures:
If you put those characteristics into a new SMTP spec (or an overhaul of the existing spec), you will basically obliterate the ability of spammers to send out bulk email anonymously, while still protecting the ability of server operators to run mailing lists non-anonnymously.
Admittedly, there's still the issue of DNS registrars needing to assign a signed host key, to provide a standard mechanism for SMTP host key revocation, and to legitimately verify that contact info for domain names is legitimate. This should be a mandatory part of the initial registration process, and contact info verification should also be part of the registration process for creating a new NIC handle. Fortunately, much of this can be fixed with a simple policy change. The rest of the issues there are left as an exercise for the reader.
Check out my sci-fi/humor trilogy at PatriotsBooks.
I get hit with over 1,000 "spams" a day at my personal address. (Yes, my filters catch most of them, but I'm talking raw numbers sent). While some of that is spam, most of it is scams, viruses, etc. And even the spam is primarily from people who aren't likely to pay even a penny for 100 mails, much less 4.
OTOH, I send and receive a lot of legitimate email. I pay for this when I pay for my connectivity. I shouldn't have to pay agin.
Now if you let *me* decide how much a spammer has to pay me before s/he can send an email to my box, that's another issue. For $100, *anyone* can send me one email on anything. I'll even promise to read it so long as it doesn't require more than one minute of my time. And I'll give 10% to charity and 10% to my ISP to license the technology. No problem.
Yes, I said it, the legiatamate mass mailers are part of the problem.
What would you say if a corporation started one of the following as business practoces:
A) Because of the high crime rate among conveience stores, all clerks will be issued guns and told to point them at the customer at all times.
B) Our salesman will run up to you, whip out a bottle of perfume point it at you and say PAY ME $25!
C) When you arrive at our gas car wash, masked men will remove you from your car, get in, and drive it into the carwash.
Customers would object to this. They have the right to object to this. The problem is that the activities being proposed, while they may be legal, APPEAR illegal. It is both stupid and irresponsible for businesses to engage in activities that are that close to being illegal.
It is the responsibility of the legitamate mass-emailers to distinguish themselves from spam. If they can't do this, then they should not be engaging in mass-emailing at all. If you can't convince hotmail that you are not spam, then you have an unethical business model.
Yes, this may force people to STOP using mass-email. There is no right to use it. Yes, you may like it, but it is argueable about ANY of it being 'legitamate', and it is up to you to find a way to prove you are legitamate, not up to the email service suppliers to prove you are not legiatamate.
There are lots of ways to deal with sending out large amounts of data daily. Message boards work fine. The g-d d-mned adware junk could also be converted to legitamate use, downloading your message once/day instead of via email.
If you can't clean up your act so your so called legitamate email is indistinguishable from spam, then you business model deserves to go down in flames.
excitingthingstodo.blogspot.com
This solves nothing, 99% of spam is being send by zombies.
If simple smtp daemons on zombies don't work anymore, zombies simply will be updated to use the users MUA. The spam remains but only it will be easier to hold an individual user "accountable" for its spreading.