Features

net.wars: AOL spam? - me too

Net distrust of AOL goes a long way back, all the way to 1994, when one million AOLers were first released onto the Net with deficient software - and infuriated everyone. People just don't really forget, even if AOL has been arguably mostly harmless in recent years. Prejudice dies hard. If AOL instituted a program to rescue oil-covered bunnies, with broken legs, abandoned, homeless, motherless, and starving in the wild - then there would still be complaints that it was destroying the Net.

So when AOL announced on January 30 that it was instituting a service called CertifiedEmail, bought in from Goodmail, there was a predictable storm. AOL stands accused of laying the groundwork for a "two-tier" Internet; of instituting an "email tax"; of discriminating against non-profits, small businesses, and individual mailing lists; and of beginning a trend that's already being picked up by Yahoo! and others. It's the end of the Net as we know it, film at 11.

The chief opposition is coming from the Electronic Frontier Foundation, which along with a host of other organisations has mounted a campaign asking AOL to reconsider on all those grounds. An impressive range of organisations have signed onto this campaign, from the AFL-CIO to O'Reilly Media. Marketers seem to welcome the idea - always a bad sign.

A few hardy souls are counter-arguing, notably Esther Dyson, whose February 14 blog entry argues that Goodmail is just a certification quality-control service, and can't really be used to send spam anyway and the Great Debunker of urban mythology, Snopes, which argues that describing this scheme as an "email tax" is simply wrong and that the scheme isn't going to change things much. Goodmail also has its own response to the EFF's campaign.

Like all these things, the devil is going to be in the details, and the truth is probably somewhere in the middle. Things will change, but not necessarily the way we think. Imagine the exodus if AOL charged users, so incoming email will largely be treated as it is now. There is no question that email is sufficiently broken by spam and other types of fraud that a reputation service that guarantees, say, that the email from HSBC bank is actually genuine, might be valuable.

In the service as described the guarantee is not to email recipients but to email senders, and the guarantee is not that the message is genuine but that it will arrive, and with all its graphics showing. Where I think the EFF does have a point is in noting that AOL's financial interest will shift under the new system: making money from certified senders will give the company (which is still losing subscribers, by the way) an incentive to certify more senders, not to spend money improving its spam filters and giving consumers finer control over them.

Jonathan Lambeth, director of communications for AOL UK, points out that the revenue will be fractional, and that the company is committed to plowing it back into its other actions against spam: not only filtering but lawsuits against spammers.

The most difficult question EFF raises is whether the system itself can be spoofed. Surely no lawyer or investor would be happy if AOL (or Goodmail) takes on the liability of guaranteeing the legitimacy of every email sent through the system. Given the propensity of spammers to be clever: how long do you suppose it will be before phishing messages, sent from zombie PCs, will sport all the trappings and icons of CertifiedEmail?

Lambeth, however, believes that the certification can't be spoofed, since the email will go from the company's servers to Goodmail and from there to AOL via a closed network. The icons identifying email as certified will be a function of the AOL inbox itself, not part of the email.

"We liken it to recorded delivery," he says. "It's an additional layer on top of everything else we've been doing, and it's aimed at large organisations that send email about their products and services to consumers. The point is to improve their ability to differentiate between their legitimate email and spam, phishing attacks, spoofs, and so on. In return the organisation pays a tiny sum per email, and our view is that they will benefit from having greater efficiency." The fact that only North America-based organisations can participate is Goodmail's limitation: it has yet to expand elsewhere.

But AOL will have to weather a lot more sturm and drang before this system is quietly accepted: anything that smacks of charging for email is highly charged emotionally. In the early days, if you wanted to start a Net panic, sending out an email warning of the "modem tax" was almost guaranteed. These days, spam has caused many to suggest that senders should be required to pay a small amount so that the system would become uneconomical for spammers to use. I have always opposed that, and probably always will. But this system, so far, doesn't sound quite like part of the brewing battle over network neutrality. Even though AOL is congenitally unable to stop sending  CDs