Internet and e-mail policy and practice
including Notes on Internet E-mail


Click the comments link on any story to see comments or add your own.

Subscribe to this blog

RSS feed

Home :: Email

14 Feb 2006

How Bad is Goodmail? Email

Goodmail Systems made a big splash last week when AOL and Yahoo announced that they will be giving preferential treatment to mail that uses Goodmail's CertifiedEmail service, claiming (implausibly) that this has something to do with stopping spam.. Since Goodmail charges senders for each message, some people see this as the end of e-mail as we know it. I have my concerns about Goodmail, but a lot of the concerns are either overblown or based on bad reporting.

Both AOL and Yahoo sent out press releases saying that Goodmail would stop spam, which is silly since the mail that Goodmail certifies is extremely unlikely to be unwanted, and spammers will ignore Goodmail like they've ignored any other certification scheme that requires money or effort. (My friends at both Yahoo and AOL tell me that they tried and failed to explain to the PR flacks what Goodmail really is.)

Goodmail is in approximately the same business as Habeas and Bonded Sender, acting as an intermediary between bulk senders and recipients. Unlike the other two, Goodmail charges senders for each message sent, and rebates some of the charge to participating recipients, including both AOL and Yahoo. This obviously creates some unfortunate incentives, since the more mail a recipient accepts, the more rebates they get, which has led some people to conclude that this is a plot to stuff more spam into unwilling recipients' mailboxes. Press reports fanned this rumor by reporting, wrongly, that AOL was going to scrap its existing whitelist for well-behaved bulk senders and require them all to use Goodmail.

AOL has assured me that their existing whitelists are not going away, and further that Goodmail only skips the first level of spam filtering. Users' existing controls like only accept mail from people in my address book continue to apply. The other thing that AOL does with Goodmail certified mail is to show all the embedded images, without requiring that the user either enter the sender in his address book or click a button to say the images are OK.

So what is Goodmail? It's a very expensive and labor-intensive mail certification system. It appears to cost about $10,000 to get set up, betwen the signup cost and the cost of upgrading mail software, plus a per message charge in the range of a penny a message. This price is unlikely to go down because of all of the labor involved. For example, Goodmail tells me that every From: line that a sender wants to use has to be manually approved. That penny may not sound like much, but for bulk e-mail it is a vast amount, probably a hundred times what your garden variety non-spam bulk newsletter costs. (Spam is even cheaper to senders, since they generally steal other people's resources to send it.) This means that it's only worth using on unusually valuable mail where the sender really, really, wants it to go through, which in practice means transactional mail, stuff like order confirmations and bank statements. Yahoo says that they will only accept transactional mail through Goodmail; AOL hasn't but it's hard to think of any email ads that are worth an extra penny apiece.

The benign way to look at Goodmail is that it's yet another way for senders to get their most important mail through. Banks, for example, would just love to send you your monthly statements by e-mail, but unless you explicitly agree to it, along with a warning that the statement might not arrive due to flaky e-mail, they can't insist. If a certification scheme made e-mail as reliable as paper mail, they probably could insist, and a penny a message is a bargain compared to the 50 cents or more that a paper letter would require. When DKIM is better defined, senders will probably use it for the same function since it's quite easy to arrange for third party certifiers to sign mail. In this sense Goodmail is stalking horse for DKIM.

A lot of commentators have overreacted to Goodmail as "pay to spam" which it's not, and posited conspiracy theories about ISPs deliberately degrading non-paid mail to force mail into the paid channel. It's worth some concern about the idea that you need to bribe recipients to accept your mail, but although I have no doubt that some foolish and greedy mail system operators may try it, it's vanishingly unlikely that widespread charging will happen, simply because there are so many alternative mail providers. Also, the cost of a single customer phone call asking "what do you mean my granddaughter can't send me her pictures unless she pays you?" would wipe out the revenue from thousands of messages.

In the long run, I think that most transactional mail like bank statements and order confirmations are better delivered via RSS, but I'll write about that separately.

posted at: 14:33 :: permanent link to this entry :: 2 comments
posted at: 14:33 :: permanent link to this entry :: 2 comments

comments...        (Jump to the end to add your own comment)

There are Plenty of Things to get Upset About. Why This?
I keep getting emails about AOL's "Email Tax" from good, progressive organizations. Bush is spying on Americans. The NeoCon's are plotting to consolidate their party in the 2006 elections. Soldiers are dying in Iraq. Why the HELL are they wasting th

(by JaBbA's Hut 13 Mar 2006 14:31)

What's your take on schemes like Hash Cash and Blue Security's "Blue Frog"?

It seems to me that between the two - it would be an almost zero cost complete solution.

E-mail certification seems like a red herring. I like your idea of banks using RSS - that would allow them to use the existing SSL encryption certificates that they already pay for right? All it requries is that e-mail clients grow up and add the features. Thunderbird and a few others are already there. Microsoft is probably only 5 years behind. I read my RSS feeds via Thunderbird and boy... It would be cool if my bank statements were right there organized, safe and secure for my reference! Easier said than done - no doubt a LOT of development is required by all parties....

(by Zebra 25 Apr 2006 00:53)

Add your comment...

Note: all comments require an email address to send a confirmation to verify that it was posted by a person and not a spambot. The comment won't be visible until you click the link in the confirmation. Unless you check the box below, which almost nobody does, your email won't be displayed, and I won't use it for other purposes.

Email: you@wherever (required, for confirmation)
Title: (optional)
Show my Email address
Save my Name and Email for next time


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

Dave Piscitello on Ransomware
57 days ago

A keen grasp of the obvious
My high security debit card
603 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse

© 2005-2018 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.