Charging for Email?

>I'm perturbed at the idea that AOL & Yahoo have decided to
>make money directly from spam.

Dave Farber's IP list is having a low-volume and high-S/N conversation
about this. Here are the posts so far:

 http://lists.elistx.com/archives/interesting-people/200602/msg00052.html
 http://lists.elistx.com/archives/interesting-people/200602/msg00054.html
 http://lists.elistx.com/archives/interesting-people/200602/msg00062.html

-- KDawson

On Thu, 2006-02-09 at 07:14, Chris Pepper wrote:
> So I read "Postage Is Due for Companies Sending E-Mail" from
> the New York Times
> <http://www.nytimes.com/2006/02/05/technology/05AOL.html?_r=2&ei=5094&en=adc81ef8bbdf0746&hp=&ex=1139115600&partner=homepage&pagewanted=print>,
> and wondered what the TidBITS crew thinks of it.

As someone directly involved in the anti-spam industry, I can
categorically state that much of the press on this issue is just flat
WRONG.

Goodmail is not a generalized e-postage system for ALL email, or even a
system for e-postage on all BULK email. Goodmail is NOT a "pay to spam"
system. It covers a tiny fraction of permission-based email; things
which require some assurance of delivery.

For AOL, Goodmail is in part replacing, and in part enhancing systems
they ALREADY have in place which do much the same thing (albeit the
current systems at AOL operate at a substantial loss). Goodmail will
vet all of the senders using their system to mail to AOL, as they do
with EVERYONE using their system.

For Yahoo, Goodmail is providing a way for *transactional* mailings to
bypass spam filters (things like airline ticket confirmations, billing
notices and the like). None of these things would EVER be considered
spam, but most likely would be mistaken for phishing attempts if there
isn't SOME way to differentiate them.

Goodmail is NOT a "pay to spam" system. It covers a tiny fraction of
permission-based email; things which require some assurance of delivery.

Goodmail's long-term plan appears to include making their SDK open
source, but according to the employee I'm hearing from this is a matter
of "baby-steps" and they have to "crawl before we walk, and walk before
we run".

One thing that many folks don't realize is that there is a massive
amount a legitimate commerce happening via email, and that mistakes in
spamblocking are a major issue for many companies doing business
online. Being unable to get an order confirmation through to a customer
because their provider thinks (wrongly) that it's spam is of great
concern to businesses.

All Goodmail does is assure special treatment for these transactional
mailings. Few of their customers do anything else with email. Mail
sent by Goodmail customers will have a special cryptographic token in
the header, which is "redeemed" but the recipient ISP on delivery.
Post-delivery, the mail can be then tagged for the end-user to show that
it was legitimately requested.

They have indirect competition from the likes of Habeas, and Return
Path, which provide different models for doing much the same thing.
Nobody makes much of a fuss about Return Path's "Bonded Sender" or
Habeas. Nobody should be making much of a fuss about Goodmail.

The whole issue is a tempest in a teapot.

--B

--
Brian McNett: Forensic Spam Investigator
Work: <http://consult.spamresource.com/>
Play: <http://www.mycoinfo.com/>
Online Store: <http://store.mycoinfo.com/>

On 09 Feb 2006, at 08:14 , Chris Pepper wrote:
> So I read "Postage Is Due for Companies Sending E-Mail" from
> the New York Times <1> and wondered what the TidBITS crew thinks of
> it.

I think one of two things will happen. Either this will never really
take off an no one will pay for the 'service' or it will really take
off and people at yahoo and AOL will be so inundated with paid mail
they don't want that they will leave in droves.

For the rest of the Internet, it's completely irrelevant.

<1> Removed registration-required NYT link

> I could be overly pessimistic, but don't *think* so. What
>about you all?

Here's my collection of Random Thoughts... with lots of statements
about what exists and why, and not a lot of answers. Sorry. =)


Every end user, and every legitimate mail sender says to their ISP:
"Don't just sit there, DO SOMETHING!"

Everybody wants their email, right now.
Everybody wants the email they send, delivered, right now.
*and*
Nobody wants spam.
Nobody wants legitimate email blocked.

and most importantly:
Nobody wants to pay anything for any of the above.

Everyone assumes that email is "part of the package" when it comes to
their Internet service.

I can say this with decades of IT management and enough years in the
Internet business to put plenty of grey hairs in my beard:

NOTHING freaks people out more than NOT getting their email.

Users will endure storm-caused outages, hard drive failures,
telecommunications issues, web servers crashing, you name it... but
down the mail server, or even have it be SLOW, and all hell breaks
loose.

The fact that the Internet-wide email system has worked almost
instantaneously for years, despite the rise in spam volume to well
over 50% of the mail traffic has created this bizarre situation. We
reached the tipping point however, quite silently I believe to the
majority of end-users, about 18 months ago. Network wide, large
providers such as AOL, Yahoo, MSN, etc started getting really
aggressive about filtering (due to user demand) and as such mail
delivery times have been steadily increasing over the past year or so.

I can sit and watch the outbound SMTP queues on our mail servers and
there are a lot of domains that take FOREVER to process their inbound
mail. Yahoo, AOL, Gmail, Comcast, Shaw, Telus, Qwest, Roadrunner, etc
etc... the large-scale access or free email providers mostly. It can
take hours now to get legitimate email through to their users. If you
spend any time in NetOps circles there are constant complaints about
delivering mail to these providers, and among them, ONLY AOL has a
"postmaster" group that are accessible, available and helpful. The
rest (especially Yahoo) are black holes with zero operational
communications with other providers. This is especially frustrating
given the usual cooperative nature of normal Internet operations
behind the scenes.

They make ZERO revenue from email, yet they are spending millions of
dollars to build mail and mail filtering infrastructure. The suits
that run the place want to get some return on the investment they are
blowing on email systems. The Customer Service and Support divisions
want the users to stop harassing them about spam and slow mail... the
opposite ends of the same problem. It doesn't surprise me at all that
they want to charge outside concerns for access to "their users". The
model has worked for centuries in the snail mail market, why not
email?

The problem is that the only mail senders that have the resources to
spend money to send mail in bulk are the very same people that send
you paper (or in the case of AOL, CDs) junk mail today. These people
are not even really in the email business today in any significant
way. So this "Goodmail" initiative by AOL & Yahoo will not really
serve to solve any real problems with the email system, just add a
new class of junk mail. Be careful what you wish for.


The funny thing with email, is that you really ARE getting something
for nothing. You don't pay for it, really. What you pay for Internet
Access or hosting barely covers the cost of access or hosting and
doesn't even TOUCH what it costs to provide email services. However
virtually every email user considers email to be a "Mission Critical"
service.

Everyone contributes to the problem. There is no "US", there is no
"THEM"... If you get or send email, you share blame for the current
situation. If you send out bulk mail in ANY form: Newsletters,
mailing list like this one, auto-replies from ecommerce systems,
"Holiday Greetings" sent to your entire address book, forwarding
jokes to a few hundred recipients via a "BCC" paste... You have
wrongly lead to either a mail server being blacklisted, throttled, or
greylisted. If you operate a web site with a mail form that doesn't
validate every single character of input (no linefeed or carriage
return characters!), you have caused or will cause a mail server to
be blacklisted, throttled, or greylisted. If your mail provider lets
you report mail as spam, and you use it to tag everything that annoys
you that day as spam, then you have wrongly caused a mail server to
be blacklisted, throttled, or greylisted.

Everyone who thinks they've come up with a Final Ultimate Solution to
the Spam Problem doesn't really understand the spam problem.

I wish I had more constructive things to contribute to the
discussion, but I'm too busy spending capital resources and time
building and maintaining email systems we make no revenue from, nor
ever will.

Regards,
--

Chuck Goolsbee V.P. Technical Operations
_________________________________________________________________
digital.forest Phone: +1-877-720-0483, x2001
where Internet solutions grow Int'l: +1-206-838-1630
*** celebrating twelve years of service 7/12/1994 - 7/12/2006 ***
12101 Tukwila International Blvd Fax: +1-206-838-3749
Suite 410 http://www.forest.net
Seattle, WA 98168 email: cgforest.net

At 07:14 AM 02/09/2006 -0800, Chris Pepper wrote:
>So I read "Postage Is Due for Companies Sending E-Mail" from the New York
>Times
><http://www.nytimes.com/2006/02/05/technology/05AOL.html?_r=2&ei=5094&en=adc81ef8bbdf0746&hp=&ex=1139115600&partner=homepage&pagewanted=print>,
>and wondered what the TidBITS crew thinks of it.

BTW, when passing on a NY Times URL, you can drop everything after the
question mark, thus

http://www.nytimes.com/2006/02/05/technology/05AOL.html

works.

>I'm perturbed at the idea that AOL & Yahoo have decided to make money
>directly from spam.

The article says clearly in the second paragraph

>The senders [who are paying for preferential treatment] must promise to
>contact only people who have agreed to receive their messages, or risk
>being blocked entirely.

That sounds to me more like rewarding non-spam. AOL and Yahoo will
undoubtedly make money on the scheme, but they are in business to make
money. As long as they make money reducing spam, I don't have a problem
with it. AOL in particular has spent a lot of money in court trying to stop
spammers, and they didn't even make money on that.

All in all, I don't think this development will have much affect on spam
overall. I continue to think that a 1/10 cent charge per email sent, with a
couple of appropriate adjustments, would be workable and would vastly
reduce spam. However, that requires an agreement among most email providers
before it will work, and I don't see any progress in that direction. Most
email providers are treating spam as a battle they must each fight alone
rather than something they could stop by banding together.

Edward
Art works by Melynda Reid: http://paleo.org

>One thing that many folks don't realize is that there is a massive
>amount a legitimate commerce happening via email, and that mistakes in
>spamblocking are a major issue for many companies doing business
>online. Being unable to get an order confirmation through to a customer
>because their provider thinks (wrongly) that it's spam is of great
>concern to businesses.

Of that I can confirm quite strongly.

A full 80% of the "spam" we see get reported coming out of our
network are nothing more than CONFIRMATION emails from ecommerce
systems hosted here.

I find that very discouraging.


Regards,
--

Chuck Goolsbee V.P. Technical Operations
_________________________________________________________________
digital.forest Phone: +1-877-720-0483, x2001
where Internet solutions grow Int'l: +1-206-838-1630
*** celebrating eleven years of service 7/12/1994 - 7/12/2005 ***
12101 Tukwila International Blvd Fax: +1-206-838-3749
Suite 410 http://www.forest.net
Seattle, WA 98168 email: cgforest.net

On 10 Feb 2006, at 06:11 , chuck goolsbee wrote:
>> I could be overly pessimistic, but don't *think* so. What
>> about you all?
>
> Every end user, and every legitimate mail sender says to their ISP:
> "Don't just sit there, DO SOMETHING!"

As an hosting provider, albeit a very small one, I feel I have some
experience in this area, as spam has been a huge concern for us.

We are aggressive in targetting spam. We check incoming mail
connections for attachment types that are dangerous as well as
checking against several RBL lists. Incoming email that hits one of
those filters gets dropped with an error. This is better than 80% of
our email connections.

We use greylisting, and this takes care of another 15-18% or our
email connections.

Once email is accepted, it is run through SpamAssasin and tagged up.
Regardless of the score, all spam-tagged mail is delivered. the spam
tags make it very easy to sort and filter for spam, and if something
is wrongly tagged (very rare), the recipient still has it.

This has worked very well for our email users, and we've not had to
take more aggressive steps (as some other mail admins I know have).
We don't quarantine every attachment, for example. Nor do we use
some of the more agressive RBL lists (Spews or Spamcop).

> Everybody wants their email, right now.

Actually, I've found that people are perfectly willing to accept the
greylisting delay on incoming email in exchange for a huge reduction
in the amount of spam they get.


> Everyone assumes that email is "part of the package" when it comes to
> their Internet service.

Well, it is. We don't charge for spamblocking, largely because it
helps US as much, if not more, than thte customer.

> ONLY AOL has a
> "postmaster" group that are accessible, available and helpful. The
> rest (especially Yahoo) are black holes with zero operational
> communications with other providers.

Yahoo is a black hole, but RoadRunner is actually worse. They
respond (or used) but seem to go out of their way to be as stupid as
possible.

> This is especially frustrating
> given the usual cooperative nature of normal Internet operations
> behind the scenes.

> They make ZERO revenue from email,

They would make zero revenue without email, so that's not exactly
true. 100% of their revenue relies on email.

> The problem is that the only mail senders that have the resources to
> spend money to send mail in bulk are the very same people that send
> you paper (or in the case of AOL, CDs) junk mail today. These people
> are not even really in the email business today in any significant
> way. So this "Goodmail" initiative by AOL & Yahoo will not really
> serve to solve any real problems with the email system, just add a
> new class of junk mail. Be careful what you wish for.

> The funny thing with email, is that you really ARE getting something
> for nothing. You don't pay for it, really. What you pay for Internet
> Access or hosting barely covers the cost of access or hosting and
> doesn't even TOUCH what it costs to provide email services.

Bollucks. Let's see, I pay Comacast $65/m for my home connection. A
friend of mine in France pays €30/month for a connection that is 50%
faster upstream, 150% faster downstream, and offers a fixed IP
address. I can get a fixed IP from Comcast for another $10 a month,
but they still port-block.


> Everyone contributes to the problem. There is no "US", there is no
> "THEM"... If you get or send email, you share blame for the current
> situation. If you send out bulk mail in ANY form: Newsletters,
> mailing list like this one, auto-replies from ecommerce systems,
> "Holiday Greetings" sent to your entire address book, forwarding
> jokes to a few hundred recipients via a "BCC" paste... You have
> wrongly lead to either a mail server being blacklisted, throttled, or
> greylisted.

This is bull. None of that is spam.

> If you operate a web site with a mail form that doesn't
> validate every single character of input (no linefeed or carriage
> return characters!), you have caused or will cause a mail server to
> be blacklisted, throttled, or greylisted.

Also bollocks. Web forms simply need to build the headers internally
instead of processing the user input.

--
You may be anti anti-spam-kook if: Despite having invented the FUSSP,
you not only don't know the difference between the SMTP envelope and
SMTP headers; you doubt there is such a thing as the SMTP envelope
because email doesn't involve paper.

The AOL charge-for-email has prompted the MoveOn.org folks to start a
petition drive against the concept. Although they seem to understand
the technique correctly, they see it as a slippery slope that will
lead to inferior service for all those who do not pay.

<http://civic.moveon.org/mediaaction/alerts/Stop_AOL_email_scheme.html>

The EFF is also coming out against it, called it a "pay-to-speak" system.

<http://www.eff.org/deeplinks/archives/004398.php#004398>

cheers... -Adam

--
New Take Control ebooks! ........... http://www.takecontrolbooks.com/
_____________________________________________________________________
Adam C. Engst: I publish TidBITS, write books, and make sure the
acetidbits.com right people know each other in the Mac industry.
Me: http://www.tidbits.com/adam/ TidBITS: http://www.tidbits.com/

On 22 Feb 2006, at 13:57 , Adam C. Engst wrote:
> The AOL charge-for-email has prompted the MoveOn.org folks to start a
> petition drive against the concept. Although they seem to understand
> the technique correctly, they see it as a slippery slope that will
> lead to inferior service for all those who do not pay.

I have to agree. I see it as the beginnings of a "pay-to-send" model
that AOL and Yahoo, at least, hope becomes widespread. Imagine a
Internet in which the free-exchange of ideas is impossible because
every single person saying anything has to first prove their identity.

Had the British in the 1750's had such a system there would never
have been an American Revolution.

At 01:29 PM 02/23/2006 -0800, Google Kreme wrote:
>Imagine a Internet in which the free-exchange of ideas is impossible

Film at 11.

I've said it before and I'll say it again. The Internet (and everything
that surrounds it and makes it up, including our freedom to use it) can be
threatened from two very different directions: excessive authority or
excessive chaos. There's a very noisy group who feel their freedoms are
much more endangered by authority. I see that as dogma, not practicum. When
I look at what's actually happening on the Internet today, I see far more
danger from chaos.

And don't quote Ben Franklin at me. This is not a case of giving up freedom
for security. It's a case of recognizing that not all freedoms can coexist
(my freedom to swing my fist ends where your nose begins). If we refuse to
make a choice on the balance of freedoms, the chaos-mongers will make the
choice for us, to our detriment.

Edward
Art works by Melynda Reid: http://paleo.org

On Feb 27, 2006, at 11:27 AM, Edward Reid wrote:

> I've said it before and I'll say it again. The Internet (and everything
> that surrounds it and makes it up, including our freedom to use it) can be
> threatened from two very different directions: excessive authority or
> excessive chaos. There's a very noisy group who feel their freedoms are
> much more endangered by authority. I see that as dogma, not practicum. When
> I look at what's actually happening on the Internet today, I see far more
> danger from chaos.

I agree with you about the threat from too much chaos.

But there are two approaches authority can take, and one is
significantly more damaging than the other. On the one hand, you can
take a content-neutral approach to authority: it has been held under
US First Amendment law, for instance, that it is perfectly acceptable
to forbid public gatherings that exceed a certain noise level, but it
is not perfectly acceptable to forbid public gatherings to discuss
certain matters. You can regulate the form (loud public gatherings)
but not the content (political speech, artistic expression). It's
also worth noting that (also akin to US First Amendment law) the
freedom of the press is really freedom for those who own presses:
they can print what they like, but they can't expect other people to
pay for it.

Now, why do I bring this up? It seems to me that a lot of the well-
meaning authority that's endangering the Internet is of the content-
regulation sort rather than the form-regulation sort. I would have
no problem if some regulation said that any email message that did
not have properly formed headers that could be verified and the
actual sender determined could simply not be delivered. This would
eliminate just about all spam, and what was not eliminated could be
accurately traced back to its source. I also have no real problem
with pay-to-send email, as long as it's content-neutral -- if I run a
mailing list and I have to pay to send messages, well, then, I will
just have to charge subscribers or find advertisers -- just as print
magazines do now.

But the problem is in the penumbra. How do I know that when a mail
server drops a message on the floor, it's for reasons of form and not
reasons of content? How hard would it be for AOL or Google to run a
filter that makes a guess at the content of mail messages, and
charges differential rates depending on the content? This is
authority of the bad sort, and it's not the kind of Internet I want
to deal with -- given an excluded-middle choice between that and
chaos, I vote for chaos.

--
Charlton Wilbur
cwilburchromatico.net