Carl Hutzler's Blog

Photography, Technology Musings, and other Completely Random Thoughts. Hey, it's free.

The Left, the Right, the Bad, and the Good(mail)

Many of us have been following the AOL/Yahoo! Goodmail press lately. While the deal was initially announced back in October last year, for some reason the PR engines only began to get going in February 2006. What sparked the sudden change in direction?

While I can’t necessarily answer that question completely, I believe it was due to some miscommunication and misunderstanding for which AOL may have even been partly to blame. And for our part, we tried to set the record straight and emphasize that:

1. Goodmail is an optional program for mailers who are interested in participating.
2. Goodmail is AOL’s third whitelist (to date) with the possibility for more.
3. AOL’s other two whitelists (“AOL Whitelist” and “AOL Enhanced Whitelist”) are not going away.

Some Frequently Asked Questions about Goodmail, and AOL’s Mail Policies, etc…

1. So, what is Goodmail?
At its most basic level it is a whitelist of trusted senders. It is similar to many other whitelists on the Internet including some commercial ones like Bonded Sender (owned by ReturnPath) and Habeas. Commercial whitelists for which the sender must pay to be on the list are not new. Also not new is a large ISP using these lists to help lower false positive rates from their spam filters and/or flag mail as having a higher level of trust. Microsoft’s Hotmail/MSN mail system uses the Bonded Sender and Habeas whitelists today for these very purposes.

2. If there are whitelists, are there also blacklists?
Yes, of course. In fact many ISPs around the world use publicly and privately managed lists of “bad senders” called blacklists to fight spam. Spam Haus, Spam Cop (owned by IronPort), and the old Mail Abuse Prevention System MAPS now owned by Trend Micro, are just a few commercial products that customers must pay to use. So just like commercial whitelists, there are also commercial blacklists. By the way, many marketers, political groups, and other organizations have been vehemently against blacklists as well, as they fear that these lists may unfairly block their legitimate mail. Now, if everyone is opposed to both whitelists and blacklists, what tools, exactly, are ISP’s left with to fight spam and phishing???

3. OK, so why does AOL need whitelists and blacklists then?
In the anti-spam world, a whitelist is a mechanism used to ensure that legitimate mail can bypass imperfect spam filters – especially when the legitimate mail has characteristics that the filters could misconstrue as spam. A simple example of this could be a Bayesian/content filter trained to detect pornographic content which could mistake some legitimate, confirmed opt-in, adult oriented mailing list as spam. Whitelists are useful because, as everyone knows, spam filtering is not a perfect science. The plain reality of the world is that many types of mail can have characteristics that are similar enough to spam’s characteristics that machines cannot always differentiate with 100% accuracy. In fact, human beings have trouble differentiating in a lot of cases — especially when it comes to “phish” emails which are created specifically to look exactly like legitimate mail (from Citibank, Ebay, etc). And that’s where – you guessed it – Goodmail’s CertifiedEmail program kicks in for senders and consumers.

4. What happens to AOL’s whitelists once Goodmail is launched?
Most every ISP uses whitelists of one sort or another. AOL has two whitelists which we have offered for many, many years. They have always been free. They will always be free. The way we control who gets on and stays on these special lists is based on the reputation of the sender –how many bounces, complaints (report spams), etc does one mailer have compared to another…essentially, do our members like the mail or do they complain about it – a very democratic approach! Other ISPs have various flavors of the same thing. As mentioned above, Hotmail/MSN uses a third party commercial whitelist called Bonded Sender. Google/Gmail does not say they have a whitelist specifically, but in their bulk mail policy page they do make many suggestions for how mailers can improve their chances of avoiding the dreadful bulk folder. Most of these suggestions seem to center on reputation which is what AOL uses for our two free whitelists. Yahoo! has a page with similar suggestions and a form for their version of whitelisting.

5. What is the difference between the whitelists and why does AOL see the need for Goodmail?
Our main, regular whitelist is open to anyone who can pass our sniff test of being a legitimate organization. AOL cannot possibly run background checks on every single whitelist request. As such, we use certain “does it smell right” tests to ensure people getting onto our basic whitelist have a good chance of not being spammers. Once on the list, we govern their ongoing whitelist status through member and automated feedback of the organization’s performance/reputation. We also offer organizations the ability to get feedback on their performance directly from AOL – for free! We were the first (yep, we invented feedback loops and the ARF technical protocol) and still are just about the only ISP in the world that allows mailers to self-monitor their performance. The Whitelist allows organizations to bypass some of our spam controls and rate limits – but not all.

The Enhanced Whitelist (EWL) is a self-regulating system, such that, if you have been on our regular whitelist for a long period of time and have performed very well (good reputation), we will promote your organization to the EWL. The EWL has two additional benefits over the normal whitelist. It will deliver mail to the inbox and it will show URL links and Images by default. Of course individual member preferences will trump this, but since most members do not change the defaults, the EWL tends to be an advantage to the best senders with the best reputations.

Goodmail will essentially become the third AOL whitelist and it provides essentially the same features as the EWL. But it adds some enhancements that mailers (and our members!) have been asking AOL to provide for years! The additional features include a special symbol/icon/UI chrome designating the mail as from a trusted sender. Most of the organizations requesting this feature are ones that have been hit hard by phishing email scams, including charities (like the American Red Cross), financial institutions, and e-commerce companies. The other feature is confirmation of delivery. In this case organizations were interested in a better way to measure their delivery rates to their customers as opposed to the indirect methods available within SMTP or by using image tracking beacons. That improves their future delivery rates, encourages them to clean up their lists even more and – guess who benefits – the email recipients of the world.

6. Wait a second – everyone else has a free whitelist – just like AOL – but no one else of the size and importance of AOL is going to implement a system like Certified Email’s ‘pay-to-play’ scheme. Isn’t this right?

Totally wrong. Unlike Microsoft, AOL has and will continue to offer a free, non-fee based approach for getting bulk email delivered at AOL. AOL has a free whitelist, with totally transparent policies (see http://postmaster.aol.com), and we are now offering up an optional, voluntary service on top of it. In many ways, we’re catching up to what others have implemented on the internet for almost two years – AOL is not the force behind a new concept. With Microsoft, mail senders must pay in order to get the same whitelist status that AOL provides for FREE. Yahoo! also has a whitelist, but they don’t charge for it.
Microsoft has entered into two partnerships with Goodmail’s competitors concerning email authentication.

In the case of Bonded Sender, mailers pay Return Path/Bonded Sender an accreditation fee, the same as with Goodmail. In addition, they post a bond which is debited based upon the number of abuse reports. With Habeas, mailers pay an accreditation fee, again like Goodmail, and then pay for “delivery services” which include things like abuse mitigation, copy evaluation and ISP interactions. Those fees are dependent upon volume of email.

7. Why all the fuss and controversy? What is new here?
Nothing is new, based on what AOL and Yahoo! have already previously announced in October 2005. There was some confusion weeks ago about AOL’s current whitelist and enhanced whitelist products, for which we are to blame. The point is, as we have been stating, both will remain to serve exactly the same purpose they serve today. We are simply nearing the implementation phase of the Certified Email service, and the naysayers on the fringe of the internet have simply seized on the issue that they think will net them some additional fundraising dollars on the web, exclusively based on inaccuracies and twisted half-truths. Not only is this unfair, but it does a disservice to online consumers who have repeatedly told us they want an additional weapon to use against the constant barrage of very complex schemes that show up in their email inbox – taking up their time and confusing them.

8. AOL is just out to make money on this right? I mean, that’s the real reason why you want to move everyone to the Goodmail solution.

The framework for the Goodmail CertifiedEmail program has always involved a revenue share component, and this was made clear last Fall when the partnership was first announced. It’s a necessary part of the equation, because AOL will utilize the modest and incremental revenue derived to support our ongoing antispam and anitphishing efforts and enhance our email product development. Also, the fee scale for emailers increases the quality of the email process because companies have a financial stake in making the process work and work well. It also helps to augment the good email for consumers and weed-out the possibility of unwanted email in inboxes. And, an important point, non-profits who want or choose to participate in the Goodmail program – like the American Red Cross has decided to do – will be able to take advantage of vastly reduced rates set by Goodmail. This was a critical point AOL insisted on as we approached last Fall’s partnership announcement.

Conclusion

Several organizations have complained about the Goodmail program, including Goodmail’s rivals in this competitive space.

Readers may find it interesting to read some of the recent critical articles penned by Goodmail’s competitors which helped spark the PR upheaval:

ReturnPath Article

Habeas Article
Even more recently some political groups have been organized to protest this product. Unfortunately their understanding of the program is either not 100% or they are interested in trying to spread partial information and fear.

1. Goodmail can not be viewed as a tax. Like death, taxes are unavoidable. Goodmail is optional and completely avoidable!

2. Charities, small businesses, and civic organizations will not be left with a lower class of email service. AOL has a duty to deliver mail our members want and if we do not, we always hear about it! I find it interesting to note that we deliver the mail these political groups send today using technology/whitelists we have said will not be changing. So how is the introduction of a new option/whitelist going to change the status quo?

3. Goodmail is an optional service. It provides additional benefits. No one will be forced to use it.
AOL will always have state of the art spam controls. Without them we would have unhappy members. There are also natural controls in place to prevent AOL from “going crazy charging” for mail. Edwin Aoki made a reasonable argument to this effect in his blog:

“If AOL and AIM users really couldn’t get the messages that they wanted from their family, friends, and community mailing lists, then those users really should go somewhere else (and we really would deserve the kind of press we’re getting now). As more and more people did that, the ability of Goodmail (and therefore AOL) to collect a fee based on the mailboxes they deliver to, would decline. If we were intending to turn this into a money making opportunity, we’d have to then either raise the rates, which would disuade more and more mailers from using it, or we’d have to tighten the filters further in order to try to divert more traffic to Goodmail, increasing the cycle. That’s simply not going to happen. “

My hope is that sanity prevails. This is, of course, an experiment as is any new technology. Whether Goodmail is successful in the end or not will be determined by our members (who vote with their pocket book everyday!) and the free market economy.

-Carl

17 comments

17 Comments so far

  1. Anonymous March 1st, 2006 1:15 pm

    So do you work for AOL or Goodmail???

  2. Anonymous March 1st, 2006 1:18 pm

    “And, an important point, non-profits who want or choose to participate in the Goodmail program – like the American Red Cross has decided to do – will be able to take advantage of vastly reduced rates set by Goodmail.”

    as opposed to Free, like the current system. I’m sure the non-profit groups can afford this and the huge spammer will not be able to afford it. Great system. Just another way for AOL to skim from the top.

  3. cdhutzler March 1st, 2006 1:38 pm

    If you click on the “About” link at the top of my blog you will get more information about me (and who I work for). In case this proves difficult for you, the link is located here:
    http://carlhutzler.com/blog/?page_id=2

    If you read the post carefully you would have noticed that I stated about a DOZEN times that the current FREE WHITELISTs will remain FREE. We are simply adding another option which requires some time and effort to fully vet an organization. This extra effort costs $$ as opposed to the regular whitelist for which the “vetting” is simply a sniff test. We can’t just sniff test people into the Goodmail accreditation program as we intend to put a special seal on that mail telling our members it is mail that was carefully vetted by AOL (and Goodmail). Habeas, Bonded Sender, TrustE and other accreditation services all charge money. Perhaps you don’t like the WAY we are charging (per email vs flat fee)??

  4. cdhutzler March 1st, 2006 2:29 pm

    One reader pointed out correctly that Return-Path actually changed their view of the Goodmail program once we clarified that all of our current whitelists were not going away. They posted this follow-up article:
    http://www.returnpath.biz/resources/archives/2006/02/victory_for_ema_1.php

    And Habeas did the same in the comments section for their CNET article located here:
    http://news.com.com/5208-1025-0.html?forumID=1&threadID=14022&messageID=115317&start=-1

    Just want to be factual in every way. Thank you (anonymous reader) for pointing this out!

  5. John Glube March 2nd, 2006 12:58 pm

    The view from the cheap seats, watching as the titans go toe to toe.

    The initial problem arose because of the way AOL presented Goodmail.

    The enhanced white list was going to be dropped in June. Want to get your mail delivered to AOL with links and images intact after June 30? You need to be certified by Goodmail and pay an unknown amount per piece.

    I am paraphrasing what was on the FAQ page for Goodmail.

    This generated a huge amount of industry uproar.

    AOL first tried to defend the position.

    Then AOL was compelled to do an about face, under full public scrutiny.

    In doing an about face, AOL said “oh we never meant what was said initially,” and other public statements perceived as being nonsensical.

    So, AOL looks weak and devious. Politics is a blood sport and blood was clearly in the water.

    During this brouhaha, the EEF moves forward. Moveon latches on to this position and starts a petition.

    The response? Goodmail uses e-mail experts to do a hatchet job on the EEF (left wing crazies) and Moveon (left wing crazies who are spammers).

    At the same time, AOL continues to attack its opponents with “little digs,” while attempting to refute the attack.

    Unfortunately, AOL started by digging its own grave. Then it proceeded to start burying itself and the process is continuing to this day.

    Please understand, I am not commenting on the merits of Goodmail, the use of certification services or anything else.

    I am simply commenting on the whole presentation as seen from the outside.

    Now, frankly, if AOL (official) would adopt the stance Carl takes on his blog, (modified a bit) maybe just maybe AOL might win people over.

    People also need to understand there is a lot of pent up anger in the online marketing community, (permission based – not spammers) about the whole fight against spam.

    Many small business owners feel they have been “put to the wall” in the anti-spam fight and left to die on the roadside.

    This anger started with the Bonded Sender program (extortion was the charge) and is now culminating with the fight against Goodmail.

    Also, many micro and small business owners have concluded that: (i) the passage of the CAN Spam Act of 2003 (opt-out) was a political cop out; (ii) the Republican party does not give a hoot about the micro and small business community. and (iii) right or wrong neither do most of the large ISPs and mail box providers.

    Bonded Sender, Habeas and Goodmail (and yes IADB) are all perceived as programs which are designed with the big players in mind, while making money off of the fight against spam.

    The impression? You want your mail delivered, you have to pay. Will that be by the bulk or the piece, sir.

    What really ticked of a lot of people was that AOL was thought of as fair and on the little guys side, just as much as the big guys side.

    Then along comes the initial announcement and caboom … that little dream got shattered and now AOL has a huge brawl on its hands.

    Goodmail won’t accept no name brands into the charter program, only “name brands.” Yet people know that many “name brands” are the worst spammers in the bunch, just too cute to get their hands dirty directly through the use of affiliates, cut outs and the like.

    (Side note: A representative from Goodmail was at the e-mail authentication summit, heard the SOHO rep and responded by saying, we will take your concerns to heart. Great, when?)

    So, yes, my perception is that the micro and small business community is upset, angry and frustrated.

    With Goodmail now doing what will be perceived as a smear job, using “industry experts,” this will just make many people see red.

    The peasants are finally revolting and what in essence is the official response from AOL:

    “Let them eat cake.”

    Everyone else is relying on Habeas and Bonded Sender and there has been no peep, (not true, but … ) so why are you upset with us relying on Goodmail?

    Politically, the optics on this are all wrong. The perception? This is all about big guys helping big guys.

    Now for my mea culpa. I have a lot of respect for the AOL postmaster team. They have lead the way in the anti-spam fight, while being oriented towards the legitimate marketer. I have argued for some time that there was a need for a certification program that catered to the SOHO and
    small business community. Even tried to set one up with strong support from IADB, but it went over like a lead balloon.

    (Side note: Bonded Sender has a program which supports participation by the SOHO. Habeas understands the need but has yet to put anything forward. IADB was willing to support a program which I concieved and was designed with the micro business owner in mind. But, it did not get off
    the ground. Why? People said, “hey we are not the bad guys, why should we have to pay for delivery of requested mail.” In turn, my knowledge level was not as strong as it is now, so that I could clearly see through the chaos.)

    I don’t really know the folks at Goodmail. I have dealt with the folks at Habeas and IADB. I work with some of the folks at Bonded Sender.

    What does the soho and small business community want to hear from the ISPs, etc? Not just AOL, but the ISPs in general (Remember the old ASTA group?) along with the big filtering firms.

    We hear your pain. We will be transparent in all our dealings. We will not mislead you. Here are the rules. Play by these standards and you will have no big problems in getting your requested mail delivered to your customers, subscribers, etc. You don’t need to pay for Goodmail, Habeas, Bonded Sender, etc..

    In other words, what exactly do people have to do?

    Is it single, is it double opt-in, or what?

    Do people need to publish SPF, Sender ID, CSV, DomainKeys, DKIM or what?

    Don’t open more than x connections, using y IP addresses?

    What the heck is a 571 error code from Postinni anyway, who are they and what do they want?

    Why does Brand A ISP give me x 550 error codes if I send at Z speed, but give me r 550 error codes from the exact same list if I send at Q speed?

    Do people need to do the tango, the watoozie, or stand in the middle of the public square looking like a stork? Grey listing, challenge response, etc. Sheesh.

    Just tell us and we will do it.

    But this not knowing, and oh yes, let’s not forget Symantec. Today is Tuesday, so you need to stand on your head. Tomorrow is Wednesday, so you need to stand on your left foot …

    What does all this tell people … just pay some gelt and … all will be good …

    Oh and what about SpamCop, Spamhaus and all the rest of the “untouchables?”

    (Side note: SpamCop and Spamhaus do yeoman and invaluable service.)

    That is how many in the SOHO and small business community perceive the arcane little part of the Universe that we work in on a day to day basis.

    Is this right, justified or fair? Sadly, it does not really matter. Because this has become a political fight and in politics, it is all about perception, which is the reality.

    End of my vent.

    :-)

    Bottom line? AOL has done a lot of good in the anti-spam fight. Sadly, because it stepped in a big, huge pile of it, not of its own making, but apparently at the request of some within the marketing community, that one misstep has lead to AOL being the public punching bag in a political
    brawl. This is patently unfair.

    So, how does AOL fix the mess? Don’t attack the opposition. Rather apologize for the original misstep, yes we blew it.

    Make it crystal clear that nothing has changed, except AOL has added on a voluntary program for good guys which has very specific objectives.

    Explain these objectives without being defensive.

    It costs money? Yes. Is it a bad thing to want to make money? No.

    Will it work? Let the market decide.

    Will there be other paid options? Yes, good guys will have the choice of paying by the bulk, (premium) or the piece (certified).

    Then show people why and how they don’t need to participate in Goodmail or any other paid program that AOL may unveil in the future, if they follow a simple set of standards.

    Ask for permission to send anything by e-mail. To be safe, you will want to verify this permission. Tell people what you are going to send them, along with how often and then give people what they asked for. Always give people the right to unsubscribe and promptly honour the request. Don’t
    share your list with anyone. Remind your list members or customers how they came to be on your mailing list.

    Get white listed at the server level with AOL. Get your customers or list members to add your from address to their address book. Send e-mails that are clean and concise. Treat all AOL scomp complaints as unsubscribe requests.

    Do that, fly straight, be a good person and the universe will unfold as it should (at least with AOL).

    – John

    P.S. It would help if AOL would educate its users that if you sign up to receive e-mail from a site remember to add the sender’s from address to your address book, so you can confirm your request and get the e-mail you want.

    John Glube

    For the reader’s benefit, I work as an abuse officer for a leading ESP (BigHip) and as an e-mail delivery consultant (Glube’s – Business Services). The comments made in this reply are made in my personal capacity as Editor of BizRules News.

  6. Anonymous March 3rd, 2006 2:12 pm

    Do you hear that??? It’s the noise of a stampede of AOL emailers rushing to Google accounts…

  7. Thomas March 3rd, 2006 2:17 pm

    Hi Carl,

    I was very relieved to come across your blog, as this information about the enhanced whitelist remaining was nowhere else to be found.

    I have a slightly off-topic question… who decided to put the Report Spam button right next to the Delete button, AND to make it work exactly the same (from the end-user’s perspective). I can’t tell you how many times our users have clicked Report Spam instead of Delete, which by AOL’s guidelines requires us to immediately remove them from our (double opt-in) lists. Then the user complains to us that they were removed, that they never hit the Report Spam button, etc.

    I know you said you work on the back-end, but please, talk to the UI people about this. They need to move the button away from the Delete button, and make the users aware what happens when they click on it.

  8. giafly March 3rd, 2006 2:54 pm

    This scheme appears to be only open to US and Canadian companies.

    “In order to meet the strict qualifying criteria, an organization must,
    among other things:
    * have at least one year of business history, as verified by a commercial
    identity verification service
    * have business headquarters located in the United States or Canada”
    http://www.goodmailsystems.com/senders/qualifications.php

    AOL trades in several other countries. What should email companies based in these countries do?

  9. cdhutzler March 3rd, 2006 7:57 pm

    We have discussedd the UI and the relative closeness of the REPORT SPAM and DELETE buttons. While this may (does?) contribute to some errors, we do measure the error rate (by looking at how many people report people on their Address Book as spammers for example) and it is under 10%.

    We also know that reporting spam is error prone as humans can not always reliably mark items as spam or not spam from one day to the next (we have done tests with consumers).

    While I agree that there is an issue with people being lazy or making mistakes with the REPORT SPAM button, we don’t believe it is the end of the world.

    Many mailers will remove people on the first report spam. But others will wait for a second one as an approach to be “extra sure”. And in the end, a well managed list should not have an issue with a few people making mistakes. Our thresholds for blocking people and removing their WL/EWL status are much higher than that.

    So while I agree with you in concept and we have brought the idea to our product and client teams several times before, the chance of changing it for the older AOL clients are unlikely to happen.

  10. cdhutzler March 3rd, 2006 8:02 pm

    Goodmail is US based right now. They are a very small company and a start-up. I would imagine that as things ramp-up (and if the program is a success) we will see expansion to other countries.

    For now, I don’t think anyone needs to panic as the goodmail program is a completely OPTIONAL system and from my standpoint, an experimental technology. So no one overseas should be at a disadvantage as they can all apply for WL and EWL status for free just as they can today. The only difference between goodmail and our EWL is that goodmail mail is a) delivered with a special seal and b) provides individual email delivery confirmation to the sender.

    But you make a good point in that had we made goodmail mandatory we would certainly have needed to offer goodmail internationally. Thanks for the comment!

    -Carl

  11. Suresh Ramasubramanian March 6th, 2006 6:17 am

    Great post, Carl. Quite clear. And John is quite correct that the initial information that AOL and goodmail put out didnt get understood too well, and, no surprise, was quite vulnerable to negative PR that was initially put out by at least two goodmail competitors.

    Note to John – a lot of the “email experts” didnt need to get used by Goodmail. There’s this natural antipathy towards what they see as the EFF / moveon’s continued stance that all spam filtering is bad and infringes free speech, and is quite possibly a right wing plot (one EFF regular, Annalee Newitz, even tried to hint at a scientologist plot that was causing Earthlink to block an open relay she used to send email, sometime back…)

    http://www.circleid.com/posts/eff_on_goodmail_further_confusing_an_already_confused_issue/

  12. Miles March 6th, 2006 1:58 pm

    BTW, thunderbird decided to put the Junk button right next to the Delete button too. I think Thomas answered his own question though in saying, ‘…to make it work exactly the same (from the end-user’s perspective)’ –> things that do similar actions are frequently grouped together
    – the back button is next to forward in web browsers
    – ‘save’ is next to ‘save as’ in most menu systems
    – reply is usually next to forward in most mail clients

  13. John Glube March 17th, 2006 3:00 am

    Many people in the e-mail industry are of the view that the EEF has gone beyond its original mandate and that the position taken by the EEF on this particular issue is wrong.

    The comment as written was directed at the political optics of the initial defense.

    Irrespective of the merit in attacking the EEF’s stance, the picture being painted was wrong.

    This is a political battle, directed towards the public at large and the politicians in particular.

    In this type of fight, optics and emotion is everything. The initial defense presented a picture of one party lashing back, while the other party responding by saying in essence “Let them eat cake.”

    With the moves made recently made by AOL, the picture is no longer so bleak.

    However, there remains a great deal of anger and frustration in the community at large for a variety of reasons.

    The simple thought of “pay per piece” causes many to see red. One can say the program is optional, voluntary, not required, will have no impact; there are excellent alternatives, on and on. All very logical and coherent positions.

    You can even offer to pay for participation by non-profits and then taunt one of the leaders in the “dearaol” coalition when they refuse to bite, suggesting the real reason is that their mail practices are not “up to snuff.”

    Effective? Yes.

    But, it all gets lost when the simple battle cry is raised “no pay per piece!”

    The cries in response of “we have the right to charge,” “our server, our rules,” and “let the market decide” are all valid positions.

    However, they do not have the same emotional appeal.

    The ultimate outcome? Hey, will someone please pass the popcorn. What a great show.

    The real problem? Due to all the threats posed by bad guys, the present open source e-mail infrastructure is not a reliable delivery platform for high volume mailers.

    Goodmail, like Bonded Sender are potential solutions.

    My concern? Both Goodmail and Bonded Sender mix sender certification and reputation.

    This can lead to potential conflict and abuse. Better to have one house certify the sender and another house provide reputation data on senders gathered from a wide variety of sources, while allowing certified senders to have access to the reports and working with trusted parties, which may include the certifier to address issues.

    (Of course, I like the trusted party, because that is part of my business.)

    Even though the large consumer based mail box providers have significant experience in the area, I see problems with the emphasis on wanted bulk e-mail as opposed to requested bulk e-mail.

    Ultimately, we need an open source solution for confirmed (aka double) opt-in verification by receivers to remove the “grey.”

    Within this context, I commend AOL in deciding to use a number of sender certification services in its plan to develop a scalable enhanced white list.

  14. John Glube March 17th, 2006 3:33 am

    A follow up comment. In writing “This can lead to potential conflict and abuse” I want to be crystal clear.

    I am not saying there is conflict or abuse by Bonded Sender. I can not speak about Goodmail, but I firmly believe everything will be done to avoid such a possibility.

    (If not the service will fail.)

    Running a service like Bonded Sender or Goodmail is a difficult task. Even though decisions are based on various metrics, ultimately discretion and judgement is required.

    Two keys:

    * A complete transparency in metrics reporting, so that senders can independently verify the results; and,

    Mistakes can happen. By providing complete transparency, it permits senders to meet their obligations. If you can not provide complete transparency out of fear that senders will “game” the system, then this means there is something wrong with the stipulated standards.

    * Decision making which is both fair and seen to be fair within the context of the stipulated rules.

  15. Will Yardley August 7th, 2006 7:22 pm

    I wrote a more detailed response, but I typed in the captcha wrong and it didn’t save my text : /

    Anyway, I know I’m super late on this one, and I don’t actually have a strong opinion one way or another on the major issue here, but just wanted to clarify a minor point – Spamhaus and SpamCop are not commercial products – in fact, SpamCop specifically recommends *against* using their blocklists to permanently reject mail (though their blocklist can be a useful data point). Most of the other major dnsbls that are still operating do not charge for their services.

    Glad to see you’re still over there – someone said they thought you had moved to a different group or were no longer around @ AOL.

    For Mr. Glube re: Postini error codes, assuming it’s 5.7.1 rather than “571”, see rfc 1893 (enhanced SMTP status codes); basically, it implies a policy based block, though Gmail uses it for their user unknown DSNs.

    w

  16. cdhutzler August 8th, 2006 5:34 am

    Maybe I am missing something, but I believe SpamCop has a yearly fee for individuals listed at:

    http://mail.spamcop.net/pricing.php

    And I believe you can use Spamhaus’ block lists as an individual for free maybe, but as a commercial ISP, we would need to pay them. Details listed at:

    http://www.spamhaus.org/datafeed/index.html
    http://www.spamhaus.org/datafeed/pricecalculator.lasso

    So I think these guys are indeed commercial products as they charge. Perhaps there is a nuance somewhere about how they “want” you to use their lists, but I think my original point is reasonably valid.

    And MAPS charges. We pay them for the DUL today. Name a free one that a large ISP like AOL could use?

  17. Will Yardley August 8th, 2006 12:32 pm

    SpamCop’s subscription service is for people who use SpamCop to process their mail (i.e., forward their hosted mail through SpamCop and then back out). This isn’t just the dnsbl – this is an actual hosted service they provide. I don’t believe they charge: http://www.spamcop.net/fom-serve/cache/299.html

    It does look like Spamhaus charges for commercial users now – don’t know how I missed that (I did actually check their site). I’m pretty sure we had zone transfers or rsync setup with them in the past for free. It makes sense, because the cost of maintaining the data, bandwidth costs, and dealing with removal requests etc. are pretty high. Looks like they added the service in 2004 – http://www.spamhaus.org/organization/funding.html

    CBL, which provides the XBL data still allows free rsync as far as I know (looks like only in one format now). ORDB, njabl, and SORBS both allow access to the zones via rsync as wel. I am not commenting on the quality of these lists or their usefulness to AOL.

    In general, most of the ones I know of would just request that a large ISP like AOL use rsync and run local mirrors. But I can understand (from a corporate standpoint) how a lot of organizations actually prefer to pay for a service like this (so that they can insist on a certain level of service / support, get an SLA, etc.) and / or prefer to run their own.

Leave a reply