Pay-per-email and the "Market Myth"

Bennett Haselton has written a thoughtful piece on the latest developments in the pay-for-email schemes making the rounds from some of the big players in the world of AOL. This one is really worth your time, so please click on and read what he has to say.

AOL created quite a stir in February when they announced that senders would soon be able to bypass the company's junk mail filters by paying a quarter-penny per message to a company called Goodmail, which would split the revenue with AOL. EFF and MoveOn.org argued, in an open letter posted at DearAOL.com and co-signed by many groups including Peacefire, that once the big players were able to bypass AOL's mail filters for a fee, there would be less pressure on AOL to fix problems with non-paying senders being blocked, and that the quarter-penny would become a de facto "e-mail tax" for newsletter publishers if other ISPs followed suit.

At the N-TEN conference last Thursday in Seattle, I had the chance to talk to Charles Stiles, the AOL postmaster, and Richard Gingras, the CEO of Goodmail, after a panel discussion about Goodmail's system, where they clarified some issues. First, if you pay for a GoodMail stamp, your mail not only bypasses AOL's junk mail filters, it also gets displayed to the user with a blue ribbon indicating "This mail has been certified" -- which is a promise to the user that GoodMail has actually done a "background check" on the organization and found them to be a "good actor". (So it's mainly useful for banks, as a way of saying "This is not a phishing attack", and for charities, as a way of saying "We are a legitimate charity".) Stiles said that AOL will continue offering a free whitelisting program for people to bypass the filters, where anyone can apply to join the whitelist (even though this can be easily abused by spammers as well, but AOL offers it anyway because most spammers don't bother). If you're on the whitelist, you don't get the little blue "Certified Email" ribbon, but you do get past the junk mail filters.

So, what's everyone so worried about, if anyone can bypass the filters for free? Well, one problem is that this is where Hotmail used to be, before they started requiring senders to pay a fee to bypass their filters. At one time, if your newsletter was being wrongly blocked by Hotmail, you could fill out a questionnaire with some verification information, and they would add you to the whitelist, which is what we once did to get the Peacefire newsletter un-blocked. However, once Hotmail started using Bonded Sender, a third-party company that requires you to post a $2,000 bond in order to get on their whitelist, Hotmail revoked the free whitelistings that had been given out in the past. If your newsletter is being blocked by Hotmail's filters, no matter how many people vouch for you as a non-spammer, the only way to make sure you get past the filters is to pay the $2,000 to Bonded Sender. (I refused to pay the fee, and of the last seven messages that I sent to our press list, all of them got labeled by Hotmail as "Junk Mail".)

Charles from AOL seemed sincere in saying that AOL's free whitelisting won't go away. But he can't promise or guarantee anything, and someday it'll be someone else's decision. And other ISPs, most of which do not have free whitelists, will be tempted to use GoodMail as a de facto whitelist, such that senders that don't pay will have a greater chance of being blocked.

But I think there's a bigger problem underlying all of this. It's not about specific problems with GoodMail's or AOL's or Hotmail's system. The problem is that many advocates of these systems say that any flaws will get sorted out automatically by "the market" -- and in this case I think that is simply wrong. And in fact the people on Thursday's panel can't really believe it either, because one thing we all agreed on was that Bonded Sender sucks. But has the marketplace punished Hotmail for using it? Have people left in droves because non-Bonded-Sender e-mail gets blocked? No, because if they never see it getting blocked they don't know what happens. Free markets only solve problems that are actually visible to the user.

And this is why groups like EFF and Peacefire are rallying against pay-per-mail. We don't protest bad ideas. We protest bad ideas that could cause harm because by their nature, the marketplace will not kill them. Think about it: if AOL announced that they were going to start charging $100/month for dial-up, would we care? Would MoveOn send out e-mail warnings to its AOL subscribers? Would the EFF start a coalition against it? No, because users will abandon AOL over something like that, and the marketplace will kill it. But people don't abandon their provider over wrongly blocked e-mail if they don't even know it's happening. And thus pay-per-mail could become a de facto standard because it's invisible to customers.

If Microsoft released a new version of IE with huge ugly buttons that were hard to understand, would civic-minded groups and public advocates complain? No, because that problem will sort itself out through browser competition. It's when Microsoft releases features that have bad implications for user privacy and security, that civic groups and experts complain loudly -- because most people can't assess the privacy and security risks of using their browser, and so the marketplace alone won't solve that. (Microsoft knows this, of course, which is why they have sometimes released features that have bad implications for users' privacy and security, but they never made the buttons big and ugly.)

This is what I think people like Esther Dyson don't understand, when she wrote her editorial in the New York Times: Partly she wrote why she thought GoodMail was a great idea, but mainly she wrote that she didn't see why EFF and other groups were so upset, when if the idea turns out not to work, it will die in the market. "If they [AOL] don't do a good job of ensuring that customers get the mail they want, even from nonpaying senders, they will lose their customers." But that's simply not true. Hotmail subjects anyone to random blocking who doesn't pay the $2,000 Bonded Sender fee, and there's no evidence that it has caused them to lose customers.

Private companies do not have the absolute right to do whatever they want with your mail. If you sign up to receive mail from someone, and they send you an e-mail, then that e-mail is your property; if your ISP knows that the sender is almost certainly not a spammer, then they are violating the sender's and receiver's rights if they block the message. (Not First Amendment rights -- those only apply to government laws -- but rights based on contracts and implied warranties, since I think an e-mail address comes with an implied warranty that your contacts will be able to send you mail for free. So stop composing your -- yes, this means YOU -- stop composing your message saying that First Amendment rights don't apply to private companies.) EFF and other advocacy groups are working on anti-spam solutions that respect these rights, and you may agree or disagree with their proposals. But the point is that they should be commended for realizing that the marketplace will not preserve these rights "automatically".

After the N-TEN panel on Thursday, since I had sent a "communication" to Richard Gingras from Goodmail by asking him a question, I handed him a penny and reminded him that, per his agreement with AOL, he had to give half of it to them. I hope I never have to pay Goodmail anything again to get my message through, and I hope you never have to either.

Email was not a "late night hack"

[Infonaut]

look it up if you don't believe me.

You insinuate that hardly any work at all went into the creation of email. This says otherwise [livinginternet.com].

Re:Market Solutions

[Daniel_Staal]

I can see why reading it using an RSS reader might be better (and most email clients these days can do the same things), but I'm not really sure why sending it that way would be better. At the very least it means everyone who wants to check to see if there are new messages will have to hit your server every time they check. If people are on a lot of these annonuncment lists (which I am) that would mean hitting a large number of servers very day to check for one-two messages a month (total). Email, at the very least, would generate a lot less internet traffic.

As far as I can tell it would be the same info either way, so the less load on my connections is preferred.

Re:Thoughts

[Russ Nelson]

How ignorant can one person be? If ignorance were radioactive, you would have achieved critical mass.

1. images are turned off by default in anything that remotely looks like spam.
   
2. Goodmail customers have to *pay* to have a background check done on them.
   
3. Goodmail will have competitors. They already have competition in the form of AOL's whitelist and enhanced whitelist.
   

Re:I wonder

[Russ Nelson]

Will I still be able to mark certified mail as spam?

Yes. Certified Email only bypasses site filters; not an individual's filters.

Where is the "quick hack" part?

[Infonaut]

Maybe you should read it.

I did. Where does it say anything about email being a quick hack? I assume you're referring to this bit:

In the early 1970's, Ray Tomlinson was working on a small team developing the TENEX operating system, with local email programs called SNDMSG and READMAIL. In late 1971, Tomlinson developed the first ARPANET email application when he updated SNDMSG by adding a program called CPYNET capable of copying files over the network, and informed his colleagues by sending them an email using the new program with instructions on how to use it. To extend the addressing to the network, Tomlinson chose the "commercial at" symbol to combine the user and host names, providing the naturally meaningful notation "user@host" that is the standard for email addressing today.

First, nothing in this description tells me how long it took Tomlinson to come up with the idea and implement it. Second, Tomlinson's effort set up the addressing convention of email. That is hardly the whole of email as we know it today. As the article notes, SMTP didn't even come around until the early 1980s. My point is that it took a lot of work to create what we now know as email. Tomlinson built on SNDMSG, but that was neither the start nor the end of the process of developing email. To characterize its development as a "late night hack" seems insulting to all of the people who put their time and effort into that development.

Perhaps my interpretation of the original post was a bit oversensitive, but I just dislike such flippant characterizations, particularly when someone doesn't provide any factual information and suggests that I look up the information myself. If you know the history behind something, why not share it with the rest of us, instead of assuming we'll take your statement on faith?

Re:Thoughts

[hey hey hey]

- Spammers copy and paste the blue ribbon into their spam templates in 1/100th of the time it took Goodmail to come up with and implement it.

Unlikely. The way Goodmail works is every outgoing message talks to their servers to get a token to put in the message, and every incoming message is validated by asking their servers about the token. Each token is unique, tied to a specific message, etc (it is domain keys, but Goodmail servers have the public and private keys). I think there are real issues with scaling, but spoofing isn't a real worry.

- Spammers sign up for Goodmail to send some of their spam out, in quantities that will allow the cost to be worth it. The spam folder in your e-mail just became worthless.

Goodmail claims that they will monitor your account. Too many complaints, and your account will be terminated. If this is how they actually do business is anyones guess.

The run of the mill Herbal-Viagra spammer can't afford the added cost of using this service (they are usually blasting out of open relays, spambots, some ISP who doesn't care, etc). However, they won't stop because of this service either, which is why this isn't really an anti-spam measure, it is a way for good companies (with various definitions of good) to pay to bypass the spam filters.

- I refuse to use Goodmail, and my legitimate e-mails start ending up in Spam. I encourage users of services that do this to switch to "a better e-mail service with better filters", namely one that does not support Goodmail.

Depends on how AOL (and others) change their existing systems. If the rest of their system stays the same, AOL users get possibly more cluttered mail boxes, and in the end, it is a big yawn (but AOL gets to pocket some $$ for a year or three). If AOL begins to tweak their filters so more legitimate mail heads spambox-ward, then we get into possible user unrest.

Re:Market Solutions

[Haeleth]

Have you considered that email lists like that might just be a bad idea in general? It seems to me that that kind of thing would be better implemented using RSS instead.

No. For infrequent security alerts, you want to use a push technology like email: the advantages are that (a) it's everywhere (even the most stripped-down BSD server will have a basic email client), and (b) it saves bandwidth (because you don't have people's aggregators constantly probing your site for changes).

My experiences with email sending..

[Anonymous Coward]

I work for a financial services company who has a clients who are supposed to receive emails from us related to trades. Since I manage our web presence, email deliverability is also my problem.

Here are the places to start:

Free Certification
AOL: http://postmaster.aol.com/whitelist/ [aol.com]
Yahoo: http://add.yahoo.com/fast/help/us/mail/cgi_bulkmai l [yahoo.com]
Verizon: http://www2.verizon.net/micro/whitelist/request_fo rm.asp?id=isp [verizon.net]

Reporting
Spamcop: http://www.spamcop.net/w3m?action=ispsignupform [spamcop.net]
Hotmail: http://postmaster.msn.com/snds/ [msn.com]
Senderbase: http://www.senderbase.org/ [senderbase.org]

Email Signing
SPF: http://www.openspf.org/ [openspf.org]
DomainKeys: http://domainkeys.sourceforge.net/ [sourceforge.net]

Paid Certification
Bonded Sender: http://www.bondedsender.com/ [bondedsender.com]
Habeas: http://www.habeas.com/ [habeas.com]
Goodmail: http://www.goodmailsystems.com/ [goodmailsystems.com]

A lot of providers outside the US have many of their own rules and regulations to follow, which makes it quite difficult to achieve deliverability. At the end of the day, we try to follow all the rules that have been laid out from existing companies and then deal with individual providers on a needs basis. The more users that use that ISP, the more we are willing to obey their individual rules.

Unfortunately, I see paid certification becoming the way of the future. If I can pay to guarantee to have my clients email delivered rather then negotiate with ISPs every other week based on their varying criteria, I'm pretty sure my company will pay for it. I don't like it, but results are the bottom line.

Re:Me too - no filters for me, please

[Znork]

"If I didn't have to give out my email address for every damn thing..."

You dont. If you're running your own mailserver, just create junk aliases and simply keep them around for as long as necessary. Heck, create separate personal email aliases for everyone of your friends when you're at it, and it becomes their responsibility not to spread their access address to you around, or you'll simply junk it and make a note not to give them a new one.

In todays overly communicative world, the desireable resource is not you having a mailbox where you can be reached, it's someone else having a mailbox where you can be reached. So change the paradigm around, and let them be the guardian of their very own access line to you. If they fail to guard it or you no longer want them to be able to reach you that way, you just junk that adress, and nobody else is affected.

I don't agree.

[gurps_npc]

Look, one of the MAJOR problems out there is not spammers, but instead the "legitamate" mass mailers.

Yes, I said it, the legiatamate mass mailers are part of the problem.

What would you say if a corporation started one of the following as business practoces:

A) Because of the high crime rate among conveience stores, all clerks will be issued guns and told to point them at the customer at all times.

B) Our salesman will run up to you, whip out a bottle of perfume point it at you and say PAY ME $25!

C) When you arrive at our gas car wash, masked men will remove you from your car, get in, and drive it into the carwash.

Customers would object to this. They have the right to object to this. The problem is that the activities being proposed, while they may be legal, APPEAR illegal. It is both stupid and irresponsible for businesses to engage in activities that are that close to being illegal.

It is the responsibility of the legitamate mass-emailers to distinguish themselves from spam. If they can't do this, then they should not be engaging in mass-emailing at all. If you can't convince hotmail that you are not spam, then you have an unethical business model.

Yes, this may force people to STOP using mass-email. There is no right to use it. Yes, you may like it, but it is argueable about ANY of it being 'legitamate', and it is up to you to find a way to prove you are legitamate, not up to the email service suppliers to prove you are not legiatamate.

There are lots of ways to deal with sending out large amounts of data daily. Message boards work fine. The g-d d-mned adware junk could also be converted to legitamate use, downloading your message once/day instead of via email.

If you can't clean up your act so your so called legitamate email is indistinguishable from spam, then you business model deserves to go down in flames.