Carl Hutzler's Blog

Photography, Technology Musings, and other Completely Random Thoughts. Hey, it's free.

Ouch, that hurts. Stop doing that.

April 14th, 2006 | Category: Uncategorized

Yup. Its true. I tried it myself when I first saw the press release from the DearAOL group. AOL was not allowing the dearaol.com URL to be sent or received in any part of our system for a brief time yesterday. I could not even send it to myself which is how I tested it.

Thankfully the fix was straightforward and corrected immediately by our AntiSpam Operations team. The last thing AOL wants to do is live up to the picture the dearaol coalition has painted for us. We are not evil and would never block an organization for their views even if they are not flattering to dear AOL. We have strict policies on blocking URLs; anything else would be suicide. That said, mistakes do happen :-(

Its interesting to see all the conspiracy thoerists go wild with this one. I guess people really don’t trust AOL on this goodmail thing. But in my mind, this experience should serve as a positive for the dearaol group. I mean look how fast we corrected the mistake. This should give most everyone comfort that AOL can not run wild with goodmail and ‘block people who don’t pay’. Heck, if we did, not only would our members get frustrated and jump ship, but we certainly would not get away with it as proven today.

11 comments

11 Comments so far

  1. James April 14th, 2006 10:40 am

    the issue about trust is huge — and people will argue that AOL only “un-blocked” it after it got into the press — and that all the smaller guys AOL doesn’t like who don’t have access to the press will continue to be blocked silently. I agree — AOL is not any more evil that any other big company and the press hysteria around goodmail is misguided and driven by people who are truly evil — spammers and their agents and lobbyists. However, AOL has such a consumer trust issue, people simply don’t believe what they say.

  2. Danny O'Brien April 15th, 2006 1:31 am

    @James – I think it’s pretty conspiratorial in turn to assume that the press reaction to the Goodmail issue is being driven by spammers and their lobbyists. While I’d love to say that I’m rolling in free v1agr0 and ink-toner, it’s not the case.

    OTOH, I’d actually say that the problem ou describe accurately the issue that AOL is walking into here. It took me a long time to realise that the huge reaction to the Goodmail/AOL deal – far out of scale to, say, Bonded Sender or Habeas or any other certification system – was about AOL’s perceived position in the deal. AOL has a consumer trust issue, because most people understand the idea of them taking money for incoming mail to skip filters. I truly think that if Goodmail hadn’t included the revshare, AOL wouldn’t be seen in this light, and every step thereafter treated with such suspicion.

    As to your point Carl, yes thank you for fixing the issue! The support staff I spoke to suggested it would take 3-5 days, but it certainly worked a little faster than that.

    Nonetheless, you’ll pardon me if I’m not reassured. Part of our point is not that you will sit there cackling and allowing deliverability to plummet while skimming off the revenue from Goodmail, but simply that alternative systems of filtering that don’t provide similiar revenue will get ignored by ISPs in preference for a system that makes, not costs money. And for the groups that we’re most concerned about, small-medium noncommercial mass mailers, there’s plenty of collateral damage in the system right now that needs fixing, without airlifting our larger paying customers.

    I’ve said all along that what makes this concerning is not that AOL is a bad actor in the fight against spam, but that’s it’s one of the most transparent and best behaved. If I can’t talk you guys out of taking some money on the side to circumvent your filters, how am I going to convince smaller ISPs with perhaps less scrupulous deliverability goals?

  3. cdhutzler April 15th, 2006 8:22 am

    So basically the issue of trust is paramount. And AOL receiving a revshare from goodmail systems is what is tipping the trust-ability scale against us (we will have less incentive to “do the right thing” with goodmail.)

    I understand this concern. But I would offer that the we have not introduced anything new regarding having to trust AOL. Our members and the senders of email have had to trust us for years and will have to continue to trust us or perhaps drop AOL as a mail provider. We control the delivery of mail, filtering of spam and overall running of the mail system today and will do so in the future. And we best run the system with 99.99% availability, great spam control, and ensure people get the mail they are expecting or our users will leave (even without goodmail in the equation).

    - All of our whitelists have always been 100% scripted based on the performance of the senders (bounce rate) and on the feedback we get from members (complaints/report spam). We do not allow human judgment to enter into the equation. We do reserve the right to give senders “second chances” and to work with senders to fix issues with their mailing practices. But we will not “bend the rules” for anyone.

    - When I was in the AntiSpam team at AOL (up until last April) we received gifts, invitations for dinners, holiday gifts, and so forth from email senders. Was anyone trying to bribe us? Well, no…maybe?…probably not. (and trust me, a couple exceeded AOL’s $100 gift limit and were returned!). Anyway, they were sure trying to get friendly with me and my staff. Did we ever “bend the rules” and allow someone to remain whitelisted when they shouldn’t? Did we ever promote a mailer to the Enhanced Whitelist when the were not eligible? For both of these I am proud to say the answer is No. My old team has incredible integrity and I was and still am very proud of them for this.

    - AOL is itself a big mailer. We send a lot of mail (less these days) to our members and members of other ISPs. In years past, we did not have the best mailing practices. We were not spammers (hijacking PCs with zombies, etc), but we did use rented lists, some of which were likely compiled via that co-reg process we all love ;-) Anyway, we had some issues with members complaining and with folks on the internet complaining. Ted Leonsis spearheaded a program to fix this (4 years ago now) and to this day, we whitelist and monitor our own internal mailings exactly the same as we would for Sears.com, EFF.org, and even Riskymail4free.com (porn). As long as complaints and bounces are low, we have no reason to block the mail and all the reason to deliver it. We don’t judge content, period.

    So people have had to trust our email antispam team for years to “do the right thing” and I think that in general we have. Sure we blocked Harvard years ago when they sent out acceptance letters (we paid dearly for that in the press). Sure we blocked the RNC and DNC at least a few times each during the 2004 campaign but we worked with them to fix their complaint and bounce problems (and we did so quickly as that was a press issue). We have made mistakes. Heck, I remember a year ago or so we blocked 25% of the IP addresses on the internet for an hour due to a typo in a block list. The guy who did it felt horrible. Thankfully we got that one fixed in an hour! So at least trust me that the dearaol.com block was a mistake with horribly bad timing that made everyone in the AOL antispam and email support teams go “ughhhh” (well, I used other words).

    Can anyone trust AOL in the future with goodmail? I think the answer is yes. And I would hope that folks would give us a chance to prove it.
    -Carl

  4. cdhutzler April 15th, 2006 8:44 am

    I wanted to cover the filtering part of your comment as well. The concern about AOL not being interesting in better anti-spam filters since they cost money and goodmail makes money, does not actually make sense to me. I am not trying to be sarcastic, I just truly don’t understand the issue.

    With goodmail in place as a whitelist for legitimate senders, why would AOL not be interested in better spam filtering for the rest of the mail that is not on the goodmail whitelist?

    Is there truly a lot of collateral damage right now for small-medium noncommercial mailers? We invite them to contact us. We have a lot of ways for them to do this including the 24×7 1-800 number you called when we blocked dearaol the other day. We are not perfect. Trust me when I tell you that fighting spam is not a perfect science and anyone who tells you otherwise is not being truthful. Our hope is that we can get more and more legitimate groups onto whitelists over time…be it Goodmail, Habeas, Bonded Sender, ISIPP or others. And we hope that more and more ISPs adopt these lists such that a small business can get accredited on one of these lists and be whitelisted all over the world.

    But these whitelists better have the legitimate folks on them as governed by statistics and not someone’s judgment. For goodmail, we plan to be using the same tried and true statistics as we do for our other whitelists…bounces and complaints and hits to spamtraps. And just because we get a revshare from goodmail does not mean we will let someone stay on that list who is generating lots of complaints, spam trap hits, etc.

    Its the same issues AOL has today in making sure our whitelists are well maintained.

    And I don’t know if folks are aware of this, but close to 50% of the mail delivered to AOL members each day is legitimate bulk advertsing mail. It costs AOL a lot of money to deliver this mail as our mail system has to be 100% bigger than if we only delivered “personal” email. So what I am trying to say is that even though this costs us a lot and blocking advertising mail would save us a lot, we can’t do it. No one would let us, just like earlier this week when we blocked the dearaol.com site (purely accidentally).

    -Carl

  5. Danny O'Brien April 15th, 2006 5:21 pm

    Let me take your two points in turn:

    The first one, I guess, revolves around “trust, but verify”. As I’ve said on many occasions, I do feel that AOL does an admirable job in how responsive and open it is to dealing with problems. But everybody wants to lower the pressure on you, not increase it. In the end, it’s not your department that will bend toward payment over costs, it will be executives listening to the cries of shareholders. It’s a tough, commoditising, world out there, and it’s just going to get tougher.

    Really, though, I don’t think it will be AOL that this affects first. As I think yesterday’s incident showed, AOL’s ability to gather plenty of publicity when it does the wrong thing is clear :). No, I’m more worried about other ISPs who don’t see mail as a core part of their business. This is why I think per-email revenue-sharing accreditation groups are more worrying: anyone who signs up can be tempted to use their malfunctioning filters as a way of providing additional revenue. And as I think we both know, there are plenty of ISPs out there with far worse practices in mail deliverability than AOL.

    For your second point, the reason is that the Goodmail clients are paying to *skip* those filters. The better they get, the less likely people will switch to Goodmail. That shouldn’t effect AOL (who cares what makes people perform better mail practices), but with the revshare, you have an interest.

    To pre-empt a couple of your responses. Yes, I know that the Goodmail income is not very great to begin with. But the trouble comes from the fact that it’s unbounded. All business decisions are based on future potential revenue rather than current revenue, and Goodmail have successfully made some very large boasts about the size of their future market. In every debate I’ve had, they’ve expressed a healthy scepticism about how large they’ll grow – but that’s not how you sell this product to ISPs. I’m pretty sure that a large part of choosing Goodmail over other certifiers is the money.

    Secondly, yes I know that you’re under a great deal of pressure to keep those spam filters working, otherwise people will switch. But that pressure is very indirect, and all the evidence I’ve seen so far is that the general public have very little knowledge of how much filtering goes on by ISPs, and how effective it is. Moving email addresses is not a trivial matter, either.

    And what we’re really talking about here is the effect on the whole market. The revshare, in essence, is a kickback from an accreditation authority to the agent of the principals who need to trust both accreditor and agent. Markets are good at fixing internal problems, but when the culture of the market is wrong — as it is in so many countries where bribery is culturally fixed — you get a poorly functioning market, not competition.

  6. Suresh Ramasubramanian April 16th, 2006 10:11 am

    > all the evidence I’ve seen so far is that the general public have
    > very little knowledge of how much filtering goes on by ISPs,

    I’m seeing this from another end – the filtering provider end.

    I can tell you that when email gets bounced back, people do find out about it, and do complain (at least in the general “I can email him from hotmail but not from joeisp. fix this!!!” sense).

  7. Larry Seltzer April 16th, 2006 11:57 am

    I’ll repeat here what I blogged the other day:

    “I take it as a given that AOL didn’t block the DearAOL site on purpose. If AOL execs actually meant to block access to it, they have better ways to do so and wouldn’t have fixed the block within hours. Timothy Karr, the DearAOL director, claimed (according to PCMag) “that the glitch was an indication that the certified e-mail system wouldn’t be effective because of AOL’s inability to manage it correctly.” But in fact this episode demonstrates clearly the value of certified e-mail.

    False positives such as this are inevitable in any anti-spam system, and this is the reason certified e-mail exists. For an organization, such as your bank, that needs to send you important e-mail and know that it will get through, the 1/4 cent that it costs to get a certified message through is a small price. Remember, these organizations were previously willing to send far more expensive messages through the USPS mail to you. The DearAOL block is a reminder that even innocent messages are blocked periodically simply because the systems are very complex.”

    From what I see on politechbot (http://www.politechbot.com/2006/04/15/details-on-how/), Danny O’Brien seems to think the answer is simple: AOL wouldn’t need to use Goodmail if only their filters were perfect. Carl, why didn’t you guys think of that?

  8. Danny O'Brien April 18th, 2006 2:18 am

    That’s not what I’m saying Larry. I’m saying that Goodmail rewards ISPs with bad filters. Goodmail’s system would be just fine (and do everything you want it to) if it didn’t revenue share with the ISPs. The revenue share is the perverse incentive (less to AOL, but more to other, far more commoditised ISPs and mailbox providers) that worries us.

  9. cdhutzler April 18th, 2006 6:13 am

    I believe Danny is saying that Goodmail rewards ISPs with bad filters because the ISP is incentivised to just block more aggressively knowing that any legit mail that is blocked will force the sender to pay Goodmail for delivery in the future.

    Danny – is this what you are saying?

  10. Larry Seltzer April 23rd, 2006 6:39 am

    Danny – Surely you agree that AOL’s incentives in this matter depend on the price. There is some revenue share amount of money to AOL at which, perhaps, they make more money on the revenue than the cost they incurr for the overhead of maintaining the certified mail system and any additional service costs incurred because of it. If, as http://www.dearaol.com strongly claims, the filter quality of non-certified mail goes down as a result of this system, then surely support costs for AOL will go up.

    Do you have any reason at all to believe that the fraction of 1/4 cent per certified message is enough to trigger such incentives? Because otherwise you are, at best, guessing.

    http://www.dearaol.com seems to assume that any money going to aol changes the incentives, which to me seems to be an assumption that declining quality in the filters for non-certified mail will not lead to an increase in support costs for AOL (not to mention a loss of customers if quality is perceived as dropping). Do you agree with this view?

  11. cdhutzler April 23rd, 2006 7:00 am

    OK, I can play devil’s advocate for a second….

    Larry – what about in the future when a smaller, less capabale ISP (in terms of spam filtering) signs up as a receiver with Goodmail. They figure that Goodmail is now pretty big in terms of the number of senders on the system. They know they get a little $$ for it too. And since spam fighting is hard and can be expensive for this smaller ISP, they figure they can get Goodmail and use it as their whitelist. Now that they have a “universal whitelist” they can block more aggressively using rather draconian techniques like blocking all of Europe.

    That would neVER happen In Zee future, Of course, as this sceNario sorta played out at the end of 2004 ;-)

    Now with that said, this scenario could (did) happen without Goodmail in place and can happen at anytime for any ISP. I am not sure I agree with Danny that the $$ incentives will be a major driver for ISPs to block everyone except those on the Goodmail whitelist. The $$ incentives are just not significant enough.

    I think that Danny would be just as scared of other “centralized” accreditation/reputation systems like Bonded Sender, Habeas, ISIPP, KarmaSphere, etc. As the fear of whitelists is really the same fear as those debated vigorously for years concerning centralized Black Lists.

    And the fear is: “Can we trust the stewards of these white and black lists” ?

Leave a reply