Pay-per-email and the "Market Myth"

Bennett Haselton has written a thoughtful piece on the latest developments in the pay-for-email schemes making the rounds from some of the big players in the world of AOL. This one is really worth your time, so please click on and read what he has to say.

AOL created quite a stir in February when they announced that senders would soon be able to bypass the company's junk mail filters by paying a quarter-penny per message to a company called Goodmail, which would split the revenue with AOL. EFF and MoveOn.org argued, in an open letter posted at DearAOL.com and co-signed by many groups including Peacefire, that once the big players were able to bypass AOL's mail filters for a fee, there would be less pressure on AOL to fix problems with non-paying senders being blocked, and that the quarter-penny would become a de facto "e-mail tax" for newsletter publishers if other ISPs followed suit.

At the N-TEN conference last Thursday in Seattle, I had the chance to talk to Charles Stiles, the AOL postmaster, and Richard Gingras, the CEO of Goodmail, after a panel discussion about Goodmail's system, where they clarified some issues. First, if you pay for a GoodMail stamp, your mail not only bypasses AOL's junk mail filters, it also gets displayed to the user with a blue ribbon indicating "This mail has been certified" -- which is a promise to the user that GoodMail has actually done a "background check" on the organization and found them to be a "good actor". (So it's mainly useful for banks, as a way of saying "This is not a phishing attack", and for charities, as a way of saying "We are a legitimate charity".) Stiles said that AOL will continue offering a free whitelisting program for people to bypass the filters, where anyone can apply to join the whitelist (even though this can be easily abused by spammers as well, but AOL offers it anyway because most spammers don't bother). If you're on the whitelist, you don't get the little blue "Certified Email" ribbon, but you do get past the junk mail filters.

So, what's everyone so worried about, if anyone can bypass the filters for free? Well, one problem is that this is where Hotmail used to be, before they started requiring senders to pay a fee to bypass their filters. At one time, if your newsletter was being wrongly blocked by Hotmail, you could fill out a questionnaire with some verification information, and they would add you to the whitelist, which is what we once did to get the Peacefire newsletter un-blocked. However, once Hotmail started using Bonded Sender, a third-party company that requires you to post a $2,000 bond in order to get on their whitelist, Hotmail revoked the free whitelistings that had been given out in the past. If your newsletter is being blocked by Hotmail's filters, no matter how many people vouch for you as a non-spammer, the only way to make sure you get past the filters is to pay the $2,000 to Bonded Sender. (I refused to pay the fee, and of the last seven messages that I sent to our press list, all of them got labeled by Hotmail as "Junk Mail".)

Charles from AOL seemed sincere in saying that AOL's free whitelisting won't go away. But he can't promise or guarantee anything, and someday it'll be someone else's decision. And other ISPs, most of which do not have free whitelists, will be tempted to use GoodMail as a de facto whitelist, such that senders that don't pay will have a greater chance of being blocked.

But I think there's a bigger problem underlying all of this. It's not about specific problems with GoodMail's or AOL's or Hotmail's system. The problem is that many advocates of these systems say that any flaws will get sorted out automatically by "the market" -- and in this case I think that is simply wrong. And in fact the people on Thursday's panel can't really believe it either, because one thing we all agreed on was that Bonded Sender sucks. But has the marketplace punished Hotmail for using it? Have people left in droves because non-Bonded-Sender e-mail gets blocked? No, because if they never see it getting blocked they don't know what happens. Free markets only solve problems that are actually visible to the user.

And this is why groups like EFF and Peacefire are rallying against pay-per-mail. We don't protest bad ideas. We protest bad ideas that could cause harm because by their nature, the marketplace will not kill them. Think about it: if AOL announced that they were going to start charging $100/month for dial-up, would we care? Would MoveOn send out e-mail warnings to its AOL subscribers? Would the EFF start a coalition against it? No, because users will abandon AOL over something like that, and the marketplace will kill it. But people don't abandon their provider over wrongly blocked e-mail if they don't even know it's happening. And thus pay-per-mail could become a de facto standard because it's invisible to customers.

If Microsoft released a new version of IE with huge ugly buttons that were hard to understand, would civic-minded groups and public advocates complain? No, because that problem will sort itself out through browser competition. It's when Microsoft releases features that have bad implications for user privacy and security, that civic groups and experts complain loudly -- because most people can't assess the privacy and security risks of using their browser, and so the marketplace alone won't solve that. (Microsoft knows this, of course, which is why they have sometimes released features that have bad implications for users' privacy and security, but they never made the buttons big and ugly.)

This is what I think people like Esther Dyson don't understand, when she wrote her editorial in the New York Times: Partly she wrote why she thought GoodMail was a great idea, but mainly she wrote that she didn't see why EFF and other groups were so upset, when if the idea turns out not to work, it will die in the market. "If they [AOL] don't do a good job of ensuring that customers get the mail they want, even from nonpaying senders, they will lose their customers." But that's simply not true. Hotmail subjects anyone to random blocking who doesn't pay the $2,000 Bonded Sender fee, and there's no evidence that it has caused them to lose customers.

Private companies do not have the absolute right to do whatever they want with your mail. If you sign up to receive mail from someone, and they send you an e-mail, then that e-mail is your property; if your ISP knows that the sender is almost certainly not a spammer, then they are violating the sender's and receiver's rights if they block the message. (Not First Amendment rights -- those only apply to government laws -- but rights based on contracts and implied warranties, since I think an e-mail address comes with an implied warranty that your contacts will be able to send you mail for free. So stop composing your -- yes, this means YOU -- stop composing your message saying that First Amendment rights don't apply to private companies.) EFF and other advocacy groups are working on anti-spam solutions that respect these rights, and you may agree or disagree with their proposals. But the point is that they should be commended for realizing that the marketplace will not preserve these rights "automatically".

After the N-TEN panel on Thursday, since I had sent a "communication" to Richard Gingras from Goodmail by asking him a question, I handed him a penny and reminded him that, per his agreement with AOL, he had to give half of it to them. I hope I never have to pay Goodmail anything again to get my message through, and I hope you never have to either.

Re:the real problem

I think you're referring to spam as the consequence?

Well, the reason mail is the way it became is that a few universities, defense contractors, and government organizations needed to communicate, and given the reliability of network equipment of the time, open relays were a necessity to ensure that email got through. The reason that something along the lines of SPF didn't come into play from the beginning is multifold; DNS wasn't around (hosts were maintained in host files at each site), every organization on ARPANET was 100% trusted, and there was no incentive to forge emails nor to do what we now call "spamming" - in fact the few early advertisements which went out in targeted emails were heavily criticized.

When ARPANET became the Internet and DNS came into being due to the volume of hosts going online, open relays were still the standard, not due to network reliability (which had significantly improved) but due to legacy support. To maintain backwards compatibility SMTP stayed pretty much as-is from day one, and with the harsh criticisms that followed early email advertisemtns from trusted organizations, no one really anticipated a number of things:

  - Internet access becoming a commodity (Quantum Link and Compuserve were just coming into their own then, and dial-up to proprietary online services was the wave of the future beyond private BBSes)
  - Everyone having multiple, multiple email addresses
  - Commercial entities abusing the network

In hindsight it was quite obvious that things like SPF would be required but given the Internet's early history (and computer networking in general) it's clear why they didn't think of security and sender verification when first implementing an email solution.

What AOL, Hotmail, and others SHOULD do is not use that GoodMail crap (it's not good sense to do that!) but to make SPF required rather than optional. If you want to send email to AOL recipients, on your authoritative servers, you must list which hosts are actually allowed to send emails from your domain via an SPF record, and all emails from your host not meeting the SPF rules will be regarded as spam and not even make it to the receiver's inbox.

This puts the onus totally on the senders. Want your mailing lists to make it through to the receiver? Make sure your listserver is listed in your SPF rules.

This is why SPF was proposed in the first place; to overcome issues arising from legacy support, to work around open relay-originating spam without having to block legitimate email from open relays, and to avoid the need for whitelisting.

Want to learn more about SPF? Check out http://www.openspf.org/ [openspf.org]

Posting this reminds me: I need to update our SPF records. Oops! :-/

Market Solutions

If you aren't getting emails that you are expecting, you would know about it. This would piss you off and you would find another way of getting the messages.

If you aren't getting emails that you aren't expecting, oh well, that's spam.

I disagree with the assertion that the market would not kill off this idea. If you aren't getting emails you expect (as has happened to me in the past) you will seek an alternative solution. If it's really important, there's this device called a telephone whereby you can actually speak with someone else in urgent situations.

Re:Market Solutions

They gave an example in the article of an email you want but aren't expecting: anouncement newsletters that you've signed up for.

I'm on the OpenBSD-security-announce list for example: Where OpenBSD announces when they've found a security bug. I never expect an email from them, but if they send one I want it.

The problem, as they see it, is that if I didn't get an email sent by that list I'd never know. I don't know when or if it was sent. But I still want the email.

This is one of the most common uses of email. It is something spam tries to hide as. A good spam-fighting solution must be able to handle it. Sender-pays doesn't, espcially for small/free projects.

Re:Market Solutions

I can see why reading it using an RSS reader might be better (and most email clients these days can do the same things), but I'm not really sure why sending it that way would be better. At the very least it means everyone who wants to check to see if there are new messages will have to hit your server every time they check. If people are on a lot of these annonuncment lists (which I am) that would mean hitting a large number of servers very day to check for one-two messages a month (total). Email, at the very least, would generate a lot less internet traffic.

As far as I can tell it would be the same info either way, so the less load on my connections is preferred.

Re:Market Solutions

This is obviously spoken as someone who has never had to manage a mailing list. Having helped my father, a missionary, in touch with his supporters has caused me no end to heartache and heartburn as people on AOL and Hotmail have constant trouble with everything from opt-in confirmations to receiving the letters, to casual communication between them getting blocked because the mailing list was already blocked. Then you have the idiots that opt-in and decide they don't want it anymore and actually do hit the "Spam" button.

The users just don't understand that their ISP is hiding their email from them. For whatever reason, they are convinced their email is just fine, it's got to be a problem with the list.

Re:Market Solutions

The obvious solution is to refuse to add hotmail or AOL addresses to the mailing list. Explain that hotmail wants to charge missionaries $2000 (or whatever) in order to accept their mail, start a letter writing campaign, etc.

If enough people do that, well that's a market solution.

Re:Market Solutions

It's not just an assertion it's an observation - hotmail is doing just fine.

A lot of the time legitimate email is unexpected.. sales and support queries for example. And their replies... if an aol customer sends you a sales query and aol blocks the reply it has cost *you* money as you have lost a customer. AOL user thinks you didn't bother replying and buys from someone else. It's worse with support - AOL user things you can't be bothered replying, tells all is friends that you suck because you never reply to support queries and you lose multiple potential customers. None of this hurts AOL - the market does *not* kill it off.

It will affect us more than them

From my experience working for an ISP, business is more likely to be affect ed for organisations that don't pay for Goodmail certificates. End users just see one thing - email you sent me doesn't get to my AOL account, but email that othercorp sends me does. They don't care about the technicalities of what systems AOL is using that are getting in the way, all they see is service works from x but not y. Large email providers like hotmail and AOL hold everyone else in the palms of their hands, either we play ball, or we lose business.

Two dots not connected

There are two dots that are not connected in this article: the little "blue ribbon" thing and the de facto tax. The author claims that the fee would become a de facto tax due to less pressure on AOL itself to fix problems.
The connection not made is that there is another reason it would become a de facto tax. I work for a nonprofit organization. If an AOL user knows that organizations and companies who have become certified get a blue ribbon, and we don't pay up, then the customer's question becomes this:
Why don't you have a blue ribbon, too?
That hurts us. And it's yet another reason this amounts to extortion.

Phew the junk will be marked

At least we know now that we'll be able to easily recognize junkmail that paid its way passed the filter--it'll have a "blue ribbon." Blue ribbon=certified junk mail.

Re:Real mail

This fictional scenario, I think closely (but not perfectly) mirrors the current email system. The whole spam problem should have been forseen.

That is a great analogy but I'm not sure your conclusions are right. As the price has went UP over the last 15 or so years I have noticed that the concentration of legitimate letter mail I get has went down. Bulk advertising or 'Spam' mail has actually increased in percentage. Individuals and companies I actually do business with have started using email rather than pay high postage rates. Many companies offer incentives so you can get your bills deliverd in email format.

If postage and paper was free we might get significantly more advertising, but we also might see more people drop a card in the mail once in a while with a written note. Cost is a significant factor for me in wanting to pay bills online and send email to friends rather than written notes.

The USPS has done exactly what AOL is trying to do. They have catered to big business that can see an ROI on their investment. Everyone else that sends letters 'First Class' and isn't trying to spam postal patrons gets screwed.

Hotmail, do they really?

"Hotmail subjects anyone to random blocking who doesn't pay the $2,000 Bonded Sender fee"

Do they actually block the email, or do they just send it to your junk mail folder? I am on numerous email lists, and I find it hard to believe that any of them would have coughed up the $2k to avoid getting blocked. Those emails all go to my junk mail folder by default (I have my in box set up with a white list), which is right where I want them to go. They sit in there for 7 days for my review and get deleted on their own, no need for me to hold tri-mag build questions or Microsoft news letters for more then a one time read. So if the "blocking" is just getting sent to the junk mail folder, I say who cares.

On the other hand, allowing a company to stick their emails in my in box against my wishes (like some MS and Hotmail newsletters) really annoys me. It bothers me in the same way a two tier internet bothers me. It takes away the level playing field and turns the system itself into a capitalist entity.

But I do like the idea of a certified white list and verified emails. Anything to cut down on the number of phishing emails and exploitation of the uneducated computer using masses.

-Rick

Re:I wonder

Will I still be able to mark certified mail as spam?

Yes. Certified Email only bypasses site filters; not an individual's filters.

People are forgetting...

... that it costs $.39 now to send a letter in the mail, but countless companies are willing to send thousands of pieces junk mail at a price MUCH steeper than a quarter of a penny. E-mail tax is a silly idea with nothing to offer.

The most important question wasn't answered.

HOW DOES THIS HELP YOUR CUSTOMERS?

The problem wasn't that your customers are receiving advertisements that weren't blessed by AOL -- it's that they were receiving too much junk mail -- PERIOD. Your clientele are already paying AOL their hard-earned money for connectivity, how does stuffing their $INBOX full of junk mail help them?

Wasn't this one of the things your customers originally whinged about a few years ago?

The good news is that the market will address this issue and correct itself.

Transport vs Content

The problem is that we can't afford to have transport providers selecting content if we have any expectation of maintaining open communications. As soon as transport providers are allowed to define the type of content, their self-interest, typically monetary but frequently political, overrides any other concern.

This isn't to say that content can't or shouldn't be 'regulated'. There are situations where this is clearly desireable, however, the providers themselves should not be allowed make those decisions.

Living in a time when communications is so widespread, not only amplifies it's effect, it also makes it's antagonists more desperate. Governments, corporations and numerous other groups have repeatedly demonstrated their intolerance of open communications. Combine this with the temptation to profit by creating classes of service within the transport system and you have an ugly mix.

Classes of service are a de facto process of discrimination. Build the features to support classes of service for profit, and their use for information suppression will not be far behind.

Do you really want AOL or News Corp deciding what contetn is fit for your consumption?

My experiences with email sending..

I work for a financial services company who has a clients who are supposed to receive emails from us related to trades. Since I manage our web presence, email deliverability is also my problem.

Here are the places to start:

Free Certification
AOL: http://postmaster.aol.com/whitelist/ [aol.com]
Yahoo: http://add.yahoo.com/fast/help/us/mail/cgi_bulkmai l [yahoo.com]
Verizon: http://www2.verizon.net/micro/whitelist/request_fo rm.asp?id=isp [verizon.net]

Reporting
Spamcop: http://www.spamcop.net/w3m?action=ispsignupform [spamcop.net]
Hotmail: http://postmaster.msn.com/snds/ [msn.com]
Senderbase: http://www.senderbase.org/ [senderbase.org]

Email Signing
SPF: http://www.openspf.org/ [openspf.org]
DomainKeys: http://domainkeys.sourceforge.net/ [sourceforge.net]

Paid Certification
Bonded Sender: http://www.bondedsender.com/ [bondedsender.com]
Habeas: http://www.habeas.com/ [habeas.com]
Goodmail: http://www.goodmailsystems.com/ [goodmailsystems.com]

A lot of providers outside the US have many of their own rules and regulations to follow, which makes it quite difficult to achieve deliverability. At the end of the day, we try to follow all the rules that have been laid out from existing companies and then deal with individual providers on a needs basis. The more users that use that ISP, the more we are willing to obey their individual rules.

Unfortunately, I see paid certification becoming the way of the future. If I can pay to guarantee to have my clients email delivered rather then negotiate with ISPs every other week based on their varying criteria, I'm pretty sure my company will pay for it. I don't like it, but results are the bottom line.

I don't agree.

Look, one of the MAJOR problems out there is not spammers, but instead the "legitamate" mass mailers.

Yes, I said it, the legiatamate mass mailers are part of the problem.

What would you say if a corporation started one of the following as business practoces:

A) Because of the high crime rate among conveience stores, all clerks will be issued guns and told to point them at the customer at all times.

B) Our salesman will run up to you, whip out a bottle of perfume point it at you and say PAY ME $25!

C) When you arrive at our gas car wash, masked men will remove you from your car, get in, and drive it into the carwash.

Customers would object to this. They have the right to object to this. The problem is that the activities being proposed, while they may be legal, APPEAR illegal. It is both stupid and irresponsible for businesses to engage in activities that are that close to being illegal.

It is the responsibility of the legitamate mass-emailers to distinguish themselves from spam. If they can't do this, then they should not be engaging in mass-emailing at all. If you can't convince hotmail that you are not spam, then you have an unethical business model.

Yes, this may force people to STOP using mass-email. There is no right to use it. Yes, you may like it, but it is argueable about ANY of it being 'legitamate', and it is up to you to find a way to prove you are legitamate, not up to the email service suppliers to prove you are not legiatamate.

There are lots of ways to deal with sending out large amounts of data daily. Message boards work fine. The g-d d-mned adware junk could also be converted to legitamate use, downloading your message once/day instead of via email.

If you can't clean up your act so your so called legitamate email is indistinguishable from spam, then you business model deserves to go down in flames.