Newsmaker: You've got (certified) mail!

Saying they want to cut down on the glut of spam and phishing attacks aimed at their millions of users, America Online and Yahoo are turning to a controversial service offered by a company called Goodmail Systems, which has been likened to an electronic postage stamp provider.

The service gives preferential treatment to companies that pay a fraction of a cent per e-mail to ensure that their messages bypass spam filters and get through to the intended recipients. The companies agree to send e-mail only to recipients who are willing to accept the e-mail.

The business model not only challenges the notion of free flow of information upon which e-mail has thrived for more than a decade, but is prompting criticism from advertisers and antispam groups who say it amounts to extortion and poses a threat to legitimate e-mail messages from senders who don't agree to pay, without really decreasing spam.

Goodmail Systems' co-founder and Chief Executive Richard Gingras talked with CNET News.com about how the service works and why he believes it will improve the e-mail experience for consumers and advertisers.

Q: What does your company do and why is it in the news of late?
Gingras: What we do is related to efforts to really begin to restore trust and reliability to e-mail. As you know well, the e-mail in-box is a place of fear, uncertainty and doubt today.

There's been an unfortunate degree of intentional misrepresentation as to what this is about.

Nearly 30 percent of U.S. e-mail users have said that they won't open a message from any financial institution because they're concerned about its authenticity. So what we set out to do with certified e-mail was create a new class of e-mail where we could provide the consumer with the comfort that the messages they were expecting to receive from commercial sources were indeed authentic and were messages that you could comfortably interact with.

Who are you working with?
Gingras: We will be launching the service within the next several weeks with AOL and shortly thereafter, within a couple of months, with Yahoo.

How big is the problem today that you're trying to solve?
Gingras: The loss of trust is a big problem in a number of ways. When you have as high a number as 30 percent (of e-mail users) saying, "I just won't even take a chance with a financial institution message," that's a pretty devastating fact. When I have to be concerned about any message that has images in HTML because it might be spoofing a brand or, God forbid, spawning a virus, that's a very damaging thing.

The second important characteristic is the dramatic loss in delivery reliability. There's almost no such thing as reliable delivery for commercial messages today. Third-party sources have estimated that, on average, 15 percent to 20 percent of commercial e-mail messages do not make it to the in-box because they've been snared by spam filters for one reason or another.

So, tell me how it works exactly?
Gingras: First of all, it's very important that (e-mail) is only available to highly qualified senders who have a pristine record of sending behavior. First, we comprehensively accredit the sending entity. We check basic facts about the company that they provide to us--how long they've been in business, their credit rating, their physical address, the number of employees they have--everything that we can use to vet the validity of the information they're providing and to be sure that we have a legal path of accountability. Suffice it to say if the company has been in business less than a year, it'll even be more difficult for them to qualify. We have to be comfortable that they are an existing legitimate entity.

I don't know a legitimate commercial sender out there who isn't frustrated with the damage done to the space by spam and phishing.

The second step is to verify that their past sending behavior has been pristine. So, what kind of complaint levels have they had in their volume sending? Are partners comfortable that they have appropriately pristine sending records? As they use certified e-mail, we monitor their sending behavior in an ongoing fashion. We monitor complaint levels so that we can be sure they're upholding the acceptable use policies of the system and that they're again continuing to operate in a pristine fashion.

Third, they can only use certified e-mail for permission-based messages to existing customers. This is not a vehicle for prospect marketing. Since we maintain reputation profiles on the senders, we can use that to verify that their assertions about permissions are actually true. If you get that far, then we provide you with the ability to tokenize your messages.

How does the company view itself in this context?
Gingras: We see ourselves as a trust intermediary. We don't see recipient addresses; we don't see message bodies; and messages don't get sent through us. But we do provide a cryptographic token that we sign that you add to your message as an X-Header that is unique to each message instance that's a very important security capability. It allows us to track the messages as they course through the system. It allows us to have very accurate data on the sending volume of certified e-mail messages.

More Newsmakers

[BengalTigger]

thru the server, stopped by personal spam filter

Hmmm mafia tactics. Make the good guy pay to keep the bad guy away.

I already have my own spam filter and will continue to use it (which will likely filter out much of that email they are paying to make it through the servers.

[massimo1]

Total self-serving claptrap

This guy is justifying selling his product. No one has bothered to ask the recipients (US!!!) if we even want to receive this emails. My guess is that given the choice and except for specified opt-ins, most email recipients would say no. This is still spam under a new name and just a fancy way to bilk companies for paying for it. If the emails can bypass the spam filters, then that presents an even bigger problem.

[pmpscheduler]

Smaller ISPs would solve this problem.

A friend had an ISP several years ago. He was lucky enough to get a small business loan to get a T1 installed in a remote location. He bought servers, equipment, the site was happening! The problem? Not enough subscribers.

We tried wooing AOL subscribers (specifically certain ethnic populations without success.)The web was new, hot, broadband was only for large companies.

Now friends from AOL are crying. I say move your ISP to a company that has not paid this guy overhead and profit to spam mailboxes.

[rcrusoe]

Re: It amounts to extortion

"...it amounts to extortion and poses a threat to legitimate e-mail messages from senders who don't agree to pay, without really decreasing spam."

IMO, that statement is 100% correct. This is just another attempt to create a tiered Internet and should be avoided at all costs. As much a I hate government interferrence it is this type of junk that is convincing more people every day to push for the Internet to become a regulated utility.

I've been able to block over 98% of spam on our servers with no false positives (using free, open source software), and it wasn't that hard. So I know what can be achieved.

[pdaddy1962]

"pristine"

What the hell does "pristine" mean in this context? They can define that word any way they want, and certify some spammer as "pristine".

And the above poster is right, this is nothing but a paid advertisement formatted as "news" article.

[heystoopid]

leading the charge

literally leading the charge for pay for use and time for internet, on top of existing fees!

Oh well, interestingly the world leaders of generating computer spam e-mail, to bilk the users with fees to bypass the blacklists!

As nelson would say Ha! Ha!

[R. U. Sirius]

This is Garbage

Wow, I guess we're now resorting to mafia-life tactics on the net.

This is going to backfire big time. What happens when some critical email gets zapped because they haven't paid the Goodmail Mafia? What happens when a domain who has paid the Goodmail Mafia gets spoofed or zombied?

[pmpscheduler]

The Goodmail mafia will be good mail to many...

but to those of you who change ISPs to someone who does not sell out its subscribers, the handwriting will appear, bright and clear to AOL, Yahoo.

The first time my ISP decides to do something so stupid, I will move.

[UntoldDreams]

Good lord!

This guy wants to pocket 50% of the tax from sending every "certified" e-mail? So if a billion e-mails are sent he gets (1/4 cent each mail) approximately 125 million dollars as a toll bridge operator.

Good gosh. He must have trained at Microsoft during his formative years... I wouldn't necessarily be against this if 99% of it went back to the the people who are actively paying to maintain the infrastructure of the internet...

[baturcotte]

Two questions unanswered

1) How many complaints does it take to mar someone's "pristine" status...and will Goodmail and AOL/Yahoo risk giving up the revenue stream to actually decertify someone?

and

2) It will be harder for a company in business less than a year to "qualify" for Goodmail. But the terms of qualification aren't specified...can a slightly higher pile of green be sufficient to qualify someone?

Interesting Idea, but. . .

There are a lot of problems with this:

1. Lots of marketing guys I know would be very,
very happy to pay $0.05 per e-mail to have it
go past the spam filters. The low cost of this
"service" will increase the amount of spam.

2. While I agree that paying $0.0025 to buy 5 or
10 "good points" on your spam filter score is
probably a good idea, for guaranteed delivery,
$1.50 seems like more of a fair price.

3. Why does AOL get the money? If they want me
to read the e-mail, they should pay _me_.

4. Imagine that some spammer gets past the
background checks and is sending herbal viagra
e-mails with a certificate? What exactly do I
have to do to get this guy de-certified?


The bottom line, IMHO, goes like this:

$0.0025 is WAY too low a price for a guaranteed
by-pass of the spam filters. Guaranteed by-pass
should cost at least US $1.

Calm down

I think some of you are overreacting just a teensy bit. As Mr. Gringas explains it, companies that use e-mail marketing can choose to use this service, or not. It's not a "tax;" it's a business service one can pay for or not.

I personally think this could work, if the man means what he says about vetting the e-mail senders to be sure they're legitimate businesses. As we all know, spam filters are not perfect. I've had to re-authorize domains sending me e-mail I actually want several times in my Postini setup. It keeps choking off the same senders even though I've specifically put them on the "white hat" list again and again. If those senders were on a list of authorized domains maybe I'd get their mail a little sooner without having to keep re-authorizing it all the time.

If this service takes off and it is found later that real spammers get through the filters, for whatever reason, then you'll have cause for complaint. I really think this is a good idea.

[J.G.]

Spam comes from 'good guys,' too

I disagree. Legitimate businesses send out spam. Defining
'spam,' as unwanted email, of course. What I think would
happen with such a system is that these legitimate business
would increase their volume of spam, likely shifting junk snail
mail to spam email, because it would be guaranteed to get
through. So, one would get more spam from legitimate
businesses.

What Gingras is ignoring is that most of don't want spam from
either good or bad guys.

[Sentinel]

Interesting allies

While their intentions are good, these people are using someone else's ideas for spam-filtering. Bill Gates was the first to propose e-postage as a solution to spam. Now the companies are the ones to pay, which is a good thing. But I have doubts as to how effective it really is. Much emphasis seems to be put on the ideas, but little detail is given on how it actually filters unqualified messages. A "cryptographic token" doesn't really seem all that unbreakable, and, if non tokenized messages can still be recieved, what's the point?

Yahoo will start using it, huh? The site that says "We collect personal information on this site." Undoubtedly used to send more "commercial spam". Yahoo even sent a message once "From this day forward, you will recieve occassional advertising in your Inbox." Now they say they want to clean up their act? Very doubtful. Who's gonna pay all their crappy advertising now? Advertising which their own filters can't block.

While the intent is appreciated, I highlt doubt it will be successful. Good luck, Goodmail.

[Earl Benser]

As far as I can tell....

... this is a useless concept. It seems to only run an AOL and Yahoo,
which I don't use. It seems to say that the routine spam will make it
through, just not as fast as the 'blessed' spam. So, big deal!

One more waste of time looking for funding.

[209979377489953107664053243186]

Not enough to stop SPAM

I'm not sold that this solution will decrease the amount of SPAM people receive nor that the filtering process will not "accidentally" remove important emails from recipients' inbox. The goal is to make people feel safer communicating with their financial institutions. Why aren't our banks setting up solutions like Taceo, that use authentication technology to verify who they are? Simple software like this could be set up at the same time you open a bank account...

http://www.essentialsecurity.com/howitworks.htm

[mdrouillard]

Try to Remember what SPAM is

Everyone, let's not forget what spam really is, or at least a major cause of it. It is mostly email that can be sent to our inboxes from folks who we can't trust their identity. Most SPAM has forged email reply addresses, which then in turn allows these SPAMers to insert all kinds of viruses, tracking cookies, etc into the body of the messages, because we have no way of tracking them down to shut them up. If you could verify the true source of every email in your inbox, and a system existed to block unknown/unverifiable senders by end user choice, much of the dangers of email would disappear. This is not much different than a caller who keeps calling me on my home number. I can ask the police to intervene and order the telco to disconnect their phone! The source caller's line can in most cases be identified. Think of the amount of email that would not even be sent your way if the sender could not hide behind a false identity. Add to this a public/private key exchange that could be added easily into most email clients/email systems that would encrypt the email body so that the content of the email would be more protected than the electronic equivelant of a postcard. The Goodmail concept is flawed, not because it tries to eliminate spam, but rather it does not solve the root cause of why we get so much email spam and it does not protect the email contect from attack in the first place.

[stoicnluv]

Very good point...

Nicely explained.
I just hope most people here who are paranoid
understood your point, they just over-react right
away...

[J.G.]

Flawed definition of spam

Spam is email that the recipient does not want regardless of who it
comes from. I no more want life insurance offers from my banks
than I want offers of Viagra. By not accepting email from banks, I
avoid their spam.

[ORinSF]

Junk mailers don't use FedEx

Of course this isn't a complete solution to spam or phishing, but it's one more tool to increase the chances of legitimate mail being distinguished from junk. Add it to Domain Keys and SenderID.

A quarter of a cent is really not cheap when multiplied out to the tens of thousands. It may even turn out to be prohibitive, who knows. A lot of banks still send snail mail (uncertified) for things they deem too important for email. This could replace those.

The (physical) junk mail that I receive is sent the cheapest way possible. I am pretty willing to bet that my Fedex packages are worth attention. The junk mailers *could* use Fedex, but somewhere around 0% actually do.

Also, Goodmail is vouching for the sender and stipulates behavior. If you come to believe that Goodmail is a good brand, then you will trust the mail. If not, not. Perhaps some competitors will jump into the fray -- Verisign, RSA, Symantec?

[mortalnishant]

It is like controlling the internet

There was a huge cry over USA controlling the domain servers recently. But very few realise that what goodmail is doing is similar to that because next thing you know u will be charged to send e-mails to individuals something like the proposed pennyblack system by microdof.
Can goodmail guaremtee that the mails of common users will not be intentionally blocked?

[MrHandle]

Wouldn't Work

There's no way you could prevent the "Stamps" from being electronically forged. This is just more greedy nonsense.

[snavely77]

no thank you

the government has wanted to tax email for years now because it's taking away money from the post office. since their attempts have failed, this seems like just another way to garner money...this company will have to pay taxes on the profit, I'm assuming, like all other for-profit companies in our country. no thank you, I'll simply continue to use Mozilla Thunderbird and will be very cautious to whom I give my email address.

[pmpscheduler]

Fellow Thunderbird user...

I agree with you. The internet has been the best thing to happen to the over-taxed consumer. Smart internet, computer savvy users, professionals (including the Indians, Chinese, Russians, etc... receiving out-sourced IT jobs) will come up with some other free-open-source solution to debunk the dinosaurs currently sitting on their steak and lobster posteriors on my and your dime. Revenue will fall, and AOL/Yahoo will see the errors in their ways.

I am trying to get as many of my AOL friends as possible to move to someone else anyway. Now they are listening.

Yahoo is basically free for most of its users. Those that pay should reconsider and move, when this guy gets approval to get his welfare check.

The dumb ideas that elected officials are actually spend time on lets me know many elected officials need to lose their positions in the next few elections. From the input in talkback, many of the readers agree. Let's vote our interest into the next senatorial/congressional seat.

[amajamin]

A good spam filter goes a LONG way

A combination of good server-side and client-side spam filters weed out a good 98% of spam. That in addition to a little common sense on who you give your e-mail address out to eliminates almost all spam and the need to charge some ridiculous e-mail postage.

[darkane]

The End Of Ethics

I felt the need to fume about this, but I'd rather not copy and paste into here.

Read it at:

http://www.bryanserven.com/